jaysonzhao/gist:e57364a3143e176c83b8f30373e05622

## 133 changes: 133 additions & 0 deletions gistfile1.txt
@@ -0,0 +1,133 @@

    export control_cluster=$(oc config current-context)
export control_cluster=$(oc config current-context)

    for cluster in ocp1 ocp2 ocp3; do
for cluster in ocp1 ocp2 ocp3; do

      password=$(oc --context ${control_cluster} get secret $(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.spec.clusterMetadata.adminPasswordSecretRef.name}') -n ${cluster} -o jsonpath='{.data.password}' | base64 -d)
  password=$(oc --context ${control_cluster} get secret $(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.spec.clusterMetadata.adminPasswordSecretRef.name}') -n ${cluster} -o jsonpath='{.data.password}' | base64 -d)

      url=$(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.status.apiURL}')
  url=$(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.status.apiURL}')

      console_url=$(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.status.webConsoleURL}')
  console_url=$(oc --context ${control_cluster} get clusterdeployment ${cluster} -n ${cluster} -o jsonpath='{.status.webConsoleURL}')

      oc login -u kubeadmin -p ${password} --insecure-skip-tls-verify=true ${url}
  oc login -u kubeadmin -p ${password} --insecure-skip-tls-verify=true ${url}

      oc config set-cluster ${cluster} --insecure-skip-tls-verify=true --server ${url}
  oc config set-cluster ${cluster} --insecure-skip-tls-verify=true --server ${url}

      oc config set-credentials admin-${cluster} --token $(oc whoami -t)
  oc config set-credentials admin-${cluster} --token $(oc whoami -t)

      oc config set-context $cluster --cluster ${cluster} --user=admin-${cluster}
  oc config set-context $cluster --cluster ${cluster} --user=admin-${cluster}

      echo cluster: ${cluster}
  echo cluster: ${cluster}

      echo api url: ${url}
  echo api url: ${url}

      echo console url ${console_url}
  echo console url ${console_url}

      echo admin account: kubeadmin/${password}
  echo admin account: kubeadmin/${password}

      export ${cluster}=$cluster
  export ${cluster}=$cluster

    done
done

    oc config use-context ${control_cluster}
oc config use-context ${control_cluster}


    export cluster1=ocp1
export cluster1=ocp1

    export cluster2=ocp2
export cluster2=ocp2

    export cluster3=ocp3
export cluster3=ocp3


    ---
---

    apiVersion: cert-manager.io/v1
apiVersion: cert-manager.io/v1

    kind: ClusterIssuer
kind: ClusterIssuer

    metadata:
metadata:

      name: selfsignedis
  name: selfsignedis

      resourceVersion: '32758617'
  resourceVersion: '32758617'

      uid: 31ade0a5-2ba6-4fac-be4e-268fc7902dfc
  uid: 31ade0a5-2ba6-4fac-be4e-268fc7902dfc

    spec:
spec:

      selfSigned: {}
  selfSigned: {}


    ---
---

    apiVersion: cert-manager.io/v1
apiVersion: cert-manager.io/v1

    kind: Certificate
kind: Certificate

    metadata:
metadata:

      annotations:
  annotations:

        meta.helm.sh/release-name: kafka
    meta.helm.sh/release-name: kafka

        meta.helm.sh/release-namespace: kafka
    meta.helm.sh/release-namespace: kafka

      name: kafka
  name: kafka

      namespace: kafka
  namespace: kafka

      labels:
  labels:

        app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/managed-by: Helm

    spec:
spec:

      commonName: node
  commonName: node

      dnsNames:
  dnsNames:

        - zookeeper-0.ocp1.zookeeper.kafka.svc.clusterset.local
    - zookeeper-0.ocp1.zookeeper.kafka.svc.clusterset.local

        - zookeeper-1.ocp1.zookeeper.kafka.svc.clusterset.local
    - zookeeper-1.ocp1.zookeeper.kafka.svc.clusterset.local

        - zookeeper-2.ocp1.zookeeper.kafka.svc.clusterset.local
    - zookeeper-2.ocp1.zookeeper.kafka.svc.clusterset.local

        - zookeeper-0.ocp2.zookeeper.kafka.svc.clusterset.local
    - zookeeper-0.ocp2.zookeeper.kafka.svc.clusterset.local

        - zookeeper-1.ocp2.zookeeper.kafka.svc.clusterset.local
    - zookeeper-1.ocp2.zookeeper.kafka.svc.clusterset.local

        - zookeeper-2.ocp2.zookeeper.kafka.svc.clusterset.local
    - zookeeper-2.ocp2.zookeeper.kafka.svc.clusterset.local

        - zookeeper-0.ocp3.zookeeper.kafka.svc.clusterset.local
    - zookeeper-0.ocp3.zookeeper.kafka.svc.clusterset.local

        - zookeeper-1.ocp3.zookeeper.kafka.svc.clusterset.local
    - zookeeper-1.ocp3.zookeeper.kafka.svc.clusterset.local

        - zookeeper-2.ocp3.zookeeper.kafka.svc.clusterset.local
    - zookeeper-2.ocp3.zookeeper.kafka.svc.clusterset.local

        - zookeeper-0.zookeeper.kafka.svc.cluster.local
    - zookeeper-0.zookeeper.kafka.svc.cluster.local

        - zookeeper-1.zookeeper.kafka.svc.cluster.local
    - zookeeper-1.zookeeper.kafka.svc.cluster.local

        - zookeeper-2.zookeeper.kafka.svc.cluster.local
    - zookeeper-2.zookeeper.kafka.svc.cluster.local

        - zookeeper-client.kafka.svc.clusterset.local
    - zookeeper-client.kafka.svc.clusterset.local

        - zookeeper.kafka.svc.clusterset.local
    - zookeeper.kafka.svc.clusterset.local

        - zookeeper-client.kafka.svc.cluster.local
    - zookeeper-client.kafka.svc.cluster.local

        - zookeeper.kafka.svc.cluster.local
    - zookeeper.kafka.svc.cluster.local

        - kafka-0.ocp1.kafka.kafka.svc.clusterset.local
    - kafka-0.ocp1.kafka.kafka.svc.clusterset.local

        - kafka-1.ocp1.kafka.kafka.svc.clusterset.local
    - kafka-1.ocp1.kafka.kafka.svc.clusterset.local

        - kafka-2.ocp1.kafka.kafka.svc.clusterset.local
    - kafka-2.ocp1.kafka.kafka.svc.clusterset.local

        - kafka-0.ocp2.kafka.kafka.svc.clusterset.local
    - kafka-0.ocp2.kafka.kafka.svc.clusterset.local

        - kafka-1.ocp2.kafka.kafka.svc.clusterset.local
    - kafka-1.ocp2.kafka.kafka.svc.clusterset.local

        - kafka-2.ocp2.kafka.kafka.svc.clusterset.local
    - kafka-2.ocp2.kafka.kafka.svc.clusterset.local

        - kafka-0.ocp3.kafka.kafka.svc.clusterset.local
    - kafka-0.ocp3.kafka.kafka.svc.clusterset.local

        - kafka-1.ocp3.kafka.kafka.svc.clusterset.local
    - kafka-1.ocp3.kafka.kafka.svc.clusterset.local

        - kafka-2.ocp3.kafka.kafka.svc.clusterset.local
    - kafka-2.ocp3.kafka.kafka.svc.clusterset.local

        - kafka-0.kafka.kafka.svc.cluster.local
    - kafka-0.kafka.kafka.svc.cluster.local

        - kafka-1.kafka.kafka.svc.cluster.local
    - kafka-1.kafka.kafka.svc.cluster.local

        - kafka-2.kafka.kafka.svc.cluster.local
    - kafka-2.kafka.kafka.svc.cluster.local

        - kafka.kafka.svc.clusterset.local
    - kafka.kafka.svc.clusterset.local

        - kafka.kafka.svc.cluster.local
    - kafka.kafka.svc.cluster.local

      duration: 168h0m0s
  duration: 168h0m0s

      issuerRef:
  issuerRef:

        group: cert-manager.io
    group: cert-manager.io

        kind: ClusterIssuer
    kind: ClusterIssuer

        name: selfsignedis
    name: selfsignedis

      keystores:
  keystores:

        jks:
    jks:

          create: true
      create: true

          passwordSecretRef:
      passwordSecretRef:

            key: password
        key: password

            name: kafka-cert-stores
        name: kafka-cert-stores

        pkcs12:
    pkcs12:

          create: true
      create: true

          passwordSecretRef:
      passwordSecretRef:

            key: password
        key: password

            name: kafka-cert-stores
        name: kafka-cert-stores

      renewBefore: 1h0m0s
  renewBefore: 1h0m0s

      secretName: kafka-tls
  secretName: kafka-tls

      usages:
  usages:

        - server auth
    - server auth

        - client auth
    - client auth


    ---
---


    #部署前可以修改values中集群名称
#部署前可以修改values中集群名称

    export infrastructure=$(oc get infrastructure cluster -o jsonpath='{.spec.platformSpec.type}'| tr '[:upper:]' '[:lower:]')
export infrastructure=$(oc get infrastructure cluster -o jsonpath='{.spec.platformSpec.type}'| tr '[:upper:]' '[:lower:]')

    case ${infrastructure} in
case ${infrastructure} in

      aws)
  aws)

        export latency="70" #70ms
    export latency="70" #70ms

        export bandwidth="250000000" #250 MBps
    export bandwidth="250000000" #250 MBps

      ;;
  ;;

      gcp)
  gcp)

        export latency="70" #70ms
    export latency="70" #70ms

        export bandwidth="3500000000" #3.5 GBps
    export bandwidth="3500000000" #3.5 GBps

      ;;
  ;;

      azure)
  azure)

        export latency="70" #70ms
    export latency="70" #70ms

        export bandwidth="250000000" #250 MBps
    export bandwidth="250000000" #250 MBps

      ;;
  ;;

    esac
esac

    for context in ${cluster1} ${cluster2} ${cluster3}; do
for context in ${cluster1} ${cluster2} ${cluster3}; do

      export cluster=${context}
  export cluster=${context}

      envsubst < ./kafka/values.templ.yaml > /tmp/values.yaml
  envsubst < ./kafka/values.templ.yaml > /tmp/values.yaml

      helm --kube-context ${context} upgrade kafka ./charts/kafka-multicluster -i --create-namespace -n kafka -f /tmp/values.yaml
  helm --kube-context ${context} upgrade kafka ./charts/kafka-multicluster -i --create-namespace -n kafka -f /tmp/values.yaml

    done
done


    部署后全部修改为使用kafka-tls
部署后全部修改为使用kafka-tls