Last active
May 21, 2021 03:23
-
-
Save taking/4e35c3886334d675429291f4bed4b805 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author by Taking | |
| # (1) K3s Install + Reset | |
| # (2) Gloo Mesh | |
| # (3) Istio | |
| # (4) Multi Cluster | |
| # (임시) Master IP 설정 값 | |
| M_IP=192.168.150.194 | |
| SERVERPASS="YourP@ss" | |
| RED=`tput setaf 1` | |
| GREEN=`tput setaf 2` | |
| NC=`tput sgr0` | |
| # Check permission | |
| if ! [ $(id -u) = 0 ] | |
| then echo "${RED}Please run as root ${NC}" | |
| exit | |
| fi | |
| ############ k8s check ############### | |
| if [ -f /etc/rancher/k3s/k3s.yaml ]; then | |
| echo "${RED}--K3s reset check--${NC}" | |
| echo "k3s reset?" | |
| read -r -p "Are You Sure? [Y/n] " input | |
| case $input in | |
| [yY][eE][sS]|[yY]) | |
| echo "Yes" | |
| /usr/local/bin/k3s-uninstall.sh | |
| rm -f /etc/sysctl.d/k8s.conf | |
| rm -rf ~/.kube/ | |
| rm -rf ~/cluster1 ~/cluster2 ~/cluster3 | |
| exit 1 | |
| ;; | |
| [nN][oO]|[nN]) | |
| echo "No" | |
| ;; | |
| *) | |
| echo "Invalid input..." | |
| exit 1 | |
| ;; | |
| esac | |
| fi | |
| echo "${RED}--Kubectx, Kubens Install Check...--${NC}" | |
| if [ -f /usr/bin/kubectx ]; then | |
| echo "${RED}--kubectx exist...PASS--${NC}" | |
| else | |
| echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}" | |
| git clone https://github.com/ahmetb/kubectx | |
| cp -r kubectx/kube* /usr/bin/ | |
| rm -rf ./kubectx | |
| kubectx | |
| fi | |
| M_CHECK=false | |
| echo "master config check" | |
| read -r -p "Are You Master? [Y/n] " input | |
| case $input in | |
| [yY][eE][sS]|[yY]) | |
| echo "Yes" | |
| M_CHECK=true | |
| ;; | |
| [nN][oO]|[nN]) | |
| echo "No" | |
| M_CHECK=false | |
| ;; | |
| *) | |
| echo "Invalid input..." | |
| exit 1 | |
| ;; | |
| esac | |
| ############ hostname change ############### | |
| # Hostname 으로, 모든 것이 설정됩니다. | |
| echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}" | |
| read -p "hostname Change is (ex k8s-worker) : " uhost | |
| hostnamectl set-hostname $uhost | |
| echo '[Hostname] Change Success' | |
| echo "${RED}--HOSTNAME CHANGE END--${NC}" | |
| echo "${RED}--K3s INSTALL CHECK--${NC}" | |
| if [ -f /etc/rancher/k3s/k3s.yaml ]; then | |
| echo "${RED}--K3s INSTALLED...PASS--${NC}" | |
| else | |
| echo "${RED}--K3s INSTALLING...--${NC}" | |
| curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--no-deploy=servicelb --disable traefik --disable local-storage" sh -s - --cluster-cidr=10.240.0.0/16 --service-cidr=10.110.0.0/16 --node-name=$(hostname) --tls-san=$(curl ifconfig.me --silent) --kube-proxy-arg proxy-mode=ipvs | |
| if [ -f /etc/sysctl.d/k8s.conf ]; then | |
| echo "${RED}--System initialized...PASS--${NC}" | |
| else | |
| echo "${RED}--Kubernetes initializing...--${NC}" | |
| swapoff -a | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| modprobe br_netfilter | |
| cat <<EOF > /etc/sysctl.d/k8s.conf | |
| net.bridge.bridge-nf-call-iptables = 1 | |
| net.bridge.bridge-nf-call-ip6tables = 1 | |
| EOF | |
| sysctl --system | |
| systemctl enable --now k3s | |
| sudo apt install curl wget vim make sshpass -y | |
| fi | |
| echo "${RED}--K3s INSTALL SUCCESS...--${NC}" | |
| fi | |
| if [ -f /etc/rancher/k3s/k3s.yaml ]; then | |
| # all | |
| kubectl config set-context default --cluster=$(hostname) && | |
| kubectl config set-context default --user=$(hostname) && | |
| kubectl config rename-context default $(hostname) && | |
| sed -i "s/ name: default/ name: $(hostname)/g" /etc/rancher/k3s/k3s.yaml && | |
| sed -i "s/- name: default/- name: $(hostname)/g" /etc/rancher/k3s/k3s.yaml && | |
| kubectl get nodes | |
| kubectl -n kube-system create serviceaccount $(hostname) && | |
| kubectl create clusterrolebinding $(hostname) \ | |
| --clusterrole=cluster-admin \ | |
| --serviceaccount=kube-system:$(hostname) | |
| internal_ip="$(hostname -I | awk {'print $1'})" | |
| instance_public_ip="$(curl ifconfig.me --silent)" | |
| if [ "$internal_ip" = "$instance_public_ip" ]; then | |
| echo 'pass' | |
| else | |
| sed -i "5s/.*/ server\: https\:\/\/${instance_public_ip}:6443/g" /etc/rancher/k3s/k3s.yaml | |
| cp /etc/rancher/k3s/k3s.yaml ~/.kube/config | |
| fi | |
| kubectl config view | |
| if [ "$M_CHECK" = true ]; then | |
| echo "Master Check is " $M_CHECK | |
| file=~/cluster2 | |
| while [ ! -f "$file" ] | |
| do | |
| echo '-- cluster2 config 파일 수신 대기중.. --' | |
| sleep 5 | |
| done | |
| if [ -f ~/cluster2 ]; then | |
| echo '-- cluster2 config 수신 완료 --' | |
| fi | |
| file=~/cluster3 | |
| while [ ! -f "$file" ] | |
| do | |
| echo '-- cluster3 config 파일 수신 대기중.. --' | |
| sleep 5 | |
| done | |
| if [ -f ~/cluster3 ]; then | |
| echo '-- cluster3 config 수신 완료 --' | |
| fi | |
| if [ -f ~/cluster2 -a -f ~/cluster3 ]; then | |
| echo '-- cluster2, cluster3 config 수신 완료 --' | |
| cp /etc/rancher/k3s/k3s.yaml ~/cluster1 | |
| KUBECONFIG=~/cluster1:~/cluster2:~/cluster3: kubectl config view --flatten > ~/merge_kubeconfig | |
| mv ~/merge_kubeconfig /etc/rancher/k3s/k3s.yaml | |
| cp /etc/rancher/k3s/k3s.yaml ~/.kube/config | |
| kubectl config view | |
| kubectx | |
| fi | |
| fi | |
| if [ "$M_CHECK" = false ]; then | |
| echo "Master Check is " $M_CHECK | |
| echo "Master IP is " $M_IP | |
| echo '-- master로 config 파일 수신 처리 --' | |
| sshpass -p $SERVERPASS scp /etc/rancher/k3s/k3s.yaml ubuntu@$M_IP:/home/ubuntu/$(hostname) | |
| fi | |
| fi | |
| echo service_cidr=$(echo '{"apiVersion":"v1","kind":"Service","metadata":{"name":"tst"},"spec":{"clusterIP":"1.1.1.1","ports":[{"port":443}]}}' | kubectl apply -f - 2>&1 | sed 's/.*valid IPs is //') | |
| echo "metallb installing..." | |
| #read -r -p "What is Your IP : " ip_input | |
| ip_input="$(hostname -I | awk {'print $1'})" | |
| kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/namespace.yaml | |
| kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.5/manifests/metallb.yaml | |
| kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)' | |
| cat <<EOF | kubectl apply -f - | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| namespace: metallb-system | |
| name: config | |
| data: | |
| config: | | |
| address-pools: | |
| - name: default | |
| protocol: layer2 | |
| addresses: | |
| - ${ip_input}/32 | |
| EOF | |
| kubectl describe configmap/config -n metallb-system | |
| echo "${RED}--istio check start--${NC}" | |
| export istio_ver="1.9.4" | |
| if [ -d ~/istio-${istio_ver:-1.9.4} ]; then | |
| echo "${RED}--Istio exist.. PASS--${NC}" | |
| else | |
| echo "${RED}--istio downloading...--${NC}" | |
| cd ~/ | |
| wget https://github.com/istio/istio/releases/download/${istio_ver:-1.9.4}/istio-${istio_ver:-1.9.4}-linux-amd64.tar.gz | |
| tar -xvzf istio-${istio_ver:-1.9.4}-linux-amd64.tar.gz | |
| cp -r ~/istio-${istio_ver:-1.9.4}/bin/istioctl /usr/local/bin/ | |
| istioctl version | |
| fi | |
| echo "${RED}--istio end--${NC}" | |
| echo "${RED}--Gloo Mesh meshctl check start--${NC}" | |
| export meshctl_ver="v1.0.5" | |
| if [ -f /usr/bin/meshctl ]; then | |
| echo "${RED}--Gloo Mesh meshctl exist.. PASS--${NC}" | |
| else | |
| echo "${RED}--Gloo Mesh meshctl downloading...--${NC}" | |
| cd ~/ | |
| wget -O meshctl https://github.com/solo-io/gloo-mesh/releases/download/${meshctl_ver:-v1.0.5}/meshctl-linux-amd64 | |
| chmod a+x meshctl | |
| mv meshctl /usr/bin/ | |
| meshctl version | |
| fi | |
| echo "${RED}--Gloo Mesh meshctl check end--${NC}" | |
| if [ "$M_CHECK" = true ]; then | |
| meshctl install community \ | |
| --kubecontext $(hostname) | |
| kubectl --context $(hostname) -n gloo-mesh \ | |
| rollout status deploy/discovery || break | |
| meshctl check --kubecontext $(hostname) | |
| for cluster in $(kubectx); | |
| do | |
| kubectx $cluster; | |
| echo "${RED} gloo mesh registering : ${cluster} .........${NC}" | |
| meshctl cluster register community ${cluster} \ | |
| --remote-context ${cluster} --mgmt-context $(hostname) | |
| kubectl --context ${cluster} -n gloo-mesh \ | |
| rollout status deploy/cert-agent || break | |
| kubectl --context ${cluster} get sa -n gloo-mesh | |
| kubectl --context ${cluster} get clusterrolebinding \ | |
| ${cluster}-gloomesh-remote-access-clusterrole-binding | |
| echo "${RED} End: ${cluster} .........\n${NC}" | |
| done | |
| echo "${RED} gloo mesh list${NC}" | |
| kubectl --context=$(hostname) get kubernetesclusters -n gloo-mesh | |
| echo "\n" | |
| for cluster in $(kubectx); | |
| do | |
| kubectx $cluster; | |
| echo "${RED} istio installing on cluster: ${cluster} .........${NC}" | |
| cat << EOF | istioctl manifest install -y --context ${cluster} -f - | |
| apiVersion: install.istio.io/v1alpha1 | |
| kind: IstioOperator | |
| metadata: | |
| name: istiocontrolplane-gedge | |
| namespace: istio-system | |
| spec: | |
| revision: "" | |
| hub: gcr.io/istio-release | |
| profile: preview | |
| meshConfig: | |
| accessLogFile: /dev/stdout | |
| enableAutoMtls: true | |
| enableTracing: true | |
| defaultConfig: | |
| tracing: | |
| sampling: 100 | |
| proxyMetadata: | |
| # Enable Istio agent to handle DNS requests for known hosts | |
| # Unknown hosts will automatically be resolved using upstream dns servers in resolv.conf | |
| # Enable basic DNS proxying | |
| ISTIO_META_DNS_CAPTURE: "true" | |
| # Enable automatic address allocation, optional | |
| ISTIO_META_DNS_AUTO_ALLOCATE: "true" | |
| values: | |
| global: | |
| pilotCertProvider: istiod | |
| meshID: mesh1 | |
| multiCluster: | |
| clusterName: ${cluster} | |
| network: ${cluster} | |
| meshNetworks: | |
| ${cluster}: | |
| endpoints: | |
| - fromRegistry: ${cluster} | |
| gateways: | |
| - registryServiceName: istio-ingressgateway.istio-system.svc.cluster.local | |
| port: 443 | |
| components: | |
| ingressGateways: | |
| - name: istio-ingressgateway | |
| label: | |
| istio: ingressgateway | |
| app: istio-ingressgateway | |
| topology.istio.io/network: ${cluster} | |
| enabled: true | |
| k8s: | |
| env: | |
| # sni-dnat adds the clusters required for AUTO_PASSTHROUGH mode | |
| - name: ISTIO_META_ROUTER_MODE | |
| value: "sni-dnat" | |
| # traffic through this gateway should be routed inside the network | |
| - name: ISTIO_META_REQUESTED_NETWORK_VIEW | |
| value: ${cluster} | |
| service: | |
| ports: | |
| - name: http2 | |
| port: 80 | |
| targetPort: 8080 | |
| - name: https | |
| port: 443 | |
| targetPort: 8443 | |
| - name: tls | |
| port: 15443 | |
| targetPort: 15443 | |
| - name: status-port | |
| port: 15021 | |
| targetPort: 15021 | |
| - name: tls-istiod | |
| port: 15012 | |
| targetPort: 15012 | |
| - name: tls-webhook | |
| port: 15017 | |
| targetPort: 15017 | |
| pilot: | |
| k8s: | |
| env: | |
| - name: PILOT_SKIP_VALIDATE_TRUST_DOMAIN | |
| value: "true" | |
| EOF | |
| kubectl --context=${cluster} -n istio-system \ | |
| rollout status deploy/istio-ingressgateway || break | |
| kubectl get pods -n istio-system --context ${cluster} | |
| echo "end cluster: ${cluster} .........\n" | |
| done | |
| fi | |
| if [ "$M_CHECK" = true ]; then | |
| echo "bookinfo example install check" | |
| read -r -p "install example? [Y/n] " input | |
| case $input in | |
| [yY][eE][sS]|[yY]) | |
| echo "Yes" | |
| echo "${RED} istio multi-cluster bookinfo installing...\n${NC}" | |
| echo "cluster is ${RED}[$(hostname)]\n${NC}...\n" | |
| kubectl --context $(hostname) create ns bookinfo | |
| kubectl --context $(hostname) label namespace bookinfo istio-injection=enabled --overwrite | |
| kubectl --context $(hostname) get namespace -L istio-injection | |
| # kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service=productpage' | |
| # kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account=productpage' | |
| # kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app=productpage' | |
| # kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account' | |
| kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml | |
| # kubectl --context $(hostname) apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/networking/bookinfo-gateway.yaml | |
| echo "${RED} cluster1 bookinfo - productpage - success\n${NC}" | |
| echo "cluster is ${RED}[cluster2]\n${NC}...\n" | |
| kubectl --context cluster2 create ns bookinfo | |
| kubectl --context cluster2 label namespace bookinfo istio-injection=enabled --overwrite | |
| kubectl --context cluster2 get namespace -L istio-injection | |
| kubectl --context cluster2 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service=details' | |
| kubectl --context cluster2 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account=details' | |
| kubectl --context cluster2 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app=details' | |
| # kubectl --context=cluster2 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/networking/bookinfo-gateway.yaml | |
| echo "${RED} cluster2 bookinfo - details - success\n${NC}" | |
| echo "cluster is ${RED}[cluster3]\n${NC}...\n" | |
| kubectl --context cluster3 create ns bookinfo | |
| kubectl --context cluster3 label namespace bookinfo istio-injection=enabled --overwrite | |
| kubectl --context cluster3 get namespace -L istio-injection | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service=reviews' | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account=reviews' | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app=reviews' | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service=ratings' | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account=ratings' | |
| kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app=ratings' | |
| # kubectl --context cluster3 apply -n bookinfo -f https://raw.githubusercontent.com/istio/istio/1.8.2/samples/bookinfo/networking/bookinfo-gateway.yaml | |
| echo "${RED} cluster3 bookinfo - reviews, ratings - success\n${NC}" | |
| # for cluster in $(kubectx); | |
| # do | |
| # kubectx $cluster; | |
| # echo "istio PeerAuthentication apply: ${cluster} .........\n" | |
| # cat <<EOF | kubectl --context=${cluster} apply -f - | |
| # apiVersion: "security.istio.io/v1beta1" | |
| # kind: "PeerAuthentication" | |
| # metadata: | |
| # name: "default" | |
| # namespace: "istio-system" | |
| # spec: | |
| # mtls: | |
| # mode: STRICT | |
| # EOF | |
| # done | |
| echo "${RED} gloo mesh - VirtualMesh installing...${NC}" | |
| cat << EOF | kubectl --context $(hostname) apply -f - | |
| apiVersion: networking.mesh.gloo.solo.io/v1 | |
| kind: VirtualMesh | |
| metadata: | |
| name: virtual-mesh | |
| namespace: gloo-mesh | |
| spec: | |
| mtlsConfig: | |
| autoRestartPods: true | |
| shared: | |
| rootCertificateAuthority: | |
| generated: {} | |
| federation: {} | |
| # federation: permissive | |
| # globalAccessPolicy: ENABLED | |
| meshes: | |
| - name: istiod-istio-system-cluster1 | |
| namespace: gloo-mesh | |
| - name: istiod-istio-system-cluster2 | |
| namespace: gloo-mesh | |
| - name: istiod-istio-system-cluster3 | |
| namespace: gloo-mesh | |
| EOF | |
| echo "${RED} gloo mesh - VirtualMesh success\n${NC}" | |
| # echo "${RED} gloo mesh - AccessPolicy, AuthorizationPolicy installing...${NC}" | |
| # cat << EOF | kubectl --context $(hostname) apply -f - | |
| # apiVersion: networking.mesh.gloo.solo.io/v1 | |
| # kind: AccessPolicy | |
| # metadata: | |
| # namespace: gloo-mesh | |
| # name: productpage | |
| # spec: | |
| # sourceSelector: | |
| # - kubeServiceAccountRefs: | |
| # serviceAccounts: | |
| # - name: bookinfo-productpage | |
| # namespace: bookinfo | |
| # clusterName: cluster1 | |
| # - name: bookinfo-details | |
| # namespace: bookinfo | |
| # clusterName: cluster2 | |
| # - name: bookinfo-reviews | |
| # namespace: bookinfo | |
| # clusterName: cluster3 | |
| # - name: bookinfo-ratings | |
| # namespace: bookinfo | |
| # clusterName: cluster3 | |
| # destinationSelector: | |
| # - kubeServiceMatcher: | |
| # namespaces: | |
| # - bookinfo | |
| # labels: | |
| # service: productpage | |
| # clusters: | |
| # - cluster1 | |
| # - kubeServiceMatcher: | |
| # namespaces: | |
| # - bookinfo | |
| # labels: | |
| # service: details | |
| # clusters: | |
| # - cluster2 | |
| # - kubeServiceMatcher: | |
| # namespaces: | |
| # - bookinfo | |
| # labels: | |
| # service: reviews | |
| # clusters: | |
| # - cluster3 | |
| # - kubeServiceMatcher: | |
| # namespaces: | |
| # - bookinfo | |
| # labels: | |
| # service: ratings | |
| # clusters: | |
| # - cluster3 | |
| # --- | |
| # apiVersion: security.istio.io/v1beta1 | |
| # kind: AuthorizationPolicy | |
| # metadata: | |
| # annotations: | |
| # labels: | |
| # cluster.multicluster.solo.io: cluster1 | |
| # name: productpage | |
| # namespace: bookinfo | |
| # spec: | |
| # rules: | |
| # - from: | |
| # - source: | |
| # principals: ["cluster.local/ns/default/sa/bookinfo-productpage"] | |
| # selector: | |
| # matchLabels: | |
| # app: productpage | |
| # --- | |
| # apiVersion: security.istio.io/v1beta1 | |
| # kind: AuthorizationPolicy | |
| # metadata: | |
| # annotations: | |
| # labels: | |
| # cluster.multicluster.solo.io: cluster2 | |
| # name: details | |
| # namespace: bookinfo | |
| # spec: | |
| # rules: | |
| # - from: | |
| # - source: | |
| # principals: ["cluster2.global/ns/default/sa/bookinfo-details"] | |
| # selector: | |
| # matchLabels: | |
| # app: details | |
| # --- | |
| # apiVersion: security.istio.io/v1beta1 | |
| # kind: AuthorizationPolicy | |
| # metadata: | |
| # annotations: | |
| # labels: | |
| # cluster.multicluster.solo.io: cluster3 | |
| # name: reviews | |
| # namespace: bookinfo | |
| # spec: | |
| # rules: | |
| # - from: | |
| # - source: | |
| # principals: ["cluster3.global/ns/default/sa/bookinfo-reviews"] | |
| # selector: | |
| # matchLabels: | |
| # app: reviews | |
| # --- | |
| # apiVersion: security.istio.io/v1beta1 | |
| # kind: AuthorizationPolicy | |
| # metadata: | |
| # annotations: | |
| # labels: | |
| # cluster.multicluster.solo.io: cluster3 | |
| # name: ratings | |
| # namespace: bookinfo | |
| # spec: | |
| # rules: | |
| # - from: | |
| # - source: | |
| # principals: ["cluster3.global/ns/default/sa/bookinfo-ratings"] | |
| # selector: | |
| # matchLabels: | |
| # app: ratings | |
| # EOF | |
| # echo "${RED} gloo mesh - AccessPolicy, AuthorizationPolicy success\n${NC}" | |
| echo "${RED} gloo mesh - TrafficPolicy installing...${NC}" | |
| cat << EOF | kubectl --context $(hostname) apply -f - | |
| apiVersion: networking.mesh.gloo.solo.io/v1 | |
| kind: TrafficPolicy | |
| metadata: | |
| namespace: gloo-mesh | |
| name: traffic-productpage | |
| spec: | |
| destinationSelector: | |
| - kubeServiceRefs: | |
| services: | |
| - clusterName: cluster1 | |
| name: productpage | |
| namespace: bookinfo | |
| policy: | |
| trafficShift: | |
| destinations: | |
| - kubeService: | |
| clusterName: cluster1 | |
| name: productpage | |
| namespace: bookinfo | |
| weight: 100 | |
| --- | |
| apiVersion: networking.mesh.gloo.solo.io/v1 | |
| kind: TrafficPolicy | |
| metadata: | |
| namespace: gloo-mesh | |
| name: traffic-details | |
| spec: | |
| destinationSelector: | |
| - kubeServiceRefs: | |
| services: | |
| - clusterName: cluster1 | |
| name: details | |
| namespace: bookinfo | |
| policy: | |
| trafficShift: | |
| destinations: | |
| - kubeService: | |
| clusterName: cluster2 | |
| name: details | |
| namespace: bookinfo | |
| weight: 100 | |
| --- | |
| apiVersion: networking.mesh.gloo.solo.io/v1 | |
| kind: TrafficPolicy | |
| metadata: | |
| namespace: gloo-mesh | |
| name: traffic-reviews | |
| spec: | |
| destinationSelector: | |
| - kubeServiceRefs: | |
| services: | |
| - clusterName: cluster1 | |
| name: reviews | |
| namespace: bookinfo | |
| policy: | |
| trafficShift: | |
| destinations: | |
| - kubeService: | |
| clusterName: cluster3 | |
| name: reviews | |
| namespace: bookinfo | |
| weight: 100 | |
| --- | |
| apiVersion: networking.mesh.gloo.solo.io/v1 | |
| kind: TrafficPolicy | |
| metadata: | |
| namespace: gloo-mesh | |
| name: traffic-ratings | |
| spec: | |
| destinationSelector: | |
| - kubeServiceRefs: | |
| services: | |
| - clusterName: cluster1 | |
| name: ratings | |
| namespace: bookinfo | |
| policy: | |
| trafficShift: | |
| destinations: | |
| - kubeService: | |
| clusterName: cluster3 | |
| name: ratings | |
| namespace: bookinfo | |
| weight: 100 | |
| EOF | |
| echo "${RED} gloo mesh - TrafficPolicy success\n${NC}" | |
| echo "${RED} bookinfo check ${NC}" | |
| for cluster in $(kubectx); | |
| do | |
| kubectx $cluster; | |
| echo ".........${cluster} ........." | |
| kubectl --context $cluster get pod,svc -n bookinfo | |
| echo "\n" | |
| done | |
| echo "${RED} bookinfo check end ${NC}" | |
| echo "${RED}kiali, prometheus installing on cluster: $(hostname) .........${NC}" | |
| kubectl --context=$(hostname) apply -f https://raw.githubusercontent.com/istio/istio/${istio_ver:-1.9.4}/samples/addons/prometheus.yaml | |
| sleep 5 | |
| kubectl --context=$(hostname) apply -f https://raw.githubusercontent.com/istio/istio/${istio_ver:-1.9.4}/samples/addons/kiali.yaml | |
| sleep 5 | |
| kubectl --context=${cluster} apply -f https://raw.githubusercontent.com/istio/istio/${istio_ver:-1.9.4}/samples/addons/jaeger.yaml | |
| echo "on cluster: $(hostname) .........\n" | |
| kubectl --context=$(hostname) get pod,svc -n istio-system | |
| echo "................................................\n" | |
| until [ $(kubectl --context $(hostname) -n istio-system get pods -o jsonpath='{range .items[*].status.containerStatuses[*]}{.ready}{"\n"}{end}' | grep false -c) -eq 0 ]; do | |
| echo "$(hostname) cluster - Waiting for all the istio-system pods to become ready" | |
| kubectl --context $(hostname) -n istio-system get pods | |
| sleep 2 | |
| done | |
| kubectl --context=$(hostname) patch svc kiali -n istio-system -p '{"spec": {"type": "NodePort"}}' | |
| echo kiali Webpage is http://$(curl ifconfig.me --silent):$(kubectl --context=$(hostname) get -o jsonpath="{.spec.ports[0].nodePort}" svc kiali -n istio-system) | |
| until [ $(kubectl --context $(hostname) -n bookinfo get pods -o jsonpath='{range .items[*].status.containerStatuses[*]}{.ready}{"\n"}{end}' | grep false -c) -eq 0 ]; do | |
| echo "$(hostname) cluster - Waiting for all the bookinfo pods to become ready" | |
| kubectl --context $(hostname) -n bookinfo get pods | |
| sleep 2 | |
| done | |
| echo "bookinfo success\n" | |
| kubectl --context=$(hostname) patch svc productpage -n bookinfo -p '{"spec": {"type": "NodePort"}}' | |
| echo bookinfo productpage is http://$(curl ifconfig.me --silent):$(kubectl --context=$(hostname) get -o jsonpath="{.spec.ports[0].nodePort}" svc productpage -n bookinfo) | |
| kubectl --context=$(hostname) get se -A | |
| ;; | |
| [nN][oO]|[nN]) | |
| echo "No" | |
| ;; | |
| *) | |
| echo "Invalid input..." | |
| exit 1 | |
| ;; | |
| esac | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment