Script for installing SUSE CAP on EKS

cap-install-eks.sh

#!/usr/bin/env bash
set -e

# keep track of the last executed command
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
# echo an error message before exiting
trap 'echo "\"${last_command}\" command filed with exit code $?."' EXIT

# For deploying SUSE CAP on an Amazon EKS cluster
# This script can be used in conjunction with the Terraform scripts here
# https://github.com/dsohk/susecap-tf-eks
# modify the scripts to get the EKS cluster you want

# Requires a domain hosted on AWS Route53
CAP_DOMAIN="cap.example.com"
ROUTE53_ZONE_ID="YOURZONE"
# override if provided in env 
: ${CF_PASSWORD:="changeme"} # better, but uncommon
# CF_PASSWORD=${CF_PASSWORD:-"changeme"}  # more common, doesn't print value to stdout

# assumes you have a working aws-cli configured and authenticated
aws eks update-kubeconfig --name susecap-eks
# find the contents for this file in the terraform output
kubectl apply -f config_map_aws_auth.yaml

# see Stratos docs (this might be obsolete)
# https://github.com/cloudfoundry-incubator/stratos/blob/0b74bf375e348e339db30b2a41deb9514e78b034/docs/eksdeployment.md
kubectl apply -f scoped_storage_class.yaml

# see https://github.com/helm/helm/blob/master/docs/rbac.md 
kubectl apply -f rbac-config.yaml
helm init --service-account tiller --wait

helm install suse/uaa --name uaa --namespace uaa --values scf-config-values.yaml
helm install suse/cf --name scf --namespace scf --values scf-config-values.yaml
helm install suse/console --name console --namespace stratos --values stratos-config-values.yaml
helm install suse/metrics --name metrics --namespace stratos --values stratos-config-values.yaml
helm install suse/minibroker --name minibroker --namespace minibroker --set "defaultNamespace=minibroker"

# give it a bit to create the service endponint LBs
# TO DO: replace with a check
sleep 2m

# fetch the ELB hostnames for all CAP endpoints
UAA_LB="$(kubectl get svc --namespace uaa uaa-uaa-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
GOROUTER_LB="$(kubectl get svc --namespace scf router-gorouter-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
DIEGOSSH_LB="$(kubectl get svc --namespace scf diego-ssh-ssh-proxy-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
TCPROUTER_LB="$(kubectl get svc --namespace scf tcp-router-tcp-router-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
CONSOLE_LB="$(kubectl get svc --namespace stratos console-ui-ext -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
METRICS_LB="$(kubectl get svc --namespace stratos metrics-metrics-nginx -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"

# write a local file with the LB CNAME mappings
tee cap-lb-batch.json > /dev/null <<EOF
{
  "Comment": "Records for CAP endpoints",
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "uaa.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$UAA_LB"
          }
        ]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "*.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$GOROUTER_LB"
          }
        ]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "ssh.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$DIEGOSSH_LB"
          }
        ]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "tcp.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$TCPROUTER_LB"
          }
        ]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "stratos.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$CONSOLE_LB"
          }
        ]
      }
    },
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "metrics.$CAP_DOMAIN",
        "Type": "CNAME",
        "TTL": 60,
        "ResourceRecords": [
          {
            "Value": "$METRICS_LB"
          }
        ]
      }
    }
  ]
}
EOF

# update or create CNAMEs for the endpoints
CHANGE_ID=$(aws route53 change-resource-record-sets --hosted-zone-id $ROUTE53_ZONE_ID --change-batch file://./cap-lb-batch.json |jq -r .ChangeInfo.Id |xargs basename)
aws route53 wait resource-record-sets-changed --id $CHANGE_ID

until $(curl --output /dev/null --silent --head --fail https://api.cap.$CAP_DOMAIN); do
    printf '.'
    sleep 5
done

# TO DO: add some cf cli actions to complete setup of minibroker etc.
cf api https://api.$CAP_DOMAIN
cf login -a $CF_PASSWORD
# create org, space, and inject users
bash ./restore-users.sh # comment out if you want
cf create-service-broker minibroker username password http://minibroker-minibroker.minibroker.svc.cluster.local
cf enable-service-access redis
cf enable-service-access mongodb 
cf enable-service-access mariadb 
cf enable-service-access postgresql 
cf enable-feature-flag diego_docker
# open ports to services from apps - write your own for your subnet
cf create-security-group services ./services.json
cf bind-staging-security-group services
cf bind-running-security-group services
echo "completed installing SUSE CAP"