Last active
March 14, 2019 05:14
-
-
Save troytop/2ae9457c181be397fc01c4bf8baa1df0 to your computer and use it in GitHub Desktop.
Script for installing SUSE CAP on EKS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -e | |
# keep track of the last executed command | |
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG | |
# echo an error message before exiting | |
trap 'echo "\"${last_command}\" command filed with exit code $?."' EXIT | |
# For deploying SUSE CAP on an Amazon EKS cluster | |
# This script can be used in conjunction with the Terraform scripts here | |
# https://github.com/dsohk/susecap-tf-eks | |
# modify the scripts to get the EKS cluster you want | |
# Requires a domain hosted on AWS Route53 | |
CAP_DOMAIN="cap.example.com" | |
ROUTE53_ZONE_ID="YOURZONE" | |
# override if provided in env | |
: ${CF_PASSWORD:="changeme"} # better, but uncommon | |
# CF_PASSWORD=${CF_PASSWORD:-"changeme"} # more common, doesn't print value to stdout | |
# assumes you have a working aws-cli configured and authenticated | |
aws eks update-kubeconfig --name susecap-eks | |
# find the contents for this file in the terraform output | |
kubectl apply -f config_map_aws_auth.yaml | |
# see Stratos docs (this might be obsolete) | |
# https://github.com/cloudfoundry-incubator/stratos/blob/0b74bf375e348e339db30b2a41deb9514e78b034/docs/eksdeployment.md | |
kubectl apply -f scoped_storage_class.yaml | |
# see https://github.com/helm/helm/blob/master/docs/rbac.md | |
kubectl apply -f rbac-config.yaml | |
helm init --service-account tiller --wait | |
helm install suse/uaa --name uaa --namespace uaa --values scf-config-values.yaml | |
helm install suse/cf --name scf --namespace scf --values scf-config-values.yaml | |
helm install suse/console --name console --namespace stratos --values stratos-config-values.yaml | |
helm install suse/metrics --name metrics --namespace stratos --values stratos-config-values.yaml | |
helm install suse/minibroker --name minibroker --namespace minibroker --set "defaultNamespace=minibroker" | |
# give it a bit to create the service endponint LBs | |
# TO DO: replace with a check | |
sleep 2m | |
# fetch the ELB hostnames for all CAP endpoints | |
UAA_LB="$(kubectl get svc --namespace uaa uaa-uaa-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
GOROUTER_LB="$(kubectl get svc --namespace scf router-gorouter-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
DIEGOSSH_LB="$(kubectl get svc --namespace scf diego-ssh-ssh-proxy-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
TCPROUTER_LB="$(kubectl get svc --namespace scf tcp-router-tcp-router-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
CONSOLE_LB="$(kubectl get svc --namespace stratos console-ui-ext -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
METRICS_LB="$(kubectl get svc --namespace stratos metrics-metrics-nginx -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')" | |
# write a local file with the LB CNAME mappings | |
tee cap-lb-batch.json > /dev/null <<EOF | |
{ | |
"Comment": "Records for CAP endpoints", | |
"Changes": [ | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "uaa.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$UAA_LB" | |
} | |
] | |
} | |
}, | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "*.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$GOROUTER_LB" | |
} | |
] | |
} | |
}, | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "ssh.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$DIEGOSSH_LB" | |
} | |
] | |
} | |
}, | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "tcp.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$TCPROUTER_LB" | |
} | |
] | |
} | |
}, | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "stratos.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$CONSOLE_LB" | |
} | |
] | |
} | |
}, | |
{ | |
"Action": "UPSERT", | |
"ResourceRecordSet": { | |
"Name": "metrics.$CAP_DOMAIN", | |
"Type": "CNAME", | |
"TTL": 60, | |
"ResourceRecords": [ | |
{ | |
"Value": "$METRICS_LB" | |
} | |
] | |
} | |
} | |
] | |
} | |
EOF | |
# update or create CNAMEs for the endpoints | |
CHANGE_ID=$(aws route53 change-resource-record-sets --hosted-zone-id $ROUTE53_ZONE_ID --change-batch file://./cap-lb-batch.json |jq -r .ChangeInfo.Id |xargs basename) | |
aws route53 wait resource-record-sets-changed --id $CHANGE_ID | |
until $(curl --output /dev/null --silent --head --fail https://api.cap.$CAP_DOMAIN); do | |
printf '.' | |
sleep 5 | |
done | |
# TO DO: add some cf cli actions to complete setup of minibroker etc. | |
cf api https://api.$CAP_DOMAIN | |
cf login -a $CF_PASSWORD | |
# create org, space, and inject users | |
bash ./restore-users.sh # comment out if you want | |
cf create-service-broker minibroker username password http://minibroker-minibroker.minibroker.svc.cluster.local | |
cf enable-service-access redis | |
cf enable-service-access mongodb | |
cf enable-service-access mariadb | |
cf enable-service-access postgresql | |
cf enable-feature-flag diego_docker | |
# open ports to services from apps - write your own for your subnet | |
cf create-security-group services ./services.json | |
cf bind-staging-security-group services | |
cf bind-running-security-group services | |
echo "completed installing SUSE CAP" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment