Skip to content

Instantly share code, notes, and snippets.

@troytop
Last active March 14, 2019 05:14
Show Gist options
  • Save troytop/2ae9457c181be397fc01c4bf8baa1df0 to your computer and use it in GitHub Desktop.
Save troytop/2ae9457c181be397fc01c4bf8baa1df0 to your computer and use it in GitHub Desktop.
Script for installing SUSE CAP on EKS
#!/usr/bin/env bash
set -e
# keep track of the last executed command
trap 'last_command=$current_command; current_command=$BASH_COMMAND' DEBUG
# echo an error message before exiting
trap 'echo "\"${last_command}\" command filed with exit code $?."' EXIT
# For deploying SUSE CAP on an Amazon EKS cluster
# This script can be used in conjunction with the Terraform scripts here
# https://github.com/dsohk/susecap-tf-eks
# modify the scripts to get the EKS cluster you want
# Requires a domain hosted on AWS Route53
CAP_DOMAIN="cap.example.com"
ROUTE53_ZONE_ID="YOURZONE"
# override if provided in env
: ${CF_PASSWORD:="changeme"} # better, but uncommon
# CF_PASSWORD=${CF_PASSWORD:-"changeme"} # more common, doesn't print value to stdout
# assumes you have a working aws-cli configured and authenticated
aws eks update-kubeconfig --name susecap-eks
# find the contents for this file in the terraform output
kubectl apply -f config_map_aws_auth.yaml
# see Stratos docs (this might be obsolete)
# https://github.com/cloudfoundry-incubator/stratos/blob/0b74bf375e348e339db30b2a41deb9514e78b034/docs/eksdeployment.md
kubectl apply -f scoped_storage_class.yaml
# see https://github.com/helm/helm/blob/master/docs/rbac.md
kubectl apply -f rbac-config.yaml
helm init --service-account tiller --wait
helm install suse/uaa --name uaa --namespace uaa --values scf-config-values.yaml
helm install suse/cf --name scf --namespace scf --values scf-config-values.yaml
helm install suse/console --name console --namespace stratos --values stratos-config-values.yaml
helm install suse/metrics --name metrics --namespace stratos --values stratos-config-values.yaml
helm install suse/minibroker --name minibroker --namespace minibroker --set "defaultNamespace=minibroker"
# give it a bit to create the service endponint LBs
# TO DO: replace with a check
sleep 2m
# fetch the ELB hostnames for all CAP endpoints
UAA_LB="$(kubectl get svc --namespace uaa uaa-uaa-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
GOROUTER_LB="$(kubectl get svc --namespace scf router-gorouter-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
DIEGOSSH_LB="$(kubectl get svc --namespace scf diego-ssh-ssh-proxy-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
TCPROUTER_LB="$(kubectl get svc --namespace scf tcp-router-tcp-router-public -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
CONSOLE_LB="$(kubectl get svc --namespace stratos console-ui-ext -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
METRICS_LB="$(kubectl get svc --namespace stratos metrics-metrics-nginx -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')"
# write a local file with the LB CNAME mappings
tee cap-lb-batch.json > /dev/null <<EOF
{
"Comment": "Records for CAP endpoints",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "uaa.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$UAA_LB"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "*.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$GOROUTER_LB"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "ssh.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$DIEGOSSH_LB"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "tcp.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$TCPROUTER_LB"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "stratos.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$CONSOLE_LB"
}
]
}
},
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "metrics.$CAP_DOMAIN",
"Type": "CNAME",
"TTL": 60,
"ResourceRecords": [
{
"Value": "$METRICS_LB"
}
]
}
}
]
}
EOF
# update or create CNAMEs for the endpoints
CHANGE_ID=$(aws route53 change-resource-record-sets --hosted-zone-id $ROUTE53_ZONE_ID --change-batch file://./cap-lb-batch.json |jq -r .ChangeInfo.Id |xargs basename)
aws route53 wait resource-record-sets-changed --id $CHANGE_ID
until $(curl --output /dev/null --silent --head --fail https://api.cap.$CAP_DOMAIN); do
printf '.'
sleep 5
done
# TO DO: add some cf cli actions to complete setup of minibroker etc.
cf api https://api.$CAP_DOMAIN
cf login -a $CF_PASSWORD
# create org, space, and inject users
bash ./restore-users.sh # comment out if you want
cf create-service-broker minibroker username password http://minibroker-minibroker.minibroker.svc.cluster.local
cf enable-service-access redis
cf enable-service-access mongodb
cf enable-service-access mariadb
cf enable-service-access postgresql
cf enable-feature-flag diego_docker
# open ports to services from apps - write your own for your subnet
cf create-security-group services ./services.json
cf bind-staging-security-group services
cf bind-running-security-group services
echo "completed installing SUSE CAP"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment