-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdeploy-ci-stack.sh
executable file
·89 lines (71 loc) · 3.7 KB
/
deploy-ci-stack.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/bin/bash
CURRENT_HOMEDIR=$(pwd)
if [ $CURRENT_HOMEDIR == "/home/vagrant" ]
then
echo -e "\nRunning inside Vagrant\n"
cd /vagrant
fi
echo "Installing postgresql"
helm install charts/postgresql --generate-name
echo "Installing minio"
helm install charts/minio --generate-name
echo "Installing docker-registry"
pushd .
cd charts/docker-registry/files
make
# openssl genrsa -out rootCA.key 4096
# openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -extfile openssl2.conf -extensions req_ext
# openssl req -new -sha256 \
# -key tls.key \
# -subj "/C=US/ST=CA/O=MyOrg, Inc./CN=registry-svc" \
# -reqexts SAN \
# -config <(cat /etc/ssl/openssl.cnf \
# <(printf "\n[SAN]\nsubjectAltName=DNS:registry-svc,DNS:registry.mykube.awesome")) \
# -out tls.csr
# openssl x509 -req -in tls.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out tls.crt -days 500 -sha256 -extfile openssl2.conf -extensions req_ext
#
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -config openssl.conf -out ca.crt -new -subj /C=EU
# openssl req -newkey rsa:4096 -nodes -sha256 -CA ca.crt -CAkey ca.key -keyout tls.key -out tls.csr -config openssl.conf -new -subj /C=EU
# openssl x509 -req -days 365 -in tls.csr -CA ca.crt -extfile openssl.conf -CAkey ca.key -CAcreateserial -out tls.crt
#
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout tls.key -x509 -days 365 -out tls.crt -config openssl.conf -new -subj /C=EU
sudo mkdir -p /etc/docker/certs.d/registry-svc:5000
sudo cp ./rootCA.crt /etc/docker/certs.d/registry-svc:5000/ca.crt
sudo mkdir -p /etc/docker/certs.d/registry-svc.default.svc.cluster.local:5000
sudo cp ./rootCA.crt /etc/docker/certs.d/registry-svc.default.svc.cluster.local:5000/ca.crt
cp registry-svc.key tls.key
cp registry-svc.crt tls.crt
kubectl create secret generic registry-tls-cert --from-file=./tls.key --from-file=./tls.crt
popd
helm install charts/docker-registry --generate-name
echo "Installing gogs"
helm install charts/gogs --generate-name
echo "Installing drone"
helm install charts/drone --generate-name
echo "Waiting for minio pod to be ready"
while [[ $(kubectl get pods -l app=minio -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True" ]]; do echo "waiting for minio pod" && sleep 1; done
echo "Uploading kubeconfig to minio for CI/CD purposes (kubeconfig_url var in drone later on)"
MINIO_PORT=$(kubectl get svc -l app=minio -o 'jsonpath={..spec.ports..port}')
MINIO_IP=$(kubectl get svc -l app=minio -o 'jsonpath={..spec.clusterIP}')
MINIO_ACCESSKEY=$(kubectl get secret -l app=minio -o 'jsonpath={..data.accesskey}' | base64 -d)
MINIO_SECRETKEY=$(kubectl get secret -l app=minio -o 'jsonpath={..data.secretkey}' | base64 -d)
minio-mc config host add minio "http://$MINIO_IP:$MINIO_PORT" "$MINIO_ACCESSKEY" "$MINIO_SECRETKEY"
minio-mc mb minio/secrets
minio-mc policy set public minio/secrets
sudo minio-mc cp /root/.kube/config minio/secrets/kubeconfig
echo "Installing linkerd2"
curl -sL https://run.linkerd.io/install | sh
sudo cp ~/.linkerd2/bin/linkerd /usr/bin
linkerd install | kubectl apply -f -
echo "Installing telepresence"
curl -s https://packagecloud.io/install/repositories/datawireio/telepresence/script.deb.sh | sudo bash
sudo apt install --no-install-recommends -y telepresence
echo "Applying localhost dns resolver for kube"
sudo /etc/rc.local
sudo systemctl daemon-reload
sudo systemctl restart systemd-resolved
sudo systemctl enable systemd-resolved
echo "Configure git"
git config --global user.email "[email protected]"
git config --global user.name "developer"
echo -e "\nDONE! CI stack is deploying, at the moment you see anything at http://git.mykube.awesome/ you should be ready to use some examples. Have Fun!\n"