858245fe by Adam Heath

Add CONTEXT_DIR, feature flags.

1 parent 739a52bd
bases:
- ../environments.yaml
---
releases:
- name: cert-manager
chart: .
wait: true
condition: cert-manager.enabled
---
......
bases:
- ../environments.yaml
---
releases:
- name: cluster-issuer
namespace: cert-manager
chart: .
wait: true
condition: cert-manager.enabled
---
......
......@@ -67,6 +67,8 @@ x-k3s-agent-base: &_x-k3s-agent-base
networks:
default:
nginx:
ports:
- 443
environment:
- K3S_URL=https://k3s-master:6443
- K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token
......
environments:
default:
values:
- cert-manager:
enabled: {{ env "CERT_MANAGER__ENABLED" | default true }}
istio:
enabled: {{ env "ISTIO__ENABLED" | default true }}
bases:
- environments.yaml
---
helmfiles:
- cert-manager/helmfile.yaml
- cluster-issuer/helmfile.yaml
......
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
values:
global:
proxy:
autoInject: enabled
useMCP: false
# The third-party-jwt is not enabled on all k8s.
# See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
jwtPolicy: third-party-jwt
addonComponents:
pilot:
enabled: true
components:
ingressGateways:
- name: istio-ingressgateway
enabled: true
#!/bin/bash
CONTEXT_DIR="$TOP_DIR"
declare -a args
declare -A features=(
[cert-manager]=1
[istio]=1
)
while [[ $# -gt 0 ]]; do
arg="$1"
shift
case "$arg" in
(--context-dir)
CONTEXT_DIR="$1"
shift
;;
(--feature)
features[$1]=1
shift
;;
(--no-feature)
features[$1]=
shift
;;
(*)
args+=("$arg")
;;
esac
done
set -- "${args[@]}"
for feature in "${!features[@]}"; do
fixed_feature="${feature^^*}"
fixed_feature="${fixed_feature//-/_}"
feature_enabled=false
[[ ${features[$feature]} ]] && feature_enabled=true
eval "${fixed_feature}_ENABLED"="$feature_enabled"
export "${fixed_feature}_ENABLED"
done
export CONTEXT_DIR
#!/bin/sh
#!/bin/bash
set -e
TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
export TOP_DIR
. "$TOP_DIR/scripts/_parse_args.bash"
case "$1" in
(switch-to)
"$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
exit
;;
("")
;;
(*)
echo "Unknown command: $1" 1>&2
exit 1
;;
esac
"$TOP_DIR/scripts/ensure-certs.sh"
docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d registry
"$TOP_DIR/scripts/wait-for-etcd.sh"
docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1
"$TOP_DIR/scripts/update-docker-kubeconfig.sh"
"$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
"$TOP_DIR/scripts/wait-for-master-1.sh"
docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3
......@@ -21,5 +36,8 @@ docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3
#docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy
[[ ${features[istio]} ]] && istioctl install -yf "$TOP_DIR/istio-minimal-operator.yaml"
cd "$TOP_DIR"
helmfile apply
helmfile --debug apply
......
#!/bin/sh
#!/bin/bash
set -e
set -ex
TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
export TOP_DIR
. "$TOP_DIR/scripts/_parse_args.bash"
docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@"
......
......@@ -2,6 +2,8 @@
set -e
CONTEXT_DIR="$1"
TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
export TOP_DIR
......@@ -30,8 +32,8 @@ kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{
kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate"
kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-key-data}' | base64 -d > "$tmpd/client-key"
kubectl config set-cluster "$TOP_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null
kubectl config set-credentials "$TOP_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null
kubectl config set-context "$TOP_DIR" --cluster="$TOP_DIR" --user="$TOP_DIR" > /dev/null
kubectl config use-context "$TOP_DIR"
kubectl config set-cluster "$CONTEXT_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null
kubectl config set-credentials "$CONTEXT_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null
kubectl config set-context "$CONTEXT_DIR" --cluster="$CONTEXT_DIR" --user="$CONTEXT_DIR" > /dev/null
kubectl config use-context "$CONTEXT_DIR"
......