Skip to content

brainfood / k3s-apiserver

Go to a project
Toggle navigation
Toggle navigation pinning
858245fe by Adam Heath
Options

Add CONTEXT_DIR, feature flags.

1 parent 739a52bd
Inline Side-by-side
Showing 10 changed files with 116 additions and 9 deletions
1 bases:
2 - ../environments.yaml
3
1 --- 4 ---
2 releases: 5 releases:
3 - name: cert-manager 6 - name: cert-manager
4 chart: . 7 chart: .
5 wait: true 8 wait: true
9 condition: cert-manager.enabled
6 --- 10 ---
......
1 bases:
2 - ../environments.yaml
3
1 --- 4 ---
2 releases: 5 releases:
3 - name: cluster-issuer 6 - name: cluster-issuer
4 namespace: cert-manager 7 namespace: cert-manager
5 chart: . 8 chart: .
6 wait: true 9 wait: true
10 condition: cert-manager.enabled
7 --- 11 ---
......
...@@ -67,6 +67,8 @@ x-k3s-agent-base: &_x-k3s-agent-base ...@@ -67,6 +67,8 @@ x-k3s-agent-base: &_x-k3s-agent-base
67 networks: 67 networks:
68 default: 68 default:
69 nginx: 69 nginx:
70 ports:
71 - 443
70 environment: 72 environment:
71 - K3S_URL=https://k3s-master:6443 73 - K3S_URL=https://k3s-master:6443
72 - K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token 74 - K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token
......
1 environments:
2 default:
3 values:
4 - cert-manager:
5 enabled: {{ env "CERT_MANAGER__ENABLED" | default true }}
6 istio:
7 enabled: {{ env "ISTIO__ENABLED" | default true }}
1 bases:
2 - environments.yaml
3
4 ---
5
1 helmfiles: 6 helmfiles:
2 - cert-manager/helmfile.yaml 7 - cert-manager/helmfile.yaml
3 - cluster-issuer/helmfile.yaml 8 - cluster-issuer/helmfile.yaml
......
1 apiVersion: install.istio.io/v1alpha1
2 kind: IstioOperator
3 spec:
4 values:
5 global:
6 proxy:
7 autoInject: enabled
8 useMCP: false
9 # The third-party-jwt is not enabled on all k8s.
10 # See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens
11 jwtPolicy: third-party-jwt
12
13 addonComponents:
14 pilot:
15 enabled: true
16
17 components:
18 ingressGateways:
19 - name: istio-ingressgateway
20 enabled: true
1 #!/bin/bash
2
3 CONTEXT_DIR="$TOP_DIR"
4
5 declare -a args
6 declare -A features=(
7 [cert-manager]=1
8 [istio]=1
9 )
10
11 while [[ $# -gt 0 ]]; do
12 arg="$1"
13 shift
14 case "$arg" in
15 (--context-dir)
16 CONTEXT_DIR="$1"
17 shift
18 ;;
19 (--feature)
20 features[$1]=1
21 shift
22 ;;
23 (--no-feature)
24 features[$1]=
25 shift
26 ;;
27 (*)
28 args+=("$arg")
29 ;;
30 esac
31 done
32 set -- "${args[@]}"
33
34 for feature in "${!features[@]}"; do
35 fixed_feature="${feature^^*}"
36 fixed_feature="${fixed_feature//-/_}"
37 feature_enabled=false
38 [[ ${features[$feature]} ]] && feature_enabled=true
39 eval "${fixed_feature}_ENABLED"="$feature_enabled"
40 export "${fixed_feature}_ENABLED"
41 done
42
43 export CONTEXT_DIR
1 #!/bin/sh 1 #!/bin/bash
2 2
3 set -e 3 set -e
4 4
5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" 5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
6 export TOP_DIR 6 export TOP_DIR
7 7
8 . "$TOP_DIR/scripts/_parse_args.bash"
9
10 case "$1" in
11 (switch-to)
12 "$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
13 exit
14 ;;
15 ("")
16 ;;
17 (*)
18 echo "Unknown command: $1" 1>&2
19 exit 1
20 ;;
21 esac
22
8 "$TOP_DIR/scripts/ensure-certs.sh" 23 "$TOP_DIR/scripts/ensure-certs.sh"
9 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d registry 24 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d registry
10 "$TOP_DIR/scripts/wait-for-etcd.sh" 25 "$TOP_DIR/scripts/wait-for-etcd.sh"
11 26
12 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1 27 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1
13 "$TOP_DIR/scripts/update-docker-kubeconfig.sh" 28 "$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR"
14 "$TOP_DIR/scripts/wait-for-master-1.sh" 29 "$TOP_DIR/scripts/wait-for-master-1.sh"
15 30
16 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3 31 docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3
...@@ -21,5 +36,8 @@ docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3 ...@@ -21,5 +36,8 @@ docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3
21 36
22 #docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy 37 #docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy
23 38
39 [[ ${features[istio]} ]] && istioctl install -yf "$TOP_DIR/istio-minimal-operator.yaml"
40
24 cd "$TOP_DIR" 41 cd "$TOP_DIR"
25 helmfile apply 42
43 helmfile --debug apply
......
1 #!/bin/sh 1 #!/bin/bash
2 2
3 set -e 3 set -ex
4 4
5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" 5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
6 export TOP_DIR 6 export TOP_DIR
7 7
8 . "$TOP_DIR/scripts/_parse_args.bash"
9
8 docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@" 10 docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@"
9 11
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
2 2
3 set -e 3 set -e
4 4
5 CONTEXT_DIR="$1"
6
5 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" 7 TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")"
6 export TOP_DIR 8 export TOP_DIR
7 9
...@@ -30,8 +32,8 @@ kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{ ...@@ -30,8 +32,8 @@ kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{
30 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate" 32 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate"
31 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-key-data}' | base64 -d > "$tmpd/client-key" 33 kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-key-data}' | base64 -d > "$tmpd/client-key"
32 34
33 kubectl config set-cluster "$TOP_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null 35 kubectl config set-cluster "$CONTEXT_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null
34 kubectl config set-credentials "$TOP_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null 36 kubectl config set-credentials "$CONTEXT_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null
35 kubectl config set-context "$TOP_DIR" --cluster="$TOP_DIR" --user="$TOP_DIR" > /dev/null 37 kubectl config set-context "$CONTEXT_DIR" --cluster="$CONTEXT_DIR" --user="$CONTEXT_DIR" > /dev/null
36 kubectl config use-context "$TOP_DIR" 38 kubectl config use-context "$CONTEXT_DIR"
37 39
......