Add CONTEXT_DIR, feature flags.
Showing
10 changed files
with
116 additions
and
9 deletions
... | @@ -67,6 +67,8 @@ x-k3s-agent-base: &_x-k3s-agent-base | ... | @@ -67,6 +67,8 @@ x-k3s-agent-base: &_x-k3s-agent-base |
67 | networks: | 67 | networks: |
68 | default: | 68 | default: |
69 | nginx: | 69 | nginx: |
70 | ports: | ||
71 | - 443 | ||
70 | environment: | 72 | environment: |
71 | - K3S_URL=https://k3s-master:6443 | 73 | - K3S_URL=https://k3s-master:6443 |
72 | - K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token | 74 | - K3S_TOKEN_FILE=/var/lib/rancher/k3s/server/node-token | ... | ... |
environments.yaml
0 → 100644
istio-minimal-operator.yaml
0 → 100644
1 | apiVersion: install.istio.io/v1alpha1 | ||
2 | kind: IstioOperator | ||
3 | spec: | ||
4 | values: | ||
5 | global: | ||
6 | proxy: | ||
7 | autoInject: enabled | ||
8 | useMCP: false | ||
9 | # The third-party-jwt is not enabled on all k8s. | ||
10 | # See: https://istio.io/docs/ops/best-practices/security/#configure-third-party-service-account-tokens | ||
11 | jwtPolicy: third-party-jwt | ||
12 | |||
13 | addonComponents: | ||
14 | pilot: | ||
15 | enabled: true | ||
16 | |||
17 | components: | ||
18 | ingressGateways: | ||
19 | - name: istio-ingressgateway | ||
20 | enabled: true |
scripts/_parse_args.bash
0 → 100644
1 | #!/bin/bash | ||
2 | |||
3 | CONTEXT_DIR="$TOP_DIR" | ||
4 | |||
5 | declare -a args | ||
6 | declare -A features=( | ||
7 | [cert-manager]=1 | ||
8 | [istio]=1 | ||
9 | ) | ||
10 | |||
11 | while [[ $# -gt 0 ]]; do | ||
12 | arg="$1" | ||
13 | shift | ||
14 | case "$arg" in | ||
15 | (--context-dir) | ||
16 | CONTEXT_DIR="$1" | ||
17 | shift | ||
18 | ;; | ||
19 | (--feature) | ||
20 | features[$1]=1 | ||
21 | shift | ||
22 | ;; | ||
23 | (--no-feature) | ||
24 | features[$1]= | ||
25 | shift | ||
26 | ;; | ||
27 | (*) | ||
28 | args+=("$arg") | ||
29 | ;; | ||
30 | esac | ||
31 | done | ||
32 | set -- "${args[@]}" | ||
33 | |||
34 | for feature in "${!features[@]}"; do | ||
35 | fixed_feature="${feature^^*}" | ||
36 | fixed_feature="${fixed_feature//-/_}" | ||
37 | feature_enabled=false | ||
38 | [[ ${features[$feature]} ]] && feature_enabled=true | ||
39 | eval "${fixed_feature}_ENABLED"="$feature_enabled" | ||
40 | export "${fixed_feature}_ENABLED" | ||
41 | done | ||
42 | |||
43 | export CONTEXT_DIR |
1 | #!/bin/sh | 1 | #!/bin/bash |
2 | 2 | ||
3 | set -e | 3 | set -e |
4 | 4 | ||
5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" | 5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" |
6 | export TOP_DIR | 6 | export TOP_DIR |
7 | 7 | ||
8 | . "$TOP_DIR/scripts/_parse_args.bash" | ||
9 | |||
10 | case "$1" in | ||
11 | (switch-to) | ||
12 | "$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR" | ||
13 | exit | ||
14 | ;; | ||
15 | ("") | ||
16 | ;; | ||
17 | (*) | ||
18 | echo "Unknown command: $1" 1>&2 | ||
19 | exit 1 | ||
20 | ;; | ||
21 | esac | ||
22 | |||
8 | "$TOP_DIR/scripts/ensure-certs.sh" | 23 | "$TOP_DIR/scripts/ensure-certs.sh" |
9 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d registry | 24 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d registry |
10 | "$TOP_DIR/scripts/wait-for-etcd.sh" | 25 | "$TOP_DIR/scripts/wait-for-etcd.sh" |
11 | 26 | ||
12 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1 | 27 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-1 |
13 | "$TOP_DIR/scripts/update-docker-kubeconfig.sh" | 28 | "$TOP_DIR/scripts/update-docker-kubeconfig.sh" "$CONTEXT_DIR" |
14 | "$TOP_DIR/scripts/wait-for-master-1.sh" | 29 | "$TOP_DIR/scripts/wait-for-master-1.sh" |
15 | 30 | ||
16 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3 | 31 | docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-coredns-1 k3s-coredns-2 k3s-coredns-3 |
... | @@ -21,5 +36,8 @@ docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3 | ... | @@ -21,5 +36,8 @@ docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-master-2 k3s-master-3 |
21 | 36 | ||
22 | #docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy | 37 | #docker-compose -f "$TOP_DIR/docker-compose.yaml" up -d k3s-proxy |
23 | 38 | ||
39 | [[ ${features[istio]} ]] && istioctl install -yf "$TOP_DIR/istio-minimal-operator.yaml" | ||
40 | |||
24 | cd "$TOP_DIR" | 41 | cd "$TOP_DIR" |
25 | helmfile apply | 42 | |
43 | helmfile --debug apply | ... | ... |
1 | #!/bin/sh | 1 | #!/bin/bash |
2 | 2 | ||
3 | set -e | 3 | set -ex |
4 | 4 | ||
5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" | 5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" |
6 | export TOP_DIR | 6 | export TOP_DIR |
7 | 7 | ||
8 | . "$TOP_DIR/scripts/_parse_args.bash" | ||
9 | |||
8 | docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@" | 10 | docker-compose -f "$TOP_DIR/docker-compose.yaml" down "$@" |
9 | 11 | ... | ... |
... | @@ -2,6 +2,8 @@ | ... | @@ -2,6 +2,8 @@ |
2 | 2 | ||
3 | set -e | 3 | set -e |
4 | 4 | ||
5 | CONTEXT_DIR="$1" | ||
6 | |||
5 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" | 7 | TOP_DIR="$(cd "$(dirname "$0")/.."; echo "$PWD")" |
6 | export TOP_DIR | 8 | export TOP_DIR |
7 | 9 | ||
... | @@ -30,8 +32,8 @@ kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{ | ... | @@ -30,8 +32,8 @@ kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{ |
30 | kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate" | 32 | kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-certificate-data}' | base64 -d > "$tmpd/client-certificate" |
31 | kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-key-data}' | base64 -d > "$tmpd/client-key" | 33 | kubectl config --kubeconfig="$tmpd/config.docker" view --raw=true -o jsonpath='{.users[].user.client-key-data}' | base64 -d > "$tmpd/client-key" |
32 | 34 | ||
33 | kubectl config set-cluster "$TOP_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null | 35 | kubectl config set-cluster "$CONTEXT_DIR" --embed-certs=true --server="https://$MASTER_IP:6443" --certificate-authority="$tmpd/cluster-certificate-authority" > /dev/null |
34 | kubectl config set-credentials "$TOP_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null | 36 | kubectl config set-credentials "$CONTEXT_DIR" --embed-certs=true --client-certificate="$tmpd/client-certificate" --client-key="$tmpd/client-key" > /dev/null |
35 | kubectl config set-context "$TOP_DIR" --cluster="$TOP_DIR" --user="$TOP_DIR" > /dev/null | 37 | kubectl config set-context "$CONTEXT_DIR" --cluster="$CONTEXT_DIR" --user="$CONTEXT_DIR" > /dev/null |
36 | kubectl config use-context "$TOP_DIR" | 38 | kubectl config use-context "$CONTEXT_DIR" |
37 | 39 | ... | ... |
-
Please register or sign in to post a comment