2020-11-03 12:51:57 +00:00
|
|
|
#!/bin/bash
|
|
|
|
set -ex
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
ACTION=$1
|
2020-12-01 15:46:04 +00:00
|
|
|
ARTIFACTS=($(echo $2 | tr "," "\n"))
|
2020-11-26 17:37:10 +00:00
|
|
|
CLUSTER=$3
|
2020-11-26 13:21:10 +00:00
|
|
|
LOCATION=${4:-""}
|
2020-11-21 12:24:57 +00:00
|
|
|
|
|
|
|
which yq || { echo "yq not found!"; exit 1; }
|
2020-12-03 10:04:08 +00:00
|
|
|
which helm || { echo "helm not found!"; exit 1; }
|
|
|
|
helm_version=$(helm version --short)
|
2021-08-26 13:00:03 +00:00
|
|
|
echo $helm_version | grep -qe "^v3.[5-9]" || { echo "Helm version >= 3.5 required!"; exit 1; }
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2021-08-25 14:01:02 +00:00
|
|
|
# Simulate well-known CRDs being available
|
2021-09-28 14:12:23 +00:00
|
|
|
API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1"
|
2021-08-25 14:01:02 +00:00
|
|
|
KUBE_VERSION="--kube-version $(kubectl version -o json | jq -r .serverVersion.gitVersion)"
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
TMPDIR=$(mktemp -d kubezero.XXX)
|
2021-03-17 16:29:44 +00:00
|
|
|
[ -z "$DEBUG" ] && trap 'rm -rf $TMPDIR' ERR EXIT
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2020-11-03 12:51:57 +00:00
|
|
|
|
|
|
|
# Waits for max 300s and retries
|
|
|
|
function wait_for() {
|
|
|
|
local TRIES=0
|
|
|
|
while true; do
|
2020-11-21 12:24:57 +00:00
|
|
|
eval " $@" && break
|
|
|
|
[ $TRIES -eq 100 ] && return 1
|
2020-11-03 12:51:57 +00:00
|
|
|
let TRIES=$TRIES+1
|
|
|
|
sleep 3
|
|
|
|
done
|
|
|
|
}
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
|
|
|
|
function chart_location() {
|
|
|
|
if [ -z "$LOCATION" ]; then
|
|
|
|
echo "$1 --repo https://zero-down-time.github.io/kubezero"
|
|
|
|
else
|
|
|
|
echo "$LOCATION/$1"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
# make sure namespace exists prior to calling helm as the create-namespace options doesn't work
|
|
|
|
function create_ns() {
|
|
|
|
local namespace=$1
|
2020-11-30 11:34:44 +00:00
|
|
|
if [ "$namespace" != "kube-system" ]; then
|
|
|
|
kubectl get ns $namespace || kubectl create ns $namespace
|
|
|
|
fi
|
2020-11-30 09:49:38 +00:00
|
|
|
}
|
2020-11-03 12:51:57 +00:00
|
|
|
|
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
# delete non kube-system ns
|
|
|
|
function delete_ns() {
|
|
|
|
local namespace=$1
|
|
|
|
[ "$namespace" != "kube-system" ] && kubectl delete ns $namespace
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Extract crds via helm calls and apply delta=crds only
|
|
|
|
function _crds() {
|
2021-11-11 13:53:23 +00:00
|
|
|
helm template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-crds --set ${module}.installCRDs=false -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-no-crds.yaml
|
|
|
|
helm template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --include-crds --set ${module}.installCRDs=true -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION > $TMPDIR/helm-crds.yaml
|
2020-12-07 21:06:00 +00:00
|
|
|
diff -e $TMPDIR/helm-no-crds.yaml $TMPDIR/helm-crds.yaml | head -n-1 | tail -n+2 > $TMPDIR/crds.yaml
|
2021-11-11 13:53:23 +00:00
|
|
|
|
|
|
|
# Only apply if there are actually any crds
|
|
|
|
if [ -s $TMPDIR/crds.yaml ]; then
|
|
|
|
kubectl apply -f $TMPDIR/crds.yaml
|
|
|
|
fi
|
2020-11-30 09:49:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# helm template | kubectl apply -f -
|
|
|
|
# confine to one namespace if possible
|
|
|
|
function apply(){
|
2021-11-11 13:53:23 +00:00
|
|
|
helm template $(chart_location $chart) -n $namespace --name-template $module $targetRevision --skip-crds -f $TMPDIR/values.yaml $API_VERSIONS $KUBE_VERSION $@ > $TMPDIR/helm.yaml
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2021-08-25 14:01:02 +00:00
|
|
|
# If resources are in more than ONE $namespace, apply without restrictions
|
2020-11-21 12:24:57 +00:00
|
|
|
nr_ns=$(grep -e '^ namespace:' $TMPDIR/helm.yaml | sed "s/\"//g" | sort | uniq | wc -l)
|
|
|
|
if [ $nr_ns -gt 1 ]; then
|
2020-11-30 09:49:38 +00:00
|
|
|
kubectl $action -f $TMPDIR/helm.yaml && rc=$? || rc=$?
|
2020-11-03 12:51:57 +00:00
|
|
|
else
|
2020-11-30 09:49:38 +00:00
|
|
|
kubectl $action --namespace $namespace -f $TMPDIR/helm.yaml && rc=$? || rc=$?
|
2020-11-03 12:51:57 +00:00
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
function _helm() {
|
|
|
|
local action=$1
|
2021-11-11 13:53:23 +00:00
|
|
|
local module=$2
|
|
|
|
|
|
|
|
local chart="kubezero-${module}"
|
|
|
|
local namespace=$(yq r $TMPDIR/kubezero/templates/${module}.yaml spec.destination.namespace)
|
2020-11-30 09:49:38 +00:00
|
|
|
|
2021-11-11 13:53:23 +00:00
|
|
|
local targetRevision="--version $(yq r $TMPDIR/kubezero/templates/${module}.yaml spec.source.targetRevision)"
|
|
|
|
|
|
|
|
yq r $TMPDIR/kubezero/templates/${module}.yaml 'spec.source.helm.values' > $TMPDIR/values.yaml
|
2020-11-30 09:49:38 +00:00
|
|
|
|
|
|
|
if [ $action == "crds" ]; then
|
2021-11-11 13:53:23 +00:00
|
|
|
# Allow custom CRD handling
|
|
|
|
declare -F ${module}-crds && ${module}-crds || _crds
|
2020-12-04 14:05:35 +00:00
|
|
|
|
2020-12-01 15:46:04 +00:00
|
|
|
elif [ $action == "apply" ]; then
|
2020-11-30 09:49:38 +00:00
|
|
|
# namespace must exist prior to apply
|
2020-12-01 15:46:04 +00:00
|
|
|
create_ns $namespace
|
2020-11-30 09:49:38 +00:00
|
|
|
|
|
|
|
# Optional pre hook
|
2021-11-11 13:53:23 +00:00
|
|
|
declare -F ${module}-pre && ${module}-pre
|
2020-11-30 09:49:38 +00:00
|
|
|
|
|
|
|
apply
|
2020-11-03 12:51:57 +00:00
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
# Optional post hook
|
2021-11-11 13:53:23 +00:00
|
|
|
declare -F ${module}-post && ${module}-post
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2020-12-01 15:46:04 +00:00
|
|
|
elif [ $action == "delete" ]; then
|
|
|
|
apply
|
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
# Delete dedicated namespace if not kube-system
|
2020-12-01 15:46:04 +00:00
|
|
|
delete_ns $namespace
|
2020-11-30 09:49:38 +00:00
|
|
|
fi
|
2020-11-30 11:34:44 +00:00
|
|
|
|
|
|
|
return 0
|
2020-11-03 12:51:57 +00:00
|
|
|
}
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
|
2020-11-03 12:51:57 +00:00
|
|
|
################
|
|
|
|
# cert-manager #
|
|
|
|
################
|
2020-11-30 09:49:38 +00:00
|
|
|
function cert-manager-post() {
|
|
|
|
# If any error occurs, wait for initial webhook deployment and try again
|
|
|
|
# see: https://cert-manager.io/docs/concepts/webhook/#webhook-connection-problems-shortly-after-cert-manager-installation
|
|
|
|
|
|
|
|
if [ $rc -ne 0 ]; then
|
|
|
|
wait_for "kubectl get deployment -n $namespace cert-manager-webhook"
|
|
|
|
kubectl rollout status deployment -n $namespace cert-manager-webhook
|
|
|
|
wait_for 'kubectl get validatingwebhookconfigurations -o yaml | grep "caBundle: LS0"'
|
|
|
|
apply
|
2020-11-21 12:24:57 +00:00
|
|
|
fi
|
2020-11-30 09:49:38 +00:00
|
|
|
|
|
|
|
wait_for "kubectl get ClusterIssuer -n $namespace kubezero-local-ca-issuer"
|
|
|
|
kubectl wait --timeout=180s --for=condition=Ready -n $namespace ClusterIssuer/kubezero-local-ca-issuer
|
2020-11-21 12:24:57 +00:00
|
|
|
}
|
2020-11-03 12:51:57 +00:00
|
|
|
|
|
|
|
|
2020-11-21 12:24:57 +00:00
|
|
|
########
|
|
|
|
# Kiam #
|
|
|
|
########
|
2020-11-30 09:49:38 +00:00
|
|
|
function kiam-pre() {
|
|
|
|
# Certs only first
|
|
|
|
apply --set kiam.enabled=false
|
|
|
|
kubectl wait --timeout=120s --for=condition=Ready -n kube-system Certificate/kiam-server
|
2020-11-21 12:24:57 +00:00
|
|
|
}
|
|
|
|
|
2020-11-30 09:49:38 +00:00
|
|
|
function kiam-post() {
|
|
|
|
wait_for 'kubectl get daemonset -n kube-system kiam-agent'
|
|
|
|
kubectl rollout status daemonset -n kube-system kiam-agent
|
2020-11-21 12:24:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-04-21 14:13:40 +00:00
|
|
|
###########
|
|
|
|
# Metrics #
|
|
|
|
###########
|
|
|
|
# Cleanup patch jobs from previous runs , ArgoCD does this automatically
|
|
|
|
function metrics-pre() {
|
|
|
|
kubectl delete jobs --field-selector status.successful=1 -n monitoring
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-11-11 13:53:23 +00:00
|
|
|
##########
|
2020-11-21 12:24:57 +00:00
|
|
|
## MAIN ##
|
2021-11-11 13:53:23 +00:00
|
|
|
##########
|
|
|
|
if [ ! -f $CLUSTER/kubezero/application.yaml ]; then
|
|
|
|
echo "Cannot find cluster config!"
|
|
|
|
exit 1
|
2021-08-30 10:52:35 +00:00
|
|
|
fi
|
2021-08-25 14:01:02 +00:00
|
|
|
|
2021-11-11 13:53:23 +00:00
|
|
|
KUBEZERO_VERSION=$(yq r $CLUSTER/kubezero/application.yaml 'spec.source.targetRevision')
|
|
|
|
|
|
|
|
# Extract all kubezero values from argo app
|
|
|
|
yq r $CLUSTER/kubezero/application.yaml 'spec.source.helm.values' > $TMPDIR/values.yaml
|
|
|
|
|
|
|
|
# Render all enabled Kubezero modules
|
|
|
|
helm template $(chart_location kubezero) -f $TMPDIR/values.yaml --version $KUBEZERO_VERSION --devel --output-dir $TMPDIR
|
|
|
|
|
|
|
|
# Resolve all the all enabled artifacts
|
2021-08-25 14:01:02 +00:00
|
|
|
if [ ${ARTIFACTS[0]} == "all" ]; then
|
2021-11-11 13:53:23 +00:00
|
|
|
ARTIFACTS=($(ls $TMPDIR/kubezero/templates | sed -e 's/.yaml//g'))
|
2021-08-25 14:01:02 +00:00
|
|
|
fi
|
|
|
|
echo "Artifacts: ${ARTIFACTS[@]}"
|
|
|
|
|
2021-11-11 13:53:23 +00:00
|
|
|
if [ $1 == "apply" -o $1 == "crds" ]; then
|
2020-11-21 12:24:57 +00:00
|
|
|
for t in ${ARTIFACTS[@]}; do
|
2021-11-11 13:53:23 +00:00
|
|
|
_helm $1 $t || true
|
2020-11-21 12:24:57 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
# Delete in reverse order, continue even if errors
|
|
|
|
elif [ $1 == "delete" ]; then
|
|
|
|
set +e
|
|
|
|
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
|
2021-11-11 13:53:23 +00:00
|
|
|
_helm delete ${ARTIFACTS[idx]} || true
|
2020-11-21 12:24:57 +00:00
|
|
|
done
|
2020-11-03 12:51:57 +00:00
|
|
|
fi
|