forked from didier-durand/microservices-on-cloud-kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathk8s_library.sh
executable file
·344 lines (313 loc) · 10.9 KB
/
k8s_library.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
#!/bin/bash
#GCP_PROJECT comes from external env var (for securitry reasons)
export GCP_VERBOSITY='warning'
export GCP_ZONE='us-central1-c'
export GKE_CHANNEL='rapid'
export GKE_VERSION='1.18.12-gke.1201'
export GKE_NODES=3
export GKE_MACHINE='n1-standard-2'
export PROMETHEUS_NS='monitoring'
export ISTIO_NS='istio-system'
export ISTIO_VERSION=1.7.2
export LITMUS_VERSION=1.8.1
update_gcloud_sdk()
{
which gcloud
gcloud components install beta --quiet
gcloud components update --quiet
echo "gcloud path: $(which gcloud)"
}
gcloud_get_info()
{
echo '--- gcloud version ---'
gcloud version
echo '--- gcloud info ---'
gcloud info --anonymize
}
create_cluster()
{
local GKE_CLUSTER="$1"
echo "### list clusters [before create]:"
gcloud container clusters list --verbosity="$GCP_VERBOSITY" --project="$GCP_PROJECT" --quiet
echo "### create cluster: $GKE_CLUSTER"
# https://cloud.google.com/istio/docs/istio-on-gke/installing
# https://cloud.google.com/istio/docs/istio-on-gke/versions
# NB: Istio is still a 'beta' feature : see blelow
# --addons=Istio \
# --istio-config=auth='MTLS_PERMISSIVE' \
gcloud beta container clusters create "$GKE_CLUSTER" \
--cluster-version="$GKE_VERSION" \
--num-nodes="$GKE_NODES" \
--machine-type="$GKE_MACHINE" \
--project="$GCP_PROJECT" \
--zone "$GCP_ZONE" \
--release-channel "$GKE_CHANNEL" \
--quiet \
--verbosity="$GCP_VERBOSITY"
echo "### list clusters [after create]:"
gcloud container clusters list --verbosity="$GCP_VERBOSITY" --project="$GCP_PROJECT"
echo "### check istio:"
kubectl get services -n "$ISTIO_NS"
kubectl get pods -n "$ISTIO_NS"
}
delete_cluster()
{
local GKE_CLUSTER="$1"
echo "### list clusters [before delete]:"
gcloud container clusters delete "$GKE_CLUSTER" \
--project="$GCP_PROJECT" \
--zone "$GCP_ZONE" \
--quiet \
--verbosity="$GCP_VERBOSITY"
echo "#### list clusters [after delete]:"
}
gcloud_get_credentials()
{
echo "### get credentials & config for kubectl: "
gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GCP_ZONE" --project="$GCP_PROJECT"
}
cluster_info()
{
echo "### cluster info: "
kubectl cluster-info
echo "### get nodes: "
kubectl get nodes
echo "### get namespaces: "
kubectl get namespaces
echo "### get services: "
kubectl get services --all-namespaces
echo "### get deployments: "
kubectl get deployments --all-namespaces
echo "### get pods: "
kubectl get pods --all-namespaces
}
deploy_k8s_dashboard()
{
echo "### deploy k8s dashboard: "
kubectl apply -f 'https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.4/aio/deploy/recommended.yaml'
echo "### wait for deployments to become available: "
kubectl wait --for=condition=available --timeout=500s -n kubernetes-dashboard deployment/kubernetes-dashboard
kubectl wait --for=condition=available --timeout=500s -n kubernetes-dashboard deployment/dashboard-metrics-scraper
echo "### dashboard services: "
kubectl get services -n kubernetes-dashboard
kubectl get services -n kubernetes-dashboard | ((wc -l | grep 3) && echo 'no unexpected new service')
echo "### dashboard services: "
kubectl get pods -n kubernetes-dashboard
kubectl get pods -n kubernetes-dashboard | ((wc -l | grep 3) && echo 'no unexpected new pod')
#kubectl create serviceaccount 'dashboard-admin-sa'
#kubectl create clusterrolebinding 'dashboard-admin-sa' --clusterrole='cluster-admin' --serviceaccount='default:dashboard-admin-sa'
#kubectl get secrets
}
deploy_istio()
{
local ISTIO_NS="istio-system"
echo "### create istio ns: $ISTIO_NS"
kubectl delete ns "$ISTIO_NS" || true
kubectl create ns "$ISTIO_NS"
echo "### working directory: $(pwd)"
curl -L https://istio.io/downloadIstio | sh -
export PATH="$PATH:$(pwd)/istio-1.7.2/bin"
echo "### istioctl location: $(which istioctl)"
echo "### istioctl version: $(istioctl version --remote=false)"
echo "### istioctl install --set profile=demo"
istioctl install --set profile=demo
check_istio "$ISTIO_NS"
echo "### istio services:"
kubectl get services -n "$ISTIO_NS"
kubectl get services -n "$ISTIO_NS" | ((wc -l | grep 4) && echo 'no unexpected new service')
echo "### istio pods:"
kubectl get pods -n "$ISTIO_NS"
kubectl get pods -n "$ISTIO_NS" | ((wc -l | grep 4) && echo 'no unexpected new pod')
}
deploy_istio_addons()
{
echo "### deploy istio addons:"
# install of addons may have to be repeated accorcding to https://istio.io/latest/docs/setup/getting-started/#dashboard (true most of time....)
kubectl apply -f "istio-$ISTIO_VERSION/samples/addons" || kubectl apply -f "istio-$ISTIO_VERSION/samples/addons"
echo "### check istio addons:"
kubectl wait --for=condition=available --timeout=500s deployment/prometheus -n istio-system
kubectl wait --for=condition=available --timeout=500s deployment/grafana -n istio-system
kubectl wait --for=condition=available --timeout=500s deployment/jaeger -n istio-system
kubectl wait --for=condition=available --timeout=500s deployment/kiali -n istio-system
}
# see https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/
activate_istio_for_ns()
{
local ISTIO_APPL_NS="$1"
echo "#### activate istio for ns: $ISTIO_APPL_NS"
kubectl label namespace --overwrite "$ISTIO_APPL_NS" istio-injection='enabled'
kubectl get namespaces -L istio-injection
}
deactivate_istio_for_ns()
{
local ISTIO_APPL_NS="$1"
echo "#### deactivate istio for ns: $ISTIO_APPL_NS"
kubectl label namespace "$ISTIO_APPL_NS" istio-injection-
kubectl get namespaces -L istio-injection
}
analyze_istio_config()
{
local ISTIO_APPL_NS="$1"
echo "#### analyze istio config for ns: $ISTIO_APPL_NS"
istioctl analyze --output-threshold Info --namespace "$ISTIO_APPL_NS"
}
deploy_polaris()
{
kubectl apply -f https://github.com/FairwindsOps/polaris/releases/latest/download/dashboard.yaml
kubectl get namespaces | grep polaris
kubectl wait --for=condition=available --timeout=500s deployment/polaris-dashboard -n polaris
#kubectl port-forward --namespace polaris svc/polaris-dashboard 8080:80
}
deploy_kube_hunter()
{
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-hunter/master/job.yaml
kubectl describe job kube-hunter
#kubectl logs <pod name>
}
deploy_kube_bench()
{
# https://github.com/aquasecurity/kube-bench/issues/266
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/master/job-gke.yaml
kubectl describe job kube-bench
#kubectl logs <pod name>
}
deploy_litmus_operator()
{
echo "### install litmus choas engine: "
kubectl apply -f "https://litmuschaos.github.io/litmus/litmus-operator-v$LITMUS_VERSION.yaml"
echo "### get pods in ns litmus:"
kubectl get pods -n litmus
#chaos-operator-ce-
echo "### check crds defined by litmus:"
kubectl get crds
kubectl get crds | grep 'chaosengines.litmuschaos.io'
kubectl get crds | grep 'chaosexperiments.litmuschaos.io'
kubectl get crds | grep 'chaosresults.litmuschaos.io'
echo "### check apis defined by litmus:"
kubectl api-resources
kubectl api-resources | grep 'chaosengines'
kubectl api-resources | grep 'chaosexperiments'
kubectl api-resources | grep 'chaosresults'
}
delete_litmus_operator()
{
echo "### delete litmus operator: "
kubectl delete -f "https://litmuschaos.github.io/litmus/litmus-operator-v$LITMUS_VERSION.yaml"
}
run_litmus_engine()
{
local APPL_NS="$1"
echo "#### deploy generic experiments in : $APPL_NS"
#kubectl apply -f "https://hub.litmuschaos.io/api/chaos/$LITMUS_VERSION?file=charts/generic/experiments.yaml" -n "$APPL_NS"
kubectl get chaosexperiments -n "$APPL_NS"
kubectl get chaosexperiments -n "$APPL_NS" | wc -l | grep '22'
kubectl apply -f "kubernetes/litmus/rbac.yaml" -n "$APPL_NS"
#
kubectl annotate deployment/frontend --overwrite litmuschaos.io/chaos="true" -n "$APPL_NS"
kubectl label deployment/frontend --overwrite app='frontend' -n "$APPL_NS"
#
kubectl apply -f "kubernetes/litmus/chaos-engine.yaml" -n "$APPL_NS"
kubectl describe chaosresult frontend-chaos-pod-delete -n "$APPL_NS"
}
deploy_prometheus()
{
#deploy_prometheus
kubectl create namespace "$PROMETHEUS_NS"
kubectl create -f 'kubernetes/prometheus/prometheus-cluster-role.yaml'
kubectl create -f 'kubernetes/prometheus/prometheus-scrape-alerting.yaml'
kubectl create -f 'kubernetes/promotheus/prometheus-deployment.yaml'
kubectl get pods --namespace='monitoring'
#kubectl port-forward prometheus-deployment-7bb6c5d7fd-d2zsf 8080:9090 -n monitoring
}
#to be used if istio addon is installed via this script
check_istio()
{
local ISTIO_SERVICES=(
'istiod'
'istio-ingressgateway'
'istio-egressgateway'
)
check_services "$ISTIO_NS" "${ISTIO_SERVICES[@]}"
local ISTIO_PODS=(
'istiod-'
'istio-ingressgateway-'
'istio-egressgateway-'
)
check_pods "$ISTIO_NS" "${ISTIO_PODS[@]}"
}
#to be used if GKE istio addon is activated
check_gke_istio()
{
local ISTIO_SERVICES=(
'istio-citadel'
'istio-galley'
'istio-ingressgateway'
'istio-pilot'
'istio-policy'
'istio-sidecar-injector'
'istio-telemetry'
)
check_services "$ISTIO_NS" "${ISTIO_SERVICES[@]}"
local ISTIO_PODS=(
'istio-citadel-'
'istio-galley-'
'istio-ingressgateway-'
'istio-pilot-'
'istio-policy-'
'istio-security-post-install-'
'istio-sidecar-injector-'
'istio-telemetry-'
)
check_pods "$ISTIO_NS" "${ISTIO_PODS[@]}"
local PROMETHEUS_SERVICES=(
'promsd'
'prometheus'
)
check_services "$ISTIO_NS" "${PROMETHEUS_SERVICES[@]}"
local PROMETHEUS_PODS=(
'promsd-'
'prometheus-'
)
check_pods "$ISTIO_NS" "${PROMETHEUS_PODS[@]}"
}
check_services()
{
local NS="$1"
shift
local SERVICES=("$@")
echo "check services in ns: $1 -> ${SERVICES[@]}"
local KUBECTL=$(kubectl get services -n "$NS")
echo "### kubectl<begin>"
echo "$KUBECTL"
echo "### kubectl<end>"
check_strings "$KUBECTL" "${SERVICES[@]}"
}
check_pods()
{
local NS="$1"
shift
local PODS=("$@")
echo "check pods in ns: $1 -> ${PODS[@]}"
local KUBECTL=$(kubectl get pods -n "$NS")
echo "### kubectl<begin>"
echo "$KUBECTL"
echo "### kubectl<end>"
check_strings "$KUBECTL" "${PODS[@]}"
}
# https://askubuntu.com/questions/674333/how-to-pass-an-array-as-function-argument
check_strings()
{
local STR_COMMAND="$1"
shift
STR_ARRAY=("$@")
for STR in "${STR_ARRAY[@]}"
do
#echo " $STR_COMMAND =?= *$STR*"
if [[ ! "$STR_COMMAND" == *"$STR"* ]]
then
echo "### command string: $STR_COMMAND"
echo "### ERROR: no match for $STR"
exit 1
fi
done
}