-
Notifications
You must be signed in to change notification settings - Fork 2
/
initialize_kubementat.sh
executable file
·311 lines (268 loc) · 13.6 KB
/
initialize_kubementat.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
#!/usr/bin/env bash
####
# This script initializes a basic configuration for getting up and running with kubementat automations and platform setup
####
set -e
TARGET_ENVIRONMENT="dev"
TARGET_TEAM="dev1"
################## FUNCTION DEFINITIONS ####################
function check_is_already_initialized(){
if [[ -f platform_config/$TARGET_ENVIRONMENT/static.encrypted.json ]]; then
echo "Found platform_config/$TARGET_ENVIRONMENT/static.encrypted.json . It seems that kubementat has been initialized already! Exiting"
exit 1
elif [[ -f platform_config/$TARGET_ENVIRONMENT/static.json ]]; then
echo "Found platform_config/$TARGET_ENVIRONMENT/static.json . It seems that kubementat has been initialized already! Exiting"
exit 1
elif [[ -f platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.json ]]; then
echo "Found platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.json . It seems that kubementat has been initialized already! Exiting"
exit 1
elif [[ -f platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.encrypted.json ]]; then
echo "Found platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.encrypted.json . It seems that kubementat has been initialized already! Exiting"
exit 1
else
echo "kubementat is not initialized yet! Starting basic configuration."
fi
}
function check_required_environment_variables(){
if [[ -z "$BASE_DOMAIN" || -z "$AUTOMATION_GIT_URL" || -z "$AUTOMATION_GIT_SERVER_HOST" || -z "$AUTOMATION_GIT_SERVER_PORT" || -z "$AUTOMATION_GIT_SERVER_SSH_USER" || -z "$KUBERNETES_DEFAULT_STORAGE_CLASS" || -z "$DOCKER_REGISTRY_BASE_URL" || -z "$CLUSTER_MANAGER_EMAIL" ]]; then
echo "Unsufficient environment configuration provided! Exiting."
echo "Please define the required according ENVIRONMENT variables via exports:"
echo "e.g.:"
echo "export BASE_DOMAIN='example.com'"
echo "export AUTOMATION_GIT_URL='git@github.com:Kubementat/kubementat.git'"
echo "export AUTOMATION_GIT_SERVER_HOST='github.com'"
echo "export AUTOMATION_GIT_SERVER_PORT='22'"
echo "export AUTOMATION_GIT_SERVER_SSH_USER='git'"
echo "export KUBERNETES_DEFAULT_STORAGE_CLASS='local-path'"
echo "export DOCKER_REGISTRY_BASE_URL='docker.io/julianweberdev'"
echo "export CLUSTER_MANAGER_EMAIL='yourmail@example.com'"
echo ""
echo "Then run this script via:"
echo "./initialize_kubementat.sh"
exit 1
fi
}
function check_dependencies(){
echo "Checking local dependencies"
command -v kubectl >/dev/null 2>&1 || { echo "kubectl is not installed. Aborting." >&2; exit 1; }
command -v helm >/dev/null 2>&1 || { echo "helm is not installed. Aborting." >&2; exit 1; }
command -v helmfile >/dev/null 2>&1 || { echo "helmfile is not installed. Aborting." >&2; exit 1; }
command -v jq >/dev/null 2>&1 || { echo "jq is not installed. Aborting." >&2; exit 1; }
command -v yq >/dev/null 2>&1 || { echo "yq is not installed. Aborting." >&2; exit 1; }
command -v git >/dev/null 2>&1 || { echo "git is not installed. Aborting." >&2; exit 1; }
command -v git-crypt >/dev/null 2>&1 || { echo "git-crypt is not installed. Aborting." >&2; exit 1; }
command -v gpg >/dev/null 2>&1 || { echo "gpg is not installed. Aborting." >&2; exit 1; }
echo "Finished checking local dependencies"
echo "################"
echo ""
}
function print_cli_versions(){
echo ""
echo "CLI VERSIONS:"
echo ""
echo "kubectl: $(kubectl version)"
echo "helm: $(helm version)"
echo "helmfile: $(helmfile version)"
echo "jq: $(jq --version)"
echo "yq: $(yq --version)"
echo "git: $(git --version)"
echo "git-crypt: $(git-crypt --version)"
echo "gpg: $(gpg --version)"
echo "################"
echo ""
}
function generate_password(){
gpg --gen-random --armor 1 14
}
function does_file_with_pattern_exist {
local arg="$*"
local files=($arg)
[ ${#files[@]} -gt 1 ] || [ ${#files[@]} -eq 1 ] && [ -e "${files[0]}" ]
}
# writes directories and config files from .template files for given directory
function write_config_from_templates_for_directory(){
local source_directory="$1"
local target_directory="$2"
echo ""
echo "template source directory: $source_directory"
echo "target directory: $target_directory"
echo ""
for directory in "$source_directory"/* ; do
# for each directory
if [[ -d "$directory" ]]; then
dir_name="$(basename "$directory")"
echo "Creating directory: $target_directory/$dir_name"
mkdir -p "$target_directory/$dir_name"
echo ""
# for each *.template file within the directory
for template_file in "$source_directory/$dir_name"/*.template ; do
template_file_name="$(basename "$template_file")"
new_filename="${template_file_name//.template/}"
new_path="$target_directory/$dir_name/$new_filename"
echo " Copy template: $template_file --> $new_path"
cp "$template_file" "$new_path"
echo ""
done
fi
done
echo ""
}
################## FUNCTION DEFINITION END ####################
# initial checks
check_required_environment_variables
check_is_already_initialized
check_dependencies
print_cli_versions
# DEPLOYER SSH KEY SETUP
if [[ ! -f deployer_ssh_key ]]; then
echo "Generating git deployer ssh key ..."
ssh-keygen -b 2048 -t rsa -f deployer_ssh_key -q -N ""
echo "Finished generating git deployer ssh key."
else
echo "git deployer ssh key is already present on machine. Skipping generation."
fi
# GPG setup
if [[ ! -f gpg_private.key ]]; then
echo "Generating deployer gpg key ..."
# list all local gpg keys
# gpg -k
# generate a gpg key for the deployer user
random_number="$((1 + $RANDOM % 1000))"
GIT_DEPLOYER_EMAIL="deployer${random_number}@${BASE_DOMAIN}"
echo "GPG GIT_DEPLOYER_EMAIL: $GIT_DEPLOYER_EMAIL"
gpg --batch --passphrase '' --quick-gen-key "$GIT_DEPLOYER_EMAIL" default default
# gpg --list-secret-keys "$GIT_DEPLOYER_EMAIL"
# export private key
gpg --export-secret-keys "$GIT_DEPLOYER_EMAIL" > gpg_private.key
# export public key
gpg --export -a "$GIT_DEPLOYER_EMAIL" > gpg_public_key.gpg
# for importing:
# private key
# gpg --import gpg_private.key
# public key
# gpg --import gpg_public_key.gpg
echo "Finished generating deployer gpg key."
else
echo "git deployer gpg key is already present on machine. Skipping generation."
fi
# for transforming to base64
## ATTENTION: base64 behaves differently on some Operating system
GIT_DEPLOYER_GPG_PRIVATE_KEY_BASE64=""
GIT_DEPLOYER_PRIVATE_KEY_BASE64=""
if [[ "$(uname -a |grep -o Darwin | head -n1)" == "Darwin" ]]; then
### OS X Variant
GIT_DEPLOYER_GPG_PRIVATE_KEY_BASE64="$(cat gpg_private.key | openssl base64 -A)"
GIT_DEPLOYER_PRIVATE_KEY_BASE64="$(cat deployer_ssh_key | openssl base64 -A)"
else
### linux variant
GIT_DEPLOYER_GPG_PRIVATE_KEY_BASE64="$(cat gpg_private.key | base64 -w 0)"
GIT_DEPLOYER_PRIVATE_KEY_BASE64="$(cat deployer_ssh_key | base64 -w 0)"
fi
GIT_DEPLOYER_GPG_PUBLIC_KEY="$(cat gpg_public_key.gpg)"
# Configure platform_config/$TARGET_ENVIRONMENT/static.json
echo "Creating config sub-directory: platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM"
mkdir -p "platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM"
echo "Writing platform_config/$TARGET_ENVIRONMENT/static.json"
jq \
--arg automation_git_url "$AUTOMATION_GIT_URL" \
--arg automation_git_server_host "$AUTOMATION_GIT_SERVER_HOST" \
--arg automation_git_server_port "$AUTOMATION_GIT_SERVER_PORT" \
--arg automation_git_server_ssh_user "$AUTOMATION_GIT_SERVER_SSH_USER" \
--arg docker_registry_base_url "$DOCKER_REGISTRY_BASE_URL" \
--arg cluster_manager_email "$CLUSTER_MANAGER_EMAIL" \
--arg base_domain "$BASE_DOMAIN" \
--arg git_deployer_gpg_public_key "$GIT_DEPLOYER_GPG_PUBLIC_KEY" \
--arg git_deployer_email "$GIT_DEPLOYER_EMAIL" \
--arg ssh_public_key "$(cat deployer_ssh_key.pub)" \
--arg tekton_kubernetes_storage_class "$KUBERNETES_DEFAULT_STORAGE_CLASS" \
'.AUTOMATION_GIT_URL |= $automation_git_url | .AUTOMATION_GIT_SERVER_HOST |= $automation_git_server_host | .AUTOMATION_GIT_SERVER_PORT |= $automation_git_server_port | .AUTOMATION_GIT_SERVER_SSH_USER |= $automation_git_server_ssh_user | .DOCKER_REGISTRY_BASE_URL |= $docker_registry_base_url | .BASE_DOMAIN |= $base_domain | .GIT_DEPLOYER_GPG_PUBLIC_KEY |= $git_deployer_gpg_public_key | .GIT_DEPLOYER_EMAIL |= $git_deployer_email | .GIT_DEPLOYER_PUBLIC_KEY |= $ssh_public_key | .TEKTON_KUBERNETES_STORAGE_CLASS |= $tekton_kubernetes_storage_class | .CLUSTER_MANAGER_EMAIL |= $cluster_manager_email' \
templates/environment/static.json.template > "platform_config/$TARGET_ENVIRONMENT/static.json"
# Configure platform_config/$TARGET_ENVIRONMENT/static.encrypted.json
echo "Writing platform_config/$TARGET_ENVIRONMENT/static.encrypted.json"
jq \
--arg gpg_private_key "$GIT_DEPLOYER_GPG_PRIVATE_KEY_BASE64" \
--arg ssh_private_key "$GIT_DEPLOYER_PRIVATE_KEY_BASE64" \
--arg grafana_password "$(generate_password)" \
'.GIT_DEPLOYER_GPG_PRIVATE_KEY_BASE64 |= $gpg_private_key | .GIT_DEPLOYER_PRIVATE_KEY_BASE64 |= $ssh_private_key | .GRAFANA_ADMIN_PASSWORD |= $grafana_password' \
templates/environment/static.encrypted.json.template >platform_config/$TARGET_ENVIRONMENT/static.encrypted.json
# Configure platform_config/$TARGET_ENVIRONMENT/dev1/static.json
echo "Writing platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.json"
jq \
--arg storage_class "$KUBERNETES_DEFAULT_STORAGE_CLASS" \
'.POSTGRES_VOLUME_STORAGE_CLASS |= $storage_class | .CASSANDRA_VOLUME_STORAGE_CLASS |= $storage_class | .KAFKA_VOLUME_STORAGE_CLASS |= $storage_class | .MONGODB_VOLUME_STORAGE_CLASS |= $storage_class | .MYSQL_VOLUME_STORAGE_CLASS |= $storage_class | .REDIS_VOLUME_STORAGE_CLASS |= $storage_class' \
templates/environment/team/static.json.template >platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.json
# Configure platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.encrypted.json
echo "Writing platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.encrypted.json"
jq \
--arg cassandra_pw "$(generate_password)" \
--arg mongodb_pw "$(generate_password)" \
--arg mysql_database_pw "$(generate_password)" \
--arg mysql_root_pw "$(generate_password)" \
--arg redis_pw "$(generate_password)" \
--arg postgres_pw "$(generate_password)" \
--arg gitlab_webhook_secret "$(generate_password)" \
--arg github_webhook_secret "$(generate_password)" \
'.POSTGRES_ADMIN_PASSWORD |= $postgres_pw | .CASSANDRA_ADMIN_PASSWORD |= $cassandra_pw | .MONGODB_ROOT_PASSWORD |= $mongodb_pw | .MYSQL_DATABASE_CONFIGURATION[0].PASSWORD |= $mysql_database_pw | .MYSQL_ROOT_PASSWORD |= $mysql_root_pw | .REDIS_PASSWORD |= $redis_pw | .GITLAB_WEBHOOK_SECRET |= $gitlab_webhook_secret | .GITHUB_WEBHOOK_SECRET |= $github_webhook_secret' \
templates/environment/team/static.encrypted.json.template >platform_config/$TARGET_ENVIRONMENT/$TARGET_TEAM/static.encrypted.json
echo ""
echo "#####################"
# copy over default helm chart and platform component configuration files from templates
echo "Configuring default platform_config values files for dev platform components ..."
echo "Creating kubementat_components sub-directory: platform_config/$TARGET_ENVIRONMENT/kubementat_components"
mkdir -p "platform_config/$TARGET_ENVIRONMENT/kubementat_components"
# copy over kubementat_components helmfile.yaml
cp templates/environment/kubementat_components/helmfile.yaml.template platform_config/$TARGET_ENVIRONMENT/kubementat_components/helmfile.yaml
write_config_from_templates_for_directory "templates/environment/kubementat_components" "platform_config/${TARGET_ENVIRONMENT}/kubementat_components"
echo "#####################"
echo ""
echo "Configuring default platform_config values files for team dev1 ..."
write_config_from_templates_for_directory "templates/environment/team" "platform_config/${TARGET_ENVIRONMENT}/${TARGET_TEAM}"
echo "#####################"
if [[ ! -f git_crypt_symmetric.key ]]; then
# GIT CRYPT SETUP
echo "Initializing git-crypt ..."
# initialize (only executed when initializing a new repo with git crypt)
git-crypt init
# add previously generated deployer user to git-crypt keystore
git-crypt add-gpg-user "$GIT_DEPLOYER_EMAIL"
# optional: add another key
# git-crypt add-gpg-user "your@email.com"
# show git-crypt encryption status
# git-crypt status
# optional: export a symmetric key for git crypt
git-crypt export-key git_crypt_symmetric.key
# if you have a private key registered
# git-crypt unlock
# for the symmetric key
git-crypt unlock git_crypt_symmetric.key
echo "Finished initializing git-crypt."
else
echo "Found git_crypt_symmetric.key . Git crypt seems to be configured already. Skipping git-crypt configuration."
fi
# Final output
echo "##############################"
echo "Please ensure to push this repo to a git server:"
echo "git remote add upstream $AUTOMATION_GIT_URL"
echo "git add ."
echo "git commit -m '00 - initial configuration'"
echo "git push upstream master"
echo ""
echo "And configure the git server to allow at minimum read access to the generated deployer_ssh_key.pub :"
cat deployer_ssh_key.pub
echo ""
echo "##############################"
echo ""
echo "Finished initialization successfully!"
echo "If you have any questions, feel free to create an issue via https://github.com/Kubementat/kubementat/issues"
echo ""
echo "##############################"
echo ""
echo "You can now use this configuration to roll out the platform components on the cluster via:"
echo ""
echo "./install_kubementat.sh $TARGET_ENVIRONMENT $TARGET_TEAM"
echo ""
echo "In case you encounter error messages you can just rerun the full setup script to continue where the error occured."
echo "The setup script is non-destructive"
echo "##############################"
echo ""
echo "HAVE FUN WITH YOUR AUTOMATED KUBERNETES CLUSTER :D"