-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun.sh
executable file
·133 lines (104 loc) · 4.66 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/bin/bash
# Colorize terminal
red='\e[0;31m'
no_color='\033[0m'
SCRIPT_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
# Default
export ANSIBLE_CONFIG="$SCRIPT_PATH/ansible/ansible.cfg"
FETCH_KUBECONFIG="false"
PLAYBOOK="false"
TAGS="all"
DECRYPT="false"
ENCRYPT="false"
UPDATE="false"
# Declare script helper
TEXT_HELPER="\nThis script aims to install a platform of services on a Kubernetes cluster.
Following flags are available:
-d Decrypt data using Sops.
-e Encrypt data using Sops.
-k Copy kubeconfig locally, default is '$FETCH_KUBECONFIG'.
Kubeconfig is fetched to '$HOME/.kube/config.d/homelab' and
a context, user and cluster are create in '$HOME/.kube/config' with name 'homelab'.
-p Run ansible playbook, default is '$PLAYBOOK'.
Playbook should be passed as arg (ex: './run.sh -p ./ansible/kube/install.yml').
-t Tags to run with playbook, default is '$TAGS'.
This flag can be used with a CSV list (ex: -p 'keycloak,mattermost').
-u Update ansible dependencies.
-h Print script help.\n\n"
print_help() {
printf "$TEXT_HELPER"
}
# Parse options
while getopts hdekp:t:u flag; do
case "${flag}" in
d)
DECRYPT="true";;
e)
ENCRYPT="true";;
k)
FETCH_KUBECONFIG="true";;
p)
PLAYBOOK="${OPTARG}";;
t)
TAGS="${OPTARG}";;
u)
UPDATE="true";;
h | *)
print_help
exit 0;;
esac
done
if [ "$DECRYPT" = "true" ]; then
printf "\n\n${red}[kube manager].${no_color} Decrypt data using Sops\n\n"
find ./argo-cd -name '*.enc.yaml' -exec bash -c 'sops -d {} > $(dirname {})/$(basename {} .enc.yaml).dec.yaml' \;
fi
if [ "$ENCRYPT" = "true" ]; then
printf "\n\n${red}[kube manager].${no_color} Encrypt data using Sops\n\n"
find ./argo-cd -name '*.dec.yaml' -exec bash -c 'sops -e {} > $(dirname {})/$(basename {} .dec.yaml).enc.yaml' \;
fi
# Update ansible dependencies
if [ "$UPDATE" = "true" ]; then
printf "\n\n${red}[kube manager].${no_color} Update ansible collections\n\n"
ansible-galaxy collection install -r $SCRIPT_PATH/ansible/infra/collections/requirements.yml --upgrade
ansible-galaxy collection install -r $SCRIPT_PATH/ansible/kube/collections/requirements.yml --upgrade
fi
# Run ansible
if [ ! "$PLAYBOOK" = "false" ]; then
PLAYBOOK="$(readlink -f $PLAYBOOK)"
export ANSIBLE_CONFIG="$(dirname $PLAYBOOK)/ansible.cfg"
if [[ "$PLAYBOOK" =~ ^.*/ansible/kube/.* ]]; then
CONTEXT=$(kubectl config current-context)
printf "\n\n${red}[kube manager].${no_color} You are using kubeconfig context '$CONTEXT', do you want to continue (Y/n)?\n"
read ANSWER
if [ "$ANSWER" != "${ANSWER#[Nn]}" ]; then
exit 1
fi
fi
printf "\n\n${red}[kube manager].${no_color} Run ansible playbook\n\n"
if [ ! -z "$KUBECONFIG_PATH" ]; then
ansible-playbook "$PLAYBOOK" --tag "$TAGS" -e K8S_AUTH_KUBECONFIG="$KUBECONFIG_PATH"
elif [ ! -z "$KUBECONFIG" ]; then
ansible-playbook "$PLAYBOOK" --tag "$TAGS" -e K8S_AUTH_KUBECONFIG="$KUBECONFIG"
else
ansible-playbook "$PLAYBOOK" --tag "$TAGS" -e K8S_AUTH_KUBECONFIG="$HOME/.kube/config"
fi
fi
# Copy kube config to local machine
if [ "$FETCH_KUBECONFIG" = "true" ]; then
printf "\n\n${red}[kube manager].${no_color} Copy kube config locally\n\n"
GATEWAY_IP=$(yq '[.gateway.hosts[][]][0]' ansible/infra/inventory/hosts.yml)
MASTER_IP=$(yq '[.k3s.children.masters.hosts[][]][0]' ansible/infra/inventory/hosts.yml)
USER=$(yq '.ansible_user' ansible/infra/inventory/group_vars/all.yml)
mkdir -p $HOME/.kube/config.d
scp $USER@$MASTER_IP:/etc/rancher/k3s/k3s.yaml $HOME/.kube/config.d/homelab
CLUSTER_KUBECONFIG="$(sed "s/127.0.0.1/$GATEWAY_IP/g" $HOME/.kube/config.d/homelab)"
echo "$CLUSTER_KUBECONFIG" > $HOME/.kube/config.d/homelab
export CLUSTER_CERTIFICATE_AUTHORITY_DATA="$(yq '.clusters[0].cluster.certificate-authority-data' $HOME/.kube/config.d/homelab)"
export CLUSTER_SERVER="$(yq '.clusters[0].cluster.server' $HOME/.kube/config.d/homelab)"
export USER_CLIENT_CERTIFICATE_DATA="$(yq '.users[0].user.client-certificate-data' $HOME/.kube/config.d/homelab)"
export USER_CLIENT_KEY_DATA="$(yq '.users[0].user.client-key-data' $HOME/.kube/config.d/homelab)"
yq -i '(.clusters[] | select(.name == "homelab") | .cluster.certificate-authority-data) = env(CLUSTER_CERTIFICATE_AUTHORITY_DATA)' ~/.kube/config
yq -i '(.clusters[] | select(.name == "homelab") | .cluster.server) = env(CLUSTER_SERVER)' ~/.kube/config
yq -i '(.users[] | select(.name == "homelab") | .user.client-certificate-data) = env(USER_CLIENT_CERTIFICATE_DATA)' ~/.kube/config
yq -i '(.users[] | select(.name == "homelab") | .user.client-key-data) = env(USER_CLIENT_KEY_DATA)' ~/.kube/config
fi