-
-
Notifications
You must be signed in to change notification settings - Fork 9
/
clustertool.sh
255 lines (222 loc) · 7.52 KB
/
clustertool.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
#!/bin/bash
export FILES
function parse_yaml_env {
echo "Processing $1..."
if test -f "$1"; then
local prefix=$2
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
sed -ne "s|^\($s\):|\1|" \
-e "s|^\($s\)\($w\)$s:$s[\"']\(.*\)[\"']$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3)
;
}
}' >> talenv.env
set -o allexport; source talenv.env; set +o allexport
rm -rf talenv.env
fi
}
export parse_yaml_env
function parse_yaml_env_all {
deps/encryption.sh decrypt
echo "Loading environment variables..."
touch talenv.yaml
parse_yaml_env talenv.sops.yaml
parse_yaml_env talenv.yaml
parse_yaml_env talenv.sops.yml
parse_yaml_env talenv.yml
echo "Done loading environment variables..."
}
export parse_yaml_env_all
prompt_yn_node () {
read -p "Is the currently updated node working correctly? please verify! (yes/no) " yn
case $yn in
yes ) echo ok, we will proceed;;
no ) echo exiting...;
exit;;
* ) echo invalid response;
prompt_yn;;
esac
}
menu(){
clear -x
title
echo -e "${bold}Available Utilities${reset}"
echo -e "${bold}-------------------${reset}"
echo -e "1) Help"
echo -e "2) Install/Update Dependencies"
echo -e "3) Decrypt Data"
echo -e "4) Encrypt Data"
echo -e "5) (re)Generate Cluster Config"
echo -e "6) Bootstrap Talos Cluster"
echo -e "7) Apply Talos Cluster Config"
echo -e "8) Upgrade Talos Cluster Nodes"
echo -e "9) Bootstrap FluxCD Cluster"
echo -e "0) Exit"
read -rt 120 -p "Please select an option by number: " selection || { echo -e "${red}\nFailed to make a selection in time${reset}" ; exit; }
case $selection in
0)
echo -e "Exiting.."
exit
;;
1)
main_help
exit
;;
2)
install_deps
exit
;;
3)
deps/encryption.sh decrypt
exit
;;
4)
deps/encryption.sh encrypt
exit
;;
5)
regen
exit
;;
6)
parse_yaml_env_all
bootstrap_talos
exit
;;
7)
parse_yaml_env_all
update_talos_config
exit
;;
8)
upgrade_talos_nodes
exit
;;
9)
parse_yaml_env_all
bootstrap_flux
exit
;;
t)
update_talos_config
exit
;;
esac
echo
}
export -f menu
regen(){
# Prep precommit
echo "Installing/Updating Pre-commit hook..."
pre-commit install --install-hooks
# Generate age key if not present
if test -f "age.agekey"; then
echo "Age Encryption Key already exists, skipping..."
else
echo "Generating Age Encryption Key..."
age-keygen -o age.agekey
AGE=$(cat age.agekey | grep public | sed -e "s|# public key: ||" )
cat templates/.sops.yaml.templ | sed -e "s|!!AGE!!|$AGE|" > .sops.yaml
# Save an encrypted version of the age key, encrypted with itself
cat age.agekey | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > age.agekey.enc
fi
if test -f "patches/sopssecret.yaml"; then
echo "Agekey Cluster patch already created, skipping..."
else
echo "Creating agekey cluster patch..."
cat templates/sopssecret.yaml.templ | sed -e "s|!!AGEKEY!!|$( base64 age.agekey -w0 )|" > patches/sopssecret.yaml
fi
if test -f "talsecret.yaml"; then
echo "Talos Secret already exists, skipping..."
else
echo "Generating Talos Secret"
talhelper gensecret >> talsecret.yaml
fi
echo "(re)generating config..."
# Uncomment to generate new node configurations
talhelper genconfig
echo "verifying config..."
talhelper validate talconfig
}
export -f regen
bootstrap_talos(){
echo "Bootstrapping TalosOS Cluster..."
echo "Applying TalosOS Cluster config to cluster ..."
while IFS=';' read -ra CMD; do
for cmd in "${CMD[@]}"; do
name=$(echo $cmd | sed "s|talosctl apply-config --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed -r 's/(\b[0-9]{1,3}\.){3}[0-9]{1,3}\b'// | sed "s| --file=./clusterconfig/||g" | sed "s|main-||g" | sed "s|.yaml --insecure||g")
ip=$(echo $cmd | sed "s|talosctl apply-config --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed "s| --file=./clusterconfig/.*||g")
echo "Applying new Talos Config to ${name}"
$cmd
echo "Waiting for node to come online..."
while ! ping -c1 ${ip} &>/dev/null; do :; done
done
done <<< "$(talhelper gencommand apply --extra-flags=--insecure)"
echo "Waiting for 3 minutes before bootstrapping..."
sleep 180
# It will take a few minutes for the nodes to spin up with the configuration. Once ready, execute
talosctl bootstrap -n $MASTER1IP
echo "Waiting for 3 minutes to finish bootstrapping..."
sleep 180
# It will then take a few more minutes for Kubernetes to get up and running on the nodes. Once ready, execute
talosctl kubeconfig -n $VIP
echo "Bootstrapping finished..."
}
export -f bootstrap_talos
bootstrap_flux(){
echo "Bootstrapping FluxCD on existing Cluster..."
echo "Safety Check: Waiting for response on ${VIP}..."
while ! ping -c1 ${VIP} &>/dev/null; do :; done
echo "Running FluxCD Pre-check..."
flux check --pre
echo "Executing FluxCD Bootstrap..."
flux bootstrap github \
--token-auth=false \
--owner=$GITHUB_USER \
--repository=$GITHUB_REPOSITORY \
--branch=main \
--path=./clusters/main \
--personal \
--toleration-keys=node-role.kubernetes.io/control-plane
}
export -f bootstrap_flux
update_talos_config(){
while IFS=';' read -ra CMD; do
for cmd in "${CMD[@]}"; do
name=$(echo $cmd | sed "s|talosctl apply-config --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed -r 's/(\b[0-9]{1,3}\.){3}[0-9]{1,3}\b'// | sed "s| --file=./clusterconfig/||g" | sed "s|main-||g" | sed "s|.yaml||g")
ip=$(echo $cmd | sed "s|talosctl apply-config --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed "s| --file=./clusterconfig/.*||g")
echo "Applying new Talos Config to ${name}"
$cmd
echo "Waiting for node to come online..."
while ! ping -c1 ${ip} &>/dev/null; do :; done
prompt_yn
done
done <<< "$(talhelper gencommand apply)"
}
export -f update_talos_config
upgrade_talos_nodes () {
while IFS=';' read -ra CMD; do
for cmd in "${CMD[@]}"; do
name=$(echo $cmd | sed "s|talosctl upgrade --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed -r 's/(\b[0-9]{1,3}\.){3}[0-9]{1,3}\b'// | sed "s| --file=./clusterconfig/||g" | sed "s|main-||g" | sed "s|.yaml --preserve=true||g")
ip=$(echo $cmd | sed "s|talosctl upgrade --talosconfig=./clusterconfig/talosconfig --nodes=||g" | sed "s| --file=./clusterconfig/.* --preserve=true||g")
echo "Applying Talos OS Update to ${name}"
$cmd
echo "Waiting for node to come online..."
while ! ping -c1 ${ip} &>/dev/null; do :; done
prompt_yn
done
done <<< "$(talhelper gencommand upgrade --extra-flags=--preserve=true)"
echo "executing mandatory 1 minute wait..."
sleep 60
echo "updating kubernetes to latest version..."
talosctl upgrade-k8s
}
export upgrade_talos_nodes
menu