-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate.sh
executable file
·134 lines (115 loc) · 4.82 KB
/
create.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/bash
set -euxo pipefail
for command in aws eksctl helm curl kubectl; do
if ! command -v "${command}" &> /dev/null; then
echo "${command} is not installed. Please install ${command}."
exit 1
fi
done
PREFIX="${PREFIX:-pentest}"
CLUSTER="${CLUSTER:-$PREFIX-$RANDOM}"
HOSTED_ZONE="${HOSTED_ZONE:-env.beescloud.com}"
HOST_NAME="${CLUSTER}.${HOSTED_ZONE}"
AWS_REGION="us-east-1"
KUBERNETES_VERSION="'1.28'"
aws sso login --profile cloudbees-cloud-platform-dev
export AWS_PROFILE=cloudbees-cloud-platform-dev
# Prevent aws to open EDITOR after creating IAM policies
export AWS_PAGER=
ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
AWS_REGION=$(aws configure get region)
cbOwner="todo"
AWS_TAGS="Key=cb:user,Value=${USER} Key=cb:owner,Value=${cbOwner} Key=cb:environment,Value=development"
EKSCTL_TAGS="cb:user=${USER},cb:owner=${cbOwner},cb:environment=development"
mkdir -p tmp
# https://artifacthub.io/packages/helm/aws/aws-load-balancer-controller
AWS_LOAD_BALANCER_CHART_VERSION=1.4.8
AWS_LOAD_BALANCER_APP_VERSION=$(helm show chart --repo https://aws.github.io/eks-charts aws-load-balancer-controller --version="${AWS_LOAD_BALANCER_CHART_VERSION}" | yq '.appVersion')
# Create AWS IAM Policy to allow AWS Load Balancer controller to manage AWS resources if it doesn't exist
if ! aws iam get-policy --policy-arn "arn:aws:iam::${ACCOUNT}:policy/AWSLoadBalancerControllerIAMPolicy-${CLUSTER}" >/dev/null 2>&1; then
curl --silent --fail --output tmp/iam-policy.json --location "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${AWS_LOAD_BALANCER_APP_VERSION}/docs/install/iam_policy.json"
aws iam create-policy --policy-name "AWSLoadBalancerControllerIAMPolicy-${CLUSTER}" --policy-document file://tmp/iam-policy.json
fi
# Create cluster if there isn't already a cluster configuration file with the same name
if [ ! -f "tmp/${CLUSTER}-cluster.yaml" ]; then
sed "s/@CLUSTER_NAME@/${CLUSTER}/g; s/@KUBERNETES_VERSION@/${KUBERNETES_VERSION}/g; s/@REGION@/${AWS_REGION}/g; s/@ACCOUNT@/${ACCOUNT}/g" < cluster.yaml > "tmp/${CLUSTER}-cluster.yaml"
eksctl create cluster -f "tmp/${CLUSTER}-cluster.yaml"
fi
# Install AWS Load Balancer controller
kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller//crds?ref=master" || \
(curl --silent --fail --output tmp/crds.yaml --location https://raw.githubusercontent.com/aws/eks-charts/master/stable/aws-load-balancer-controller/crds/crds.yaml && \
kubectl apply -f tmp/crds.yaml)
helm upgrade --install \
--repo https://aws.github.io/eks-charts \
--namespace kube-system \
--version ${AWS_LOAD_BALANCER_CHART_VERSION} \
--values aws-load-balancer-controller-values.yaml \
--set "clusterName=${CLUSTER}" \
aws-load-balancer-controller \
aws-load-balancer-controller
kubectl rollout status --namespace kube-system deployment aws-load-balancer-controller --timeout=5m
cat >/tmp/external-dns-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource"
],
"Resource": [
"*"
]
}
]
}
EOF
if ! aws iam get-policy --policy-arn "arn:aws:iam::${ACCOUNT}:policy/external-dns-${CLUSTER}" >/dev/null 2>&1; then
aws iam create-policy \
--policy-name "external-dns-${CLUSTER}" \
--policy-document file:///tmp/external-dns-policy.json
fi
eksctl create iamserviceaccount \
--cluster="${CLUSTER}" \
--namespace=kube-system \
--name=external-dns \
--role-name="external-dns-${CLUSTER}" \
--attach-policy-arn="arn:aws:iam::${ACCOUNT}:policy/external-dns-${CLUSTER}" \
--approve \
--tags "${EKSCTL_TAGS}"
helm upgrade --install \
--repo https://kubernetes-sigs.github.io/external-dns/ \
--namespace kube-system \
--values external-dns-values.yaml \
external-dns \
external-dns
if ! kubectl get namespace cloudbees-core &> /dev/null; then
kubectl create namespace cloudbees-core
fi
kubectl config set-context --current --namespace=cloudbees-core
helm upgrade --install --namespace cloudbees-core casc casc
helm repo add cloudbees https://public-charts.artifacts.cloudbees.com/repository/public/ || echo "cloudbees repo already added"
helm upgrade --install \
--values values.yaml \
--set OperationsCenter.HostName="$HOST_NAME" \
--wait \
cloudbees-core \
cloudbees/cloudbees-core \
kubectl get event --watch &
eventPid=$!
trap "kill ${eventPid}" EXIT
kubectl rollout status --timeout=10m sts cjoc
echo "Browse http://${HOST_NAME}/cjoc/ (after a few minutes to let DNS propagates)"
echo "Use the following password:"
kubectl exec cjoc-0 -- cat /var/login/password