Skip to content

Commit

Permalink
Improve installer (#359)
Browse files Browse the repository at this point in the history
  • Loading branch information
tamalsaha authored Apr 30, 2018
1 parent 129db6c commit 55d0a46
Show file tree
Hide file tree
Showing 10 changed files with 98 additions and 36 deletions.
2 changes: 2 additions & 0 deletions chart/searchlight/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@ This chart bootstraps a [Searchlight controller](https://github.com/appscode/sea

## Installing the Chart
To install the chart with the release name `my-release`:

```console
$ helm install appscode/searchlight --name my-release
```

The command deploys Searchlight operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`
Expand Down
1 change: 1 addition & 0 deletions chart/searchlight/templates/apiregistration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "searchlight.fullname" . }}-apiserver-cert
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
Expand Down
1 change: 1 addition & 0 deletions chart/searchlight/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "searchlight.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
Expand Down
1 change: 1 addition & 0 deletions chart/searchlight/templates/secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "searchlight.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: "{{ template "searchlight.name" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
1 change: 1 addition & 0 deletions chart/searchlight/templates/service-account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "searchlight.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
Expand Down
1 change: 1 addition & 0 deletions chart/searchlight/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "searchlight.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: "{{ template "searchlight.name" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
8 changes: 4 additions & 4 deletions hack/deploy/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ spec:
imagePullSecrets: [${SEARCHLIGHT_IMAGE_PULL_SECRET}]
containers:
- name: operator
image: ${SEARCHLIGHT_DOCKER_REGISTRY}/searchlight:6.0.0-rc.0
imagePullPolicy: IfNotPresent
image: ${SEARCHLIGHT_DOCKER_REGISTRY}/searchlight:${SEARCHLIGHT_OPERATOR_TAG}
imagePullPolicy: ${SEARCHLIGHT_IMAGE_PULL_POLICY}
args:
- run
- --v=3
Expand All @@ -55,8 +55,8 @@ spec:
port: 8443
scheme: HTTPS
- name: icinga
image: ${SEARCHLIGHT_DOCKER_REGISTRY}/icinga:6.0.0-rc.0-k8s
imagePullPolicy: IfNotPresent
image: ${SEARCHLIGHT_DOCKER_REGISTRY}/icinga:${SEARCHLIGHT_ICINGA_TAG}
imagePullPolicy: ${SEARCHLIGHT_IMAGE_PULL_POLICY}
ports:
- containerPort: 5665
- containerPort: 60006
Expand Down
119 changes: 87 additions & 32 deletions hack/deploy/searchlight.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,26 +14,66 @@ function cleanup {
}
trap cleanup EXIT

# ref: https://github.com/appscodelabs/libbuild/blob/master/common/lib.sh#L55
inside_git_repo() {
git rev-parse --is-inside-work-tree > /dev/null 2>&1
inside_git=$?
if [ "$inside_git" -ne 0 ]; then
echo "Not inside a git repository"
exit 1
fi
}

detect_tag() {
inside_git_repo

# http://stackoverflow.com/a/1404862/3476121
git_tag=$(git describe --exact-match --abbrev=0 2>/dev/null || echo '')

commit_hash=$(git rev-parse --verify HEAD)
git_branch=$(git rev-parse --abbrev-ref HEAD)
commit_timestamp=$(git show -s --format=%ct)

if [ "$git_tag" != '' ]; then
TAG=$git_tag
TAG_STRATEGY='git_tag'
elif [ "$git_branch" != 'master' ] && [ "$git_branch" != 'HEAD' ] && [[ "$git_branch" != release-* ]]; then
TAG=$git_branch
TAG_STRATEGY='git_branch'
else
hash_ver=$(git describe --tags --always --dirty)
TAG="${hash_ver}"
TAG_STRATEGY='commit_hash'
fi

export TAG
export TAG_STRATEGY
export git_tag
export git_branch
export commit_hash
export commit_timestamp
}

# https://stackoverflow.com/a/677212/244009
if [ -x "$(command -v onessl)" ]; then
export ONESSL=onessl
else
# ref: https://stackoverflow.com/a/27776822/244009
case "$(uname -s)" in
Darwin)
curl -fsSL -o onessl https://github.com/kubepack/onessl/releases/download/0.1.0/onessl-darwin-amd64
curl -fsSL -o onessl https://github.com/kubepack/onessl/releases/download/0.3.0/onessl-darwin-amd64
chmod +x onessl
export ONESSL=./onessl
;;

Linux)
curl -fsSL -o onessl https://github.com/kubepack/onessl/releases/download/0.1.0/onessl-linux-amd64
curl -fsSL -o onessl https://github.com/kubepack/onessl/releases/download/0.3.0/onessl-linux-amd64
chmod +x onessl
export ONESSL=./onessl
;;

CYGWIN*|MINGW32*|MSYS*)
curl -fsSL -o onessl.exe https://github.com/kubepack/onessl/releases/download/0.1.0/onessl-windows-amd64.exe
curl -fsSL -o onessl.exe https://github.com/kubepack/onessl/releases/download/0.3.0/onessl-windows-amd64.exe
chmod +x onessl.exe
export ONESSL=./onessl.exe
;;
Expand All @@ -53,15 +93,22 @@ export SEARCHLIGHT_ENABLE_RBAC=true
export SEARCHLIGHT_RUN_ON_MASTER=0
export SEARCHLIGHT_ENABLE_VALIDATING_WEBHOOK=false
export SEARCHLIGHT_DOCKER_REGISTRY=appscode
export SEARCHLIGHT_OPERATOR_TAG=6.0.0-rc.0
export SEARCHLIGHT_ICINGA_TAG=6.0.0-rc.0-k8s
export SEARCHLIGHT_IMAGE_PULL_SECRET=
export SEARCHLIGHT_IMAGE_PULL_POLICY=IfNotPresent
export SEARCHLIGHT_ENABLE_ANALYTICS=true
export SEARCHLIGHT_UNINSTALL=0
export SEARCHLIGHT_PURGE=0
export SEARCHLIGHT_ENABLE_ANALYTICS=true

export APPSCODE_ENV=${APPSCODE_ENV:-prod}
export SCRIPT_LOCATION="curl -fsSL https://raw.githubusercontent.com/appscode/searchlight/6.0.0-rc.0/"
if [ "$APPSCODE_ENV" = "dev" ]; then
detect_tag
export SCRIPT_LOCATION="cat "
export SEARCHLIGHT_OPERATOR_TAG=$TAG
export SEARCHLIGHT_ICINGA_TAG=$TAG-k8s
export SEARCHLIGHT_IMAGE_PULL_POLICY=Always
fi

KUBE_APISERVER_VERSION=$(kubectl version -o=json | $ONESSL jsonpath '{.serverVersion.gitVersion}')
Expand Down Expand Up @@ -156,31 +203,6 @@ while test $# -gt 0; do
done

if [ "$SEARCHLIGHT_UNINSTALL" -eq 1 ]; then
# delete webhooks and apiservices
kubectl delete validatingwebhookconfiguration -l app=searchlight || true
kubectl delete mutatingwebhookconfiguration -l app=searchlight || true
kubectl delete apiservice -l app=searchlight
# delete searchlight operator
kubectl delete deployment -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete service -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete secret -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
# delete RBAC objects, if --rbac flag was used.
kubectl delete serviceaccount -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete clusterrolebindings -l app=searchlight
kubectl delete clusterrole -l app=searchlight
kubectl delete rolebindings -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete role -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE

echo "waiting for searchlight operator pod to stop running"
for (( ; ; )); do
pods=($(kubectl get pods --all-namespaces -l app=searchlight -o jsonpath='{range .items[*]}{.metadata.name} {end}'))
total=${#pods[*]}
if [ $total -eq 0 ] ; then
break
fi
sleep 2
done

# https://github.com/kubernetes/kubernetes/issues/60538
if [ "$SEARCHLIGHT_PURGE" -eq 1 ]; then
for crd in "${crds[@]}"; do
Expand All @@ -204,8 +226,36 @@ if [ "$SEARCHLIGHT_UNINSTALL" -eq 1 ]; then
# delete crd
kubectl delete crd ${crd}.monitoring.appscode.com || true
done

echo "waiting 5 seconds ..."
sleep 5;
fi

# delete webhooks and apiservices
kubectl delete validatingwebhookconfiguration -l app=searchlight || true
kubectl delete mutatingwebhookconfiguration -l app=searchlight || true
kubectl delete apiservice -l app=searchlight
# delete searchlight operator
kubectl delete deployment -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete service -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete secret -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
# delete RBAC objects, if --rbac flag was used.
kubectl delete serviceaccount -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete clusterrolebindings -l app=searchlight
kubectl delete clusterrole -l app=searchlight
kubectl delete rolebindings -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE
kubectl delete role -l app=searchlight --namespace $SEARCHLIGHT_NAMESPACE

echo "waiting for searchlight operator pod to stop running"
for (( ; ; )); do
pods=($(kubectl get pods --all-namespaces -l app=searchlight -o jsonpath='{range .items[*]}{.metadata.name} {end}'))
total=${#pods[*]}
if [ $total -eq 0 ] ; then
break
fi
sleep 2
done

echo
echo "Successfully uninstalled Searchlight!"
exit 0
Expand All @@ -215,6 +265,12 @@ echo "checking whether extended apiserver feature is enabled"
$ONESSL has-keys configmap --namespace=kube-system --keys=requestheader-client-ca-file extension-apiserver-authentication || { echo "Set --requestheader-client-ca-file flag on Kubernetes apiserver"; exit 1; }
echo ""

export KUBE_CA=
if [ "$SEARCHLIGHT_ENABLE_VALIDATING_WEBHOOK" = true ]; then
$ONESSL get kube-ca >/dev/null 2>&1 || { echo "Admission webhooks can't be used when kube apiserver is accesible without verifying its TLS certificate (insecure-skip-tls-verify : true)."; echo; exit 1; }
export KUBE_CA=$($ONESSL get kube-ca | $ONESSL base64)
fi

env | sort | grep SEARCHLIGHT*
echo ""

Expand All @@ -226,7 +282,6 @@ $ONESSL create server-cert server --domains=searchlight-operator.$SEARCHLIGHT_NA
export SERVICE_SERVING_CERT_CA=$(cat ca.crt | $ONESSL base64)
export TLS_SERVING_CERT=$(cat server.crt | $ONESSL base64)
export TLS_SERVING_KEY=$(cat server.key | $ONESSL base64)
export KUBE_CA=$($ONESSL get kube-ca | $ONESSL base64)

${SCRIPT_LOCATION}hack/deploy/operator.yaml | $ONESSL envsubst | kubectl apply -f -

Expand All @@ -243,7 +298,7 @@ if [ "$SEARCHLIGHT_RUN_ON_MASTER" -eq 1 ]; then
fi

if [ "$SEARCHLIGHT_ENABLE_VALIDATING_WEBHOOK" = true ]; then
${SCRIPT_LOCATION}hack/deploy/validating-webhook-configuration.yaml | $ONESSL envsubst | kubectl apply -f -
${SCRIPT_LOCATION}hack/deploy/validating-webhook.yaml | $ONESSL envsubst | kubectl apply -f -
fi

echo
Expand All @@ -264,4 +319,4 @@ echo "creating built-in plugins"
${SCRIPT_LOCATION}hack/deploy/plugins.yaml| kubectl apply -f -

echo
echo "Successfully installed Searchlight!"
echo "Successfully installed Searchlight in $SEARCHLIGHT_NAMESPACE namespace!"
File renamed without changes.

0 comments on commit 55d0a46

Please sign in to comment.