-
-
Save chsjiang/dd226e19c7df31d5daac3fed5a1ac269 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Cluster management tools. | |
export CLUSTER_NAME ?= $(shell cat tmp/current 2>/dev/null || echo $$(whoami)-dev) | |
export MACHINE_TYPE ?= n1-standard-2 | |
export DISK_SIZE ?= 100 | |
export MAX_NODES ?= 10 | |
export NETWORK ?= dev | |
export PROJECT ?= foobar | |
export VERSION ?= latest | |
export ZONE ?= us-west1-a | |
GKE_DASHBOARD = http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ | |
AKS_DASHBOARD = http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy | |
# Azure specific options | |
export LOCATION ?= West US | |
export AZURE_VM ?= Standard_DS2_v2 | |
export AKS_VERSION ?= 1.13.7 | |
export AKS_CNI ?= true | |
# EKS specific options | |
export EC2_VM ?= m5.large | |
export EC2_REGION ?= us-west-2 | |
define gcloud_container | |
gcloud beta container \ | |
--project "$(PROJECT)" \ | |
clusters \ | |
--zone "$(ZONE)" | |
endef | |
define gcloud_compute | |
gcloud compute --project=$(PROJECT) | |
endef | |
tmp: | |
mkdir tmp | |
HAS_GCLOUD := $(shell command -v gcloud;) | |
HAS_HELM := $(shell command -v helm;) | |
HAS_KUBECTL := $(shell command -v kubectl;) | |
HAS_AZ := $(shell command -v az;) | |
HAS_AWSCLI := $(shell command -v aws;) | |
HAS_EKSCTL := $(shell command -v eksctl;) | |
.PHONY: bootstrap | |
bootstrap: | |
@# Bootstrap the local required binaries | |
ifndef HAS_GCLOUD | |
curl https://sdk.cloud.google.com | bash | |
endif | |
ifndef HAS_KUBECTL | |
gcloud components install kubectl | |
endif | |
ifndef HAS_HELM | |
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash | |
endif | |
.PHONY: aks-bootstrap | |
aks-bootstrap: | |
@# Bootstrap the required binaries for AKS | |
ifndef HAS_AZ | |
echo "Run brew install azure-cli on OSX" && exit 1 | |
endif | |
ifndef HAS_KUBECTL | |
az aks install-cli | |
endif | |
ifndef HAS_HELM | |
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash | |
endif | |
.PHONY: eks-bootstrap | |
eks-bootstrap: | |
@# Bootstrap the required auth and binaries for EKS | |
ifndef HAS_AWSCLI | |
echo "Run pip install awscli --upgrade --user or follow official install instructions" && exit 1 | |
endif | |
@if [ ! -f ~/.aws/credentials ]; then \ | |
echo "You must setup the AWS CLI first by running 'aws configure'"; \ | |
exit 1; \ | |
fi | |
ifndef HAS_EKSCTL | |
echo "Run brew install weaveworks/tap/eksctl on OSX" && exit 1 | |
endif | |
.PHONY: create | |
create: bootstrap | |
@# Create a cluster in GKE with some sane defaults. | |
@# Options: | |
@# | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
@# MACHINE_TYPE :: ${MACHINE_TYPE} | |
@# MAX_NODES :: ${MAX_NODES} | |
@# NETWORK :: ${NETWORK} | |
@# PROJECT :: ${PROJECT} | |
@# VERSION :: ${VERSION} | |
@# ZONE :: ${ZONE} | |
$(call gcloud_container) \ | |
create "$(CLUSTER_NAME)" \ | |
--cluster-version "$(VERSION)" \ | |
--machine-type "$(MACHINE_TYPE)" \ | |
--network "$(NETWORK)" \ | |
--num-nodes "1" \ | |
--enable-autoscaling \ | |
--min-nodes "1" \ | |
--max-nodes "$(MAX_NODES)" \ | |
--no-enable-basic-auth \ | |
--no-enable-legacy-authorization \ | |
--image-type "COS" \ | |
--disk-size "$(DISK_SIZE)" \ | |
--disk-type "pd-standard" \ | |
--min-cpu-platform "Intel Skylake" \ | |
--preemptible \ | |
--scopes "gke-default" \ | |
--enable-pod-security-policy \ | |
--enable-vertical-pod-autoscaling \ | |
--no-enable-cloud-logging \ | |
--no-enable-cloud-monitoring \ | |
--no-enable-stackdriver-kubernetes \ | |
--no-enable-ip-alias \ | |
--enable-network-policy \ | |
--no-enable-autoupgrade \ | |
--no-enable-autorepair \ | |
--no-issue-client-certificate \ | |
--addons HorizontalPodAutoscaling,HttpLoadBalancing,KubernetesDashboard,NetworkPolicy | |
$(MAKE) get-auth set-current run-proxy | |
kubectl create clusterrolebinding \ | |
$$(whoami)-cluster-admin \ | |
--clusterrole=cluster-admin \ | |
--user=$$(gcloud config get-value account) | |
kubectl apply -f psp.yaml -f rbac.yaml -f tiller.yaml | |
helm init --service-account tiller | |
$(MAKE) show-dashboard | |
.PHONY: delete | |
delete: | |
@# Deletes the current cluster. | |
@# Options: | |
@# | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
@# PROJECT :: ${PROJECT} | |
@# ZONE :: ${ZONE} | |
$(call gcloud_container) delete $(CLUSTER_NAME) | |
.PHONY: get-auth | |
get-auth: | |
@# Configure kubectl to connect to remote cluster. | |
@# Options: | |
@# | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
$(call gcloud_container) \ | |
get-credentials \ | |
$(CLUSTER_NAME) | |
kubectl config delete-context gke-$(CLUSTER_NAME) || true | |
kubectl config rename-context \ | |
$$(kubectl config current-context) \ | |
gke-$(CLUSTER_NAME) | |
.PHONY: set-current | |
set-current: | |
@# Set the current cluster and setup kubectl to use it. | |
@# Options: | |
@# | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
kubectl config use-context gke-$(CLUSTER_NAME) | |
.PHONY: run-proxy | |
run-proxy: tmp | |
@# Run the proxy so that the dashboard is accessible. | |
lsof -i4TCP:8001 -sTCP:LISTEN -t | xargs kill | |
kubectl proxy >tmp/proxy.log 2>&1 & | |
.PHONY: create-network | |
create-network: | |
@# Create a VPC network for use by k8s clusters. Allow current IP by default. | |
@# Options: | |
@# | |
@# NETWORK :: ${NETWORK} | |
@# PROJECT :: ${PROJECT} | |
@# ZONE :: ${ZONE} | |
$(call gcloud_compute) \ | |
networks create $(NETWORK) \ | |
--subnet-mode=auto | |
$(call gcloud_compute) \ | |
firewall-rules create $(NETWORK)-allow-ssh \ | |
--description="allow ssh" \ | |
--direction=INGRESS \ | |
--priority=65534 \ | |
--network=$(NETWORK) \ | |
--action=ALLOW \ | |
--rules=tcp:22 \ | |
--source-ranges=0.0.0.0/0 | |
$(call gcloud_compute) \ | |
firewall-rules create $(NETWORK)-allow-internal \ | |
--description="allow internal" \ | |
--direction=INGRESS \ | |
--priority=65534 \ | |
--network=$(NETWORK) \ | |
--action=ALLOW \ | |
--rules=all \ | |
--source-ranges=10.128.0.0/9 | |
.PHONY: show-dashboard | |
show-dashboard: | |
@# Show the URL that can be used to access the dashboard | |
@echo "Go to $(GKE_DASHBOARD) for the dashboard. Note: RBAC is permissive for the dashboard, no need to enter a token." | |
.PHONY: aks-create | |
aks-create: aks-bootstrap | |
@# Create a AKS cluster. | |
@# Options | |
@# | |
@# NETWORK :: ${NETWORK} | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
@# AKS_VERSION :: ${AKS_VERSION} | |
@# AKS_CNI :: ${AKS_CNI} | |
@# AZURE_VM :: ${AZURE_VM} | |
@# LOCATION :: ${LOCATION} | |
az group create \ | |
--name $(CLUSTER_NAME) \ | |
--location "$(LOCATION)" \ | |
-o table | |
az network vnet create \ | |
--name $(CLUSTER_NAME) \ | |
--resource-group $(CLUSTER_NAME) \ | |
--address-prefix 10.0.0.0/16 \ | |
--subnet-name $(CLUSTER_NAME) \ | |
--subnet-prefix 10.0.0.0/20 \ | |
-o table | |
az aks create \ | |
--name $(CLUSTER_NAME) \ | |
--resource-group $(CLUSTER_NAME) \ | |
--dns-name-prefix $(CLUSTER_NAME) \ | |
--generate-ssh-keys \ | |
--kubernetes-version $(AKS_VERSION) \ | |
$$($(MAKE) aks-network-plugin) \ | |
--location "$(LOCATION)" \ | |
--node-count 1 \ | |
--node-osdisk-size 100 \ | |
--node-vm-size "$(AZURE_VM)" \ | |
--enable-addons http_application_routing \ | |
-o table | |
$(MAKE) aks-auth aks-autoscaler run-proxy | |
kubectl apply -f rbac.yaml | |
kubectl apply -f tiller.yaml | |
helm init --service-account tiller | |
@echo "Go to $(AKS_DASHBOARD) for the dashboard. Note: RBAC is permissive for the dashboard, no need to enter a token." | |
.PHONY: aks-delete | |
aks-delete: aks-bootstrap | |
@# Delete a AKS cluster. | |
az aks delete \ | |
--name $(CLUSTER_NAME) \ | |
--resource-group $(CLUSTER_NAME) | |
az network vnet delete \ | |
--name $(CLUSTER_NAME) \ | |
--resource-group $(CLUSTER_NAME) | |
az group delete \ | |
--name $(CLUSTER_NAME) \ | |
-y | |
kubectl config delete-cluster $(CLUSTER_NAME) | |
.PHONY: aks-auth | |
aks-auth: | |
@# Setup kubectl context to work with AKS | |
az aks get-credentials \ | |
--resource-group $(CLUSTER_NAME) \ | |
--name $(CLUSTER_NAME) \ | |
--overwrite-existing | |
kubectl config delete-context aks-$(CLUSTER_NAME) || true | |
kubectl config rename-context \ | |
$$(kubectl config current-context) \ | |
aks-$(CLUSTER_NAME) | |
.PHONY: aks-autoscaler | |
aks-autoscaler: aks-bootstrap | |
@# Setup autoscaling for AKS clusters | |
./azure-autoscaler | kubectl apply -f - | |
kubectl apply -f aks-autoscaler.yaml | |
.PHONY: aks-get-subnet | |
aks-get-subnet: aks-bootstrap | |
@# Fetch the current virtual network subnet id | |
@az network vnet subnet list \ | |
--resource-group $(CLUSTER_NAME) \ | |
--vnet-name $(CLUSTER_NAME) \ | |
--query '[].id' \ | |
-o tsv | |
.PHONY: aks-network-plugin | |
aks-network-plugin: aks-bootstrap | |
@# Output the CLI arguments required to configure the network plugin | |
@[ "$${AKS_CNI}" == "true" ] && \ | |
echo \ | |
--network-plugin azure \ | |
--vnet-subnet-id $$($(MAKE) aks-get-subnet) \ | |
--service-cidr 192.168.0.0/16 \ | |
--dns-service-ip 192.168.0.10 | |
.PHONY: eks-create | |
eks-create: eks-bootstrap | |
@# Create an EKS cluster | |
@# Options | |
@# | |
@# CLUSTER_NAME :: ${CLUSTER_NAME} | |
@# EC2_VM. :: ${EC2_VM} | |
@# LOCATION :: ${LOCATION} | |
@# EC2_REGION :: ${EC2_REGION} | |
@# DISK_SIZE :: ${DISK_SIZE} | |
@# MAX_NODES :: ${MAX_NODES} | |
eksctl create cluster \ | |
--name $(CLUSTER_NAME) \ | |
--asg-access \ | |
--full-ecr-access \ | |
--nodes 1 \ | |
--nodes-min 1 \ | |
--nodes-max $(MAX_NODES) \ | |
--node-type $(EC2_VM) \ | |
--node-volume-size $(DISK_SIZE) \ | |
--max-pods-per-node 250 \ | |
--region $(EC2_REGION) \ | |
--set-kubeconfig-context | |
.PHONY: eks-delete | |
eks-delete: eks-bootstrap | |
@# Delete an EKS cluster | |
eksctl delete cluster \ | |
--name $(CLUSTER_NAME) \ | |
--region $(EC2_REGION) | |
.PHONY: help | |
help: SHELL := /bin/bash | |
help: | |
@# Output all targets available. | |
@ echo "usage: make [target] ..." | |
@ echo "" | |
@eval "echo \"$$(grep -h -B1 $$'^\t@#' $(MAKEFILE_LIST) \ | |
| sed 's/@#//' \ | |
| awk \ | |
-v NO_COLOR="$(NO_COLOR)" \ | |
-v OK_COLOR="$(OK_COLOR)" \ | |
-v RS="--\n" \ | |
-v FS="\n" \ | |
-v OFS="@@" \ | |
'{ split($$1,target,":"); $$1=""; print OK_COLOR target[1] NO_COLOR $$0 }' \ | |
| sort \ | |
| awk \ | |
-v FS="@@" \ | |
-v OFS="\n" \ | |
'{ CMD=$$1; $$1=""; print CMD $$0 }')\"" | |
.DEFAULT_GOAL := help |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment