Last active
November 27, 2018 22:09
-
-
Save jsanda/e3662983d1f844fe31f94919752c6566 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # | |
| # This script is based on https://goo.gl/rZJ62b. It assumes the following: | |
| # | |
| # - minishift is installed | |
| # - oc is installed | |
| # - Go is installed | |
| # - $GOPATH environment variable is set | |
| # - knative/serving repo lives under $GOPATH/src | |
| # - ko binary is installed and on the path | |
| # | |
| # The script assumes that the vm does not exists and therefore is not already | |
| # configured. | |
| set -e | |
| set -u | |
| KNATIVE_BASE_DIR=$GOPATH/src/github.com/knative | |
| SERVING_REPO=$KNATIVE_BASE_DIR/serving | |
| EVENTING_REPO=$KNATIVE_BASE_DIR/eventing | |
| function log { | |
| msg=$1 | |
| echo "DEBUG [${FUNCNAME[1]}] $msg" | |
| } | |
| function provision_minishift { | |
| log "provisioning minishift" | |
| minishift profile set knative | |
| minishift config set openshift-version v3.11.0 | |
| minishift config set memory 8GB | |
| minishift config set disk-size 50g | |
| minishift config set image-caching true | |
| # Note that this function assumes that the admin-user and anyuid addons are | |
| # already installed. | |
| minishift addons enable admin-user | |
| minishift addons enable anyuid | |
| } | |
| function enable_admission_controller_webhooks { | |
| log "enabling admission controller webhooks" | |
| minishift openshift config set --target=kube --patch '{ | |
| "admissionConfig": { | |
| "pluginConfig": { | |
| "ValidatingAdmissionWebhook": { | |
| "configuration": { | |
| "apiVersion": "apiserver.config.k8s.io/v1alpha1", | |
| "kind": "WebhookAdmission", | |
| "kubeConfigFile": "/dev/null" | |
| } | |
| }, | |
| "MutatingAdmissionWebhook": { | |
| "configuration": { | |
| "apiVersion": "apiserver.config.k8s.io/v1alpha1", | |
| "kind": "WebhookAdmission", | |
| "kubeConfigFile": "/dev/null" | |
| } | |
| } | |
| } | |
| } | |
| }' | |
| } | |
| # This function installs the version of Build that set up with Serving | |
| function install_build { | |
| log "installing knative build" | |
| oc annotate clusterrolebinding.rbac cluster-admin 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc annotate clusterrolebinding.rbac cluster-admins 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc adm policy add-scc-to-user anyuid -z build-controller -n knative-build | |
| oc apply -f $SERVING_REPO/third_party/config/build/release.yaml | |
| oc adm policy add-cluster-role-to-user cluster-admin -z build-controller -n knative-build | |
| wait_for_pods_to_be_ready "knative-build" | |
| } | |
| # Installs knative from source. The function assumes that the GOPATH env var is | |
| # defined and that the knative/serving git repo lives under $GOPATH/src. This | |
| # function does not do anything with git like making sure we are on a | |
| # particular branch or that HEAD is at a particular commit. | |
| function install_serving { | |
| log "installing knative serving" | |
| oc annotate clusterrolebinding.rbac cluster-admin 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc annotate clusterrolebinding.rbac cluster-admins 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc adm policy add-scc-to-user anyuid -z controller -n knative-serving | |
| oc adm policy add-scc-to-user anyuid -z autoscaler -n knative-serving | |
| ko apply -f $SERVING_REPO/config | |
| oc adm policy add-cluster-role-to-user cluster-admin -z controller -n knative-serving | |
| wait_for_pods_to_be_ready "knative-serving" | |
| } | |
| function install_eventing { | |
| log "installing knative eventing" | |
| oc adm policy add-scc-to-user anyuid -z eventing-controller -n knative-eventing | |
| oc adm policy add-cluster-role-to-user cluster-admin -z eventing-controller -n knative-eventing | |
| oc apply -f $EVENTING/REPO/config | |
| wait_for_pods_to_be_ready "knative-eventing" | |
| } | |
| function wait_for_pods_to_be_ready { | |
| local namespace=$1 | |
| while [ -n "`oc -n $namespace get pods | awk '{if (NR>1)print}' | grep -vE "(Running|Succeeded|Completed)"`" ]; do | |
| echo "Waiting for pods in $namespace to become ready..." | |
| sleep 3 | |
| done | |
| } | |
| function install_istio { | |
| log "installing istio" | |
| #CLOUD_FNS_DIR=$HOME/Development/redhat/openshift-cloud-functions | |
| #REPO_DIR=$CLOUD_FNS_DIR/minishift-addons | |
| #if [ -d $REPO_DIR ]; then | |
| # cd $REPO_DIR | |
| # git pull --rebase origin master | |
| #else | |
| # cd $CLOUD_FNS_DIR | |
| # git clone https://github.com/openshift-cloud-functions/minishift-addons.git | |
| # cd $REPO_DIR | |
| #fi | |
| #if [ -z "`minishift addons list | grep istio`" ]; then | |
| # minishift addons install istio | |
| #fi | |
| #minishift addons apply istio | |
| oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z default -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z prometheus -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-egressgateway-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-citadel-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-ingressgateway-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-cleanup-old-ca-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-mixer-post-install-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-mixer-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-pilot-service-account -n istio-system | |
| oc adm policy add-scc-to-user anyuid -z istio-sidecar-injector-service-account -n istio-system | |
| # To avoid an error when removing | |
| oc annotate clusterrolebinding.rbac cluster-admin 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc annotate clusterrolebinding.rbac cluster-admins 'rbac.authorization.kubernetes.io/autoupdate=false' --overwrite | |
| oc apply -f $SERVING_REPO/third_party/istio-1.0.2/istio-crds.yaml | |
| while [ $(oc get crd gateways.networking.istio.io -o jsonpath='{.status.conditions[?(@.type=="Established")].status}') != 'True' ]; do | |
| echo "Waiting on Istio CRDs"; sleep 1 | |
| done | |
| oc apply -f $SERVING_REPO/third_party/istio-1.0.2/istio.yaml | |
| oc adm policy add-cluster-role-to-user cluster-admin -z istio-galley-service-account -n istio-system | |
| wait_for_pods_to_be_ready "istio-system" | |
| } | |
| function add_scc_to_default_sa { | |
| log "Configuring SCC for project $1" | |
| n=0 | |
| until [ $n -ge 5 ] | |
| do | |
| oc -n $1 adm policy add-scc-to-user privileged -z default && return | |
| n=$[$n+1] | |
| sleep 5 | |
| done | |
| log "Failed to configure SCC for project $1" | |
| exit 1 | |
| } | |
| ################## | |
| # main entry point | |
| ################## | |
| provision_minishift | |
| minishift start | |
| enable_admission_controller_webhooks | |
| . $HOME/bin/init_knative_env.sh | |
| until oc login -u admin -p admin; do sleep 5; done; | |
| add_scc_to_default_sa "myproject" | |
| install_istio | |
| install_serving | |
| install_eventing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment