Created
August 7, 2020 03:51
-
-
Save samof76/a1a127b052bad2c63391e3668fd83e03 to your computer and use it in GitHub Desktop.
03_setup.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # REQUIREMENTS | |
| # Run this from the directory it resides | |
| # Edit the and populate the required values of the terraform.tfvars | |
| TFPWD=$(pwd) | |
| function print_log() | |
| { | |
| echo -e "$(date +'[%F %T %Z]') $*" | |
| } | |
| function run_terraform() | |
| { | |
| terraform init | |
| terraform plan | |
| # This following command will ask for your confirmation | |
| terraform apply | |
| } | |
| function setup_kubectl() | |
| { | |
| pushd $TFPWD | |
| mkdir -p $HOME/.kube | |
| terraform output kubeconfig > $HOME/.kube/config | |
| # Downdload kubectl | |
| kubectl_url=$(terraform output kubectl_url) | |
| curl -o kubectl ${kubectl_url} | |
| chmod +x kubectl | |
| # Setup home bin | |
| mkdir -p $HOME/bin | |
| mv kubectl $HOME/bin/kubectl | |
| # Setup aws-iam-authenticator | |
| aws_iam_authenticator_url=$(terraform output aws_iam_authenticator_url) | |
| curl -o aws-iam-authenticator ${aws_iam_authenticator_url} | |
| chmod +x aws-iam-authenticator | |
| mv aws-iam-authenticator $HOME/bin/aws-iam-authenticator | |
| # Set PATH | |
| echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc | |
| source ~/.bashrc | |
| # Run kubectl test command | |
| kubectl get svc | |
| popd | |
| } | |
| function setup_nodes() | |
| { | |
| pushd $TFPWD | |
| # Again use the terraform output for aws-auth-config-map | |
| terraform output config_map_aws_auth > $HOME/aws-auth-cm.yaml | |
| # Apply the yaml using kubectl | |
| kubectl apply -f $HOME/aws-auth-cm.yaml | |
| timeout 10 kubectl get nodes --watch | |
| popd | |
| } | |
| function setup_roles() { | |
| pushd $TFPWD | |
| terraform output cluster_roles_yml > cluster_roles.yml | |
| kubectl apply -f cluster_roles.yml | |
| popd | |
| } | |
| function disable_snat() | |
| { | |
| cd $TFPWD | |
| # Apply the patch using kubectl, this is to disable snat on worker nodes | |
| kubectl patch daemonset aws-node -n kube-system -p '{"spec":{"template":{"spec":{"containers":[{"name":"aws-node","env":[{"name": "AWS_VPC_K8S_CNI_EXTERNALSNAT", "value": "true"}]}]}}}}' | |
| res=$? | |
| if [[ $res > 0 ]]; then | |
| echo "AWS node daemonset is not patched" | |
| else | |
| echo "AWS node is patched - disabled SNAT" | |
| fi | |
| timeout 10 kubectl get nodes --watch | |
| } | |
| function add_prometheus_annotation_for_eks_cni() | |
| { | |
| cd $TFPWD | |
| kubectl --namespace kube-system patch daemonset aws-node --patch '{"spec":{"template":{"metadata":{"annotations":{"prometheus.io/scrape": "true", "prometheus.io/path": "/metrics", "prometheus.io/port": "61678"}}}}}' | |
| res=$? | |
| if [[ $res > 0 ]]; then | |
| echo "Annotate for prometheus is not added" | |
| else | |
| echo "AWS node is patched - Annotation added for prometheus" | |
| fi | |
| } | |
| print_log "Running terraform" | |
| run_terraform | |
| print_log "Setting up kubectl" | |
| setup_kubectl | |
| print_log "Setting up nodes" | |
| setup_nodes | |
| disable_snat | |
| add_prometheus_annotation_for_eks_cni | |
| print_log "Setting up cluster roles" | |
| setup_roles |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment