-
Notifications
You must be signed in to change notification settings - Fork 8
/
deploy-central.sh
executable file
·121 lines (101 loc) · 4.4 KB
/
deploy-central.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
set -euo pipefail
trap 's=$?; echo >&2 "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
for cmd in "kubectl" "helm"; do
type $cmd >/dev/null 2>&1 || { echo >&2 "$cmd required but it's not installed; aborting."; exit 1; }
done
CERT_ISSUER_ID=${CERT_ISSUER_ID-issuer-central}
CONTEXT=${CONTEXT-lgtm-central}
DOMAIN=${DOMAIN-${CONTEXT}.cluster.local}
SUBNET=${SUBNET-248} # For Cilium L2/LB (must be unique across all clusters)
WORKERS=${WORKERS-3}
CLUSTER_ID=${CLUSTER_ID-1} # Unique on each cluster
POD_CIDR=${POD_CIDR-10.11.0.0/16} # Unique on each cluster
SVC_CIDR=${SVC_CIDR-10.12.0.0/16} # Unique on each cluster
LINKERD_HA=${LINKERD_HA-yes}
CILIUM_CLUSTER_MESH_ENABLED=${CILIUM_CLUSTER_MESH_ENABLED-no}
echo "Updating Helm Repositories"
helm repo add jetstack https://charts.jetstack.io
helm repo add linkerd https://helm.linkerd.io/stable
helm repo add linkerd-edge https://helm.linkerd.io/edge
helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add grafana https://grafana.github.io/helm-charts
helm repo add minio https://charts.min.io/
helm repo update
echo "Deploying Kubernetes"
. deploy-kind.sh
echo "Deploying Prometheus CRDs"
helm upgrade --install prometheus-crds prometheus-community/prometheus-operator-crds
echo "Deploying Cert-Manager"
helm upgrade --install cert-manager jetstack/cert-manager \
--namespace cert-manager --create-namespace \
-f values-certmanager.yaml --wait
if [[ "${CILIUM_CLUSTER_MESH_ENABLED}" != "yes" ]]; then
echo "Deploying Linkerd"
. deploy-linkerd.sh
fi
echo "Setting up namespaces"
for ns in observability storage tempo loki mimir; do
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: $ns
annotations:
linkerd.io/inject: enabled
EOF
done
echo "Deploying Prometheus (for Local Metrics)"
helm upgrade --install monitor prometheus-community/kube-prometheus-stack \
-n observability -f values-prometheus-common.yaml -f values-prometheus-central.yaml \
--set prometheusOperator.clusterDomain=$DOMAIN --wait
echo "Deploying MinIO for Loki, Tempo and Mimir"
helm upgrade --install minio minio/minio \
-n storage -f values-minio.yaml --wait
echo "Deploying Grafana Tempo"
helm upgrade --install tempo grafana/tempo-distributed \
-n tempo -f values-tempo.yaml --set global.clusterDomain=$DOMAIN --wait
echo "Deploying Grafana Loki"
helm upgrade --install loki grafana/loki \
-n loki -f values-loki.yaml --set global.clusterDomain=$DOMAIN --wait
echo "Deploying Grafana Promtail (for Logs)"
helm upgrade --install promtail grafana/promtail \
-n observability -f values-promtail-common.yaml -f values-promtail-central.yaml --wait
echo "Deploying Grafana Alloy (for Traces)"
helm upgrade --install alloy -n observability grafana/alloy \
-f values-alloy.yaml \
--set-file alloy.configMap.content=grafana-central-config.alloy \
--wait
echo "Deploying Grafana Mimir"
helm upgrade --install mimir grafana/mimir-distributed \
-n mimir -f values-mimir.yaml --set global.clusterDomain=$DOMAIN
kubectl rollout status -n mimir deployment/mimir-distributor
kubectl rollout status -n mimir deployment/mimir-query-frontend
echo "Create Ingress resources"
kubectl apply -f ingress-central.yaml
echo "Deploying Nginx Ingress Controller"
helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \
-n ingress-nginx --create-namespace -f values-ingress.yaml --wait
declare -a SERVICES=( \
"service/mimir-distributor -n mimir" \
"service/tempo-distributor -n tempo" \
"service/loki-write -n loki" \
"service/monitor-alertmanager -n observability"
)
if [[ "${CILIUM_CLUSTER_MESH_ENABLED}" == "yes" ]]; then
echo "Exporting Services via Cilium ClusterMesh"
for SVC in "${SERVICES[@]}"; do
kubectl annotate ${SVC} service.cilium.io/global=true --overwrite
kubectl annotate ${SVC} service.cilium.io/shared=true --overwrite
done
else
echo "Exporting Services via Linkerd Multicluster"
for SVC in "${SERVICES[@]}"; do
kubectl label ${SVC} mirror.linkerd.io/exported=true
done
fi
# Update DNS
INGRESS_IP=$(kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo "Remember to append an entry for grafana.example.com pointing to $INGRESS_IP in /etc/hosts to test the Ingress resources"