-
Notifications
You must be signed in to change notification settings - Fork 0
/
6_dynamic.sh
executable file
·96 lines (75 loc) · 3.39 KB
/
6_dynamic.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
echo "Stopping MyBB deployment"
sleep 1
helm delete --purge mybb
pkill kubectl
echo "\nBuilding MyBB Docker image"
sleep 1
docker build . -f docker/6_Dockerfile -t localhost:5000/mybb:6_dynamic
docker push localhost:5000/mybb:6_dynamic
#rm -Rf consul/helm
#git clone https://github.com/hashicorp/consul-helm.git consul/helm
echo "\nDeploying Consul to Kubernetes"
sleep 1
helm install -f consul/values.yaml --name configuration consul/helm
# Wait for the Consul Server pod to come up (the lazy sleepy way)
echo "\nWaiting for Consul to become available...\n"
sleep 15
export CONSUL_POD=configuration-consul-server-0
kubectl port-forward $CONSUL_POD 8500:8500 &
echo "\Populating data into Consul"
consul kv put mybb/php/database/driver mysqli
consul kv put mybb/mysql/hostname database-mysql.default.svc.cluster.local
consul kv put mybb/mysql/schema mybb
consul kv put mybb/mysql/table_prefix mybb_
consul kv put mybb/mysql/encoding utf8
consul kv put mybb/mysql/credentials/username mybb
consul kv put mybb/cache/store memcached
consul kv put mybb/cache/memcache/host cache-memcached.default.svc.cluster.local
consul kv put mybb/cache/memcache/port 11211
consul kv put apache/networking/timeout 300
consul kv put apache/networking/keepalive On
consul kv put apache/networking/keepalive_requests 100
consul kv put apache/networking/keepalive_timeout 5
consul kv put apache/log_level warn
echo "\nDeploying Vault to Kubernetes"
sleep 1
#rm -Rf vault/helm
#git clone https://github.com/helm/charts /tmp/helm-charts
#mv /tmp/helm-charts/incubator/vault vault/helm
helm install --name=secrets --set replicaCount=1 vault/helm
echo "\nWaiting for Vault to become available...\n"
sleep 10 # Wait for the Vault Server pod to come up (the lazy sleepy way)
export VAULT_POD=$(kubectl get pods --namespace default -l "app=vault" -o jsonpath="{.items[0].metadata.name}")
kubectl port-forward $VAULT_POD 8200:8200 &
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=$(kubectl logs $VAULT_POD | grep 'Root Token' | cut -d' ' -f3)
kubectl create serviceaccount vault-auth
kubectl apply --filename vault/vault-auth-service-account.yml
echo "\nPopulating data into Vault"
vault kv put secret/mybb/mysql/credentials password="mybb"
echo "\nConfiguring Vault policies"
sleep 1
# Set VAULT_SA_NAME to the service account you created earlier
export VAULT_SA_NAME=$(kubectl get sa vault-auth -o jsonpath="{.secrets[*]['name']}")
# Set SA_JWT_TOKEN value to the service account JWT used to access the TokenReview API
export SA_JWT_TOKEN=$(kubectl get secret $VAULT_SA_NAME -o jsonpath="{.data.token}" | base64 --decode; echo)
# Set SA_CA_CRT to the PEM encoded CA cert used to talk to Kubernetes API
export SA_CA_CRT=$(kubectl get secret $VAULT_SA_NAME -o jsonpath="{.data['ca\.crt']}" | base64 --decode; echo)
export K8S_HOST=$(kubectl exec $CONSUL_POD -- sh -c 'echo $KUBERNETES_SERVICE_HOST')
vault policy write mybb-kv-readonly vault/mybb-kv-readonly.hcl
vault auth enable kubernetes
vault write auth/kubernetes/config \
token_reviewer_jwt="$SA_JWT_TOKEN" \
kubernetes_host="https://$K8S_HOST:443" \
kubernetes_ca_cert="$SA_CA_CRT"
vault write auth/kubernetes/role/mybb \
bound_service_account_names=vault-auth \
bound_service_account_namespaces=default \
policies=mybb-kv-readonly \
ttl=24h
echo "\nDeploying MyBB to Kubernetes"
sleep 1
helm install --name=mybb ./helm/dynamic
sleep 15
echo "\nTailing the logs..."
stern --selector app=mybb