Deployment scripts

Summary: Slight change to deployment scripts. Triggered by bug in namespace not existing. Test Plan: Manual testing Reviewers: zasgar, #engineering Reviewed By: zasgar, #engineering Differential Revision: https://phab.corp.pixielabs.ai/D1310 GitOrigin-RevId: 002d0c1
HoolyDiver · Jul 23, 2019 · f749c5b · f749c5b
1 parent f2c1562
commit f749c5b
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 74 deletions.
diff --git a/Makefile b/Makefile
@@ -71,47 +71,6 @@ gazelle: gazelle-repos ## Run gazelle to update go build rules.
 
 go-setup: dep-ensure gazelle
 
-k8s-load-certs:
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret proxy-tls-certs
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret service-tls-certs
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret etcd-peer-tls-certs
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret etcd-client-tls-certs
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret etcd-server-tls-certs
-
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret tls proxy-tls-certs \
-		--key src/services/certs/server.key \
-		--cert src/services/certs/server.crt
-
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret generic service-tls-certs \
-		--from-file=server.key=src/services/certs/server.key \
-		--from-file=server.crt=src/services/certs/server.crt \
-		--from-file=ca.crt=src/services/certs/ca.crt \
-		--from-file=client.key=src/services/certs/client.key \
-		--from-file=client.crt=src/services/certs/client.crt
-
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret generic etcd-peer-tls-certs \
-		--from-file=peer.key=src/services/certs/server.key \
-		--from-file=peer.crt=src/services/certs/server.crt \
-		--from-file=peer-ca.crt=src/services/certs/ca.crt
-
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret generic etcd-client-tls-certs \
-		--from-file=etcd-client.key=src/services/certs/client.key \
-		--from-file=etcd-client.crt=src/services/certs/client.crt \
-		--from-file=etcd-client-ca.crt=src/services/certs/ca.crt
-
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret generic etcd-server-tls-certs \
-		--from-file=server.key=src/services/certs/server.key \
-		--from-file=server.crt=src/services/certs/server.crt \
-		--from-file=server-ca.crt=src/services/certs/ca.crt
-
-k8s-load-dev-secrets: #Loads the secrets used by the dev environment. At some point it might makse sense to move this into a dev setup script somewhere.
-	-$(KUBECTL) $(KUBECTL_FLAGS) delete secret pl-app-secrets
-	$(KUBECTL) $(KUBECTL_FLAGS) create secret generic pl-app-secrets \
-		--from-literal=jwt-signing-key=ABCDEFG \
-		--from-literal=session-key=test-session-key \
-		--from-literal=auth0-client-id=qaAfEHQT7mRt6W0gMd9mcQwNANz9kRup \
-		--from-literal=auth0-client-secret=_rY9isTWtKgx2saBXNKZmzAf1y9pnKvlm-WdmSVZOFHb9OQtWHEX4Nrh3nWE5NNt
-
 dev-env-start: ## Start K8s dev environment.
 	$(WORKSPACE)/scripts/setup_dev_k8s.sh
 

diff --git a/scripts/create_gcp_dev_cluster.sh b/scripts/create_gcp_dev_cluster.sh
@@ -31,7 +31,7 @@ usage() {
   echo " -b          : bare cluster (do not deploy any services)"
   echo " -n <int>    : number of nodes in the cluster [default: ${NUM_NODES}]"
   echo " -m string>> : machine type [default: ${MACHINE_TYPE}]"
-  echo " -i <string> : base image [default: ${IMAGE_NAME}]"
+  echo " -i <string> : base image [default: ${IMAGE_NAME}] (can also use COS)"
   echo " -d <int>    : disk size per node (GB) [default: ${DISK_SIZE}]"
   echo "Example: $0 dev-cluster-000 -n 4 -i UBUNTU"
   exit
@@ -91,7 +91,6 @@ print_config
 
 PIXIE_ROOT_DIR=$(bazel info workspace 2> /dev/null)
 
-
 ##################
 # Start the cluster
 ##################
@@ -128,23 +127,27 @@ else
   echo "  gcloud beta container --project "pl-dev-infra" clusters delete ${CLUSTER_NAME}"
 fi
 
-##################
-# Deploy standard services
-##################
+############################
+# Deploy Pixie prereqs
+############################
 
 if [ ! ${BARE_CLUSTER} = true ]; then
   # Make the current user a cluster-admin
   # WARNING: this is insecure.
   # TODO(oazizi/philkuz): Fix when we set-up RBAC.
   $PIXIE_ROOT_DIR/scripts/setup_cluster_role_bindings.sh
 
-  # Install default dev secrets and certs.
-  make -C $PIXIE_ROOT_DIR k8s-load-dev-secrets k8s-load-certs
-
-  # Deploy Pixie prereqs (NATS, etcd).
+  # Deploy Pixie prereqs (secrets, NATS, etcd).
   $PIXIE_ROOT_DIR/scripts/deploy_cluster_prereqs.sh
+fi
+
 
-  # Deploy Sockshop Demo app
+############################
+# Deploy Demo applications
+############################
+
+if [ ! ${BARE_CLUSTER} = true ]; then
+    # Deploy Sockshop Demo app
   kubectl apply -f $PIXIE_ROOT_DIR/demos/applications/sockshop/kubernetes_manifests/sock-shop-ns.yaml && sleep 5
   kubectl apply -f $PIXIE_ROOT_DIR/demos/applications/sockshop/kubernetes_manifests
   kubectl apply -f $PIXIE_ROOT_DIR/demos/applications/sockshop/load_generation

diff --git a/scripts/deploy_cluster_operators.sh b/scripts/deploy_cluster_operators.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+# Assume pl namespace by default.
+namespace=pl
+if [ "$#" -eq 1 ]; then
+    namespace=$1
+fi
+
+workspace=$(bazel info workspace 2> /dev/null)
+
+source ${workspace}/scripts/script_utils.sh
+
+nats_deploy() {
+  kubectl apply -n ${namespace} -f ${workspace}/src/services/nats
+}
+
+etcd_deploy() {
+  kubectl apply -n ${namespace} -f ${workspace}/src/services/etcd
+}
+
+# Load nats and etcd, we need to run our services.
+# These commands might fail waiting for the operator to come up, so we
+# retry them a few times.
+retry nats_deploy 5 30
+retry etcd_deploy 5 30
diff --git a/scripts/deploy_cluster_prereqs.sh b/scripts/deploy_cluster_prereqs.sh
@@ -1,30 +1,15 @@
 #!/usr/bin/env bash
 
-workspace=$(bazel info workspace 2> /dev/null)
-
-source ${workspace}/scripts/script_utils.sh
-
-#############################
-# Deploy NATS and etcd
-#############################
-
 namespace=pl
 
-kubectl get namespaces ${namespace} 2> /dev/null
-if [ $? -ne 0 ]; then
-  kubectl create namespace ${namespace}
-fi
-
-nats_deploy() {
-  kubectl apply --namespace=${namespace} -f ${workspace}/src/services/nats
+create_namespace() {
+    kubectl get namespaces ${namespace} 2> /dev/null
+    if [ $? -ne 0 ]; then
+      kubectl create namespace ${namespace}
+    fi
 }
 
-etcd_deploy() {
-  kubectl apply --namespace=${namespace} -f ${workspace}/src/services/etcd
-}
+create_namespace
+./load_secrets.sh ${namespace}
+./deploy_cluster_operators.sh ${namespace}
 
-# Load nats and etcd, we need to run our services.
-# These commands might fail waiting for the operator to come up, so we
-# retry them a few times.
-retry nats_deploy 5 30
-retry etcd_deploy 5 30
diff --git a/scripts/load_secrets.sh b/scripts/load_secrets.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Assume pl namespace by default.
+namespace=pl
+if [ "$#" -eq 1 ]; then
+    namespace=$1
+fi
+
+workspace=$(bazel info workspace 2> /dev/null)
+
+load_certs() {
+    kubectl -n ${namespace} delete secret proxy-tls-certs 2> /dev/null || true
+    kubectl -n ${namespace} delete secret service-tls-certs 2> /dev/null || true
+    kubectl -n ${namespace} delete secret etcd-peer-tls-certs 2> /dev/null || true
+    kubectl -n ${namespace} delete secret etcd-client-tls-certs 2> /dev/null || true
+    kubectl -n ${namespace} delete secret etcd-server-tls-certs 2> /dev/null || true
+
+    kubectl -n ${namespace} create secret tls proxy-tls-certs \
+        --key ${workspace}/src/services/certs/server.key \
+        --cert ${workspace}/src/services/certs/server.crt
+
+    kubectl -n ${namespace} create secret generic service-tls-certs \
+        --from-file=server.key=${workspace}/src/services/certs/server.key \
+        --from-file=server.crt=${workspace}/src/services/certs/server.crt \
+        --from-file=ca.crt=${workspace}/src/services/certs/ca.crt \
+        --from-file=client.key=${workspace}/src/services/certs/client.key \
+        --from-file=client.crt=${workspace}/src/services/certs/client.crt
+
+    kubectl -n ${namespace} create secret generic etcd-peer-tls-certs \
+        --from-file=peer.key=${workspace}/src/services/certs/server.key \
+        --from-file=peer.crt=${workspace}/src/services/certs/server.crt \
+        --from-file=peer-ca.crt=${workspace}/src/services/certs/ca.crt
+
+    kubectl -n ${namespace} create secret generic etcd-client-tls-certs \
+        --from-file=etcd-client.key=${workspace}/src/services/certs/client.key \
+        --from-file=etcd-client.crt=${workspace}/src/services/certs/client.crt \
+        --from-file=etcd-client-ca.crt=${workspace}/src/services/certs/ca.crt
+
+    kubectl -n ${namespace} create secret generic etcd-server-tls-certs \
+        --from-file=server.key=${workspace}/src/services/certs/server.key \
+        --from-file=server.crt=${workspace}/src/services/certs/server.crt \
+        --from-file=server-ca.crt=${workspace}/src/services/certs/ca.crt
+}
+
+#Loads the secrets used by the dev environment.
+load_dev_secrets() {
+    kubectl -n ${namespace} delete secret pl-app-secrets 2> /dev/null || true
+    kubectl -n ${namespace} create secret generic pl-app-secrets \
+        --from-literal=jwt-signing-key=ABCDEFG \
+        --from-literal=session-key=test-session-key \
+        --from-literal=auth0-client-id=qaAfEHQT7mRt6W0gMd9mcQwNANz9kRup \
+        --from-literal=auth0-client-secret=_rY9isTWtKgx2saBXNKZmzAf1y9pnKvlm-WdmSVZOFHb9OQtWHEX4Nrh3nWE5NNt
+}
+
+load_certs
+load_dev_secrets