-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathspin-kube.sh
executable file
·146 lines (126 loc) · 6.13 KB
/
spin-kube.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/bin/bash
set -euo pipefail
SCRIPT_PATH=$(dirname $(realpath "$0"))
source "${SCRIPT_PATH}/../utils.sh"
SHIM_VERSION=${SHIM_VERSION:-v0.17.0}
DATADOG_API_KEY=${DATADOG_API_KEY:-''}
READINESS_TIMEOUT=${READINESS_TIMEOUT:-20s}
SPIN_OPERATOR_VERSION=${SPIN_OPERATOR_VERSION:-0.4.0}
install_cert_manager() {
# Install cert-manager CRDs
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.3/cert-manager.crds.yaml
# Add and update Jetstack repository
helm repo add jetstack https://charts.jetstack.io
helm repo update
# Install the cert-manager Helm chart
helm upgrade --install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--set nodeSelector.workload=system \
--set cainjector.nodeSelector.workload=system \
--set startupapicheck.nodeSelector.workload=system \
--set webhook.nodeSelector.workload=system \
--version v1.14.3
# Wait for cert-manager to be ready
kubectl wait --for=condition=available --timeout=${READINESS_TIMEOUT} deployment/cert-manager-webhook -n cert-manager
}
install_kube_prometheus() {
# Install the kube-prometheus-stack: https://github.com/prometheus-operator/kube-prometheus
# Installs the Prometheus operator, node exporters, and Grafana
# Enable Prometheus remote-write receiver and native histograms to ensure k6 metrics can be received
# See more Helm chart values here: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
#
# Note: the chart name "prometheus" will become the prefix for all Pod names
#
# Note: we set the nodeSelector for all components to run on the system nodes EXCEPT
# the agents, as we of course need an agent present on the apps node to capture data
# and forward on to Grafana
helm upgrade --install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.enableRemoteWriteReceiver=true \
--set 'prometheus.prometheusSpec.enableFeatures[0]="native-histograms"' \
--set prometheus.prometheusSpec.nodeSelector.workload=system \
--set prometheusOperator.nodeSelector.workload=system \
--set grafana.nodeSelector.workload=system \
--set kube-state-metrics.nodeSelector.workload=system \
--set alertmanager.alertmanagerSpec.nodeSelector.workload=system \
--set prometheus.prometheusSpec.scrapeInterval=5s
}
install_datadog() {
if [[ -z "${DATADOG_API_KEY}" ]]; then
echo "WARNING: DATADOG_API_KEY is empty; skipping datadog installation"
else
# Add and update the Datadog repository
helm repo add datadog https://helm.datadoghq.com
helm repo update
# Install the datadog chart
#
# Note: the datadog.kubelet config avoids 'unable to reliably determine the host name.' when running on AKS.
# Another option is to set 'kubelet.tlsVerif=false'
# Ref https://docs.datadoghq.com/containers/kubernetes/distributions/?tab=helm#aks-kubelet-certificate
# TODO: this configuration may not be applicable to other clusters/distros and may break installation
#
# Note: also possible to supply a secret for the API key
# https://github.com/DataDog/helm-charts/tree/main/charts/datadog#create-and-provide-a-secret-that-contains-your-datadog-api-and-app-keys
#
# Note: we set the nodeSelector for all components to run on the system nodes EXCEPT
# the agents, as we of course need an agent present on the apps node to capture data
# and forward on to Datadog
helm upgrade --install datadog \
--namespace datadog \
--create-namespace \
--set clusterAgent.nodeSelector.workload=system \
--set clusterChecksRunner.nodeSelector.workload=system \
--set kube-state-metrics.nodeSelector.workload=system \
--set datadog.kubelet.host.valueFrom.fieldRef.fieldPath=spec.nodeName \
--set datadog.kubelet.hostCAPath=/etc/kubernetes/certs/kubeletserver.crt \
--set datadog.apiKey="${DATADOG_API_KEY}" datadog/datadog
fi
}
install_kwasm_operator() {
# Add Helm repository if not already done
helm repo add kwasm http://kwasm.sh/kwasm-operator/
# Install KWasm operator
helm upgrade --install \
kwasm-operator kwasm/kwasm-operator \
--namespace kwasm \
--create-namespace \
--set nodeSelector.workload=system \
--set "kwasmOperator.installerImage=ghcr.io/spinkube/containerd-shim-spin/node-installer:$SHIM_VERSION"
# Provision Nodes labeled with 'runtime=containerd-shim-spin'
# Other nodes may have different labels/purposes and we may not want apps to run there
kubectl annotate node -l runtime=containerd-shim-spin kwasm.sh/kwasm-node=true shim_version="${SHIM_VERSION}"
}
install_k6_operator() {
# Add and update the Grafana chart repository
helm repo add grafana https://grafana.github.io/helm-charts
helm repo update
# Install the k6-operator Helm chart
# Note: the chart also attempts to create the namespace by default
# so we set namespace.create=false to ensure only Helm attempts creation
helm upgrade --install \
k6-operator grafana/k6-operator \
--namespace k6 \
--create-namespace \
--set nodeSelector.workload=system \
--set namespace.create=false
# Wait for k6-operator deployment to be ready
kubectl wait --for=condition=available --timeout=${READINESS_TIMEOUT} deployment/k6-operator-controller-manager -n k6
}
install_spin_operator() {
# Apply Spin runtime class
kubectl apply -f "${SCRIPT_PATH}/runtime-class.yaml"
# Apply Spin CRDs
kubectl apply -f https://github.com/spinkube/spin-operator/releases/download/v${SPIN_OPERATOR_VERSION}/spin-operator.crds.yaml
# Install Spin Operator with Helm
helm upgrade --install spin-operator \
--namespace spin-operator \
--create-namespace \
--version ${SPIN_OPERATOR_VERSION} \
--wait \
oci://ghcr.io/spinkube/charts/spin-operator
# Add the shim executor for the Spin operator
kubectl apply -f https://github.com/spinkube/spin-operator/releases/download/v${SPIN_OPERATOR_VERSION}/spin-operator.shim-executor.yaml
# Wait for the Spin Operator to be ready
kubectl wait --for=condition=available --timeout=${READINESS_TIMEOUT} deployment/spin-operator-controller-manager -n spin-operator
}