Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: this is a full cleanup of my fork with all product specific stuff pulled out #560

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
scripts for preparing pks cluster
paulczar committed Aug 28, 2019
commit f3dd189d07781af5ba43739218d3cac5932732cb
36 changes: 36 additions & 0 deletions prepare-pks/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Instructions for preparing a PKS Kubernetes Cluster

## pre-reqs

* ingress controller (nginx or nsxt)
* gangway (or similar for kubeconfig files)

## Create users

This example will create 50 random users in UAAC and corresponding Kubernetes users and rbac.

```bash
$ cd users
$ ./random-users.sh 50
...
...
$ ./create.sh
...
...
```

This will install helm tiller for each:

```bash
$ ./helm.sh
...
...
```

This will clean up:

```bash
$ ./delete.sh
...
...
```
10 changes: 10 additions & 0 deletions prepare-pks/users/create.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

while IFS=, read -r col1 col2
do
echo "--> Adding user $col1 with password $col2"
echo "====> UAAC"
uaac user add $col1 --emails $col1@pks -p $col2
echo "====> Kubernetes"
cat user-role-etc.yaml | sed "s/__username__/$col1/" | kubectl apply -f -
done < users.txt
10 changes: 10 additions & 0 deletions prepare-pks/users/delete.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

while IFS=, read -r col1 col2
do
echo "--> Deleting user $col1 with password $col2"
echo "====> UAAC"
uaac user delete $col1
echo "====> Kubernetes"
cat user-role-etc.yaml | sed "s/__username__/$col1/" | kubectl delete -f -
done < users.txt
31 changes: 31 additions & 0 deletions prepare-pks/users/helm.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
#!/bin/bash

while IFS=, read -r col1 col2
do

kubectl -n $col1 create serviceaccount tiller

kubectl -n $col1 create role tiller --verb '*' --resource '*'

kubectl -n $col1 create rolebinding tiller --role tiller --serviceaccount ${col1}:tiller

kubectl create clusterrole ns-tiller --verb 'get,list' --resource namespaces

kubectl create clusterrolebinding tiller --clusterrole ns-tiller --serviceaccount ${col1}:tiller

helm init --service-account=tiller --tiller-namespace=$col1

kubectl -n $col1 delete service tiller-deploy

kubectl -n $col1 patch deployment tiller-deploy --patch '
spec:
template:
spec:
containers:
- name: tiller
ports: []
command: ["/tiller"]
args: ["--listen=localhost:44134"]
'

done < users.txt
11 changes: 11 additions & 0 deletions prepare-pks/users/random-users.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/bash

if [[ -z $1 ]]; then
echo "Usage: ./random-names.sh 55"
exit 1
fi

for i in {1..50}; do
PW=`cat /dev/urandom | tr -dc 'a-zA-Z1-9' | fold -w 10 | head -n 1`
echo "user$i,$PW"
done
57 changes: 57 additions & 0 deletions prepare-pks/users/user-role-etc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
kind: Namespace
apiVersion: v1
metadata:
name: __username__
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbac-user-namespace
rules:
- apiGroups: ["", "extensions", "apps", "batch", "autoscaling","networking.k8s.io"]
resources: ["*"]
verbs: ["*"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rbac-user-cluster
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list","get"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["*"]
verbs: ["list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: __username__
namespace: __username__
subjects:
- kind: User
name: __username__
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: rbac-user-namespace
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: __username__
namespace: __username__
subjects:
- kind: User
name: __username__
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: rbac-user-cluster
apiGroup: rbac.authorization.k8s.io
2 changes: 2 additions & 0 deletions prepare-pks/users/users.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
user1,user1-password
user2,user2-password