-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall-tap.sh
273 lines (263 loc) · 6.29 KB
/
install-tap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
#!/bin/sh
if [ -f install-tap.env ]; then
. ./install-tap.env
else
tee install-tap.env <<EOF
# Environment variable template. $0 sources this at start
# This should probably be set to an internal registry preloaded with tap
export TAP_INSTALL_REGISTRY_HOSTNAME=harbor.az.bmath.nyc
export TAP_INSTALL_NS=tap-install # note this fails when changed
export TAP_INSTALL_CONFIG=tap.yaml
#export TAP_VERSION=1.5.0-build.14
export TAP_VERSION=1.4.0
export ENVIRONMENT=development
export KP_REPOSITORY_PATH=development/kp
export KP_REGISTRY_HOSTNAME=harbor.az.bmath.nyc
export GITHUB_CLIENT_ID=
export GITHUB_CLIENT_SECRET=
export GITHUB_TOKEN=
export ACME_ACCOUNT_EMAIL=
export INGRESS_DOMAIN=YOUR_ROOT_DOMAIN # (e.g. example.com)
export TAP_DOMAIN=tap.\$INGRESS_DOMAIN
export TAP_GUI_FQDN=tap-gui.\$INGRESS_DOMAIN
EOF
. ./install-tap.env
fi
usage() {
echo
echo "$0 [clean|load|prepare|install|expose|get [packagename]|list|update|delete]]"
echo
echo "and don't forget the following reg secrets:"
echo
echo "kp-default-repository-creds Exported tap-install"
echo "tanzunet-repository-creds Exported tap-install"
echo "tap-registry Exported tap-install"
}
clean() {
rm install-tap.env tap.yaml
}
load() {
imgpkg copy --include-non-distributable-layers -b registry.tanzu.vmware.com/tanzu-application-platform/tap-packages:$TAP_VERSION --to-repo $TAP_INSTALL_REGISTRY_HOSTNAME/tanzu-application-platform/tap-packages
}
prepare() {
kubectl create ns $TAP_INSTALL_NS || \
echo "can't create namespace $TAP_INSTALL_NS"
#tanzu secret registry add tap-registry \
--username ${INSTALL_REGISTRY_USERNAME} --password ${INSTALL_REGISTRY_PASSWORD} \
--server ${INSTALL_REGISTRY_HOSTNAME} \
--export-to-all-namespaces --yes --namespace tap-install
tanzu package repository add tanzu-tap-repository \
--url $TAP_INSTALL_REGISTRY_HOSTNAME/tanzu-application-platform/tap-packages:$TAP_VERSION \
--namespace $TAP_INSTALL_NS
result=$?
sleep 1
tanzu package repository get tanzu-tap-repository --namespace $TAP_INSTALL_NS
tanzu package available list --namespace $TAP_INSTALL_NS
return $result
}
install() {
if [ -f "$TAP_INSTALL_CONFIG" ]; then
echo Found config $TAP_INSTALL_CONFIG
else
echo Creating config $TAP_INSTALL_CONFIG
tee $TAP_INSTALL_CONFIG <<EOF
accelerator:
domain: $TAP_DOMAIN
ingress:
include: true
buildservice:
exclude_dependencies: false
kp_default_repository: $KP_REGISTRY_HOSTNAME/$KP_REPOSITORY_PATH
kp_default_repository_secret:
name: kp-default-repository-creds
namespace: tap-install
tanzunet_secret:
name: tanzunet-repository-creds
namespace: tap-install
ceip_policy_disclosed: true
cnrs:
domain_name: $TAP_DOMAIN
https_redirection: true
ingress:
external:
namespace: tanzu-system-ingress
internal:
namespace: tanzu-system-ingress
ingress_issuer: letsencrypt
contour:
envoy:
service:
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.$TAP_DOMAIN"
aws:
LBType: nlb
infrastructure_provider: aws
metadata_store:
app_service_type: LoadBalancer
ns_for_export_app_cert: "*"
ootb_supply_chain_basic:
gitops:
ssh_secret: ""
registry:
repository: $KP_REPOSITORY_PATH
server: $KP_REGISTRY_HOSTNAME
ootb_supply_chain_testing_scanning:
gitops:
ssh_secret: ""
registry:
repository: $KP_REPOSITORY_PATH
server: $KP_REGISTRY_HOSTNAME
scanning:
image:
policy: image-scan-policy
source:
policy: scan-policy
package_overlays:
- name: cnrs
secrets:
- name: cnrs-overlay-auto-tls
shared:
ingress_domain: $INGRESS_DOMAIN
ingress_issuer: letsencrypt
tap_gui:
app_config:
app:
baseUrl: https://$TAP_GUI_FQDN
auth:
allowGuestAccess: false
environment: $ENVIRONMENT
providers:
github:
development:
clientId: $GITHUB_CLIENT_ID
clientSecret: $GITHUB_CLIENT_SECRET
session:
secret: custom session secret
backend:
baseUrl: https://$TAP_GUI_FQDN
cors:
origin: https://$TAP_GUI_FQDN
integrations:
github:
- host: github.com
token: $GITHUB_TOKEN
ingressDomain: $INGRESS_DOMAIN
ingressEnabled: true
service_type: ClusterIP
tls:
namespace: tap-gui
secretName: tap-gui-tls
EOF
fi
tanzu package install tap --create-namespace --wait=true -p tap.tanzu.vmware.com -v $TAP_VERSION --values-file $TAP_INSTALL_CONFIG -n $TAP_INSTALL_NS
tanzu package installed get tap -n $TAP_INSTALL_NS
tanzu package installed list -A
}
expose() {
kubectl apply -f - <<EOF
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
namespace: cert-manager
spec:
acme:
email: $ACME_ACCOUNTT_EMAIL
privateKeySecretRef:
name: letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
class: contour
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: tap-gui
namespace: tap-gui
spec:
commonName: $TAP_GUI_FQDN
dnsNames:
- $TAP_GUI_FQDN
issuerRef:
name: letsencrypt
kind: ClusterIssuer
secretName: tap-gui-tls
---
apiVersion: v1
kind: Secret
metadata:
annotations:
cert-manager.io/issuer-kind: ClusterIssuer
cert-manager.io/issuer-name: letsencrypt
name: tap-gui-tls
namespace: tap-gui
type: kubernetes.io/tls
EOF
sleep 1
kubectl describe httpproxy -n tap-gui
kubectl describe cr -n tap-gui
kubectl get all -n tanzu-system-ingress
echo tap-gui.dev2.bmath.nyc | nslookup
}
get() {
if [ -z "$1" ]; then
package=tap
else
package=$1
fi
tanzu package installed get -n $TAP_INSTALL_NS $package
}
list() {
tanzu package installed list -n $TAP_INSTALL_NS
}
update() {
tanzu package installed update -n $TAP_INSTALL_NS --version $TAP_VERSION --values-file $TAP_INSTALL_CONFIG tap
}
delete() {
tanzu package installed delete -n $TAP_INSTALL_NS tap
}
case "$1" in
clean)
clean
exit
;;
load)
load
exit
;;
prepare)
prepare
exit
;;
install)
install
exit
;;
expose)
expose
;;
get)
get $2
exit
;;
list)
list
exit
;;
update)
update
exit
;;
delete)
delete
kubectl get pvc -A
exit
;;
*)
usage
exit
;;
esac