-
Notifications
You must be signed in to change notification settings - Fork 4
/
lib.sh
executable file
·220 lines (205 loc) · 6.89 KB
/
lib.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
function showNotice() {
(
{ set +o xtrace; } 2>/dev/null
IFS=' '
printf "\n\e[95m%s\e[0m\n\n" "$*"
)
}
function showProgress() {
(
{ set +o xtrace; } 2>/dev/null
IFS=' '
printf "\n\e[94m%s\e[0m\n\n" "$*"
)
}
function showWarning() {
(
{ set +o xtrace; } 2>/dev/null
IFS=' '
printf "\n\e[33m%s\e[0m\n\n" "$*"
)
}
function showError() {
(
{ set +o xtrace; } 2>/dev/null
IFS=' '
printf "\n\e[31m%s\e[0m\n\n" "$*" | tr '\n' "\n"
)
}
function onError() {
showError "ERROR Occurred" >&2
}
function setContext() {
showProgress "Setting context for hcloud (Hetzner Cloud CLI)"
if ! hcloud context list --output noheader --output columns=name | grep -Eq "\b${HCLOUD_CONTEXT}\b"; then
hcloud context create "${HCLOUD_CONTEXT}" || true
fi
hcloud context use "${HCLOUD_CONTEXT}"
showProgress "Setting context for talosctl"
if ! talosctl --context "${TALOS_CONTEXT}" config info 2>/dev/null; then
talosctl config add "${TALOS_CONTEXT}"
fi
talosctl config context "${TALOS_CONTEXT}"
showProgress "Setting context for kubectl"
kubectl config set-context "${KUBECTL_CONTEXT}"
}
function getNodePrivateIp() {
local _NODE_NAME="${1}"
hcloud server describe "${_NODE_NAME}" --output json | jq -r '.private_net[0].ip'
}
function getNodePublicIpv4() {
local _NODE_NAME="${1}"
if ! hcloud server describe "${_NODE_NAME}" --output json | jq -r '.public_net.ipv4.ip'; then
# This can be an external node
dig +short -ta "${_NODE_NAME}"
fi
}
function getNodeIps() {
showProgress "Getting node IPs"
NODE_IPS=()
CONTROL_IPS=()
WORKER_IPS=()
local _NODE_NAME
WORKER_IPS_COMMA=""
for _NODE_NAME in "${CONTROL_NAMES[@]}"; do
NODE_IPS+=("$( getNodePublicIpv4 "${_NODE_NAME}" )")
CONTROL_IPS+=("$( getNodePublicIpv4 "${_NODE_NAME}" )")
done
if [ "${#WORKER_NAMES[@]}" -gt 0 ]; then
for _NODE_NAME in "${WORKER_NAMES[@]}"; do
NODE_IPS+=("$( getNodePublicIpv4 "${_NODE_NAME}" )")
WORKER_IPS+=("$( getNodePublicIpv4 "${_NODE_NAME}" )")
done
WORKER_IPS_COMMA="$( IFS=','; echo "${WORKER_IPS[*]}" )"
fi
NODE_IPS_COMMA="$( IFS=','; echo "${NODE_IPS[*]}" )"
CONTROL_IPS_COMMA="$( IFS=','; echo "${CONTROL_IPS[*]}" )"
}
function getLoadBalancerIps() {
showProgress "Getting load balancer IPs"
CONTROL_LB_IPV4=$( hcloud load-balancer describe "${CONTROL_LB_NAME}" --output json | jq -r '.public_net.ipv4.ip' )
WORKER_LB_IPV4=$( hcloud load-balancer describe "${WORKER_LB_NAME}" --output json | jq -r '.public_net.ipv4.ip' )
WORKER_LB_IPV6=$( hcloud load-balancer describe "${WORKER_LB_NAME}" --output json | jq -r '.public_net.ipv6.ip' )
}
function waitForTcpPort() {
local _HOST="$1"
local _PORT="$2"
showProgress "Waiting for host ${_HOST} to open TCP port ${_PORT}"
for (( TRY=1; TRY<=100; TRY++ )); do
if nc -z "${_HOST}" "${_PORT}"; then
break;
fi
sleep 5
done
}
function openFirewallPorts() {
local _FIREWALL_NAME="${1}"
local _SOURCE_IPS="${2}"
local _PROTOCOL="$(echo "${3}" | tr '[:upper:]' '[:lower:]')"
local _PORT_START="${4}"
local _PORT_END="${5}"
local _DESCRIPTION="${6}"
local _PORT="${_PORT_START}-${_PORT_END}"
local _OPTIONS=()
local _SOURCE_LIST=()
if [ "${_PORT_START}" -eq "${_PORT_END}" ]; then
_PORT="${_PORT_START}"
fi
if [[ "${_SOURCE_IPS}" == */* ]]; then
_OPTIONS+=("--source-ips" "${_SOURCE_IPS}")
_SOURCE_LIST+=("\"${_SOURCE_IPS}\"")
else
local _IPLIST
IFS=, read -ra _IPLIST <<< "${_SOURCE_IPS}"
for _SOURCE_IP in "${_IPLIST[@]}"; do
_OPTIONS+=("--source-ips" "${_SOURCE_IP}/32")
_SOURCE_LIST+=("\"${_SOURCE_IP}/32\"")
done
fi
IFS=$'\n' _SOURCE_LIST=($(sort <<<"${_SOURCE_LIST[*]}"))
local _SOURCE_MATCH="[$( IFS=','; echo "${_SOURCE_LIST[*]}" )]"
case "${_PROTOCOL}" in
tcp | udp)
if ! hcloud firewall describe "${_FIREWALL_NAME}" -o json | jq -e ".rules[] | select(.protocol==\"${_PROTOCOL}\" and .source_ips==${_SOURCE_MATCH} and .port==\"${_PORT}\")"; then
hcloud firewall add-rule "${_FIREWALL_NAME}" ${_OPTIONS[@]} --port "${_PORT}" --protocol "${_PROTOCOL}" --direction in --description "${_DESCRIPTION}"
fi
;;
icmp)
if ! hcloud firewall describe "${_FIREWALL_NAME}" -o json | jq -e ".rules[] | select(.protocol==\"${_PROTOCOL}\" and .source_ips==${_SOURCE_MATCH})"; then
hcloud firewall add-rule "${_FIREWALL_NAME}" ${_OPTIONS[@]} --protocol "${_PROTOCOL}" --direction in --description "${_DESCRIPTION}"
fi
;;
*)
showError "Unknown protocol '${_PROTOCOL}'"
exit 1
esac
}
function getHcloudToken()
{
grep --extended-regexp --after-context=1 "name = ('|\")${HCLOUD_CONTEXT}('|\")" ~/.config/hcloud/cli.toml \
| grep --extended-regexp --only-matching '\w{64}'
}
trap '{ set +o xtrace; } 2>/dev/null; onError' ERR SIGINT SIGTERM
if [ -z "${SCRIPT_DIR+x}" ] || [ -z "${SCRIPT_DIR}" ]; then
showError "Environment variable 'SCRIPT_DIR' is missing or empty."
exit 1
fi
if [ ! -f "${SCRIPT_DIR}/CONFIG.sh" ]; then
showError "File 'CONFIG.sh' is not found. Please copy 'CONFIG.sh.example' and check values."
exit 1
fi
source "${SCRIPT_DIR}/CONFIG.sh"
USER_KUBECONFIG=""
if [ -n "${KUBECONFIG+x}" ]; then
USER_KUBECONFIG="${KUBECONFIG}"
if [[ "${USER_KUBECONFIG}" == *:* ]]; then
USER_KUBECONFIG="${USER_KUBECONFIG%%:*}"
fi
fi
IMAGE_SELECTOR="version=${TALOS_VERSION},os=talos"
CONTROL_FIREWALL_NAME="control.${CLUSTER_NAME}"
WORKER_FIREWALL_NAME="workers.${CLUSTER_NAME}"
CLUSTER_SELECTOR="cluster=${CLUSTER_NAME}"
CONTROL_SELECTOR="type=controlplane,cluster=${CLUSTER_NAME}"
WORKER_SELECTOR="type=worker,cluster=${CLUSTER_NAME}"
CONTROL_LB_NAME="control.${CLUSTER_NAME}"
WORKER_LB_NAME="workers.${CLUSTER_NAME}"
CONTROL_TYPE="$( echo "${CONTROL_TYPE}" | tr '[:upper:]' '[:lower:]' )"
WORKER_TYPE="$( echo "${WORKER_TYPE}" | tr '[:upper:]' '[:lower:]' )"
TALOS_CONTEXT="${CLUSTER_NAME}"
TALOS_SECRETS="${SCRIPT_DIR}/secrets.${CLUSTER_NAME}.yaml"
TALOSCONFIG="${SCRIPT_DIR}/talosconfig.${CLUSTER_NAME}.yaml"
KUBECONFIG="${SCRIPT_DIR}/kubeconfig.${CLUSTER_NAME}.yaml"
KUBECTL_CONTEXT="admin@${CLUSTER_NAME}"
HCLOUD_CONTEXT="${CLUSTER_NAME}"
CONTROL1_NAME="control1.${CLUSTER_NAME}"
DEPLOY_DIR="${SCRIPT_DIR}/deploy"
CONTROL_NAMES=()
INT_WORKER_NAMES=()
INT_NODE_NAMES=()
NODE_NAMES=()
WORKER_NAMES=()
for (( NR=1; NR<="${CONTROL_COUNT}"; NR++ )); do
NODE_NAME="control${NR}.${CLUSTER_NAME}"
CONTROL_NAMES+=("${NODE_NAME}")
INT_NODE_NAMES+=("${NODE_NAME}")
NODE_NAMES+=("${NODE_NAME}")
done
for (( NR=1; NR<="${WORKER_COUNT}"; NR++ )); do
NODE_NAME="worker${NR}.${CLUSTER_NAME}"
INT_WORKER_NAMES+=("${NODE_NAME}")
WORKER_NAMES+=("${NODE_NAME}")
INT_NODE_NAMES+=("${NODE_NAME}")
NODE_NAMES+=("${NODE_NAME}")
done
if [ -n "${EXT_WORKER_NAMES+x}" ]; then
for NODE_NAME in ${EXT_WORKER_NAMES}; do
WORKER_NAMES+=("${NODE_NAME}")
NODE_NAMES+=("${NODE_NAME}")
done
fi
unset NR
unset NODE_NAME
export KUBECONFIG
export TALOSCONFIG
export KUBECTL_CONTEXT