diff --git a/customize_fusion_values.sh b/customize_fusion_values.sh index f0eebc46..d4cb915e 100755 --- a/customize_fusion_values.sh +++ b/customize_fusion_values.sh @@ -13,6 +13,8 @@ CHART_VERSION="5.3.5" NAMESPACE=default OUTPUT_SCRIPT="" ADDITIONAL_VALUES=() +KUBECTL="kubectl" +KUBECTL_TIMEOUT_PARAM="--timeout" SKIP_CRDS="" function print_usage() { @@ -28,6 +30,7 @@ function print_usage() { echo -e " -c Cluster name (required)\n" echo -e " -n Kubernetes namespace to install Fusion 5 into, defaults to 'default'\n" echo -e " -r Helm release name for installing Fusion 5; defaults to the namespace, see -n option\n" + echo -e " -k The Kubernetes command line tool executable to use, defaults to 'kubectl'\n" echo -e " --version Fusion Helm Chart version; defaults to the latest release from Lucidworks, such as ${CHART_VERSION}\n" echo -e " --provider Name of your K8s provider, e.g. eks, aks, gke, oc; defaults to 'gke'\n" echo -e " --prometheus Enable Prometheus? true or false, defaults to true\n" @@ -40,6 +43,7 @@ function print_usage() { echo -e " --with-replicas Flag to enable replicas yaml, defaults to off\n" echo -e " --additional-values Additional values files to add to the upgrade script, may be specified multiple times\n" echo -e " --output-script The name of the generated upgrade script, defaults to ___upgrade_fusion.sh \n" + echo -e " --skip-crds Set the --skip-crds flag on the helm upgrade. Use this in situations where you do no have permissions to make Custom Resource Definitions.\n" echo -e "\nIf you omit the arg, then the script will create it using the naming convention:\n ___fusion_values.yaml\n" } @@ -71,6 +75,14 @@ if [ $# -gt 1 ]; then CLUSTER_NAME="$2" shift 2 ;; + -k) + if [[ -z "$2" || "${2:0:1}" == "-" ]]; then + print_usage "$SCRIPT_CMD" "Missing value for the -k parameter!" + exit 1 + fi + KUBECTL="$2" + shift 2 + ;; -n) if [[ -z "$2" || "${2:0:1}" == "-" ]]; then print_usage "$SCRIPT_CMD" "Missing value for the -n parameter!" @@ -103,6 +115,10 @@ if [ $# -gt 1 ]; then PROVIDER="$2" shift 2 ;; + --skip-crds) + SKIP_CRDS="--skip-crds" + shift 1 + ;; --prometheus) if [[ -z "$2" || "${2:0:1}" == "-" ]]; then print_usage "$SCRIPT_CMD" "Missing value for the --prometheus parameter!" @@ -187,6 +203,11 @@ if [ $# -gt 1 ]; then done fi +# Openshift cli uses --request-timeout instead of --timeout for deploys +if [ "$PROVIDER" == "oc" ]; then + KUBECTL_TIMEOUT_PARAM="--request-timeout" +fi + valid="0-9a-zA-Z\-" if [[ $NAMESPACE =~ [^$valid] ]]; then echo -e "\nERROR: Namespace $NAMESPACE must only contain 0-9, a-z, A-Z, or dash!\n" @@ -357,5 +378,8 @@ else sed -i '' -e "s||${ADDITIONAL_VALUES_STRING}|g" "$OUTPUT_SCRIPT" fi +sed -i -e "s||${KUBECTL}|g" "$OUTPUT_SCRIPT" +sed -i -e "s||${KUBECTL_TIMEOUT_PARAM}|g" "$OUTPUT_SCRIPT" +sed -i -e "s||${SKIP_CRDS}|g" "$OUTPUT_SCRIPT" echo -e "\nCreate $OUTPUT_SCRIPT for upgrading you Fusion cluster. Please keep this script along with your custom values yaml file(s) in version control.\n" diff --git a/example-values/no-rbac.yaml b/example-values/no-rbac.yaml new file mode 100644 index 00000000..49f97f1e --- /dev/null +++ b/example-values/no-rbac.yaml @@ -0,0 +1,118 @@ +admin-ui: + rbac: + create: false +api-gateway: + rbac: + create: false +argo: + rbac: + create: false + createAggregateRoles: false +argo-common-workflows: + rbac: + create: false +auth-ui: + rbac: + create: false +classic-rest-service: + rbac: + create: false +classification: + rbac: + create: false +config-sync: + rbac: + create: false +connector-plugin-service: + rbac: + create: false +devops-ui: + rbac: + create: false +fusion-admin: + rbac: + create: false +fusion-ambassador: + rbac: + create: false +fusion-indexing: + rbac: + create: false +fusion-jupyter: + rbac: + create: false +fusion-log-forwarder: + rbac: + create: false +fusion-resources: + rbac: + create: false +insights: + rbac: + create: false +job-launcher: + rbac: + create: false +job-rest-server: + rbac: + create: false +milvus-writable: + rbac: + create: false +ml-model-service: + rbac: + create: false + runLabelNamespaceJob: false +pm-ui: + rbac: + create: false +pulsar: + rbac: + create: false +question-answering: + rbac: + create: false +recommender: + rbac: + create: false +rest-service: + rbac: + create: false +rpc-service: + rbac: + create: false + plugins: + crd: + create: false +rules-ui: + rbac: + create: false +seldon-core-operator: + rbac: + create: false + disableWebhookCreation: true + crds: + enabled: false +solr: + rbac: + create: false + setAvailabilityZone: false +solr-backup-runner: + rbac: + create: false +sql-service: + rbac: + create: false +templating: + rbac: + create: false +webapps: + rbac: + create: false +zookeeper: + rbac: + create: false +query-pipeline: + useAvailabilityZoneRouting: false + rbac: + create: false diff --git a/example-values/repository.yaml b/example-values/repository.yaml new file mode 100644 index 00000000..df29b9ed --- /dev/null +++ b/example-values/repository.yaml @@ -0,0 +1,157 @@ +zookeeper: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/zookeeper" +solr: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/solr" + initContainer: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +admin-ui: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +api-gateway: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" + keytoolUtils: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +argo: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +argo-common-workflows: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +auth-ui: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +classic-rest-service: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +classification: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +config-sync: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +connector-plugin-service: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +devops-ui: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-admin: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-ambassador: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-indexing: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-jupyter: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-log-forwarder: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +fusion-resources: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +insights: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +job-launcher: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +job-rest-server: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +milvus-writable: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +pm-ui: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +pulsar: + bookkeeper: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + broker: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + initContainer: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + images: + autorecovery: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + bookie: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + broker: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + functions: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + pulsar_manager: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-manager" + zookeeper: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" + pulsar_metadata: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/apachepulsar/pulsar-all" +question-answering: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +recommender: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +rest-service: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +rpc-service: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +rules-ui: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +seldon-core-operator: + image: + registry: "YOUR-REPOSITORY-DOMAIN:443" +solr-backup-runner: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +sql-service: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +templating: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +webapps: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +query-pipeline: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" +ml-model-service: + milvus: + admin: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/milvusdb/milvus-em" + mysql: + image: "YOUR-REPOSITORY-DOMAIN:443/mysql" + busybox: + image: "YOUR-REPOSITORY-DOMAIN:443/busybox" + initContainerImage: "YOUR-REPOSITORY-DOMAIN:443/alpine:latest" + ambassador: + initContainerImage: "YOUR-REPOSITORY-DOMAIN:443/alpine:latest" + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/quay.io/datawire/ambassador" + initContainer: + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" + image: + repository: "YOUR-REPOSITORY-DOMAIN:443/lucidworks" + mysql: + image: "YOUR-REPOSITORY-DOMAIN:443/mysql" diff --git a/install_prom.sh b/install_prom.sh index 37aa8ec5..e3c905c6 100755 --- a/install_prom.sh +++ b/install_prom.sh @@ -2,6 +2,7 @@ PROVIDER=gke NODE_POOL="" +KUBECTL="kubectl" UPGRADE=0 function print_usage() { @@ -15,6 +16,7 @@ function print_usage() { echo -e "\nUse this script to install Prometheus and Grafana into an existing Fusion 5 cluster" echo -e "\nUsage: $CMD [OPTIONS] ... where OPTIONS include:\n" echo -e " -c Name of the K8s cluster (required)\n" + echo -e " -k The Kubernetes command line tool executable to use, defaults to 'kubectl'\n" echo -e " -n Kubernetes namespace to install Fusion 5 into (required)\n" echo -e " -r Helm release name for installing Fusion 5; defaults to the namespace, see -n option\n" echo -e " --node-pool Node pool label to assign pods to specific nodes, this option is only useful for existing clusters" @@ -33,6 +35,14 @@ if [ $# -gt 0 ]; then CLUSTER_NAME="$2" shift 2 ;; + -k) + if [[ -z "$2" || "${2:0:1}" == "-" ]]; then + print_usage "$SCRIPT_CMD" "Missing value for the -k parameter!" + exit 1 + fi + KUBECTL="$2" + shift 2 + ;; -n) if [[ -z "$2" || "${2:0:1}" == "-" ]]; then print_usage "$SCRIPT_CMD" "Missing value for the -n parameter!" @@ -120,8 +130,8 @@ if ! helm repo list | grep -q "https://kubernetes-charts.storage.googleapis.com" helm repo add stable https://charts.helm.sh/stable fi -if ! kubectl get namespace "${NAMESPACE}" > /dev/null 2>&1; then - kubectl create namespace "${NAMESPACE}" +if ! ${KUBECTL} get namespace "${NAMESPACE}" > /dev/null 2>&1; then + ${KUBECTL} create namespace "${NAMESPACE}" if [ "$PROVIDER" == "gke" ]; then who_am_i=$(gcloud auth list --filter=status:ACTIVE --format="value(account)") else @@ -129,12 +139,12 @@ if ! kubectl get namespace "${NAMESPACE}" > /dev/null 2>&1; then fi OWNER_LABEL="${who_am_i//@/-}" if [ "${OWNER_LABEL}" != "" ]; then - kubectl label namespace "${NAMESPACE}" "owner=${OWNER_LABEL}" + ${KUBECTL} label namespace "${NAMESPACE}" "owner=${OWNER_LABEL}" fi echo -e "\nCreated namespace ${NAMESPACE} with owner label ${OWNER_LABEL}\n" fi -if kubectl get sts -n "${NAMESPACE}" -l "app=prometheus" -o "jsonpath={.items[0].metadata.labels['release']}" 2>&1 | grep -q "${RELEASE}-monitoring"; then +if ${KUBECTL} get sts -n "${NAMESPACE}" -l "app=prometheus" -o "jsonpath={.items[0].metadata.labels['release']}" 2>&1 | grep -q "${RELEASE}-monitoring"; then echo -e "\nThere is already a Prometheus StatefulSet in namespace: ${NAMESPACE} with release name: ${RELEASE}-monitoring, assuming this is an upgrade\n" UPGRADE=1 fi diff --git a/setup_f5_k8s.sh b/setup_f5_k8s.sh index f2e076aa..77ed1b92 100755 --- a/setup_f5_k8s.sh +++ b/setup_f5_k8s.sh @@ -21,6 +21,9 @@ DRY_RUN="" SOLR_DISK_GB=50 SOLR_REPLICAS=1 NODE_POOL="{}" +KUBECTL="kubectl" +KUBECTL_TIMEOUT_PARAM="--timeout" +SKIP_CRDS="" function print_usage() { CMD="$1" @@ -33,6 +36,7 @@ function print_usage() { echo -e "\nUse this script to install Fusion 5 on an existing Kubernetes cluster" echo -e "\nUsage: $CMD [OPTIONS] ... where OPTIONS include:\n" echo -e " -c Name of the K8s cluster (required)\n" + echo -e " -k The Kubernetes command line tool executable to use, defaults to 'kubectl'\n" echo -e " -r Helm release name for installing Fusion 5, defaults to 'f5'\n" echo -e " -n Kubernetes namespace to install Fusion 5 into, defaults to 'default'\n" echo -e " --provider Lowercase label for your K8s platform provider, e.g. eks, aks, gke, oc; defaults to 'k8s'\n" @@ -53,6 +57,7 @@ function print_usage() { echo -e " --force Force upgrade or purge a deployment if your account is not the value 'owner' label on the namespace\n" echo -e " --num-solr Number of Solr pods to deploy, defaults to 1\n" echo -e " --solr-disk-gb Size (in gigabytes) of the Solr persistent volume claim, defaults to 50\n" + echo -e " --skip-crds Set the --skip-crds flag on the helm upgrade. Use this in situations where you do no have permissions to make Custom Resource Definitions.\n" } if [ $# -gt 0 ]; then @@ -66,6 +71,14 @@ if [ $# -gt 0 ]; then CLUSTER_NAME="$2" shift 2 ;; + -k) + if [[ -z "$2" || "${2:0:1}" == "-" ]]; then + print_usage "$SCRIPT_CMD" "Missing value for the -k parameter!" + exit 1 + fi + KUBECTL="$2" + shift 2 + ;; -n) if [[ -z "$2" || "${2:0:1}" == "-" ]]; then print_usage "$SCRIPT_CMD" "Missing value for the -n parameter!" @@ -167,6 +180,10 @@ if [ $# -gt 0 ]; then FORCE=1 shift 1 ;; + --skip-crds) + SKIP_CRDS="--skip-crds" + shift 1 + ;; -help|-usage|--help|--usage) print_usage "$SCRIPT_CMD" exit 0 @@ -187,6 +204,14 @@ if [ $# -gt 0 ]; then done fi +# Openshift cli uses --request-timeout instead of --timeout for deploys +if [ "$PROVIDER" == "oc" ]; then + KUBECTL_TIMEOUT_PARAM="--request-timeout" + # Openshift does not have concept of a "Cluster name" so we just set it to the namespace for placeholder. + CLUSTER_NAME="${NAMESPACE}" +fi + + # Sanity check we have the required variables if [ "$CLUSTER_NAME" == "" ]; then print_usage "$SCRIPT_CMD" "Please provide the Kubernetes cluster name using: -c " @@ -220,10 +245,10 @@ DEFAULT_MY_VALUES="${PROVIDER}_${CLUSTER_NAME}_${RELEASE}_fusion_values.yaml" UPGRADE_SCRIPT="${PROVIDER}_${CLUSTER_NAME}_${RELEASE}_upgrade_fusion.sh" # Check our prerequisites are in place -hash kubectl +hash ${KUBECTL} has_prereq=$? if [ $has_prereq == 1 ]; then - echo -e "\nERROR: Must install kubectl before proceeding with this script!" + echo -e "\nERROR: Must install ${KUBECTL} before proceeding with this script!" exit 1 fi @@ -235,7 +260,7 @@ if [ $has_prereq == 1 ]; then fi # Log our current kube context for the user -current=$(kubectl config current-context) +current=$(${KUBECTL} config current-context) echo -e "Using kubeconfig: $current" # Setup our owner label so we can check ownership of namespaces @@ -252,12 +277,12 @@ is_helm_v3=$(helm version --short | grep v3) if [ "${is_helm_v3}" == "" ]; then # see if Tiller is deployed ... - kubectl rollout status deployment/tiller-deploy --timeout=10s -n kube-system > /dev/null 2>&1 + ${KUBECTL} rollout status deployment/tiller-deploy ${KUBECTL_TIMEOUT_PARAM}=10s -n kube-system > /dev/null 2>&1 rollout_status=$? if [ $rollout_status != 0 ]; then echo -e "\nSetting up Helm Tiller ..." - kubectl create serviceaccount --namespace kube-system tiller - kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller + ${KUBECTL} create serviceaccount --namespace kube-system tiller + ${KUBECTL} create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller helm init --service-account tiller --wait helm version fi @@ -268,30 +293,32 @@ fi # If we are upgrading if [ "${UPGRADE}" == "1" ]; then # Make sure the namespace exists - if ! kubectl get namespace "${NAMESPACE}" > /dev/null 2>&1; then - echo -e "\nNamespace ${NAMESPACE} not found, if this is a new cluster please run an install first" - exit 1 + if ! ${KUBECTL} get namespace "${NAMESPACE}" > /dev/null 2>&1; then + if [ "$PROVIDER" != "oc" ]; then + echo -e "\nNamespace ${NAMESPACE} not found, if this is a new cluster please run an install first" + exit 1 + fi fi # Check if the owner label on the namespace is the same as we are, so we cannot # accidentally upgrade a release from someone elses namespace - namespace_owner=$(kubectl get namespace "${NAMESPACE}" -o 'jsonpath={.metadata.labels.owner}') - if [ "${namespace_owner}" != "${OWNER_LABEL}" ] && [ "${FORCE}" != "1" ]; then + namespace_owner=$(${KUBECTL} get namespace "${NAMESPACE}" -o 'jsonpath={.metadata.labels.owner}') + if [ "${namespace_owner}" != "${OWNER_LABEL}" ] && [ "${FORCE}" != "1" ] && [ "$PROVIDER" != "oc" ]; then echo -e "Namespace ${NAMESPACE} is owned by: ${namespace_owner}, by we are: ${OWNER_LABEL} please provide the --force parameter if you are sure you wish to upgrade this namespace" exit 1 fi elif [ "$PURGE" == "1" ]; then - kubectl get namespace "${NAMESPACE}" + ${KUBECTL} get namespace "${NAMESPACE}" namespace_exists=$? - if [ "$namespace_exists" != "0" ]; then + if [ "$namespace_exists" != "0"] && [ "$PROVIDER" != "oc" ]; then echo -e "\nNamespace ${NAMESPACE} not found so assuming ${RELEASE_NAME} has already been purged" exit 1 fi # Check if the owner label on the namespace is the same as we are, so we cannot # accidentally purge someone elses release - namespace_owner=$(kubectl get namespace "${NAMESPACE}" -o 'jsonpath={.metadata.labels.owner}') - if [ "${namespace_owner}" != "${OWNER_LABEL}" ] && [ "${FORCE}" != "1" ]; then + namespace_owner=$(${KUBECTL} get namespace "${NAMESPACE}" -o 'jsonpath={.metadata.labels.owner}') + if [ "${namespace_owner}" != "${OWNER_LABEL}" ] && [ "${FORCE}" != "1" ] && [ "$PROVIDER" != "oc" ]; then echo -e "Namespace ${NAMESPACE} is owned by: ${namespace_owner}, by we are: ${OWNER_LABEL} please provide the --force parameter if you are sure you wish to purge this namespace" exit 1 fi @@ -309,16 +336,16 @@ elif [ "$PURGE" == "1" ]; then else helm del --purge "${RELEASE}" fi - kubectl delete deployments -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=5s - kubectl delete job "${RELEASE}-api-gateway" --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=1s - kubectl delete svc -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=2s - kubectl delete pvc -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=5s - kubectl delete pvc -l "release=${RELEASE}" --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=5s - kubectl delete pvc -l "app.kubernetes.io/instance=${RELEASE}" --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=5s - kubectl delete pvc -l app=prometheus --namespace "${NAMESPACE}" --grace-period=0 --force --timeout=5s - kubectl delete serviceaccount --namespace "${NAMESPACE}" "${RELEASE}-api-gateway-jks-create" + ${KUBECTL} delete deployments -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=5s + ${KUBECTL} delete job "${RELEASE}-api-gateway" --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=1s + ${KUBECTL} delete svc -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=2s + ${KUBECTL} delete pvc -l app.kubernetes.io/part-of=fusion --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=5s + ${KUBECTL} delete pvc -l "release=${RELEASE}" --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=5s + ${KUBECTL} delete pvc -l "app.kubernetes.io/instance=${RELEASE}" --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=5s + ${KUBECTL} delete pvc -l app=prometheus --namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=5s + ${KUBECTL} delete serviceaccount --namespace "${NAMESPACE}" "${RELEASE}-api-gateway-jks-create" if [ "${NAMESPACE}" != "default" ] && [ "${NAMESPACE}" != "kube-public" ] && [ "${NAMESPACE}" != "kube-system" ]; then - kubectl delete namespace "${NAMESPACE}" --grace-period=0 --force --timeout=10s + ${KUBECTL} delete namespace "${NAMESPACE}" --grace-period=0 --force ${KUBECTL_TIMEOUT_PARAM}=10s fi fi exit 0 @@ -327,22 +354,26 @@ else if [ "${is_helm_v3}" == "" ]; then if helm status "${RELEASE}" > /dev/null 2>&1 ; then echo -e "\nERROR: There is already a release with name: ${RELEASE} installed in the cluster, please choose a different release name or upgrade the release\n" - exit 1 + #exit 1 fi else if helm status --namespace "${NAMESPACE}" "${RELEASE}" > /dev/null 2>&1 ; then - echo -e "\nERROR: There is already a release with name: ${RELEASE} installed in namespace: ${NAMESPACE} in the cluster, please choose a different release name or upgrade the release\n" - exit 1 + if [ "$PROVIDER" != "oc" ]; then + echo -e "\nERROR: There is already a release with name: ${RELEASE} installed in namespace: ${NAMESPACE} in the cluster, please choose a different release name or upgrade the release\n" + exit 1 + fi fi fi # There isn't let's check if there is a fusion deployment in the namespace already - if ! kubectl get deployment -n "${NAMESPACE}" -l "app.kubernetes.io/component=query-pipeline,app.kubernetes.io/part-of=fusion" 2>&1 | grep -q "No resources"; then - # There is a fusion deployed into this namespace, try and protect against two releases being installed into - # The same namespace - instance=$(kubectl get deployment -n "${NAMESPACE}" -l "app.kubernetes.io/component=query-pipeline,app.kubernetes.io/part-of=fusion" -o "jsonpath={.items[0].metadata.labels['app\.kubernetes\.io/instance']}") - echo -e "\nERROR: There is already a fusion deployment in namespace: ${NAMESPACE} with release name: ${instance}, please choose a new namespace\n" - exit 1 + if ! ${KUBECTL} get deployment -n "${NAMESPACE}" -l "app.kubernetes.io/component=query-pipeline,app.kubernetes.io/part-of=fusion" 2>&1 | grep -q "No resources"; then + if [ "$PROVIDER" != "oc" ]; then + # There is a fusion deployed into this namespace, try and protect against two releases being installed into + # The same namespace + instance=$(${KUBECTL} get deployment -n "${NAMESPACE}" -l "app.kubernetes.io/component=query-pipeline,app.kubernetes.io/part-of=fusion" -o "jsonpath={.items[0].metadata.labels['app\.kubernetes\.io/instance']}") + echo -e "\nERROR: There is already a fusion deployment in namespace: ${NAMESPACE} with release name: ${instance}, please choose a new namespace\n" + exit 1 + fi fi # We should be good to install now fi @@ -350,19 +381,19 @@ fi # report_ns logs a message to the user informing them how to change the default namespace function report_ns() { if [ "${NAMESPACE}" != "default" ]; then - echo -e "\nNote: Change the default namespace for kubectl to ${NAMESPACE} by doing:\n kubectl config set-context --current --namespace=${NAMESPACE}\n" + echo -e "\nNote: Change the default namespace for ${KUBECTL} to ${NAMESPACE} by doing:\n ${KUBECTL} config set-context --current --namespace=${NAMESPACE}\n" fi } # proxy_url prints how to access the proxy via a LoadBalancer service function proxy_url() { if [ "${PROVIDER}" == "eks" ]; then - export PROXY_HOST=$(kubectl --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + export PROXY_HOST=$(${KUBECTL} --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') else - export PROXY_HOST=$(kubectl --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + export PROXY_HOST=$(${KUBECTL} --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.status.loadBalancer.ingress[0].ip}') fi - export PROXY_PORT=$(kubectl --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.spec.ports[?(@.protocol=="TCP")].port}') + export PROXY_PORT=$(${KUBECTL} --namespace "${NAMESPACE}" get service proxy -o jsonpath='{.spec.ports[?(@.protocol=="TCP")].port}') export PROXY_URL="$PROXY_HOST:$PROXY_PORT" if [ "$PROXY_URL" != ":" ]; then @@ -381,7 +412,7 @@ function ingress_setup() { echo -ne "\nWaiting for the Loadbalancer IP to be assigned" loops=24 while (( loops > 0 )); do - ingressIp=$(kubectl --namespace "${NAMESPACE}" get ingress "${RELEASE}-api-gateway" -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + ingressIp=$(${KUBECTL} --namespace "${NAMESPACE}" get ingress "${RELEASE}-api-gateway" -o jsonpath='{.status.loadBalancer.ingress[0].ip}') if [[ ! -z ${ingressIp} ]]; then export INGRESS_IP="${ingressIp}" break @@ -394,13 +425,13 @@ function ingress_setup() { done else #EKS setup for supporting ALBs and nginx ingress - ALB_DNS=$(kubectl get ing ${RELEASE}-api-gateway --output=jsonpath={.status..loadBalancer..ingress[].hostname}) + ALB_DNS=$(${KUBECTL} get ing ${RELEASE}-api-gateway --output=jsonpath={.status..loadBalancer..ingress[].hostname}) echo -e "\n\nPlease ensure that the public DNS record for ${INGRESS_HOSTNAME} is updated to point to ${ALB_DNS}\n" fi if [ "$TLS_ENABLED" == "1" ]; then - echo -e "An SSL certificate will be automatically generated once the public DNS record has been updated,\nthis may take up to an hour after DNS has updated to be issued.\nYou can use kubectl get managedcertificates -o yaml to check the status of the certificate issue process." + echo -e "An SSL certificate will be automatically generated once the public DNS record has been updated,\nthis may take up to an hour after DNS has updated to be issued.\nYou can use ${KUBECTL} get managedcertificates -o yaml to check the status of the certificate issue process." fi report_ns } @@ -438,11 +469,11 @@ if [ "$UPGRADE" != "1" ]; then #Adding a retry loop because EKS takes more time to create nodes. retries=6 while (( retries > 0 )); do - find_nodes=$(kubectl get nodes -l "${node_selector}" | grep -i ready) + find_nodes=$(${KUBECTL} get nodes -l "${node_selector}" | grep -i ready) has_nodes=$? if [ "${has_nodes}" == "0" ]; then echo -e "Found at least one healthy node matching nodeSelector: ${NODE_POOL}" - num_nodes=$(kubectl get nodes -l "${node_selector}" | grep -i ready | wc -l) + num_nodes=$(${KUBECTL} get nodes -l "${node_selector}" | grep -i ready | wc -l) retries=-1 else echo -e "\nERROR: No 'Ready' nodes found matching nodeSelector: ${node_selector}! Retrying in 30 seconds" @@ -456,11 +487,11 @@ if [ "$UPGRADE" != "1" ]; then exit 1 fi else - num_nodes=$(kubectl get nodes | grep -i ready | wc -l) + num_nodes=$(${KUBECTL} get nodes | grep -i ready | wc -l) fi - ( "${SCRIPT_DIR}/customize_fusion_values.sh" "${DEFAULT_MY_VALUES}" -c "${CLUSTER_NAME}" -n "${NAMESPACE}" -r "${RELEASE}" --provider "${PROVIDER}" --prometheus "${PROMETHEUS_ON}" \ - --num-solr "${SOLR_REPLICAS}" --solr-disk-gb "${SOLR_DISK_GB}" --node-pool "${NODE_POOL}" --version "${CHART_VERSION}" --output-script "${UPGRADE_SCRIPT}" ${VALUES_STRING} ) + ( "${SCRIPT_DIR}/customize_fusion_values.sh" "${DEFAULT_MY_VALUES}" -c "${CLUSTER_NAME}" -k "${KUBECTL}" -n "${NAMESPACE}" -r "${RELEASE}" --provider "${PROVIDER}" --prometheus "${PROMETHEUS_ON}" \ + --num-solr "${SOLR_REPLICAS}" --solr-disk-gb "${SOLR_DISK_GB}" --node-pool "${NODE_POOL}" --version "${CHART_VERSION}" --output-script "${UPGRADE_SCRIPT}" ${VALUES_STRING} ${SKIP_CRDS} ) else echo -e "\nValues file $DEFAULT_MY_VALUES already exists, not regenerating.\n" fi @@ -476,7 +507,7 @@ fi # just let the user do that manually with Helm as needed if [ "$UPGRADE" != "1" ] && [ "${PROMETHEUS}" != "none" ]; then if [ "${PROMETHEUS}" == "install" ]; then - ( "${SCRIPT_DIR}/install_prom.sh" -c "${CLUSTER_NAME}" -n "${NAMESPACE}" -r "${RELEASE}" --provider "${PROVIDER}" --node-pool "${NODE_POOL}" ) + ( "${SCRIPT_DIR}/install_prom.sh" -k "${KUBECTL}" -c "${CLUSTER_NAME}" -n "${NAMESPACE}" -r "${RELEASE}" --provider "${PROVIDER}" --node-pool "${NODE_POOL}" ) fi fi diff --git a/upgrade_fusion.sh.example b/upgrade_fusion.sh.example index 32e64b8e..6d766673 100755 --- a/upgrade_fusion.sh.example +++ b/upgrade_fusion.sh.example @@ -7,6 +7,8 @@ CLUSTER_NAME= RELEASE= NAMESPACE= CHART_VERSION= +KUBECTL= +KUBECTL_TIMEOUT_PARAM= SKIP_CRDS= MY_VALUES="" @@ -25,7 +27,7 @@ if [ ! -z "${DRY_RUN_REQUESTED}" ]; then DRY_RUN="--dry-run" fi -current_context=$(kubectl config current-context | grep "$CLUSTER_NAME") +current_context=$(${KUBECTL} config current-context | grep "$CLUSTER_NAME") #Openshift doesn't include the cluster name as a part of the current context if [[ "${current_context}" == "" && "$PROVIDER" != "oc" ]]; then @@ -33,8 +35,8 @@ if [[ "${current_context}" == "" && "$PROVIDER" != "oc" ]]; then exit 1 fi -if ! kubectl get namespace "${NAMESPACE}" > /dev/null 2>&1; then - kubectl create namespace "${NAMESPACE}" +if ! ${KUBECTL} get namespace "${NAMESPACE}" > /dev/null 2>&1; then + ${KUBECTL} create namespace "${NAMESPACE}" if [ "$PROVIDER" == "gke" ]; then who_am_i=$(gcloud auth list --filter=status:ACTIVE --format="value(account)") else @@ -42,7 +44,7 @@ if ! kubectl get namespace "${NAMESPACE}" > /dev/null 2>&1; then fi OWNER_LABEL="${who_am_i//@/-}" if [ "${OWNER_LABEL}" != "" ]; then - kubectl label namespace "${NAMESPACE}" "owner=${OWNER_LABEL}" + ${KUBECTL} label namespace "${NAMESPACE}" "owner=${OWNER_LABEL}" fi echo -e "\nCreated namespace ${NAMESPACE} with owner label ${OWNER_LABEL}\n" fi @@ -55,29 +57,40 @@ if ! helm repo list | grep -q "https://charts.lucidworks.com"; then helm repo add ${lw_helm_repo} https://charts.lucidworks.com fi -helm repo update +helm_chart_to_use="${lw_helm_repo}/fusion" + +if [ "$LOCAL_HELM_CHART" != "" ]; then + helm_chart_to_use="${LOCAL_HELM_CHART}" + echo "LOCAL_HELM_CHART variable was specified. Will use ${LOCAL_HELM_CHART} as the helm chart." +fi + +if [ "$LOCAL_HELM_CHART" == "" ]; then + helm repo update +fi if [ "$PROVIDER" == "gke" ]; then # Make sure that the metric server is running - metrics_deployment=$(kubectl get deployment -n kube-system | grep metrics-server | cut -d ' ' -f1 -) - kubectl rollout status deployment/${metrics_deployment} --timeout=60s --namespace "kube-system" + metrics_deployment=$(${KUBECTL} get deployment -n kube-system | grep metrics-server | cut -d ' ' -f1 -) + ${KUBECTL} rollout status deployment/${metrics_deployment} ${KUBECTL_TIMEOUT_PARAM}=60s --namespace "kube-system" echo "" fi -echo -e "Upgrading the '$RELEASE' release (Fusion chart: $CHART_VERSION) in the '$NAMESPACE' namespace in the '$CLUSTER_NAME' cluster using values:\n ${MY_VALUES//--values}" +echo -e "Upgrading the '$RELEASE' release (Fusion chart: ${helm_chart_to_use}, version: $CHART_VERSION) in the '$NAMESPACE' namespace in the '$CLUSTER_NAME' cluster using values:\n ${MY_VALUES//--values}" echo -e "\nNOTE: If this will be a long-running cluster for production purposes, you should save the following file(s) in version control:\n${MY_VALUES//--values}\n" +helm upgrade ${DRY_RUN} ${RELEASE} ${helm_chart_to_use} --install --namespace "${NAMESPACE}" --version "${CHART_VERSION}" ${MY_VALUES} ${SKIP_CRDS} -helm upgrade ${DRY_RUN} ${RELEASE} "${lw_helm_repo}/fusion" --install --namespace "${NAMESPACE}" --version "${CHART_VERSION}" ${MY_VALUES} ${SKIP_CRDS} - -echo -e "\nWaiting up to 10 minutes to see the Fusion API Gateway deployment come online ...\n" -kubectl rollout status deployment/${RELEASE}-api-gateway --timeout=600s --namespace "${NAMESPACE}" -echo -e "\nWaiting up to 5 minutes to see the Fusion Indexing deployment come online ...\n" -kubectl rollout status deployment/${RELEASE}-fusion-indexing --timeout=300s --namespace "${NAMESPACE}" +if [ "$DRY_RUN" != "--dry-run" ]; then + echo -e "\nWaiting up to 10 minutes to see the Fusion API Gateway deployment come online ...\n" + ${KUBECTL} rollout status deployment/${RELEASE}-api-gateway ${KUBECTL_TIMEOUT_PARAM}=600s --namespace "${NAMESPACE}" + echo -e "\nWaiting up to 5 minutes to see the Fusion Indexing deployment come online ...\n" + ${KUBECTL} rollout status deployment/${RELEASE}-fusion-indexing ${KUBECTL_TIMEOUT_PARAM}=300s --namespace "${NAMESPACE}" -current_ns=$(kubectl config view --minify --output 'jsonpath={..namespace}') -if [ "$NAMESPACE" != "$current_ns" ]; then - kubectl config set-context --current --namespace=${NAMESPACE} + current_ns=$(${KUBECTL} config view --minify --output 'jsonpath={..namespace}') + if [ "$NAMESPACE" != "$current_ns" ]; then + ${KUBECTL} config set-context --current --namespace=${NAMESPACE} + fi fi + echo "" helm ls echo ""