diff --git a/scripts/bootstrap.sh b/scripts/bootstrap.sh index 9e39234..8160716 100755 --- a/scripts/bootstrap.sh +++ b/scripts/bootstrap.sh @@ -3,40 +3,4 @@ set -e set -u set -x -SCRIPT_DIR=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")") -source ${SCRIPT_DIR}/helper.sh - -set_remote $1 - -# Setup k3s -ARGS="--tls-san=$VIP --disable servicelb --disable traefik --disable local-storage --etcd-s3 --etcd-s3-endpoint=s3.us-west-002.backblazeb2.com --etcd-s3-bucket=titan-k3s-backup --etcd-s3-folder=testing --cluster-init" -ssh -t $REMOTE "curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=\"server $ARGS\" sh -" -add_b2_key_to_k3s_env -start_k3s - -# Copy over kubeconfig -ssh -t $REMOTE "sudo -S cp /etc/rancher/k3s/k3s.yaml ~/k3s.yaml && sudo chown titan:titan ~/k3s.yaml" -scp $REMOTE:~/k3s.yaml ~/.kube/config -ssh -t $REMOTE "rm ~/k3s.yaml" - -# Update up to correct ip -sed -i -e "s/127.0.0.1/$REMOTE_IP/" ~/.kube/config - -add_interface_label - -kubectl apply -k ${SCRIPT_DIR}/../clusters/titan.lan.huizinga.dev/kube-vip/ - -echo "Join the other nodes to the cluster, once done hit enter" -read - -# Add sops secret to the cluster -kubectl apply -f ${SCRIPT_DIR}/namespace.yaml -sops decrypt ${SCRIPT_DIR}/sops-gpg.yaml | kubectl apply -f - - -# Bootstrap flux on the node flux bootstrap git --url ssh://git@huizinga.dev/Dreaded_X/flux-infra --branch=master --path=clusters/titan.lan.huizinga.dev --components source-controller,kustomize-controller,helm-controller - -# Update the ip to the control plane virtual ip -sed -i -e "s/$REMOTE_IP/$VIP/" ~/.kube/config - -kubectl get nodes diff --git a/scripts/helper.sh b/scripts/helper.sh index 63ddae5..814e09e 100644 --- a/scripts/helper.sh +++ b/scripts/helper.sh @@ -6,25 +6,6 @@ function set_remote() { REMOTE="$REMOTE_USER@$REMOTE_IP" } -function get_from_secret() { - export $2=$(sops decrypt $1 | grep $2 | awk '{print $2}' | base64 -d) -} - -function get_b2_key() { - B2_SECRET_FILE=${SCRIPT_DIR}/../common/postgres/b2-access-key.yaml - get_from_secret $B2_SECRET_FILE ACCESS_KEY_ID - get_from_secret $B2_SECRET_FILE ACCESS_SECRET_KEY -} - -function add_b2_key_to_k3s_env() { - get_b2_key - # TODO: Check if the entries already exist and overwrite them - ssh -t $REMOTE "cat << EOF | sudo tee -a /etc/systemd/system/k3s.service.env >> /dev/null -AWS_ACCESS_KEY_ID=$ACCESS_KEY_ID -AWS_SECRET_ACCESS_KEY=$ACCESS_SECRET_KEY -EOF" -} - function start_k3s() { ssh -t $REMOTE "sudo -S systemctl start k3s" } diff --git a/scripts/init.sh b/scripts/init.sh new file mode 100755 index 0000000..8312be5 --- /dev/null +++ b/scripts/init.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -e +set -u +set -x + +SCRIPT_DIR=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")") +source ${SCRIPT_DIR}/helper.sh + +set_remote $1 + +# Setup k3s +ARGS="--tls-san=$VIP --disable servicelb --disable traefik --disable local-storage --cluster-init" +ssh -t $REMOTE "curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=\"server $ARGS\" sh -" +start_k3s + +# Copy over kubeconfig +ssh -t $REMOTE "sudo -S cp /etc/rancher/k3s/k3s.yaml ~/k3s.yaml && sudo chown titan:titan ~/k3s.yaml" +scp $REMOTE:~/k3s.yaml ~/.kube/config +ssh -t $REMOTE "rm ~/k3s.yaml" + +# Update up to correct ip +sed -i -e "s/127.0.0.1/$REMOTE_IP/" ~/.kube/config + +add_interface_label + +kubectl apply -k ${SCRIPT_DIR}/../clusters/titan.lan.huizinga.dev/kube-vip/ + +# Add sops secret to the cluster +kubectl apply -f ${SCRIPT_DIR}/namespace.yaml +sops decrypt ${SCRIPT_DIR}/sops-gpg.yaml | kubectl apply -f - + +# Update the ip to the control plane virtual ip +sed -i -e "s/$REMOTE_IP/$VIP/" ~/.kube/config + +kubectl get nodes diff --git a/scripts/join.sh b/scripts/join.sh index bc6efc1..f811385 100755 --- a/scripts/join.sh +++ b/scripts/join.sh @@ -13,9 +13,8 @@ echo "Please enter the k3s token, you can find this in '/var/lib/rancher/k3s/ser read TOKEN # Setup k3s -ARGS="--tls-san=$VIP --disable servicelb --disable traefik --disable local-storage --etcd-s3 --etcd-s3-endpoint=s3.us-west-002.backblazeb2.com --etcd-s3-bucket=titan-k3s-backup --etcd-s3-folder=testing --server https://$VIP:6443" +ARGS="--tls-san=$VIP --disable servicelb --disable traefik --disable local-storage --server https://$VIP:6443" ssh -t $REMOTE "curl -sfL https://get.k3s.io | K3S_TOKEN=$TOKEN INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=\"server $ARGS\" sh -" -add_b2_key_to_k3s_env start_k3s add_interface_label