Added bootstrap and join script

2024-11-24 03:21:45 +01:00 · 2024-11-24 03:21:45 +01:00 · fe7967eccd
commit fe7967eccd
parent 866c54f623
6 changed files with 149 additions and 0 deletions
--- a/scripts/bootstrap.sh
+++ b/scripts/bootstrap.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+set -e
+set -u
+
+SCRIPT_DIR=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")")
+source ${SCRIPT_DIR}/helper.sh
+
+set_remote $1
+
+# Setup k3s
+ARGS="--tls-san=$VIP --disable servicelb --disable traefik --etcd-s3 --etcd-s3-endpoint=s3.us-west-002.backblazeb2.com --etcd-s3-bucket=titan-k3s-backup --etcd-s3-folder=testing --cluster-init"
+ssh -t $REMOTE "curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=\"server $ARGS\" sh -"
+add_b2_key_to_k3s_env
+start_k3s
+
+# Copy over kubeconfig
+ssh -t $REMOTE "sudo -S cat /etc/rancher/k3s/k3s.yaml" > ~/.kube/config
+
+# Update up to correct ip
+sed -i -e "s/127.0.0.1/$REMOTE/" ~/.kube/config
+
+# Add sops secret to the cluster
+kubectl apply -f namespace.yaml
+sops decrypt ./sops-gpg.yaml | kubectl apply -f -
+
+# Bootstrap flux on the node
+flux bootstrap git --url ssh://git@huizinga.dev/Dreaded_X/flux-infra --branch=master --path=clusters/titan.lan.huizinga.dev --components source-controller,kustomize-controller,helm-controller
+
+# Update the ip to the control plane virtual ip
+sed -i -e "s/$REMOTE/$VIP/" ~/.kube/config
+
+sleep 5
+
+kubectl get nodes
--- a/scripts/helper.sh
+++ b/scripts/helper.sh
@ -0,0 +1,29 @@
+VIP=10.0.0.200
+REMOTE_USER=titan
+
+function set_remote() {
+	REMOTE="$REMOTE_USER@$1"
+}
+
+function get_from_secret() {
+	export $2=$(sops decrypt $1 | grep $2 | awk '{print $2}' | base64 -d)
+}
+
+function get_b2_key() {
+	B2_SECRET_FILE=${SCRIPT_DIR}/common/postgres/b2-access-key.yaml
+	get_from_secret $B2_SECRET_FILE ACCESS_KEY_ID
+	get_from_secret $B2_SECRET_FILE ACCESS_SECRET_KEY
+}
+
+function add_b2_key_to_k3s_env() {
+	get_b2_key
+	# TODO: Check if the entries already exist and overwrite them
+	ssh -t $REMOTE "cat << EOF | sudo tee -a /etc/systemd/system/k3s.service.env >> /dev/null
+AWS_ACCESS_KEY_ID=$ACCESS_KEY_ID
+AWS_SECRET_ACCESS_KEY=$ACCESS_SECRET_KEY
+EOF"
+}
+
+function start_k3s() {
+	ssh -t $REMOTE "sudo -S systemctl start k3s"
+}
--- a/scripts/join.sh
+++ b/scripts/join.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+set -u
+
+SCRIPT_DIR=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")")
+source ${SCRIPT_DIR}/helper.sh
+
+set_remote $1
+
+# Ask the user to enter the k3s token
+echo "Please enter the k3s token, you can find this in '/var/lib/rancher/k3s/server/token':"
+read TOKEN
+
+# Setup k3s
+ARGS="--tls-san=$VIP --disable servicelb --disable traefik --etcd-s3 --etcd-s3-endpoint=s3.us-west-002.backblazeb2.com --etcd-s3-bucket=titan-k3s-backup --etcd-s3-folder=testing --server https://$VIP:6443"
+ssh -t $REMOTE "curl -sfL https://get.k3s.io | K3S_TOKEN=$TOKEN INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=\"server $ARGS\" sh -"
+add_b2_key_to_k3s_env
+start_k3s
+
+sleep 5
+
+kubectl get nodes
--- a/scripts/namespace.yaml
+++ b/scripts/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux-system
--- a/scripts/reconcile.sh
+++ b/scripts/reconcile.sh
--- a/scripts/sops-gpg.yaml
+++ b/scripts/sops-gpg.yaml