-
Notifications
You must be signed in to change notification settings - Fork 8
/
deploy-linkerd.sh
executable file
·96 lines (81 loc) · 3.13 KB
/
deploy-linkerd.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
set -euo pipefail
trap 's=$?; echo >&2 "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
for cmd in "helm" "kubectl"; do
type $cmd >/dev/null 2>&1 || { echo >&2 "$cmd required but it's not installed; aborting."; exit 1; }
done
CERT_ISSUER_ID=${CERT_ISSUER_ID-}
SERVICE_MESH_HA=${SERVICE_MESH_HA-no}
SERVICE_MESH_TRACES_ENABLED=${SERVICE_MESH_TRACES_ENABLED-no}
LINKERD_VIZ_ENABLED=${LINKERD_VIZ_ENABLED-yes}
LINKERD_REPO=${LINKERD_REPO-edge} # Either stable (2.14) or edge
REPOSITORY_NAME="linkerd"
if [[ "$LINKERD_REPO" == "edge" ]]; then
REPOSITORY_NAME="linkerd-edge"
fi
if [[ "$CERT_ISSUER_ID" == "" ]]; then
echo "CERT_ISSUER_ID env-var required"
exit 1
fi
CERT_EXPIRY_FILE=cert-expiry-date.txt
if [ ! -f $CERT_EXPIRY_FILE ]; then
echo "$CERT_EXPIRY_FILE not found; please run deploy-certs.sh"
exit 1
fi
CERT_EXPIRY_DATE=$(cat $CERT_EXPIRY_FILE)
if [ ! -f "linkerd-ca.crt" ]; then
echo "linkerd-ca.crt not found; please run deploy-certs.sh"
exit 1
fi
if [ ! -f "linkerd-$CERT_ISSUER_ID.crt" ]; then
echo "linkerd-$CERT_ISSUER_ID.crt not found; please run deploy-certs.sh"
exit 1
fi
echo "Update kube-system namespace"
kubectl label ns kube-system config.linkerd.io/admission-webhooks=disabled --overwrite
echo "Deploying Linkerd CRDs"
helm upgrade --install linkerd-crds $REPOSITORY_NAME/linkerd-crds \
--namespace linkerd --create-namespace
echo "Deploying Linkerd"
helm_values_args=("-f" "values-linkerd.yaml")
if [[ "$SERVICE_MESH_HA" == "yes" ]]; then
helm_values_args+=("-f" "values-linkerd-ha.yaml")
fi
helm upgrade --install linkerd-control-plane $REPOSITORY_NAME/linkerd-control-plane \
--namespace linkerd \
--set-file identityTrustAnchorsPEM=linkerd-ca.crt \
--set-file identity.issuer.tls.crtPEM=linkerd-$CERT_ISSUER_ID.crt \
--set-file identity.issuer.tls.keyPEM=linkerd-$CERT_ISSUER_ID.key \
--set identity.issuer.crtExpiry=$CERT_EXPIRY_DATE \
${helm_values_args[@]} \
--wait
echo "Update PodMonitor resources"
for obj in "controller" "proxy" "service-mirror"; do
kubectl label -n linkerd podmonitor/linkerd-$obj release=monitor --overwrite
done
# Requires Prometheus
if [[ "$LINKERD_VIZ_ENABLED" == "yes" ]]; then
echo "Deploying Linkerd-Viz"
helm upgrade --install linkerd-viz $REPOSITORY_NAME/linkerd-viz \
--namespace linkerd-viz --create-namespace \
--set grafana.enabled=false \
--set prometheus.enabled=false \
--set prometheusUrl=http://monitor-prometheus.observability.svc:9090 \
--set dashboard.enforcedHostRegexp=".*" \
--wait
fi
# Requires Grafana Alloy or Tempo
if [[ "$SERVICE_MESH_TRACES_ENABLED" == "yes" ]]; then
echo "Deploying Linkerd-Jaeger via Grafana Alloy"
helm upgrade --install linkerd-jaeger $REPOSITORY_NAME/linkerd-jaeger \
--namespace linkerd-jaeger --create-namespace \
--set collector.enabled=false \
--set jaeger.enabled=false \
--set webhook.collectorSvcAddr=grafana-alloy.observability.svc:55678 \
--set webhook.collectorSvcAccount=grafana-alloy \
--wait
fi
echo "Deploying Linkerd Multicluster"
helm upgrade --install linkerd-multicluster $REPOSITORY_NAME/linkerd-multicluster \
--namespace linkerd-multicluster --create-namespace \
--wait