github.com/mre-fog/trillianxx@v1.1.2-0.20180615153820-ae375a99d36a/examples/deployment/kubernetes/create.sh (about) 1 #!/usr/bin/env bash 2 # 3 # This script (optionally) creates and then prepares a Google Cloud project to host a 4 # Trillian instance using Kubernetes. 5 6 set -e 7 8 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 9 source ${DIR}/config.sh 10 11 # Check required binaries are installed 12 if ! gcloud --help > /dev/null; then 13 echo "Need gcloud installed." 14 exit 1 15 fi 16 if ! kubectl --help > /dev/null; then 17 echo "Need kubectl installed." 18 exit 1 19 fi 20 if ! jq --help > /dev/null; then 21 echo "Please install the jq command" 22 exit 1 23 fi 24 25 # Uncomment this to create a GCE project from scratch, or you can create it 26 # manually through the web UI. 27 # gcloud projects create ${PROJECT_NAME} 28 29 # Connect to gcloud 30 gcloud config set project "${PROJECT_NAME}" 31 gcloud config set compute/zone "${ZONE}" 32 gcloud config set container/cluster "${CLUSTER_NAME}" 33 34 # Ensure Kubernetes Engine (container) and Cloud Spanner (spanner) services are enabled 35 for SERVICE in container spanner; do 36 gcloud services enable ${SERVICE}.googleapis.com --project=${PROJECT_NAME} 37 done 38 39 # Create cluster & node pools 40 gcloud container clusters create "${CLUSTER_NAME}" --machine-type "n1-standard-1" --image-type "COS" --num-nodes "2" --enable-autorepair --enable-autoupgrade 41 gcloud container node-pools create "logserver-pool" --machine-type "n1-standard-1" --image-type "COS" --num-nodes "4" --enable-autorepair --enable-autoupgrade 42 gcloud container node-pools create "signer-pool" --machine-type "n1-standard-2" --image-type "COS" --num-nodes "1" --enable-autorepair --enable-autoupgrade 43 gcloud container node-pools create "ctfe-pool" --machine-type "n1-standard-1" --image-type "COS" --num-nodes "4" --enable-autorepair --enable-autoupgrade 44 gcloud container clusters get-credentials "${CLUSTER_NAME}" 45 46 # Create spanner instance & DB 47 gcloud spanner instances create trillian-spanner --description "Trillian Spanner instance" --nodes=5 --config="regional-${REGION}" 48 gcloud spanner databases create trillian-db --instance trillian-spanner --ddl="$(cat ${DIR}/../../../storage/cloudspanner/spanner.sdl | grep -v '^--.*$')" 49 50 # Create service account 51 gcloud iam service-accounts create trillian --display-name "Trillian service account" 52 # Get the service account key and push it into a Kubernetes secret: 53 gcloud iam service-accounts keys create /dev/stdout --iam-account="trillian@${PROJECT_NAME}.iam.gserviceaccount.com" | 54 kubectl create secret generic trillian-key --from-file=key.json=/dev/stdin 55 # Update roles 56 for ROLE in spanner.databaseUser logging.logWriter monitoring.metricWriter; do 57 gcloud projects add-iam-policy-binding "${PROJECT_NAME}" \ 58 --member "serviceAccount:trillian@${PROJECT_NAME}.iam.gserviceaccount.com" \ 59 --role "roles/${ROLE}" 60 done 61 62 # Bring up etcd cluster 63 # Work-around for etcd-operator role on GKE. 64 COREACCOUNT=$(gcloud config config-helper --format=json | jq -r '.configuration.properties.core.account') 65 kubectl create clusterrolebinding etcd-cluster-admin-binding --clusterrole=cluster-admin --user="${COREACCOUNT}" 66 67 kubectl apply -f ${DIR}/etcd-role-binding.yaml 68 kubectl apply -f ${DIR}/etcd-role.yaml 69 kubectl apply -f ${DIR}/etcd-deployment.yaml 70 kubectl apply -f ${DIR}/etcd-service.yaml 71 72 # TODO(al): wait for this properly somehow 73 sleep 30 74 75 # TODO(al): have to wait before doing this? 76 kubectl apply -f ${DIR}/etcd-cluster.yaml