Totally revamp cluster chart configs
This commit is contained in:
Jonas Juselius
42
scripts/config-namespace.sh
Executable file
42
scripts/config-namespace.sh
Executable file
@@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
|
||||
|
||||
if [ x$1 = x ]; then
|
||||
ehco "usage: setup-namespace.sh {namespace}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
namespace=$1
|
||||
tmpfile=/tmp/helm-$namespace.$$
|
||||
|
||||
cat << EOF > $tmpfile
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
name: $namespace
|
||||
name: $namespace
|
||||
---
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: gitlab-pull-secret
|
||||
namespace: $namespace
|
||||
kind: Secret
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
.dockerconfigjson: ewoJImF1dGhzIjogewoJCSJyZWdpc3RyeS5naXRsYWIuY29tIjogewoJCQkiYXV0aCI6ICJaMmwwYkdGaUsyUmxjR3h2ZVMxMGIydGxiaTB4T1Rnd01qQTZPRmxqU0VoMFZIaENSVUZUTFZKUWRsSnJXbGM9IgoJCX0KCX0sCgkiSHR0cEhlYWRlcnMiOiB7CgkJIlVzZXItQWdlbnQiOiAiRG9ja2VyLUNsaWVudC8xOS4wMy4xMiAobGludXgpIgoJfQp9Cg==
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: kestrel-tls
|
||||
namespace: $namespace
|
||||
type: Opaque
|
||||
data:
|
||||
kestrel.pfx: MIIJcQIBAzCCCTcGCSqGSIb3DQEHAaCCCSgEggkkMIIJIDCCA9cGCSqGSIb3DQEHBqCCA8gwggPEAgEAMIIDvQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQINE11xXT7iV4CAggAgIIDkBMylQRDdNJTEryjKEYajwYVWfkJDmEXfToulTYOU1Jv1q7z+le15hCGwauS/yDRCS4QjcTmW+XT7MopnqLlVXDF2dZbk+a1ThTiaToTqXbRWpI2sfzuFjbA6cYPJNonBDKKNwUmewnAog37u9qaQk2MCsaUw6t7pBp7HpvtnVR/GbsbY98udx6kqATlyZtNnhg8QhgTF9dfGf7VeQj0wq1gGaiGXq0kNJBwod7my8caQD3gUtRQf0ZKZN6RF8r2a4mjf0YyOBsLtSbZ7bceHtdN5PlOi1wu47XSAhSzqNHpNM8K4o0HvMol1m8QzQSmM6KY6vOrTagX+rSejV5aX82gdpiNjRa8HGO5+S8oRsL2/xX2FoxzUCkpzjyoAHJ6Bd25tem/ls4l921hlVmHZuseMiuwMisBw+bTYXEmug3SK54wkZi0nkjRAUTTZRy5KqYWDYXzxuT6MZPiROQRv66PpAG6IPtnhv0iIyszwAlYf6zZcT8Xlh6M9tMPuDFEKMzUbff8/FUWPrLLAZIuPC1PjbmkQ+bCrqN2JkDoJKbJjs8FEvq45vaG/R9rKnWeXakbrcKt7iEVQRUynHfXheZMPfhyB2QBS5gO5mjVLx062Lf+4h5oAf43Kbu5iGfYDTQHazW1jfMCfq87ufvMVlAlqJ0TQCUDPcDjW0o5MAv5wJibOciw5IJ/AEXV42apWUsei2sKB62JcFSiwUc+7a4QcCh0Cn4pgBjpi4T9v0mOWOCcu26IeJPeBpAW+4fgMfmiL5AfGCeY4YNiTrK0yHaUBA7kLCXCPKUHKYP71WkVeuooih0yJJZ/ZqWN+aIOm0c/DPAjUgkEVVtZXescW2Ae0NgdMhMeJ5kfsPYlTeOtFwzoSRu8wMPBr/Ufg2aEWc5GaZRbQmFzvmcg9aPFpltQ0XXGyaD+c6JR2t5b5YgH5MLRh5uZmYhFIBwBHIUQZ9Sc+7pjHUt9TnnVz3fT72pGi47Py5mm0W95euC2YucqclSQ7wjj4OKqgNKDp4o/ALZaZUURZeLl8xwsQ9liAiw2hEw9tvFvdWb9RM3wVEU5ol9n0OnReOSzYDMfUaUxiVTnA8r3SuavdbsuiyWpZ6lJJQRuwNhUfVat+c39OamXbe1J9E7wRDxAISKE2+JofaTOublkMNsaxP2TYDs9xDL/0oCHCxyu2hoCyOK8b94gw2yyW/+UdqUxLHdBgEvEbjCCBUEGCSqGSIb3DQEHAaCCBTIEggUuMIIFKjCCBSYGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAi7oqckaHZOQQICCAAEggTIlVZIQOhHhHchiWYqwlt9zdOP21UU3v9ghDAwuimISuLxTyfr+HXC9+5TRW5eKygiBv9czjZuZcUTQxHLlW2KQmz5EVik/CeAbhmgK3XL9YGTZxGccSNGaS9dLvxWVDbeCoNK7rr9R3zV4vWLPerfGjezpT/VWHLie0pBaNbHg8GHhwlLBSzo+ODkSD1N1cf/6wAny3Cdf8mwgRVmT5dQ7DVfnpkXNQ5Mztu8faLeMjURU2XCZecOZ4vVxr5cCCnOn4vWMPxwGeJUQVVt1M1BFyLg3DyTBpHST0qkV4PKDESjmha8d0zc+ifKr10e1a8LU9KHWsb8L0in2gTor8F9QwoYhtx2UQdx4n4qQ3GKoR0nfBl3aZw97hdPJgDKKoM1BFpXMg3LRMQSL/0FP2JfKQt/Qni3vvGE5A207ouMU+0G9qHdniR7DVmbmDEOTJQgbeYivLPOuYlXSx2aK51VUxO+agOnxLg8RYqOo8Ex7ZtnxjpfQQVirMJ3yPdD3cqUVLiJ/Y5xFOvwjoLNdlxxTC+QgsCN1K+Vg3KY+pn8d/iAmrMfUs992jz0xwXrUBG6V2lrXE6dI3SpTT8/h265Cd8KjHiXSJOP02sHm0PWTVQLAeJluV6DLgHB73jQ6fb01AbVkbG8lL2fhWl1R5cD7OdAIP7n6FgoSrzA/eqKTLYPKIbA73HdPCMm2zzb5mdlo8rh+0FJ8vegRJ4DFGag/FpAJRxeUnyLyO29tOKpp/u9uwrYDooYn5ci5gLeehUfGqEJlNp8GPbqiKAkWwNLaNguJA+kT0v7XVoEdNkDB6upObyJOObHl1W6s5vHFarNojcNINgTV3sEJT5tDuLZ282Lw99Wg1lvUGJbdO3dgq5NLey11cmRTBR/KyqSoYPGUfC8Aihfo/djUbXUjs/I6WuPRoqcSzQsjqHt7hR7aHF2ahKw2WxQhT27jgUpTcgd1O00uOsb3BPhskpY9ggRNs9AaVJu2RHyxwX2TWkY/AmMYG8UIRmKkAzLctUVwSIEY27GbluvSLtIhVl4I7DV8SYcWkxu/1NoT8aMlQMJeULgFMzG49GWnJDOgOXxcTRUFL3hniisWU5h8PPNxIGLqYf4C5ocXPCg7sap+6IrEm3lP9nwXlhMfHOMbKRX5p0W+0bzEtf4sZlwt6An5+WJmIP0oegz7tzsJNzEiDShK0TaEgfRyBi+NM781zGOCN7X4Lvzl3L5CAAtRGhfYMH52X7vf70Gf74wREa75O91NurJTaRMlztWoA7vAI2maYoPO9wyBWIsQDyv4cmL3xCai0TIza7Wtu8SHKnJCKGp90fftNU8PNlN6StVi2y8VKY+whRqFcZR1dbx+ClsPOHAcosNkZ3Vv9EuieSZaCSNT7dOvCiSgVgzuLg3CC/SBPfzVeqaoLL4xMVtfKXqZfX7SDoftNlD8rlY+hHR1pdxpvKhZPIgDkMRAZ8Z6IWKWdyRACeNM5NWK56e9D8zm5VDKDZCz1n/zozH577ABvj6+dZkahl/FKpryFxY4qtKxnYXXd8DVYt6t1NFIz3Ybov3r/7fHYqm8OLmF9FZqeC4gqr9HUbuDkaU0mPCHtWrL2nkhhuSKR4sm2VfhUSegJkiTKvD5+DhpIaDMSUwIwYJKoZIhvcNAQkVMRYEFJpr2WGeI1IjCffN9Qs1YLuF26qUMDEwITAJBgUrDgMCGgUABBRuJCgviB/YoTN9wqikECF7WyAN9QQI/4JQvFeDBswCAggA
|
||||
EOF
|
||||
|
||||
kubectl apply -f $tmpfile
|
||||
|
||||
rm $tmpfile
|
||||
1
scripts/docker-prune-stopped.fish
Executable file
1
scripts/docker-prune-stopped.fish
Executable file
@@ -0,0 +1 @@
|
||||
for i in (seq 2 5); ssh k0- docker system prune -a;end
|
||||
49
scripts/gitlab-prune-registry.sh
Executable file
49
scripts/gitlab-prune-registry.sh
Executable file
@@ -0,0 +1,49 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
token=UTjgSspYQcX-BVUd1UsC
|
||||
api=https://gitlab.com/api/v4
|
||||
|
||||
prune () {
|
||||
id=$1
|
||||
reg=$(curl -s --header "PRIVATE-TOKEN: $token" \
|
||||
"$api/projects/$id/registry/repositories" \
|
||||
| json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p')
|
||||
for i in $reg; do
|
||||
curl -s --request DELETE --data 'keep_n=10' \
|
||||
--data 'name_regex=.*[0-9].*' \
|
||||
--header "PRIVATE-TOKEN: $token" \
|
||||
"$api/projects/$id/registry/repositories/$i/tags"
|
||||
done
|
||||
}
|
||||
|
||||
gc () {
|
||||
pod=$(kubectl get pod -n gitlab -lapp=registry | tail -1 | cut -d' ' -f1)
|
||||
kubectl exec -n gitlab $pod -- \
|
||||
registry garbage-collect /etc/docker/registry/config.yml -m
|
||||
}
|
||||
|
||||
all () {
|
||||
groups=$(curl -s --header "PRIVATE-TOKEN: $token" "$api/groups" \
|
||||
| json_pp | sed -n 's/^ *"id" *: *\([0-9]\+\).*/\1/p')
|
||||
for g in $groups; do
|
||||
proj=$(curl -s --header "PRIVATE-TOKEN: $token" \
|
||||
"$api/groups/$g/projects?simple=true&include_subgroups=true" \
|
||||
| json_pp | sed -n 's/^ \{6\}"id" *: *\([0-9]\+\).*/\1/p')
|
||||
for p in $proj; do
|
||||
prune $p
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
projects () {
|
||||
for i in $@; do
|
||||
prune $(echo $i | sed 's,/,%2F,g')
|
||||
done
|
||||
}
|
||||
|
||||
case $1 in
|
||||
--all) all ;;
|
||||
*) projects $@
|
||||
esac
|
||||
|
||||
gc
|
||||
3
scripts/reset-sa-tokens.sh
Executable file
3
scripts/reset-sa-tokens.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
kubectl delete secrets --all-namespaces --field-selector='type=kubernetes.io/service-account-token'
|
||||
18
scripts/restart-flannel.sh
Executable file
18
scripts/restart-flannel.sh
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
master="etcd.service"
|
||||
node="flannel.service"
|
||||
|
||||
nodes=$(kubectl get nodes --no-headers | cut -d' ' -f1)
|
||||
master_node=$(echo $nodes | cut -d' ' -f1)
|
||||
|
||||
echo "$master_node: systemctl restart $master"
|
||||
sudo systemctl restart $master
|
||||
|
||||
for n in $nodes; do
|
||||
echo "$n: systemctl restart $node"
|
||||
ssh root@$n systemctl restart $node &
|
||||
done
|
||||
|
||||
echo "Waiting..."
|
||||
wait
|
||||
18
scripts/restart-kubernetes.sh
Executable file
18
scripts/restart-kubernetes.sh
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
master="kube-apiserver kube-scheduler kube-controller-manager"
|
||||
node="kube-proxy kubelet kube-certmgr-apitoken-bootstrap"
|
||||
|
||||
nodes=$(kubectl get nodes --no-headers | cut -d' ' -f1)
|
||||
master_node=$(echo $nodes | cut -d' ' -f1)
|
||||
|
||||
echo "$master_node: systemctl restart $master"
|
||||
sudo systemctl restart $master
|
||||
|
||||
for n in $nodes; do
|
||||
echo "$n: systemctl restart $node"
|
||||
ssh root@$n systemctl restart $node &
|
||||
done
|
||||
|
||||
echo "Waiting..."
|
||||
wait
|
||||
12
scripts/setup-helm.sh
Normal file
12
scripts/setup-helm.sh
Normal file
@@ -0,0 +1,12 @@
|
||||
read -r -d '' repos << EOF
|
||||
jetstack;https://charts.jetstack.io
|
||||
stable;https://kubernetes-charts.storage.googleapis.com/
|
||||
minio;https://helm.min.io/
|
||||
anchore;https://charts.anchore.io
|
||||
bitnami;https://charts.bitnami.com/bitnami
|
||||
hashicorp;https://helm.releases.hashicorp.com
|
||||
ingress-nginx;https://kubernetes.github.io/ingress-nginx
|
||||
prometheus-community;https://prometheus-community.github.io/helm-charts
|
||||
EOF
|
||||
for i in $repos; do IFS=";"; set $i; helm repo add $1 $2; done
|
||||
|
||||
3
scripts/taint-node-no-schedule.sh
Executable file
3
scripts/taint-node-no-schedule.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
kubectl taint node $1 ClusterService="true":NoSchedule
|
||||
23
scripts/update-helm-repos.sh
Normal file
23
scripts/update-helm-repos.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
repos=(
|
||||
"jetstack=https://charts.jetstack.io"
|
||||
"stable=https://kubernetes-charts.storage.googleapis.com/"
|
||||
"minio=https://helm.min.io/"
|
||||
"anchore=https://charts.anchore.io"
|
||||
"prometheus-community=https://prometheus-community.github.io/helm-charts"
|
||||
"bitnami=https://charts.bitnami.com/bitnami"
|
||||
"hashicorp=https://helm.releases.hashicorp.com"
|
||||
"ingress-nginx=https://kubernetes.github.io/ingress-nginx"
|
||||
)
|
||||
|
||||
update_helm_repos () {
|
||||
for i in ${repos[@]}; do
|
||||
k=$(echo "$i" | cut -d= -f1)
|
||||
v=$(echo "$i" | cut -d= -f2)
|
||||
helm repo add $k $v
|
||||
done
|
||||
helm repo update
|
||||
}
|
||||
|
||||
update_helm_repos
|
||||
12
scripts/ws-curl.sh
Executable file
12
scripts/ws-curl.sh
Executable file
@@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
host=$1; shift
|
||||
|
||||
curl -i -N \
|
||||
-H "Connection: upgrade"\
|
||||
-H "Upgrade: websocket"\
|
||||
-H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ=="\
|
||||
-H "Sec-WebSocket-Version: 13"\
|
||||
-H "Origin: http://foo.com/"\
|
||||
-H "Host: $host" $@
|
||||
|
||||
Reference in New Issue
Block a user