forked from labring/sealos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
init.sh
284 lines (235 loc) · 8.68 KB
/
init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
#!/bin/bash
set -e
cloudDomain="127.0.0.1.nip.io"
cloudPort=""
mongodbUri=""
cockroachdbUri=""
cockroachdbLocalUri=""
cockroachdbGlobalUri=""
tlsCrtPlaceholder="<tls-crt-placeholder>"
tlsKeyPlaceholder="<tls-key-placeholder>"
saltKey=""
function prepare {
# source .env
source etc/sealos/.env
# kubectl apply namespace, secret and mongodb
kubectl apply -f manifests/namespace.yaml
# apply notifications crd
kubectl apply -f manifests/notifications_crd.yaml
# gen mongodb uri
gen_mongodbUri
# gen cockroachdb uri
gen_cockroachdbUri
# gen saltKey if not set or not found in secret
gen_saltKey
# mutate desktop config
mutate_desktop_config
# create tls secret
create_tls_secret
}
# Function to retry `kubectl apply -f` command until it succeeds or reaches a maximum number of attempts
retry_kubectl_apply() {
local file_path=$1 # The path to the Kubernetes manifest file
local max_attempts=6 # Maximum number of attempts
local attempt=0 # Current attempt counter
local wait_seconds=10 # Seconds to wait before retrying
while [ $attempt -lt $max_attempts ]; do
# Attempt to execute the kubectl command
kubectl apply -f "$file_path" >> /dev/null && {
return 0 # Exit the function successfully
}
# If the command did not execute successfully, increase the attempt counter and report failure
attempt=$((attempt + 1))
# If the maximum number of attempts has been reached, stop retrying
if [ $attempt -eq $max_attempts ]; then
return 1 # Exit the function with failure
fi
# Wait for a specified time before retrying
sleep $wait_seconds
done
}
function gen_mongodbUri() {
# if mongodbUri is empty then create mongodb and gen mongodb uri
if [ -z "$mongodbUri" ]; then
echo "no mongodb uri found, create mongodb and gen mongodb uri"
retry_kubectl_apply "manifests/mongodb.yaml"
echo "waiting for mongodb secret generated"
message="waiting for mongodb ready"
# if there is no sealos-mongodb-conn-credential secret then wait for mongodb ready
while [ -z "$(kubectl get secret -n sealos sealos-mongodb-conn-credential 2>/dev/null)" ]; do
echo -ne "\r$message \e[K"
sleep 0.5
echo -ne "\r$message . \e[K"
sleep 0.5
echo -ne "\r$message .. \e[K"
sleep 0.5
echo -ne "\r$message ...\e[K"
sleep 0.5
done
echo "mongodb secret has been generated successfully."
chmod +x scripts/gen-mongodb-uri.sh
mongodbUri=$(scripts/gen-mongodb-uri.sh)
fi
}
function gen_cockroachdbUri() {
if [ -z "$cockroachdbUri" ]; then
echo "no cockroachdb uri found, create cockroachdb and gen cockroachdb uri"
retry_kubectl_apply "manifests/cockroachdb.yaml"
message="waiting for cockroachdb ready"
NAMESPACE="sealos"
STATEFULSET_NAME="sealos-cockroachdb"
while : ; do
kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE >/dev/null 2>&1 && break
done
while : ; do
REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.spec.replicas}')
READY_REPLICAS=$(kubectl get statefulset $STATEFULSET_NAME -n $NAMESPACE -o jsonpath='{.status.readyReplicas}')
if [ "$READY_REPLICAS" == "$REPLICAS" ]; then
echo -e "\rcockroachdb is ready."
break
else
echo -ne "\r$message \e[K"
sleep 0.5
echo -ne "\r$message . \e[K"
sleep 0.5
echo -ne "\r$message .. \e[K"
sleep 0.5
echo -ne "\r$message ...\e[K"
sleep 0.5
fi
done
echo "cockroachdb secret has been generated successfully."
chmod +x scripts/gen-cockroachdb-uri.sh
cockroachdbUri=$(scripts/gen-cockroachdb-uri.sh)
fi
cockroachdbLocalUri="$cockroachdbUri/local"
cockroachdbGlobalUri="$cockroachdbUri/global"
}
function gen_saltKey() {
password_salt=$(kubectl get secret desktop-frontend-secret -n sealos -o jsonpath="{.data.password_salt}" 2>/dev/null || true)
if [[ -z "$password_salt" ]]; then
saltKey=$(tr -dc 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0)
else
saltKey=$password_salt
fi
}
function mutate_desktop_config() {
# mutate etc/sealos/desktop-config.yaml by using mongodb uri and two random base64 string
sed -i -e "s;<your-mongodb-uri-base64>;$(echo -n "${mongodbUri}/sealos-auth?authSource=admin" | base64 -w 0);" etc/sealos/desktop-config.yaml
sed -i -e "s;<your-jwt-secret-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
sed -i -e "s;<your-jwt-secret-region-base64>;$(tr -cd 'a-z0-9' </dev/urandom | head -c64 | base64 -w 0);" etc/sealos/desktop-config.yaml
sed -i -e "s;<your-password-salt-base64>;$saltKey;" etc/sealos/desktop-config.yaml
sed -i -e "s;<your-region-database-url-base64>;$(echo -n "${cockroachdbLocalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
sed -i -e "s;<your-global-database-url-base64>;$(echo -n "${cockroachdbGlobalUri}" | base64 -w 0);" etc/sealos/desktop-config.yaml
}
function create_tls_secret {
if grep -q $tlsCrtPlaceholder manifests/tls-secret.yaml; then
echo "mock tls secret"
kubectl apply -f manifests/mock-cert.yaml
echo "mock tls cert has been created successfully."
else
echo "tls secret is already set"
kubectl apply -f manifests/tls-secret.yaml
fi
}
function sealos_run_controller {
# run user controller
sealos run tars/user.tar \
--env cloudDomain="$cloudDomain" \
--env apiserverPort="6443"
# run terminal controller
sealos run tars/terminal.tar \
--env cloudDomain="$cloudDomain" \
--env cloudPort="$cloudPort" \
--env userNamespace="user-system" \
--env wildcardCertSecretName="wildcard-cert" \
--env wildcardCertSecretNamespace="sealos-system"
# run app controller
sealos run tars/app.tar
# run resources monitoring controller
sealos run tars/monitoring.tar \
--env MONGO_URI="$mongodbUri" --env DEFAULT_NAMESPACE="resources-system"
# run account controller
sealos run tars/account.tar \
--env MONGO_URI="$mongodbUri" \
--env cloudDomain="$cloudDomain" \
--env cloudPort="$cloudPort" \
--env DEFAULT_NAMESPACE="account-system"
# run license controller
# sealos run tars/license.tar \
# --env MONGO_URI="$mongodbUri"
}
function sealos_authorize {
sealos run tars/job-init.tar
sealos run tars/job-heartbeat.tar
# wait for admin user create
echo "Waiting for admin user create"
while [ -z "$(kubectl get ns ns-admin 2>/dev/null)" ]; do
sleep 1
done
}
function sealos_run_frontend {
echo "run desktop frontend"
sealos run tars/frontend-desktop.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert" \
--env passwordEnabled="true" \
--config-file etc/sealos/desktop-config.yaml
# sealos authorize !!must run after sealos_run_controller frontend-desktop.tar and before sealos_run_frontend
# TODO fix sealos_authorize in controller/job/init
# sealos_authorize
echo "run applaunchpad frontend"
sealos run tars/frontend-applaunchpad.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert"
echo "run terminal frontend"
sealos run tars/frontend-terminal.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert"
echo "run dbprovider frontend"
sealos run tars/frontend-dbprovider.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert"
echo "run cost center frontend"
sealos run tars/frontend-costcenter.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert" \
--env transferEnabled="true" \
--env rechargeEnabled="false"
echo "run template frontend"
sealos run tars/frontend-template.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert"
# echo "run license frontend"
# sealos run tars/frontend-license.tar \
# --env cloudDomain=$cloudDomain \
# --env cloudPort="$cloudPort" \
# --env certSecretName="wildcard-cert" \
# --env MONGODB_URI="${mongodbUri}/sealos-license?authSource=admin" \
# --env licensePurchaseDomain="license.sealos.io"
echo "run cronjob frontend"
sealos run tars/frontend-cronjob.tar \
--env cloudDomain=$cloudDomain \
--env cloudPort="$cloudPort" \
--env certSecretName="wildcard-cert"
echo "run db monitoring"
sealos run tars/database-service.tar
}
function resource_exists {
kubectl get "$1" >/dev/null 2>&1
}
function install {
# gen mongodb uri and others
prepare
# sealos run controllers
sealos_run_controller
# sealos run frontends
sealos_run_frontend
}
install