forked from GoogleCloudPlatform/gke-networking-demos
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·172 lines (148 loc) · 7.09 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/bin/bash -e
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
### Creates GCP/GKE resources for GKE-to-GKE-communication-through-VPN
### Refer to https://cloud.google.com/sdk/gcloud/ for usage of gcloud
### Deployment manager templates, gcloud and kubectl commands are used.
dir=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
ROOT="$(dirname "${dir}")"
#shellcheck disable=SC1090
source "${ROOT}/verify-functions.sh"
command -v gcloud >/dev/null 2>&1 || \
{ echo >&2 "I require gcloud but it's not installed. Aborting.";exit 1; }
command -v kubectl >/dev/null 2>&1 || \
{ echo >&2 "I require kubectl but it's not installed. Aborting."; exit 1; }
### Obtain current active PROJECT_ID
PROJECT_ID=$(gcloud config get-value project)
if [ -z "${PROJECT_ID}" ]
then echo >&2 "I require default project is set but it's not. Aborting."; exit 1;
fi
### Ensure that the Forwarding rules quota is met
if ! meets_quota "${PROJECT_ID}" "FORWARDING_RULES" 8; then
echo "Refer to https://cloud.google.com/compute/quotas"
echo "Terminating..."
exit 1
fi
### Ensure that the In-use IP addresses global quota is met
if ! meets_quota "${PROJECT_ID}" "IN_USE_ADDRESSES" 6; then
echo "Refer to https://cloud.google.com/compute/quotas"
echo "Terminating..."
exit 1
fi
### Ensure that the Backend services quota is met
if ! meets_quota "${PROJECT_ID}" "BACKEND_SERVICES" 4; then
echo "Refer to https://cloud.google.com/compute/quotas"
echo "Terminating..."
exit 1
fi
### Ensure that the Firewall rules quota is met
if ! meets_quota "${PROJECT_ID}" "FIREWALLS" 42; then
echo "Refer to https://cloud.google.com/compute/quotas"
echo "Terminating..."
exit 1
fi
### enable required service apis in the project
gcloud services enable \
compute.googleapis.com \
deploymentmanager.googleapis.com
### create networks and subnets
if ! deployment_exists "${PROJECT_ID}" "network-deployment"; then
gcloud deployment-manager deployments create network-deployment \
--config "${ROOT}"/network/network.yaml
fi
### create clusters
if ! deployment_exists "${PROJECT_ID}" "cluster-deployment"; then
gcloud deployment-manager deployments create cluster-deployment \
--config "${ROOT}"/clusters/cluster.yaml
fi
### Create static ip for VPN connections
if ! deployment_exists "${PROJECT_ID}" "static-ip-deployment"; then
gcloud deployment-manager deployments create static-ip-deployment \
--config "${ROOT}"/network/static-ip.yaml
fi
#Get static VPN IP addresses
VPN1_IP=$(gcloud compute addresses list --filter="name=vpn1-ip-address" \
--format "value(address)")
VPN2_IP=$(gcloud compute addresses list --filter="name=vpn2-ip-address" \
--format "value(address)")
VPN3_IP=$(gcloud compute addresses list --filter="name=vpn3-ip-address" \
--format "value(address)")
VPN4_IP=$(gcloud compute addresses list --filter="name=vpn4-ip-address" \
--format "value(address)")
### Create VPN connection for network1 and network2 in us-east1 &
### us-central1 regions
if ! deployment_exists "${PROJECT_ID}" "vpn1-deployment"; then
gcloud deployment-manager deployments create vpn1-deployment \
--template vpn-custom-subnet.jinja \
--properties "region:us-east1,network:projects/${PROJECT_ID}/global/networks/network1,\
vpn-ip:${VPN1_IP},peerIp:${VPN3_IP},sharedSecret:gke-to-gke-vpn,\
nodeCIDR:10.11.0.0/28,clusterCIDR:10.128.0.0/19,serviceCIDR:10.228.0.0/20"
fi
if ! deployment_exists "${PROJECT_ID}" "vpn2-deployment"; then
gcloud deployment-manager deployments create vpn2-deployment \
--template vpn-custom-subnet.jinja \
--properties "region:us-central1,network:projects/${PROJECT_ID}/global/networks/network1,\
vpn-ip:${VPN2_IP},peerIp:${VPN4_IP},sharedSecret:gke-to-gke-vpn,\
nodeCIDR:10.12.0.0/28,clusterCIDR:10.138.0.0/19,serviceCIDR:10.238.0.0/20"
fi
if ! deployment_exists "${PROJECT_ID}" "vpn3-deployment"; then
gcloud deployment-manager deployments create vpn3-deployment \
--template vpn-custom-subnet.jinja \
--properties "region:us-east1,network:projects/${PROJECT_ID}/global/networks/network2,\
vpn-ip:${VPN3_IP},peerIp:${VPN1_IP},sharedSecret:gke-to-gke-vpn,\
nodeCIDR:10.1.0.0/28,clusterCIDR:10.108.0.0/19,serviceCIDR:10.208.0.0/20"
fi
if ! deployment_exists "${PROJECT_ID}" "vpn4-deployment"; then
gcloud deployment-manager deployments create vpn4-deployment \
--template vpn-custom-subnet.jinja \
--properties "region:us-central1,network:projects/${PROJECT_ID}/global/networks/network2,\
vpn-ip:${VPN4_IP},peerIp:${VPN2_IP},sharedSecret:gke-to-gke-vpn,\
nodeCIDR:10.2.0.0/28,clusterCIDR:10.118.0.0/19,serviceCIDR:10.218.0.0/20"
fi
### Fetch cluster1 credentials, deploy nginx pods in cluster1 and create services
gcloud container clusters get-credentials cluster-deployment-cluster1 \
--zone us-east1-d
kubectl config set-context "$(kubectl config current-context)" --namespace=default
kubectl apply -f "${ROOT}"/manifests/run-my-nginx.yaml
kubectl apply -f "${ROOT}"/manifests/cluster-ip-svc.yaml
kubectl apply -f "${ROOT}"/manifests/nodeport-svc.yaml
kubectl apply -f "${ROOT}"/manifests/lb-svc.yaml
kubectl apply -f "${ROOT}"/manifests/ilb-svc.yaml
### Fetch cluster2 credentials, deploy nginx pods in cluster2 and create services
gcloud container clusters get-credentials cluster-deployment-cluster2 \
--zone us-central1-b
kubectl config set-context "$(kubectl config current-context)" --namespace=default
kubectl apply -f "${ROOT}"/manifests/run-my-nginx.yaml
kubectl apply -f "${ROOT}"/manifests/cluster-ip-svc.yaml
kubectl apply -f "${ROOT}"/manifests/nodeport-svc.yaml
kubectl apply -f "${ROOT}"/manifests/lb-svc.yaml
kubectl apply -f "${ROOT}"/manifests/ingress-svc.yaml
### Fetch cluster3 credentials, deploy nginx pods in cluster3 and create services
gcloud container clusters get-credentials cluster-deployment-cluster3 \
--zone us-east1-c
kubectl config set-context "$(kubectl config current-context)" --namespace=default
kubectl apply -f "${ROOT}"/manifests/run-my-nginx.yaml
kubectl apply -f "${ROOT}"/manifests/cluster-ip-svc.yaml
kubectl apply -f "${ROOT}"/manifests/nodeport-svc.yaml
kubectl apply -f "${ROOT}"/manifests/lb-svc.yaml
kubectl apply -f "${ROOT}"/manifests/ilb-svc.yaml
### Fetch cluster4 credentials, deploy nginx pods in cluster4 and create services
gcloud container clusters get-credentials cluster-deployment-cluster4 \
--zone us-central1-c
kubectl config set-context "$(kubectl config current-context)" --namespace=default
kubectl apply -f "${ROOT}"/manifests/run-my-nginx.yaml
kubectl apply -f "${ROOT}"/manifests/cluster-ip-svc.yaml
kubectl apply -f "${ROOT}"/manifests/nodeport-svc.yaml
kubectl apply -f "${ROOT}"/manifests/lb-svc.yaml
kubectl apply -f "${ROOT}"/manifests/ingress-svc.yaml