From 3b5e858c92d01e6ec34879ac42f2bb449fa60c74 Mon Sep 17 00:00:00 2001 From: nicholasSSUSE Date: Tue, 21 Nov 2023 19:46:30 -0300 Subject: [PATCH] initial commit --- .gitignore | 3 + AIRGAP_INSTALL_PVT_REGISTRY.md | 271 +++++++++++++++++++++++++++++++++ exec.sh | 124 +++++++++++++++ scripts/infra.sh | 138 +++++++++++++++++ scripts/menu.sh | 41 +++++ scripts/step_1.sh | 43 ++++++ scripts/step_2.sh | 36 +++++ scripts/step_3.sh | 36 +++++ scripts/step_4.sh | 75 +++++++++ target-rancher-images.txt | 13 ++ 10 files changed, 780 insertions(+) create mode 100644 .gitignore create mode 100755 AIRGAP_INSTALL_PVT_REGISTRY.md create mode 100755 exec.sh create mode 100755 scripts/infra.sh create mode 100755 scripts/menu.sh create mode 100755 scripts/step_1.sh create mode 100755 scripts/step_2.sh create mode 100755 scripts/step_3.sh create mode 100755 scripts/step_4.sh create mode 100755 target-rancher-images.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a44e959 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +**/docker_volume/* +**/build/* +**/assets/* \ No newline at end of file diff --git a/AIRGAP_INSTALL_PVT_REGISTRY.md b/AIRGAP_INSTALL_PVT_REGISTRY.md new file mode 100755 index 0000000..446c29e --- /dev/null +++ b/AIRGAP_INSTALL_PVT_REGISTRY.md @@ -0,0 +1,271 @@ +# Auto Install Script Rancher Airgap with local Private Registry + +##### Compatibility Matrix + + + + +##### Releases +- https://github.com/rancher/rancher/releases/download/v2.7.4/rancher-images.txt +- https://github.com/rancher/rancher/releases/download/v2.7.7-rc2/rancher-load-images.sh +- https://github.com/rancher/rancher/releases/download/v2.7.7-rc2/rancher-save-images.sh + +--- + +# Airgap Rancher Installation + +Useful links: +- [Rancher 2.7.5 Support Matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-7-5/) +- [Cert-Manager Supported Releases](https://cert-manager.io/docs/installation/supported-releases/) +- [Rancher Releases](https://github.com/rancher/rancher/releases) +- [K3s Releases](https://github.com/k3s-io/k3s/releases) + +--- + +## Installation Outline + +1. **Step_1**: Set up infrastructure and private registry +2. **Step_2**: Collect and publish images to your private registry +3. **Step_3**: Set up a Kubernetes cluster (Skip this step for Docker installations) +4. **Step_4**: Install Rancher + +--- + +## 1. Infrastructure and Private Registry + +[Set up Infrastructure and Private Registry](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/infrastructure-private-registry) + +An air gapped environment is an environment where the Rancher server is installed offline or behind a firewall + +3 Infrastructure options: [More information](https://ranchermanager.docs.rancher.com/pages-for-subheaders/installation-and-upgrade) + +- K3s Kubernetes Cluster +- RKE Kubernetes Cluster +- single Docker container + +More information on the first provided link. + +### Set up a Private Image Registry + +- Rancher supports air gap installs using a private registry. +- You must have your own private registry or other means of distributing container images to your machines. +- In a later step, when you set up your K3s Kubernetes cluster, you will create **a private registries configuration file** with details from this registry. + +#### [K3s Private Registry Configuration](https://docs.k3s.io/installation/private-registry) + +- **Containerd** can be configured to connect to private registries and use them to pull private images on the node. +- Upon startup, K3s will check to see if a `registries.yaml` file exists at `/etc/rancher/k3s/` and instruct **containerd** to use any registries defined in the file. If you wish to use a private registry, then: +- `you will need to create this file as root on each node that will be using this registry` +- **Registries Configuration File** 2 main sections: + - mirrors + - configs + +More information on the provided link. + +##### Adding Images to the Private Registry +1. Obtain `k3s-images.txt` file from: [K3s Releases Page](https://github.com/k3s-io/k3s/releases?expanded=true&page=8&q=v1.25.9) + - Pull the K3s images listed on the `k3s-images.txt` file from docker.io + - Example: `docker pull docker.io/rancher/coredns-coredns:1.6.3` +2. Retag the images to the private registry + - Example: `docker tag rancher/coredns-coredns:1.6.3 mycustomreg.com:5000/coredns-coredns` +3. Push the images to the private registry + - Example: `docker push mycustomreg.com:5000/coredns-coredns` + +--- + +## 2. Collect and Publish images to your private registry + +[Collect and Publish Images to your Private Registry](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/publish-images) + +> How to set up your private registry so that when you install Rancher, Rancher will pull all the required images from this registry. + +- By default, all images used to **provision Kubernetes Clusters** or launch any tools in Rancher are pulled from Docker Hub. +- In an air gapped installation of Rancher, you will need a private registry that is accessible by your Rancher server. +- Then, you need to load the registry with all the images. + +Procedure: + +1. Find the required assets for your Rancher version: [Rancher Releases Page](https://github.com/rancher/rancher/releases) + - `rancher-images.txt` list of images needed to install Rancher, provision clusters and user Rancher tools. + - `rancher-save-images.sh` Script to pull all images in **rancher-images.txt** from Docker Hub and save all of them as `rancher-images.tar.gz`. + - `rancher-load-images.sh` Script to load images from **tar.gz file** file and push to the target private registry +2. Collect the **cert-manager** image: + - In a Kubernetes install, if using Rancher **self-signed TLS certificates**, you must add the `cert-manager` image to `rancher-images.txt` as well. + - Fetch the latest `cert-manager` Helm chart and parse the template for image details: + ```(bash) + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm fetch jetstack/cert-manager --version v1.11.0 + helm template ./cert-manager-.tgz | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g >> ./rancher-images.txt + ``` + - Sort and unique the images list to remove any overlap between the sources: + ```(bash) + sort -u rancher-images.txt -o rancher-images.txt + ``` +3. Save the images to your workstation: + 1. Make `rancher-save-images.sh` an executable: + ```(bash) + chmod +x rancher-save-images.sh + ``` + 2. Run `rancher-save-images.sh` with the `rancher-images.txt` list to create a tarball of all the required images: + ```(bash) + ./rancher-save-images.sh --image-list ./rancher-images.txt + ``` +4. Populate the private registry: + 1. move `rancher-images.tar.gz` to your private registry. + 2. Log into your private registry (optional): + ```(bash) + docker login + ``` + 3. Make `rancher-load-images.sh` executable: + ```(bash) + chmod +x rancher-load-images.sh + ``` + 4. Use `rancher-load-images.sh` to extract, tag and push `rancher-images.txt` and `rancher-images.tar.gz` to your private registry: + ```(bash) + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry + ``` + +--- + +## 3. Collect and Publish images to your private registry + +[Collect and Publish images to your private registry Page](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/other-installation-methods/air-gapped-helm-cli-install/install-kubernetes) + +> How to install a dedicated Kubernetes cluster for Rancher Air Gap Install + +1. Prepare Images Directory + - Obtain the images tar file for your architecture from the releases page for the K3s version. + - Place the tar file in the `images` Directory before starting K3s on each node: + ```(bash) + sudo mkdir -p /var/lib/rancher/k3s/agent/images/ + sudo cp ./k3s-airgap-images-$ARCH.tar /var/lib/rancher/k3s/agent/images/ + ``` +2. Create Registry yaml + - Only secure registries are supported with K3s (SSL with custom CA): [Private Registry Configurations K3s](https://docs.k3s.io/installation/private-registry) + - at `/etc/rancher/k3s/registries.yaml` + ```(yaml) + --- + mirrors: + customreg: + endpoint: + - "https://ip-to-server:5000" + configs: + customreg: + auth: + username: xxxxxx # this is the registry username + password: xxxxxx # this is the registry password + tls: + cert_file: + key_file: + ca_file: + ``` +3. Install K3s: + - Obtain the K3s binary from [K3s Releases Page](https://github.com/k3s-io/k3s/releases) + - Place the binary in `/usr/local/bin` on each node. + - Obtain the K3S Install script at: [K3s Install Script Raw](https://get.k3s.io) + - Place the install script anywhere and name it `install.sh` + - Install K3s on each server: + ```(bash) + INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_VERSION= ./install.sh + ``` + - Install k3s on each agent: + ```(bash) + INSTALL_K3S_SKIP_DOWNLOAD=true INSTALL_K3S_VERSION= K3S_URL=https://:6443 K3S_TOKEN= ./install.sh + ``` + - Where `` is the IP or valid DNS of the server. + - Where `` is the node-token from the server found at: `/var/lib/rancher/k3s/server/node-token` +4. Save and Start Using the **kubeconfig** file + - Copy the file at: `/etc/rancher/k3s/k3s.yaml` + - Paste it at: `~/.kube/config` on local machine + - In the **kubeconfig** file, the `server` directive is defined as `localhost`. + - Configure the server as the DNS of your load balancer, referring to port `6443`. + - The Kubernetes API server will be reached at port `6443`. + - The Rancher server will be reached at ports `80 and 443`. + - Example `k3s.yaml` file: + ```(yaml) + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: [CERTIFICATE-DATA] + server: [LOAD-BALANCER-DNS]:6443 # Edit this line + name: default + contexts: + - context: + cluster: default + user: default + name: default + current-context: default + kind: Config + preferences: {} + users: + - name: default + user: + password: [PASSWORD] + username: admin + ``` + +--- + +## 4. Install Rancher + +> How to deploy Rancher for your air gapped environment in a high-availability Kubernetes installation. +> And air gapped environment could be where Rancher server will be installed offline, behind a firewall, or behind a proxy. + +- **Privileged Access for Rancher** is required to run containers within containers, install rancher with `--privileged` option. + +1. Add the Helm Chart Repository: + - Install helm + - `helm repo add`: + ```(bash) + helm repo add rancher-latest https://releases.rancher.com/server-charts/latest + helm repo add rancher-stable https://releases.rancher.com/server-charts/stable + helm repo add rancher-alpha https://releases.rancher.com/server-charts/alpha + ``` + - Fetch the latest Rancher Chart. This will pull down the chart and save it in the current directory as `.tgz` file: + ```(bash) + helm fetch rancher-stable/rancher --version=v2.4.8 + ``` +2. SSL Configuration: + - Add the cert-manager repo: + ```(bash) + helm repo add jetstack https://charts.jetstack.io + helm repo update + ``` + - Fetch the latest cert-manager chart available from the [Cert-Manager Helm Chart Repo](https://artifacthub.io/packages/helm/cert-manager/cert-manager) + ```(bash) + helm fetch jetstack/cert-manager --version v1.12.3 + ``` + - Download the required CRD file for cert-manager: + ```(bash) + curl -L -o cert-manager-crd.yaml https://github.com/cert-manager/cert-manager/releases/download/v1.12.3/cert-manager.crds.yaml + ``` +3. Install cert-manager: + - Install cert-manager with the same options you would use to install the chart. + - Set the `image.repository` option to pull the image from your private registry. + ```(bash) + kubectl create namespace cert-manager + kubectl apply -f cert-manager-crd.yaml + helm install cert-manager ./cert-manager-v1.12.3.tgz \ + --namespace cert-manager \ + --set image.repository=/quay.io/jetstack/cert-manager-controller \ + --set webhook.image.repository=/quay.io/jetstack/cert-manager-webhook \ + --set cainjector.image.repository=/quay.io/jetstack/cert-manager-cainjector \ + --set startupapicheck.image.repository=/quay.io/jetstack/cert-manager-ctl + ``` +4. Install Rancher: + - Create namespace for Rancher: + ```(bash) + kubectl create namespace cattle-system + ``` + - Configure and install Rancher to use the private registry: + ```(bash) + helm install rancher ./rancher-.tgz \ + --namespace cattle-system \ + --set hostname= \ + --set certmanager.version= \ + --set rancherImage=/rancher/rancher \ + --set systemDefaultRegistry= \ # Set a default private registry to be used in Rancher + --set useBundledSystemChart=true # Use the packaged Rancher system charts + ``` + diff --git a/exec.sh b/exec.sh new file mode 100755 index 0000000..6a58ab7 --- /dev/null +++ b/exec.sh @@ -0,0 +1,124 @@ +#!/bin/bash +set -e +sudo echo -e "Sudo permissions acquired" + +source scripts/infra.sh +source scripts/step_1.sh +source scripts/step_2.sh +source scripts/step_3.sh +source scripts/step_4.sh + +# Utils +L="..." +SCRIPT_DIR=$(pwd) +BUILD_FOLDER=$SCRIPT_DIR/build +ASSETS_FOLDER=$SCRIPT_DIR/assets + +# Compatibility Matrix +CERT_MANAGER_VERSION="1.12.3" +RANCHER_VERSION="2.7.5" +K3S_VERSION="v1.25.9+k3s1" + +# K3s Assets +K3S_AIRGAP_IMAGE_URL="https://github.com/k3s-io/k3s/releases/download/${K3S_VERSION}/k3s-airgap-images-${ARCH}.tar" +K3S_BIN_URL="https://github.com/k3s-io/k3s/releases/download/${K3S_VERSION}/k3s" +K3S_IMAGES_TXT_URL="https://github.com/k3s-io/k3s/releases/download/$K3S_VERSION/k3s-images.txt" +K3S_INSTALL_SCRIPT_URL="https://get.k3s.io" + +# Rancher Assets +RANCHER_IMAGES_TXT_URL="https://github.com/rancher/rancher/releases/download/v${RANCHER_VERSION}/rancher-images.txt" +RANCHER_LOAD_IMAGES_URL="https://github.com/rancher/rancher/releases/download/v${RANCHER_VERSION}/rancher-load-images.sh" +RANCHER_SAVE_IMAGES_URL="https://github.com/rancher/rancher/releases/download/v${RANCHER_VERSION}/rancher-save-images.sh" +#------------------------- +HOSTNAME="localhost" +ARCH="amd64" + +# Docker Configuration +DOCKER_PORT="5000" +DOCKER_PVT_REGISTRY_CONTAINER_NAME="localregistry" +DOCKER_PVT_REGISTRY_IMAGE="registry:2" +DOCKER_PVT_REGISTRY_HOST_PORT="$HOSTNAME:$DOCKER_PORT" # +DOCKER_VOLUME_PVT_REGISTRY_PATH="$SCRIPT_DIR/docker_volume" + +# K3S Configuration +K3S_BIN_PATH="/usr/local/bin/" +K3S_YAML_FILE="/etc/rancher/k3s/k3s.yaml" +K3S_IMAGES_DIR="/var/lib/rancher/k3s/agent/images/" +K3S_REGISTRY="/etc/rancher/k3s/registries.yaml" +K3S_REG_YAML=" +mirrors: + $DOCKER_PVT_REGISTRY_HOST_PORT: + endpoint: + - http://$DOCKER_PVT_REGISTRY_HOST_PORT +" + + +function full_exec() { + step_1 + step_2 + step_3 + step_4 +} + +function distinct_exec() { + + read -p "Execute Step 1? yes[y]/[enter]): " user_input + if [[ "$user_input" == "yes" || "$user_input" == "y" ]]; then + step_1 + echo "step_1 completed." + else + echo "Continuing without step_1." + fi + + read -p "Execute Step 2? yes[y]/[enter]): " user_input + if [[ "$user_input" == "yes" || "$user_input" == "y" ]]; then + step_2 + echo "step_2 completed." + else + echo "Continuing without step_2." + fi + + read -p "Execute Step 3? yes[y]/[enter]): " user_input + if [[ "$user_input" == "yes" || "$user_input" == "y" ]]; then + step_3 + echo "step_3 completed." + else + echo "Continuing without step_3." + fi + + + read -p "Execute Step 4? yes[y]/[enter]): " user_input + if [[ "$user_input" == "yes" || "$user_input" == "y" ]]; then + step_4 + echo "step_4 completed." + else + echo "Continuing without step_4." + fi +} + +function exec() { + + clear + echo "Select an option:" + echo "____________________________________________________________________________________________________________________________________" + select choice in "Restart from Scratch" "Full Execution" "Distinct Execution"; do + case $choice in + "Restart from Scratch") + restart_from_scratch + break + ;; + "Full Execution") + full_exec + break + ;; + "Distinct Execution") + distinct_exec + break + ;; + *) echo "Invalid option $REPLY";; + esac + done + echo "____________________________________________________________________________________________________________________________________" +} + +exec \ No newline at end of file diff --git a/scripts/infra.sh b/scripts/infra.sh new file mode 100755 index 0000000..4a20192 --- /dev/null +++ b/scripts/infra.sh @@ -0,0 +1,138 @@ +#!/bin/bash +set -e + + +function restart_from_scratch() { + echo $SCRIPT_DIR + cd /usr/local/bin && ./k3s-uninstall.sh || true + echo "$(pwd)" + cd $SCRIPT_DIR + echo "$(pwd)" + clear_folders || true + clear_helm + docker_wipeout || true + download_rancher_assets + refresh_k3s + download-cert-manager-tgz +} + +function clear_folders() { + rm $BUILD_FOLDER/* || true + rm $ASSETS_FOLDER/* || true +} + +# DOCKER -------------------------------------------------------------------------------------------------- +function docker_wipeout() { + echo "$L docker_wipeout" + + echo "$L$L executing docker-fix alias..." + sudo usermod -aG docker nick + sudo systemctl start docker + sudo systemctl enable docker + sudo systemctl restart docker + docker login -u "nicholaslobo" -p "Nfap142857." + + container_ids=$(docker ps -aq) + echo "$L$L docker stop all containers" + if [ "$container_ids" ]; then + docker stop $container_ids + fi + + echo "$L$L docker remove all containers" + # Check if there are containers to remove + if [ -n "$container_ids" ]; then + # Iterate through each container and remove it + for container_id in $container_ids; do + docker rm "$container_id" + done + else + echo "No containers to remove." + fi + + echo "$L$L docker remove all images with --force" + image_ids=$(docker images -aq) + # Check if there are images to remove + if [ -n "$image_ids" ]; then + # Iterate through each image and remove it + for image_id in $image_ids; do + docker rmi "$image_id" --force + done + else + echo "No images to remove." + fi + + echo "$L$L docker prune all volumes with --force" + docker volume prune --force +} +# RANCHER -------------------------------------------------------------------------------------------------- +function download_rancher_assets() { + echo -e "$L Downloading rancher-load-images.sh for Rancher version: ${RANCHER_VERSION}" + curl -L "$RANCHER_LOAD_IMAGES_URL" -o "$ASSETS_FOLDER/rancher-load-images.sh" + sudo chmod +x $ASSETS_FOLDER/rancher-load-images.sh + + echo -e "$L Downloading rancher-save-images.sh for Rancher version: ${RANCHER_VERSION}" + curl -L "$RANCHER_SAVE_IMAGES_URL" -o "$ASSETS_FOLDER/rancher-save-images.sh" + sudo chmod +x $ASSETS_FOLDER/rancher-save-images.sh + + echo -e "$L Downloading rancher-images.txt for Rancher version: ${RANCHER_VERSION}" + curl -L "$RANCHER_IMAGES_TXT_URL" -o "$ASSETS_FOLDER/rancher-images.txt" +} + +# K3S -------------------------------------------------------------------------------------------------- +function download_k3s_assets() { + echo "$L Downloading k3s-images.txt for K3s Version: $K3S_VERSION" + curl -L "$K3S_IMAGES_TXT_URL" -o "$ASSETS_FOLDER/k3s-images.txt" --compressed + + echo "$L Downloading k3s airgap images tar for K3s version: ${K3S_VERSION}" + curl -L "$K3S_AIRGAP_IMAGE_URL" -o "$ASSETS_FOLDER/k3s-airgap-images-amd64.tar" + + echo "$L Downloading k3s binary for K3s version: ${K3S_VERSION}" + curl -L "$K3S_BIN_URL" -o "$ASSETS_FOLDER/k3s" + + echo "$L Downloading k3s install script" + curl -L "$K3S_INSTALL_SCRIPT_URL" -o "$ASSETS_FOLDER/install.sh" + chmod +x "$ASSETS_FOLDER/install.sh" +} + +function create_k3s_infra() { + echo "$L$L creating /etc/rancher/k3s directory" + sudo mkdir -p /etc/rancher/k3s || true +} + +function delete_k3s_infra() { + echo "$L$L deleting $K3S_REGISTRY file" + sudo rm $K3S_REGISTRY +} + +function prepare_k3s_images_directory() { + sudo mkdir -p $K3S_IMAGES_DIR + sudo cp $ASSETS_FOLDER/k3s-airgap-images-amd64.tar $K3S_IMAGES_DIR +} + +function refresh_k3s() { + delete_k3s_infra || true + download_k3s_assets + create_k3s_infra + prepare_k3s_images_directory +} + + +# HELM -------------------------------------------------------------------------------------------------- +function clear_helm() { + helm uninstall cert-manager -n cert-manager || true + helm uninstall rancher -n cattle-system || true + helm repo remove jetstack || true + helm repo remove rancher-alpha || true + helm repo remove rancher-latest || true + helm repo remove rancher-stable || true +} + + +# CERT-MANAGER -------------------------------------------------------------------------------------------------- +function download-cert-manager-tgz() { + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm fetch jetstack/cert-manager \ + --version "v$CERT_MANAGER_VERSION" \ + --destination $BUILD_FOLDER +} diff --git a/scripts/menu.sh b/scripts/menu.sh new file mode 100755 index 0000000..3a00c73 --- /dev/null +++ b/scripts/menu.sh @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + + +function menu_rancher_assets() { + echo "Select Rancher Assets Option:" + echo "____________________________________________________________________________________________________________________________________" + select choice in "Delete" "Download"; do + case $choice in + "Delete") + delete_rancher_assets || true + break + ;; + "Download") + download_rancher_assets + break + ;; + *) echo "Invalid option $REPLY";; + esac + done + echo "____________________________________________________________________________________________________________________________________" +} + +function menu_k3s_images_txt() { + echo "Select k3s-images.txt Option:" + echo "____________________________________________________________________________________________________________________________________" + select choice in "Delete" "Download"; do + case $choice in + "Delete") + delete_k3s_assets || true + break + ;; + "Download") + download_k3s_assets + break + ;; + *) echo "Invalid option $REPLY";; + esac + done + echo "____________________________________________________________________________________________________________________________________" +} \ No newline at end of file diff --git a/scripts/step_1.sh b/scripts/step_1.sh new file mode 100755 index 0000000..be07a9a --- /dev/null +++ b/scripts/step_1.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -e + +function docker_create_private_registry() { + echo "$L docker_private_registry" + + echo "$L$L checking if the docker image for private registry exists...image name: $DOCKER_PVT_REGISTRY_IMAGE" + # Check if the Docker image for private registry exists + docker pull $DOCKER_PVT_REGISTRY_IMAGE + + echo "$L$L running container for private registry..." + echo "docker run -d --restart=always -p $DOCKER_PORT:$DOCKER_PORT --name $DOCKER_PVT_REGISTRY_CONTAINER_NAME -v $DOCKER_VOLUME_PVT_REGISTRY_PATH:/var/lib/registry $DOCKER_PVT_REGISTRY_IMAGE" + docker run -d --restart=always \ + -p $DOCKER_PORT:$DOCKER_PORT \ + --name $DOCKER_PVT_REGISTRY_CONTAINER_NAME \ + -v $DOCKER_VOLUME_PVT_REGISTRY_PATH:/var/lib/registry \ + $DOCKER_PVT_REGISTRY_IMAGE +} + +function docker_add_k3s_images_to_private_registry() { + # Loop through each line in the k3s-images.txt file + while IFS= read -r line; do + # Pull the image + docker pull "$line" + # Extract the image name without the repository and tag + image_name=$(echo "$line" | awk -F/ '{print $NF}' | awk -F: '{print $1}') + # Tag the image with the destination registry + docker tag "$line" "$DOCKER_PVT_REGISTRY_HOST_PORT/$image_name" + # Push the tagged image to the destination registry + docker push "$DOCKER_PVT_REGISTRY_HOST_PORT/$image_name" + done < "$ASSETS_FOLDER/k3s-images.txt" +} + +function step_1() { + echo "" + echo "________________________________________________________________________" + echo "$L Step 1 start" + docker_create_private_registry + docker_add_k3s_images_to_private_registry + echo "________________________________________________________________________" + echo "$L Step 1 END" + echo "" +} \ No newline at end of file diff --git a/scripts/step_2.sh b/scripts/step_2.sh new file mode 100755 index 0000000..c4e32bf --- /dev/null +++ b/scripts/step_2.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e + + +function target-rancher-images-txt() { + mv $ASSETS_FOLDER/rancher-images.txt ../backup-rancher-images.txt + cp $SCRIPT_DIR/target-rancher-images.txt $ASSETS_FOLDER/rancher-images.txt +} + +function template-cert-manager() { + helm template "$BUILD_FOLDER/cert-manager-v$CERT_MANAGER_VERSION.tgz" | \ + awk '$1 ~ /image:/ {print $2}' | sed s/\"//g >> $ASSETS_FOLDER/rancher-images.txt +} + +function sort-unique-images() { + sort -u $ASSETS_FOLDER/rancher-images.txt -o $ASSETS_FOLDER/rancher-images.txt +} + +function save-load-images() { + cd "$(dirname "$0")/assets" + ./rancher-save-images.sh --image-list ./rancher-images.txt + ./rancher-load-images.sh --image-list ./rancher-images.txt --registry $DOCKER_PVT_REGISTRY_HOST_PORT +} + +function step_2() { + echo "" + echo "________________________________________________________________________" + echo "$L Step 2 start" + target-rancher-images-txt + template-cert-manager + sort-unique-images + save-load-images + echo "________________________________________________________________________" + echo "$L Step 2 END" + echo "" +} \ No newline at end of file diff --git a/scripts/step_3.sh b/scripts/step_3.sh new file mode 100755 index 0000000..7901038 --- /dev/null +++ b/scripts/step_3.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e + + +function registry_yaml_file() { + echo -e "....updating registry.yaml file at: $K3S_REGISTRY ..." + if ! echo -e "$K3S_REG_YAML" | sudo tee $K3S_REGISTRY > /dev/null; then + echo -e "Error: Failed to create or update $K3S_REGISTRY." + exit 1 + fi +} + +function k3s_bin_install() { + sudo cp --remove-destination $ASSETS_FOLDER/k3s $K3S_BIN_PATH + chmod +x "$ASSETS_FOLDER/install.sh" + INSTALL_K3S_VERSION=$K3S_VERSION source "$ASSETS_FOLDER/install.sh" +} + +function kubectl_k3s() { + sudo chmod 777 $K3S_YAML_FILE + cp --remove-destination $K3S_YAML_FILE ~/.kube/config + kubectl cluster-info +} + + +function step_3() { + echo "" + echo "________________________________________________________________________" + echo "$L Step 3 start" + registry_yaml_file + k3s_bin_install + kubectl_k3s + echo "________________________________________________________________________" + echo "$L Step 3 END" + echo "" +} \ No newline at end of file diff --git a/scripts/step_4.sh b/scripts/step_4.sh new file mode 100755 index 0000000..162be45 --- /dev/null +++ b/scripts/step_4.sh @@ -0,0 +1,75 @@ +#!/bin/bash +set -e + +function rancher-helm-repo() { + helm repo add rancher-stable https://releases.rancher.com/server-charts/latest + helm fetch rancher-stable/rancher --version=v$RANCHER_VERSION --destination $BUILD_FOLDER +} + +function crd-cert-manager() { + echo "crd-cert-manager" + echo "curl -L -o $ASSETS_FOLDER/cert-manager-crd.yaml https://github.com/cert-manager/cert-manager/releases/download/v$CERT_MANAGER_VERSION/cert-manager.crds.yaml" + curl -L -o $ASSETS_FOLDER/cert-manager-crd.yaml https://github.com/cert-manager/cert-manager/releases/download/v$CERT_MANAGER_VERSION/cert-manager.crds.yaml + echo "kubectl create namespace cert-manager || true" + kubectl create namespace cert-manager || true + echo "kubectl apply -f $ASSETS_FOLDER/cert-manager-crd.yaml" + kubectl apply -f $ASSETS_FOLDER/cert-manager-crd.yaml + echo "helm install cert-manager $BUILD_FOLDER/cert-manager-v$CERT_MANAGER_VERSION.tgz \ + --namespace cert-manager \ + --set image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-controller \ + --set webhook.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-webhook \ + --set cainjector.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-cainjector \ + --set startupapicheck.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-ctl" + helm install cert-manager $BUILD_FOLDER/cert-manager-v$CERT_MANAGER_VERSION.tgz \ + --namespace cert-manager \ + --set image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-controller \ + --set webhook.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-webhook \ + --set cainjector.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-cainjector \ + --set startupapicheck.image.repository=$DOCKER_PVT_REGISTRY_HOST_PORT/quay.io/jetstack/cert-manager-ctl +} + +function install_rancher() { + echo "install_rancher" + echo "kubectl create namespace cattle-system || true" + kubectl create namespace cattle-system || true + echo "helm install rancher $BUILD_FOLDER/rancher-$RANCHER_VERSION.tgz \ + --namespace cattle-system \ + --set hostname=$HOSTNAME\ + --set certmanager.version=v$CERT_MANAGER_VERSION\ + --set rancherImage=$DOCKER_PVT_REGISTRY_HOST_PORT/rancher/rancher \ + --set systemDefaultRegistry=$DOCKER_PVT_REGISTRY_HOST_PORT \ + --set useBundledSystemChart=true \ + --set ingress.tls.source=secret \ + --debug" + helm install rancher $BUILD_FOLDER/rancher-$RANCHER_VERSION.tgz \ + --namespace cattle-system \ + --set hostname=$HOSTNAME\ + --set certmanager.version=v$CERT_MANAGER_VERSION\ + --set rancherImage=$DOCKER_PVT_REGISTRY_HOST_PORT/rancher/rancher \ + --set systemDefaultRegistry=$DOCKER_PVT_REGISTRY_HOST_PORT \ + --set useBundledSystemChart=true \ + --set ingress.tls.source=secret \ + --debug +} + + + + +function step_4() { + echo "" + echo "________________________________________________________________________" + echo "$L Step 4 start" + rancher-helm-repo + crd-cert-manager + install_rancher + echo "________________________________________________________________________" + echo "$L Step 4 END" + echo "" + + echo "Waiting for deployment to finish" + kubectl -n cattle-system rollout status deploy/rancher + + echo "Port-forwarding...https://localhost:8443 should be available" + kubectl -n cattle-system port-forward svc/rancher 8443:443 +} + diff --git a/target-rancher-images.txt b/target-rancher-images.txt new file mode 100755 index 0000000..90f3019 --- /dev/null +++ b/target-rancher-images.txt @@ -0,0 +1,13 @@ +rancher/fleet-agent:v0.7.0 +rancher/fleet:v0.7.0 +rancher/gitjob:v0.1.54 +rancher/rancher-agent:v2.7.5 +rancher/rancher-csp-adapter:v2.0.2 +rancher/rancher-webhook:v0.3.5 +rancher/rancher:v2.7.5 +rancher/shell:v0.1.20 +rancher/webhook-receiver:v0.2.5 +rancher/nginx-ingress-controller:nginx-1.7.0-rancher1 +rancher/calico-cni:v3.25.0-rancher1 +rancher/externalip-webhook:v1.0.1 +rancher/flannel-cni:v0.3.0-rancher8