#!/bin/bash -e # Copyright (C) 2020 The Android Open Source Project # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. usage() { me=`basename "$0"` echo >&2 "Usage: $me [--output OUTPUT] [--dryrun] CONFIG" exit 1 } while test $# -gt 0 ; do case "$1" in --output) shift OUTPUT=$1 shift ;; --dryrun) DRYRUN="true" shift ;; *) break esac done test -z "$OUTPUT" && OUTPUT="$(dirname $0)/dist" CONFIG=$1 test -z "$CONFIG" && usage NAMESPACE=$(yq r $CONFIG namespace) TMP_CONFIG=$OUTPUT/$(basename $CONFIG) function updateOrInstall() { if test -n "$(helm ls -n $NAMESPACE --short | grep $1)"; then echo "upgrade" else echo "install" fi } function addHtpasswdEntryUnencrypted() { local COMPONENT=$1 local HTPASSWD=$(htpasswd -nb \ $(yq r $TMP_CONFIG $COMPONENT.username) \ $(yq r $TMP_CONFIG $COMPONENT.password)) yq w -i $TMP_CONFIG $COMPONENT.htpasswd $HTPASSWD } function addHtpasswdEntryEncrypted() { local COMPONENT=$1 local HTPASSWD=$(htpasswd -nb \ $(sops -d --extract "$COMPONENT['username']" $TMP_CONFIG) \ $(sops -d --extract "$COMPONENT['password']" $TMP_CONFIG)) sops --set "$COMPONENT['htpasswd'] \"$HTPASSWD\"" $TMP_CONFIG } function addDashboards() { for dashboard in dashboards/*; do local DASHBOARD_NAME="${dashboard%.json}" local DASHBOARD_NAME="${DASHBOARD_NAME#"dashboards/"}" kubectl create configmap $DASHBOARD_NAME \ --from-file=$dashboard \ --dry-run=true \ --namespace=$NAMESPACE \ -o yaml > $OUTPUT/dashboards/$DASHBOARD_NAME.dashboard.yaml yq w -i $OUTPUT/dashboards/$DASHBOARD_NAME.dashboard.yaml \ metadata.labels.grafana_dashboard $DASHBOARD_NAME done } function runYtt() { ytt \ -f charts/namespace.yaml \ -f charts/prometheus/ \ -f charts/loki/ \ -f charts/grafana/ \ -f promtail/ \ --output-directory $OUTPUT \ --ignore-unknown-comments \ -f $1 } mkdir -p $OUTPUT cp $CONFIG $TMP_CONFIG # Fill in templates if test -z "$(grep -o '^sops:$' $TMP_CONFIG)"; then addHtpasswdEntryUnencrypted loki addHtpasswdEntryUnencrypted prometheus.server echo -e "#@data/values\n---\n$(cat $TMP_CONFIG)" | runYtt - else addHtpasswdEntryEncrypted "['loki']" $TMP_CONFIG addHtpasswdEntryEncrypted "['prometheus']['server']" $TMP_CONFIG echo -e "#@data/values\n---\n$(sops -d $TMP_CONFIG)" | runYtt - fi # Create configmaps with dashboards mkdir -p $OUTPUT/dashboards addDashboards test -n "$DRYRUN" && exit 0 # Install loose components kubectl apply -f $OUTPUT/namespace.yaml kubectl apply -f $OUTPUT/configuration kubectl apply -f $OUTPUT/dashboardsq kubectl apply -f $OUTPUT/storage # Add Loki helm repository helm repo add loki https://grafana.github.io/loki/charts helm repo update # Install Prometheus PROMETHEUS_CHART_NAME=prometheus-$NAMESPACE helm $(updateOrInstall $PROMETHEUS_CHART_NAME) $PROMETHEUS_CHART_NAME \ stable/prometheus \ --version $(cat ./charts/prometheus/VERSION) \ --values $OUTPUT/prometheus.yaml \ --namespace $NAMESPACE # Install Loki LOKI_CHART_NAME=loki-$NAMESPACE helm $(updateOrInstall $LOKI_CHART_NAME) $LOKI_CHART_NAME \ loki/loki \ --version $(cat ./charts/loki/VERSION) \ --values $OUTPUT/loki.yaml \ --namespace $NAMESPACE # Install Grafana GRAFANA_CHART_NAME=grafana-$NAMESPACE helm $(updateOrInstall $GRAFANA_CHART_NAME) $GRAFANA_CHART_NAME \ stable/grafana \ --version $(cat ./charts/grafana/VERSION) \ --values $OUTPUT/grafana.yaml \ --namespace $NAMESPACE