forked from progmaticlab/skynet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdeploy_eks_sandbox.sh
executable file
·252 lines (215 loc) · 8.25 KB
/
deploy_eks_sandbox.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
#!/bin/bash -x
set -e
NC='\e[0m'
GREEN='\e[92m'
CLUSTER_NAME=${CLUSTER_NAME:-"istio-demo-cluster-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)"}
CONTEXT_NAME=${CONTEXT_NAME:-'istio-demo'}
SLACK_CHANNEL=${SLACK_CHANNEL:-'skynet'}
SHADOWCAT_BOT_TOKEN=${SHADOWCAT_BOT_TOKEN:-''}
SLACK_APP_PORT_NUMBER=${SLACK_APP_PORT_NUMBER:-80}
SLACK_SAMPLES_FOLDER=${SLACK_SAMPLES_FOLDER:-'./ml_samples'}
SLACK_DATA_FOLDER=${SLACK_DATA_FOLDER:-'./ml_data'}
# Disable slack on EKS
SHADOWCAT_BOT_TOKEN=""
SSH_PUBLIC_KEY=$(find ~/.ssh/id_*.pub | head -n 1)
if [[ -z ${SSH_PUBLIC_KEY} ]]
then
echo -e "${GREEN}Generate SSH keys${NC}"
ssh-keygen || exit 1
SSH_PUBLIC_KEY=$(find ~/.ssh/id_*.pub | head -n 1)
echo
fi
if ! which pip > /dev/null 2>&1 ; then
echo -e "${GREEN}Install pip2${NC}"
sudo yum install -y python2-pip
fi
if ! which python3 > /dev/null 2>&1 ; then
echo -e "${GREEN}Install python3${NC}"
sudo yum install -y python3 || sudo yum install -y python36
fi
pip3cmd='pip3'
if ! which $pip3cmd > /dev/null 2>&1 ; then
pip3cmd='pip-3.6'
if ! which $pip3cmd > /dev/null 2>&1 ; then
echo "ERROR: Unsupported image."
echo " Please install manually pip3 and/or provide availability pip3 cmd"
exit -1
fi
fi
if [ ! -f ~/.local/bin/aws ] ; then
echo -e "${GREEN}Install AWS cli${NC}"
$pip3cmd install awscli --upgrade --user
fi
if ! [[ -e ~/.aws/config ]]
then
echo
echo ${GREEN}Configure AWS${NC}
~/.local/bin/aws configure
fi
AWS_REGION=$(grep -P '\s*=\s*' ~/.aws/config | (shopt -s extglob; while read x; do y=${x/#region*([[:space:]])=*([[:space:]])/}; [[ $x == $y ]] || echo $y; done))
if [[ -z "${AWS_REGION}" ]]
then
AWS_REGION=us-west-2
fi
echo
echo -e ${GREEN}Use AWS region ${AWS_REGION}${NC}
echo
echo -e "${GREEN}Download kube tools for AWS${NC}"
b=$(pwd)/.sandbox/
# TODO: Think of cleanup ?
# rm -rf $b
mkdir -p $b
PATH=$PATH:$b
if [[ ! -f $b/kubectl ]] ; then
curl -o $b/kubectl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod u+x $b/kubectl
fi
if [[ ! -f $b/aws-iam-authenticator ]] ; then
curl -o $b/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.14.6/2019-08-22/bin/linux/amd64/aws-iam-authenticator
chmod u+x $b/aws-iam-authenticator
fi
if [[ ! -f $b/eksctl ]] ; then
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C $b
chmod u+x $b/eksctl
fi
$b/kubectl config set-context ${CONTEXT_NAME} --cluster=${CLUSTER_NAME}
$b/kubectl config use-context ${CONTEXT_NAME}
pushd $b
echo
echo -e "${GREEN}Download istio${NC}"
curl -L https://istio.io/downloadIstio | sh -
pushd istio-*
(
set -e
echo
echo -e "${GREEN}Create a EKS cluster${NC}"
cat <<CLUSTER | $b/eksctl create cluster -f - --set-kubeconfig-context
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: ${CLUSTER_NAME}
region: ${AWS_REGION}
nodeGroups:
- name: ${CLUSTER_NAME}-ng-no1
instanceType: t2.xlarge
minSize: 1
maxSize: 1
desiredCapacity: 1
preBootstrapCommands:
# Enabling the docker bridge network. We have to disable live-restore as it
# prevents docker from recreating the default bridge network on restart
- "echo \"\$(jq '.bridge=\"docker0\" | .\"live-restore\"=false' /etc/docker/daemon.json)\" > /etc/docker/daemon.json"
- "systemctl restart docker"
ssh: # import public key from file
allow: true
publicKeyPath: ${SSH_PUBLIC_KEY}
CLUSTER
# read the first node internal and public addresses
a=($($b/kubectl get nodes -o wide | head -n 2 | tail -n 1))
h=${a[5]}
p=${a[6]}
echo
echo -e "${GREEN}EKS worker node public IP: ${p}${NC}"
echo
echo -e "${GREEN}Configure the cluster node group${NC}"
cat <<INSTRUCTIONS | ssh -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -i ${SSH_PUBLIC_KEY/%[.]pub/} ec2-user@$p sudo -- bash -
set -e
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install git python2-pip python3-pip stress.x86_64
pip install tabulate
cp /etc/docker/daemon.json /etc/docker/daemon.json.backup
echo "\$(jq '. + {"insecure-registries" : ["${h}:5000"]}' /etc/docker/daemon.json)" > /etc/docker/daemon.json
systemctl restart docker
docker run -d -p 5000:5000 --restart=always --name registry registry:2
git clone https://github.com/alexandrelevine/istio
git clone https://github.com/progmaticlab/skynet
pushd istio/samples/bookinfo
src/build-services.sh 1.1 "${h}:5000/istio"
popd
docker image ls | grep bookinfo | awk '{ print \$1":1.1" }' | xargs -n 1 docker push
H=\$(pwd)
mkdir -p /host
pushd /host
cp /usr/bin/stress .
cp \${H}/skynet/load*.sh .
cp \${H}/skynet/stress* .
dd if=/dev/zero of=disk_load.data count=1024 bs=1024
popd
chmod -R a+w /host
INSTRUCTIONS
echo
echo -e "${GREEN}Install istio${NC}"
bin/istioctl manifest apply --set profile=default
scp -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -i ${SSH_PUBLIC_KEY/%[.]pub/} ec2-user@$p:istio/samples/bookinfo/platform/kube/bookinfo.yaml .
sed --in-place=.backup -re 's! node1:5000/! '${h}':5000/!' bookinfo.yaml
$b/kubectl label namespace default istio-injection=enabled
echo
echo -e "${GREEN}Install managed application${NC}"
$b/kubectl create -f bookinfo.yaml
echo
echo -e "${GREEN}Install telemetry metrics${NC}"
$b/kubectl create -f samples/bookinfo/telemetry/metrics.yaml
echo
echo -e "${GREEN}Define the ingress gateway for the application${NC}"
$b/kubectl apply -f samples/bookinfo/networking/bookinfo-gateway.yaml
echo
echo -e "${GREEN}Apply default destination rules${NC}"
$b/kubectl apply -f samples/bookinfo/networking/destination-rule-all.yaml
echo
echo -e "${GREEN}Deploy the httpbin service${NC}"
$b/kubectl apply -f samples/httpbin/httpbin.yaml
echo
echo -e "${GREEN}Determining the ingress IP and ports${NC}"
A=$($b/kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
if [[ -z $A ]]
then
A=$($b/kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
fi
P=$($b/kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
S=$($b/kubectl -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
echo -e "${GREEN}Cluster ID:${NC} ${CLUSTER_NAME}"
echo -e "${GREEN}ingress IP:${NC} ${A}"
echo -e "${GREEN}ingress port:${NC} ${P}"
echo -e "${GREEN}ingress secure port:${NC} ${S}"
echo -e "${GREEN}GATEWAY_URL:${NC} ${A}:${P}"
echo "${CLUSTER_NAME}" > $b/.cluster
echo
echo -e "${GREEN}Configure Slack Application server${NC}"
if [[ -n "$SHADOWCAT_BOT_TOKEN" ]] ; then
for i in eksctl aws-iam-authenticator kubectl ; do
scp -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null \
-i ${SSH_PUBLIC_KEY/%[.]pub/} $b/$i ec2-user@$p:~/
done
cat <<INSTRUCTIONS | ssh -o StrictHostKeyChecking=no -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null -i ${SSH_PUBLIC_KEY/%[.]pub/} ec2-user@$p sudo -- bash -
set -e
git clone https://github.com/progmaticlab/timeseries-vae-anomaly
pip3 install slackclient requests pandas matplotlib
if [[ -f ./timeseries-vae-anomaly.pid ]] ; then
kill \$(cat ./timeseries-vae-anomaly.pid)
fi
echo export SLACK_CALLBACK_HOST=$p > ./slack_app_env
echo export PORT_NUMBER=$SLACK_APP_PORT_NUMBER >> ./slack_app_env
echo export DATA_FOLDER=$SLACK_DATA_FOLDER >> ./slack_app_env
echo export SAMPLES_FOLDER=$SLACK_SAMPLES_FOLDER >> ./slack_app_env
echo export SHADOWCAT_BOT_TOKEN=$SHADOWCAT_BOT_TOKEN >> ./slack_app_env
echo export SLACK_CHANNEL=$SLACK_CHANNEL >> ./slack_app_env
echo export PATH=\${PATH}:\$(pwd) >> ./slack_app_env
source ./slack_app_env
mkdir -p \$DATA_FOLDER \$SAMPLES_FOLDER
nohup python3 ./timeseries-vae-anomaly/src/server.py > ./timeseries-vae-anomaly.log 2>&1 &
echo \$! > ./timeseries-vae-anomaly.pid
echo SlackBot App pid
cat ./timeseries-vae-anomaly.pid
INSTRUCTIONS
true # TODO: ignore slack app installation for now
fi
) || (
echo
echo -e "${GREEN}Remove the EKS cluster${NC}"
$b/eksctl delete cluster -n ${CLUSTER_NAME} -w
popd
popd
exit -1
)
popd
popd