-
Notifications
You must be signed in to change notification settings - Fork 0
/
SETUP.sh
103 lines (81 loc) · 4.79 KB
/
SETUP.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
PROJECT="some-testing-project"
CLUSTER_NAME="lb-negs-nging-reg"
REGION="europe-west2"
echo $PROJECT ; echo $CLUSTER_NAME ; echo $REGION
#Create the cluster
gcloud container clusters create $CLUSTER_NAME --region $REGION --machine-type "e2-medium" --enable-ip-alias --num-nodes=2
# add the ingress-nginx repo
helm repo update
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# and install the ingress-nginx
helm install -f values.regional.yaml ingress-nginx ingress-nginx/ingress-nginx
# Create the dummy app
# apply the configuration
kubectl apply -f dummy-app-lightweb.yaml
# adapt url in dummy-ingress.yaml
- host: "your-domain-here.com"
# create the ingress object
# -- give it some time to deploy previous one --
kubectl apply -f dummy-ingress.yaml
# Find the network tags
NETWORK_TAGS=$(gcloud compute instances list --filter="name=( $(kubectl get pod -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].spec.nodeName}') )" --format="value(tags.items[0])") ; echo $NETWORK_TAGS
# Configure the firewall
gcloud compute firewall-rules create $CLUSTER_NAME-lb-fw --allow tcp:80 --source-ranges 130.211.0.0/22,35.191.0.0/16 --target-tags $NETWORK_TAGS
# add health check configuration
gcloud compute health-checks create http app-service-80-health-check --request-path /healthz --port 80 --check-interval 60 --unhealthy-threshold 3 --healthy-threshold 1 --timeout 5
# add the backend service
gcloud compute backend-services create $CLUSTER_NAME-lb-backend --health-checks app-service-80-health-check --port-name http --global --enable-cdn --connection-draining-timeout 300
# add our NEG to the backend service to all zones
gcloud compute backend-services add-backend $CLUSTER_NAME-lb-backend --network-endpoint-group=ingress-nginx-80-neg --network-endpoint-group-zone=$REGION-a --balancing-mode=RATE --capacity-scaler=1.0 --max-rate-per-endpoint=1.0 --global
gcloud compute backend-services add-backend $CLUSTER_NAME-lb-backend --network-endpoint-group=ingress-nginx-80-neg --network-endpoint-group-zone=$REGION-b --balancing-mode=RATE --capacity-scaler=1.0 --max-rate-per-endpoint=1.0 --global
gcloud compute backend-services add-backend $CLUSTER_NAME-lb-backend --network-endpoint-group=ingress-nginx-80-neg --network-endpoint-group-zone=$REGION-c --balancing-mode=RATE --capacity-scaler=1.0 --max-rate-per-endpoint=1.0 --global
# create certificate
CERTIFICATE_NAME="www-ssl-cert" ; echo $CERTIFICATE_NAME
DOMAIN_LIST="your-domain-here.com" ; echo $DOMAIN_LIST
gcloud compute ssl-certificates create $CERTIFICATE_NAME --domains=$DOMAIN_LIST --global
# you can check certificate in its status
# gcloud compute ssl-certificates list --global
# gcloud compute ssl-certificates describe $CERTIFICATE_NAME
# setup the frontend
gcloud compute url-maps create $CLUSTER_NAME-url-map --default-service $CLUSTER_NAME-lb-backend
# setup https proxy
gcloud compute target-https-proxies create $CLUSTER_NAME-http-proxy --url-map $CLUSTER_NAME-url-map --ssl-certificates=$CERTIFICATE_NAME
# setup forwarding rule
gcloud compute forwarding-rules create $CLUSTER_NAME-forwarding-rule --global --ports 443 --target-https-proxy $CLUSTER_NAME-http-proxy
# enable logging
gcloud compute backend-services update $CLUSTER_NAME-lb-backend --enable-logging --global
# Test
IP_ADDRESS=$(gcloud compute forwarding-rules describe $CLUSTER_NAME-forwarding-rule --global --format="value(IPAddress)") ; echo $IP_ADDRESS
curl -s -I https://$IP_ADDRESS/
curl -s -I https://your-domain-here.com/
################
# cleanup
# delete the forwarding-rule aka frontend
gcloud -q compute forwarding-rules delete $CLUSTER_NAME-forwarding-rule --global
gcloud -q compute forwarding-rules list
# delete the http proxy
gcloud -q compute target-http-proxies delete $CLUSTER_NAME-http-proxy
gcloud -q compute target-http-proxies list
# delete the url map
gcloud -q compute url-maps delete $CLUSTER_NAME-url-map
gcloud -q compute url-maps list
# delete the backend
gcloud -q compute backend-services delete $CLUSTER_NAME-lb-backend --global
gcloud -q compute backend-services list
# delete the health check
gcloud -q compute health-checks delete app-service-80-health-check
gcloud -q compute health-checks list
# delete the firewall rule
gcloud -q compute firewall-rules delete $CLUSTER_NAME-lb-fw
gcloud -q compute firewall-rules list
kubectl delete -f dummy-ingress.yaml
kubectl delete -f dummy-app-lightweb.yaml
helm delete ingress-nginx
# delete the cluster
gcloud -q container clusters delete $CLUSTER_NAME --zone=$ZONE
gcloud -q container clusters list
# delete the NEG
gcloud -q compute network-endpoint-groups delete ingress-nginx-80-neg --zone=$REGION-a
gcloud -q compute network-endpoint-groups delete ingress-nginx-80-neg --zone=$REGION-b
gcloud -q compute network-endpoint-groups delete ingress-nginx-80-neg --zone=$REGION-c
gcloud -q compute network-endpoint-groups list