-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeployment.sh
More file actions
executable file
·141 lines (116 loc) · 4.73 KB
/
deployment.sh
File metadata and controls
executable file
·141 lines (116 loc) · 4.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/usr/bin/env bash
################################################################################
### Script deploying the Observ-K8s environment
### Parameters:
### Clustern name: name of your k8s cluster
### dttoken: Dynatrace api token with ingest metrics and otlp ingest scope
### dturl : url of your DT tenant wihtout any / at the end for example: https://dedede.live.dynatrace.com
################################################################################
### Pre-flight checks for dependencies
if ! command -v jq >/dev/null 2>&1; then
echo "Please install jq before continuing"
exit 1
fi
if ! command -v git >/dev/null 2>&1; then
echo "Please install git before continuing"
exit 1
fi
if ! command -v helm >/dev/null 2>&1; then
echo "Please install helm before continuing"
exit 1
fi
if ! command -v kubectl >/dev/null 2>&1; then
echo "Please install kubectl before continuing"
exit 1
fi
echo "parsing arguments"
while [ $# -gt 0 ]; do
case "$1" in
--dtoperatortoken)
DTOPERATORTOKEN="$2"
shift 2
;;
--dtingesttoken)
DTTOKEN="$2"
shift 2
;;
--dturl)
DTURL="$2"
shift 2
;;
--clustername)
CLUSTERNAME="$2"
shift 2
;;
*)
echo "Warning: skipping unsupported option: $1"
shift
;;
esac
done
echo "Checking arguments"
if [ -z "$CLUSTERNAME" ]; then
echo "Error: clustername not set!"
exit 1
fi
if [ -z "$DTURL" ]; then
echo "Error: Dt url not set!"
exit 1
fi
if [ -z "$DTTOKEN" ]; then
echo "Error: Data ingest api-token not set!"
exit 1
fi
if [ -z "$DTOPERATORTOKEN" ]; then
echo "Error: DT operator token not set!"
exit 1
fi
#### Deploy the cert-manager
echo "Deploying Cert Manager ( for OpenTelemetry Operator)"
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.yaml
# Wait for pod webhook started
kubectl wait pod -l app.kubernetes.io/component=webhook -n cert-manager --for=condition=Ready --timeout=2m
# Deploy the opentelemetry operator
sleep 10
echo "Deploying the OpenTelemetry Operator"
kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml
#### Deploy the Dynatrace Operator
helm upgrade dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator \
--version 1.7.0 \
--create-namespace --namespace dynatrace \
--install \
--atomic
kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=$DTOPERATORTOKEN" --from-literal="dataIngestToken=$DTTOKEN"
sed -i '' "s,TENANTURL_TOREPLACE,$DTURL," dynatrace/dynakube.yaml
sed -i '' "s,CLUSTER_NAME_TO_REPLACE,$CLUSTERNAME," dynatrace/dynakube.yaml
kubectl apply -f dynatrace/dynakube.yaml -n dynatrace
#Deploy collector
kubectl create secret generic dynatrace --from-literal=dynatrace_oltp_url="$DTURL" --from-literal=clustername="$CLUSTERNAME" --from-literal=clusterid=$CLUSTERID --from-literal=dt_api_token="$DTTOKEN"
kubectl label namespace default oneagent=false
kubectl apply -f opentelemetry/rbac.yaml
kubectl apply -f opentelemetry/openTelemetry-manifest_ds.yaml
kubectl apply -f opentelemetry/openTelemetry-manifest_statefulset.yaml
kubectl create ns otel-demo
kubectl label namespace otel-demo oneagent=false
kubectl apply -f opentelemetry/deploy_1_12.yaml -n otel-demo
kubectl apply -f opentelemetry/rbac_kubes.yaml -n kube-system
kubectl apply -f opentelemetry/openTelemetry-manifest_deplo_system.yaml -n kube-system
# install the policiies
# Install configuration CRD
kubectl apply -f https://github.com/kubescape/cel-admission-library/releases/latest/download/policy-configuration-definition.yaml
# Install basic configuration
kubectl apply -f https://github.com/kubescape/cel-admission-library/releases/latest/download/basic-control-configuration.yaml
# Install policies
kubectl apply -f https://github.com/kubescape/cel-admission-library/releases/latest/download/kubescape-validating-admission-policies.yaml
#create unguard
kubectl create ns unguard
kubectl label namespace unguard policy=enforced
#deploy policy
kubectl apply -f admission-controller/validationexample.yaml
kubectl apply -f admission-controller/validationpolicybinding.yaml
# deploy ungard
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install unguard-mariadb bitnami/mariadb --version 11.5.7 --set primary.persistence.enabled=false --wait --namespace unguard
helm install unguard oci://ghcr.io/dynatrace-oss/unguard/chart/unguard --wait --namespace unguard --create-namespace
kubectl apply -f test/cronjob.yaml