-
Notifications
You must be signed in to change notification settings - Fork 10
/
gke-cluster
executable file
·62 lines (51 loc) · 1.75 KB
/
gke-cluster
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
set -eo pipefail
# validation
gcloud=$(which gcloud) || ( echo "gcloud not found" && exit 1 )
if [[ -z "${PROJECT_ID}" ]]; then
echo "PROJECT_ID not set, 'export PROJECT_ID=YOUR-PROJECT'"
exit 1
fi;
if [[ -z "${REGION}" ]]; then
echo "REGION not set, 'export REGION=us-west1'"
exit 1
fi;
ACCOUNT=$(gcloud auth list --filter=status:ACTIVE --format="value(account)")
if [[ -z "${ACCOUNT}" ]]; then
echo "Run 'gcloud auth login' to authenticate on GCP before running this script."
exit 1
fi;
# cluster variables
export CLUSTER_NAME="s3cme"
export CLUSTER_NODE_MACHINE_TYPE="e2-medium"
export CLUSTER_RELEASE_CHANNEL="rapid"
export CLUSTER_SIZE="3"
export CLUSTER_ZONE="${REGION}-c"
# cluster creation
gcloud beta container clusters create $CLUSTER_NAME \
--project $PROJECT_ID \
--zone $CLUSTER_ZONE \
--release-channel $CLUSTER_RELEASE_CHANNEL \
--machine-type $CLUSTER_NODE_MACHINE_TYPE \
--metadata disable-legacy-endpoints=true \
--scopes "https://www.googleapis.com/auth/cloud-platform" \
--num-nodes $CLUSTER_SIZE \
--logging=SYSTEM,WORKLOAD \
--monitoring=SYSTEM \
--enable-autoupgrade \
--enable-autorepair \
--addons HorizontalPodAutoscaling,HttpLoadBalancing,GcePersistentDiskCsiDriver \
--labels "demo=s3cme,env=dev"
# cluster status
gcloud container clusters list \
--filter="resourceLabels.demo:s3cme" \
--project $PROJECT_ID
# cluster credentials
gcloud container clusters get-credentials $CLUSTER_NAME \
--project $PROJECT_ID \
--zone $CLUSTER_ZONE
# policy-controller
helm repo add sigstore https://sigstore.github.io/helm-charts
helm repo update
kubectl create namespace cosign-system
helm install policy-controller -n cosign-system sigstore/policy-controller --devel