Created
October 3, 2016 23:44
-
-
Save ryanschwartz/2644ea33ea95b9b417d4cb0954ce3521 to your computer and use it in GitHub Desktop.
Creates a http/https load balancer in GCE using provided parameters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # sourced from https://gist.github.com/bprashanth/3827059fc46cba4ffbe1651ee3e9a78f#gistcomment-1828832 | |
| show_usage() { | |
| echo "" | |
| echo -e "Usage: $0 balancer-name \"ig1,ig1_zone;ig2,ig2_zone[;ig3...]\" project static-ip hc-path port certname" | |
| echo "" | |
| echo "List manage instance groups: gcloud compute instance-groups managed list" | |
| echo "List project global IPs: gcloud compute addresses list --global --project $PROJECT" | |
| echo "Reserve a new IP: gcloud compute addresses create <name> --global --project $PROJECT" | |
| echo "List certificates: gcloud compute ssl-certificates list" | |
| } | |
| function check_jq { | |
| which jq 2>&1 > /dev/null | |
| local havejq=$? | |
| if [ $havejq -ne 0 ]; then | |
| echo | |
| echo "===============================================================" | |
| echo "jq required but not found - please install jq (brew install jq)" | |
| echo "===============================================================" | |
| echo | |
| exit 1 | |
| fi | |
| } | |
| if [ $# -ne 7 ] | |
| then | |
| show_usage | |
| exit 1 | |
| fi | |
| # Name of the app as "app-env, i.e. blm-dev, blm-qa" | |
| APP=$1 | |
| # The instance group(s) of the associated GKE cluster | |
| IGS=$2 | |
| # project of GKE cluster | |
| PROJECT=$3 | |
| # This static ip must already exist. It's used to create the forwarding rule. | |
| STATIC_IP=$4 | |
| # This path must serve a 200 on </path> for UA (GoogleHC/1.0) | |
| HEALTH_CHECK_PATH=$5 | |
| # NodePort of the Kubernetes service. | |
| # kubectl get svc ${SVC} -o yaml | grep -i nodeport | |
| # or | |
| # kubectl get svc ${SVC} --template='{{range $i, $n := .spec.ports}}{{$n.nodePort}} {{end}}' | |
| SVC_NODE_PORT=$6 | |
| # This certificate must already exist. | |
| CERTNAME=$7 | |
| #function join_by { local IFS="$1"; shift; echo "$*"; } | |
| #dink=$(join_by , "${pairs[@]}") | |
| #echo $dink | |
| #exit | |
| function debug { | |
| echo | |
| echo APP is $APP | |
| echo IGS is $IGS | |
| echo PROJECT is $PROJECT | |
| echo STATIC_IP is $STATIC_IP | |
| echo HEALTH_CHECK_PATH is $HEALTH_CHECK_PATH | |
| echo SVC_NODE_PORT is $SVC_NODE_PORT | |
| echo CERTNAME is $CERTNAME | |
| echo | |
| } | |
| # uncomment this to print variables | |
| #debug | |
| IFS=';' read -ra K8S_MIGS <<< "$IGS" | |
| declare K8S_MIGS[] | |
| function createl7 { | |
| echo "# Create the firewall rule to allow health check traffic from LB pool" | |
| echo gcloud compute --project $PROJECT firewall-rules create allow-l7-$1 --source-ranges 130.211.0.0/22 --allow tcp:$1 | |
| echo | |
| for IG in ${K8S_MIGS[@]}; do | |
| IFS=',' read -ra PAIR <<< "$IG" | |
| echo "# Append the named port ($APP-$1) on ${PAIR[0]}" | |
| declare -a pairs | |
| read -ra pairs <<< $(gcloud compute instance-groups get-named-ports ${PAIR[0]} --zone ${PAIR[1]} --format json | jq -j '.[] | "\(.name):\(.port),"') | |
| echo gcloud compute --project $PROJECT instance-groups set-named-ports ${PAIR[0]} --zone ${PAIR[1]} --named-ports ${pairs}$APP-$1:$1 | |
| echo | |
| done | |
| echo "# Create the health check" | |
| echo gcloud compute --project $PROJECT http-health-checks create "$APP-hc-$1" --port $1 --request-path "$HEALTH_CHECK_PATH" | |
| echo | |
| echo "# Create the backend service, using health check $APP-hc-$1" | |
| echo gcloud compute --project $PROJECT backend-services create "$APP-be-$1" --port-name $APP-$1 --protocol "HTTP" --http-health-checks "$APP-hc-$1" | |
| echo | |
| for IG in ${K8S_MIGS[@]}; do | |
| IFS=',' read -ra BE <<< "$IG" | |
| echo "# Add the instance group \"${BE[0]}\" in ${BE[1]} to the backend service" | |
| echo gcloud compute --project $PROJECT backend-services add-backend "$APP-be-$1" --instance-group-zone ${BE[1]} --balancing-mode "UTILIZATION" --instance-group ${BE[0]} | |
| echo | |
| done | |
| echo "# Create the url map" | |
| echo gcloud compute --project $PROJECT url-maps create "$APP-lb" --default-service "$APP-be-$1" | |
| echo | |
| echo "# Create the http proxy" | |
| echo gcloud compute --project $PROJECT target-http-proxies create "$APP-$1-http" --url-map "$APP-lb" | |
| echo | |
| echo "# Create the https proxy" | |
| echo gcloud compute --project $PROJECT target-https-proxies create "$APP-$1-https" --ssl-certificate $CERTNAME --url-map "$APP-lb" | |
| echo | |
| echo "# Create the http forwarding rule" | |
| echo gcloud compute forwarding-rules create $APP-$1-http --target-http-proxy=$APP-$1-http --address $STATIC_IP --ports=80 --global | |
| echo | |
| echo "# Create the https forwarding rule" | |
| echo gcloud compute forwarding-rules create $APP-$1-https --target-https-proxy=$APP-$1-https --address $STATIC_IP --ports=443 --global | |
| echo | |
| } | |
| check_jq | |
| createl7 $SVC_NODE_PORT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment