-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-cockroach.sh
136 lines (107 loc) · 3.36 KB
/
setup-cockroach.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/env bash
# Create certificates to secure communication between CockroachDB nodes.
# Note that while Linkerd will provide a secure channel between pods, unless
# CockroachDB nodes are created in secure mode (i.e. without the --insecure flag)
# password authentication won't be available for uses.
set -x
kubectl create namespace cockroachdb --context eu-central
kubectl create namespace cockroachdb --context us-east
kubectl create namespace cockroachdb --context us-west
rm -rf certs my-safe-directory
mkdir certs my-safe-directory
cockroach cert create-ca \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
cockroach cert create-client \
root \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
# These are writing secrets into the K8s cluster, rather than
# into the local filesystem.
kubectl create secret \
generic cockroachdb.client.root \
--from-file=certs \
--context eu-central \
--namespace cockroachdb
kubectl create secret \
generic cockroachdb.client.root \
--from-file=certs \
--context us-east \
--namespace cockroachdb
kubectl create secret \
generic cockroachdb.client.root \
--from-file=certs \
--context us-west \
--namespace cockroachdb
cockroach cert create-node \
localhost 127.0.0.1 \
cockroachdb-0-eu-central \
cockroachdb-1-eu-central \
cockroachdb-2-eu-central \
cockroachdb-public \
cockroachdb-public.eu-central \
cockroachdb-public.eu-central.svc.eu-central \
"*.cockroachdb" \
"*.cockroachdb.eu-central" \
"*.cockroachdb.eu-central.svc.eu-central" \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
kubectl create secret \
generic cockroachdb.node \
--from-file=certs \
--context eu-central \
--namespace cockroachdb
rm certs/node.crt
rm certs/node.key
cockroach cert create-node \
localhost 127.0.0.1 \
cockroachdb-0-us-east \
cockroachdb-1-us-east \
cockroachdb-2-us-east \
cockroachdb-public \
cockroachdb-public.us-east \
cockroachdb-public.us-east.svc.us-east \
"*.cockroachdb" \
"*.cockroachdb.us-east" \
"*.cockroachdb.us-east.svc.us-east" \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
kubectl create secret \
generic cockroachdb.node \
--from-file=certs \
--context us-east \
--namespace cockroachdb
rm certs/node.crt
rm certs/node.key
cockroach cert create-node \
localhost 127.0.0.1 \
cockroachdb-0-us-west \
cockroachdb-1-us-west \
cockroachdb-2-us-west \
cockroachdb-public \
cockroachdb-public.us-west \
cockroachdb-public.us-west.svc.us-west \
"*.cockroachdb" \
"*.cockroachdb.us-west" \
"*.cockroachdb.us-west.svc.us-west" \
--certs-dir=certs \
--ca-key=my-safe-directory/ca.key
kubectl create secret \
generic cockroachdb.node \
--from-file=certs \
--context us-west \
--namespace cockroachdb
rm certs/node.crt
rm certs/node.key
linkerd --context eu-central inject the-world/k8s/cockroachdb-eu-central.yaml | \
kubectl apply --context eu-central -f -
linkerd --context us-east inject the-world/k8s/cockroachdb-us-east.yaml | \
kubectl apply --context us-east -f -
linkerd --context us-west inject the-world/k8s/cockroachdb-us-west.yaml | \
kubectl apply --context us-west -f -
# Wait for all the CockroachDB nodes to show one ready Pod...
bash watch.sh 1
# ...initialise CockroachDB...
bash init-cockroachdb.sh
# ...then wait for all the CockroachDB nodes to show two running Pods.
bash watch.sh 2