diff --git a/release/start-secured-cluster/start-secured-cluster-4.11plus.sh b/release/start-secured-cluster/start-secured-cluster-4.11plus.sh new file mode 100755 index 0000000..cdadfce --- /dev/null +++ b/release/start-secured-cluster/start-secured-cluster-4.11plus.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +set -eou pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + +"${STACKROX_DIR}/deploy/k8s/sensor.sh" +kubectl -n stackrox create secret generic access-rhacs \ + --from-literal="username=${ROX_ADMIN_USERNAME}" \ + --from-literal="password=${ROX_ADMIN_PASSWORD}" \ + --from-literal="central_url=${CLUSTER_API_ENDPOINT}" + +# Create the collector-config ConfigMap in order to enable external IPs +kubectl create -f "${SCRIPT_DIR}/collector-config.yaml" + +echo "Deploying Monitoring..." +monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml" + +helm_args=( + --set persistence.type="${STORAGE}" + --set exposure.type="${MONITORING_LOAD_BALANCER}" + --set resources.requests.memory="8Gi" + --set resources.limits.memory="8Gi" + --set-json 'metricRelabelConfigs=[{"source_labels":["container"],"regex":"berserker","action":"drop"},{"source_labels":["namespace"],"regex":"berserker-.*","action":"drop"}]' +) + +helm dependency update "${COMMON_DIR}/../charts/monitoring" +envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" +helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}" +rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" diff --git a/release/start-secured-cluster/start-secured-cluster-pre4.11.sh b/release/start-secured-cluster/start-secured-cluster-pre4.11.sh new file mode 100755 index 0000000..a242687 --- /dev/null +++ b/release/start-secured-cluster/start-secured-cluster-pre4.11.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +set -eou pipefail + +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + +"${STACKROX_DIR}/deploy/k8s/sensor.sh" +kubectl -n stackrox create secret generic access-rhacs \ + --from-literal="username=${ROX_ADMIN_USERNAME}" \ + --from-literal="password=${ROX_ADMIN_PASSWORD}" \ + --from-literal="central_url=${CLUSTER_API_ENDPOINT}" + +# Create the collector-config ConfigMap in order to enable external IPs +kubectl create -f "${SCRIPT_DIR}/collector-config.yaml" + +echo "Deploying Monitoring..." +monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml" +yq -i '.resources.requests.memory = "8Gi"' "$monitoring_values_file" +yq -i '.resources.limits.memory = "8Gi"' "$monitoring_values_file" + +helm_args=( + --set persistence.type="${STORAGE}" + --set exposure.type="${MONITORING_LOAD_BALANCER}" +) + +helm dependency update "${COMMON_DIR}/../charts/monitoring" +envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" +helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}" +rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" + +# Replace the prometheus ConfigMap with one that doesn't scrape as much info from berserker containers +kubectl -n stackrox delete configmap prometheus +kubectl create -f "${SCRIPT_DIR}"/prometheus.yaml diff --git a/release/start-secured-cluster/start-secured-cluster.sh b/release/start-secured-cluster/start-secured-cluster.sh index a242687..bee3af6 100755 --- a/release/start-secured-cluster/start-secured-cluster.sh +++ b/release/start-secured-cluster/start-secured-cluster.sh @@ -3,30 +3,15 @@ set -eou pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" -"${STACKROX_DIR}/deploy/k8s/sensor.sh" -kubectl -n stackrox create secret generic access-rhacs \ - --from-literal="username=${ROX_ADMIN_USERNAME}" \ - --from-literal="password=${ROX_ADMIN_PASSWORD}" \ - --from-literal="central_url=${CLUSTER_API_ENDPOINT}" +# Extract version from MAIN_IMAGE_TAG (e.g., "4.11.0-rc.2" -> "4.11") +version_major_minor=$(echo "${MAIN_IMAGE_TAG}" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/') -# Create the collector-config ConfigMap in order to enable external IPs -kubectl create -f "${SCRIPT_DIR}/collector-config.yaml" - -echo "Deploying Monitoring..." -monitoring_values_file="${COMMON_DIR}/../charts/monitoring/values.yaml" -yq -i '.resources.requests.memory = "8Gi"' "$monitoring_values_file" -yq -i '.resources.limits.memory = "8Gi"' "$monitoring_values_file" - -helm_args=( - --set persistence.type="${STORAGE}" - --set exposure.type="${MONITORING_LOAD_BALANCER}" -) - -helm dependency update "${COMMON_DIR}/../charts/monitoring" -envsubst < "$monitoring_values_file" > "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" -helm upgrade -n stackrox --install --create-namespace stackrox-monitoring "${COMMON_DIR}/../charts/monitoring" --values "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" "${helm_args[@]}" -rm "${COMMON_DIR}/../charts/monitoring/values_substituted.yaml" - -# Replace the prometheus ConfigMap with one that doesn't scrape as much info from berserker containers -kubectl -n stackrox delete configmap prometheus -kubectl create -f "${SCRIPT_DIR}"/prometheus.yaml +# Compare version to determine which script to use +# Use bc for floating point comparison +if (( $(echo "$version_major_minor >= 4.11" | bc -l) )); then + echo "Using ACS 4.11+ secured cluster setup (version: ${version_major_minor})" + exec "${SCRIPT_DIR}/start-secured-cluster-4.11plus.sh" +else + echo "Using ACS pre-4.11 secured cluster setup (version: ${version_major_minor})" + exec "${SCRIPT_DIR}/start-secured-cluster-pre4.11.sh" +fi