diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d398e4581c33b5750f34c50121dcf609c83d1bbf..c19f46fb1ff442fe715c6bb744ac6b8fee81d7f1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -175,15 +175,11 @@ release_version: stage: release script: - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab-registry.mpcdf.mpg.de - - docker pull $TEST_IMAGE - - docker tag $TEST_IMAGE $LATEST_IMAGE - - docker push $LATEST_IMAGE - - docker tag $TEST_IMAGE $RELEASE_IMAGE + - docker pull $LATEST_IMAGE + - docker tag $LATEST_IMAGE $RELEASE_IMAGE - docker push $RELEASE_IMAGE - - docker pull $FRONTEND_TEST_IMAGE - - docker tag $FRONTEND_TEST_IMAGE $FRONTEND_LATEST_IMAGE - - docker push $FRONTEND_LATEST_IMAGE - - docker tag $FRONTEND_TEST_IMAGE $FRONTEND_RELEASE_IMAGE + - docker pull $FRONTEND_LATEST_IMAGE + - docker tag $FRONTEND_LATEST_IMAGE $FRONTEND_RELEASE_IMAGE - docker push $FRONTEND_RELEASE_IMAGE only: - tags diff --git a/ops/scripts/kubernetes_install_master.sh b/ops/scripts/kubernetes_install_master.sh new file mode 100644 index 0000000000000000000000000000000000000000..c0e89781ef6874af66e28433e6e8c970bbc7f583 --- /dev/null +++ b/ops/scripts/kubernetes_install_master.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +# add yum repo +cat <<EOF > /etc/yum.repos.d/kubernetes.repo +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=1 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +exclude=kube* +EOF + +# delete old +yum erase -y kubelet kubeadm kubectl --disableexcludes=kubernetes + +# Set SELinux in permissive mode (effectively disabling it) +setenforce 0 +sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config + +yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes + +systemctl enable --now kubelet + +# firewall +firewall-cmd --permanent --add-port=6443/tcp +firewall-cmd --permanent --add-port=2379-2380/tcp +firewall-cmd --permanent --add-port=10250/tcp +firewall-cmd --permanent --add-port=10251/tcp +firewall-cmd --permanent --add-port=10252/tcp +firewall-cmd --permanent --add-port=10255/tcp +firewall-cmd --permanent --add-port=8285/udp +firewall-cmd --permanent --add-port=8472/udp +firewall-cmd --reload +modprobe br_netfilter + +# routing +cat <<EOF > /etc/sysctl.d/k8s.conf +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 +EOF +sysctl --system + +# start it up +systemctl daemon-reload +systemctl restart kubelet + +echo "Still have to use kubeadm init/join" \ No newline at end of file diff --git a/ops/scripts/services_firewall.sh b/ops/scripts/services_firewall.sh new file mode 100644 index 0000000000000000000000000000000000000000..63f7ce90224384c2ed3419caecbc7add090d9055 --- /dev/null +++ b/ops/scripts/services_firewall.sh @@ -0,0 +1,22 @@ +# rabbit +firewall-cmd --permanent --add-port=5672/tcp + +# mongo +firewall-cmd --permanent --add-port=27017/tcp +firewall-cmd --permanent --add-port=37017/tcp + +# raw api +firewall-cmd --permanent --add-port=18001/tcp + +# es +firewall-cmd --permanent --add-port=19200/tcp + +# postgres +firewall-cmd --permanent --add-port=5432/tcp + +# elk +firewall-cmd --permanent --add-port=29200/tcp +firewall-cmd --permanent --add-port=15601/tcp +firewall-cmd --permanent --add-port=15000/tcp + +firewall-cmd --reload \ No newline at end of file