Merge pull request #50 from arsidada/patch-4

mbreitung · web-flow · commit 12537d3733b3 · 2018-12-07T13:52:25.000-08:00
use default ibm-observe namespace or use one based on flag -ns|--namespace
diff --git a/agent_deploy/IBMCloud-Kubernetes-Service/install-agent-k8s.sh b/agent_deploy/IBMCloud-Kubernetes-Service/install-agent-k8s.sh
@@ -22,7 +22,7 @@ function install_curl_rpm {
 }
 
 function download_yamls {
-    echo "* Downloading Sysdig cluster role yaml"
+	echo "* Downloading Sysdig cluster role yaml"
 	curl -s -o /tmp/sysdig-agent-clusterrole.yaml https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/master/agent_deploy/kubernetes/sysdig-agent-clusterrole.yaml
 	echo "* Downloading Sysdig config map yaml"
 	curl -s -o /tmp/sysdig-agent-configmap.yaml https://raw.githubusercontent.com/draios/sysdig-cloud-scripts/master/agent_deploy/kubernetes/sysdig-agent-configmap.yaml
@@ -38,22 +38,17 @@ function unsupported {
 function help {
 	echo "Usage: $(basename ${0}) -a | --access_key <value> [-t | --tags <value>] [-c | --collector <value>] \ "
 	echo "                [-cp | --collector_port <value>] [-s | --secure <value>] [-cc | --check_certificate] \ "
-	echo "                [-ac | --additional_conf <value>] [-h | --help]"
-	echo "  access_key: Secret access key, as shown in Sysdig Monitor"
-	echo "  tags: List of tags for this host."
-	echo "        The syntax can be a comma-separated list of"
-	echo "        TAG_NAME:TAG_VALUE or a single TAG_VALUE (in which case the tag"
-	echo "        name \"Tag\" is implicitly assumed)."
-	echo "        For example, \"role:webserver,location:europe\", \"role:webserver\""
-	echo "        and \"webserver\" are all valid alternatives."
-	echo "  collector: collector IP for Sysdig Monitor on-premises installation"
-	echo "  collector_port: collector port [default 6666]"
-	echo "  secure: use a secure SSL/TLS connection to send metrics to the collector"
-	echo "          accepted values: true or false [default true]"
-	echo "  check_certificate: disable strong SSL certificate check for Sysdig Monitor on-premises installation"
-	echo "          accepted values: true or false [default true]"
-	echo "  additional_conf: If provided, will be appended to agent configuration file"
-	echo "  help: print this usage and exit"
+	echo "                [-ns | --namespace <value>] [-ac | --additional_conf <value>] [-h | --help]"
+	echo ""
+	echo " -a  : secret access key, as shown in Sysdig Monitor"
+	echo " -t  : list of tags for this host (ie. \"role:webserver,location:europe\", \"role:webserver\" or \"webserver\")"
+	echo " -c  : collector IP for Sysdig Monitor"
+	echo " -cp : collector port [default 6443]"
+	echo " -s  : use a secure SSL/TLS connection to send metrics to the collector (default: true)"
+	echo " -cc : disable strong SSL certificate check (default: true)"
+	echo " -ac : if provided, the additional configuration will be appended to agent configuration file"
+	echo " -ns : If provided, will be the namespace used to deploy the agent. Defaults to ibm-observe"
+	echo " -h  : print this usage and exit"
 	echo
 	exit 1
 }
@@ -66,9 +61,25 @@ function is_valid_value {
 	fi
 }
 
+function create_namespace {
+    fail=0
+    echo "* Creating namespace: $NAMESPACE"
+    out=$(kubectl create namespace $NAMESPACE 2>&1) || { fail=1 && echo "kubectl create namespace failed!"; }
+    if [ $fail -eq 1 ]; then
+        if [[ "$out" =~ "AlreadyExists" ]]; then
+            echo "$out. Continuing..."
+        else
+            echo "$out"
+            exit 1
+        fi
+    fi
+}
+
+
 function create_sysdig_serviceaccount {
     fail=0
-    out=$(kubectl create serviceaccount sysdig-agent 2>&1) || { fail=1 && echo "kubectl create serviceaccount failed!"; }
+    echo "* Creating sysdig-agent serviceaccount in namespace: $NAMESPACE"
+    out=$(kubectl create serviceaccount sysdig-agent --namespace=$NAMESPACE 2>&1) || { fail=1 && echo "kubectl create serviceaccount failed!"; }
     if [ $fail -eq 1 ]; then
         if [[ "$out" =~ "AlreadyExists" ]]; then
             echo "$out. Continuing..."
@@ -83,7 +94,7 @@ function install_k8s_agent {
     echo "* Creating sysdig-agent clusterrole and binding"
     kubectl apply -f /tmp/sysdig-agent-clusterrole.yaml
     fail=0
-    outbinding=$(kubectl create clusterrolebinding sysdig-agent --clusterrole=sysdig-agent --serviceaccount=default:sysdig-agent 2>&1) || { fail=1 && echo "kubectl create serviceaccount failed!"; }
+    outbinding=$(kubectl create clusterrolebinding sysdig-agent --clusterrole=sysdig-agent --serviceaccount=$NAMESPACE:sysdig-agent --namespace=$NAMESPACE 2>&1) || { fail=1 && echo "kubectl create clusterrolebinding failed!"; }
     if [ $fail -eq 1 ]; then
         if [[ "$outbinding" =~ "AlreadyExists" ]]; then
             echo "$outbinding. Continuing..."
@@ -95,12 +106,12 @@ function install_k8s_agent {
 
     echo "* Creating sysdig-agent secret using the ACCESS_KEY provided"
     fail=0
-    outsecret=$(kubectl create secret generic sysdig-agent --from-literal=access-key=$ACCESS_KEY 2>&1) || { fail=1 && echo "kubectl create serviceaccount failed!"; }
+    outsecret=$(kubectl create secret generic sysdig-agent --from-literal=access-key=$ACCESS_KEY --namespace=$NAMESPACE 2>&1) || { fail=1 && echo "kubectl create secret failed!"; }
     if [ $fail -eq 1 ]; then
         if [[ "$outsecret" =~ "AlreadyExists" ]]; then
             echo "$outsecret. Re-creating secret..."
-            kubectl delete secrets sysdig-agent 2>&1
-            kubectl create secret generic sysdig-agent --from-literal=access-key=$ACCESS_KEY 2>&1
+            kubectl delete secrets sysdig-agent --namespace=$NAMESPACE 2>&1
+            kubectl create secret generic sysdig-agent --from-literal=access-key=$ACCESS_KEY --namespace=$NAMESPACE 2>&1
         else
             echo "$outsecret"
             exit 1
@@ -167,17 +178,21 @@ function install_k8s_agent {
     sed -i -e "s|# serviceAccount: sysdig-agent|serviceAccount: sysdig-agent|" /tmp/sysdig-agent-daemonset-v2.yaml
 
     echo -e "    new_k8s: true" >> $CONFIG_FILE
-    kubectl apply -f $CONFIG_FILE
+    kubectl apply -f $CONFIG_FILE --namespace=$NAMESPACE
 
     echo "* Deploying the sysdig agent"
-    kubectl apply -f /tmp/sysdig-agent-daemonset-v2.yaml
+    kubectl apply -f /tmp/sysdig-agent-daemonset-v2.yaml --namespace=$NAMESPACE
 }
 
 if [[ ${#} -eq 0 ]]; then
 	echo "ERROR: Sysdig Access Key & Collector are mandatory, use -h | --help for $(basename ${0}) Usage"
 	exit 1
 fi
 
+# Setting the default value for NAMESPACE to be ibm-observe
+# Will be over-ridden if the -ns|--namespace flag is provided
+NAMESPACE="ibm-observe"
+
 while [[ ${#} > 0 ]]
 do
 key="${1}"
@@ -237,6 +252,15 @@ case ${key} in
         fi
         shift
         ;;
+    -ns|--namespace)
+        if is_valid_value "${2}"; then
+            NAMESPACE="${2}"
+        else
+            echo "ERROR: no value provided for namespace, use -h | --help for $(basename ${0}) Usage"
+            exit 1
+        fi
+        shift
+        ;;
     -ac|--additional_conf)
         if is_valid_value "${2}"; then
             ADDITIONAL_CONF="${2}"
@@ -366,5 +390,6 @@ else
 fi
 
 download_yamls
+create_namespace
 create_sysdig_serviceaccount
 install_k8s_agent
