feat: install required software packages for CD pipeline

Added packages for Helm, Kubectl, GCloud CLI and GKE Auth Plugin Fixes issue #28
csye7125-fall2023-group05 · Nov 21, 2023 · f3a5e89 · f3a5e89
1 parent 2e01d47
commit f3a5e89
Show file tree

Hide file tree

Showing 2 changed files with 117 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -338,6 +338,7 @@ Once the setup is configured, we need to connect to the bastion host in order to
 - Install the google `gke-cloud-auth-plugin` locally:
 
 ```bash
+# assuming you already have the gcloud-sdk installed:
 gcloud components install gke-gcloud-auth-plugin
 ```
 
@@ -367,3 +368,65 @@ export HTTPS_PROXY=localhost:8888
 kubectl get all
 kubectl get ns
 ```
+
+### [Kubectl Auth in GKE v1.26](https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke)
+
+Following the latest changes to the standard GKE cluster, kubectl authentication has changes in GKE v1.26, starting which, users will have to install a new kubectl plugin called **"gke-gcloud-auth-plugin"**.
+
+Existing versions of kubectl and custom Kubernetes clients contain provider-specific code to manage authentication between the client and Google Kubernetes Engine. Starting with v1.26, this code will no longer be included as part of the OSS kubectl. GKE users will need to download and use a separate authentication plugin to generate GKE-specific tokens. This new binary, `gke-gcloud-auth-plugin`, uses the [Kubernetes Client-go Credential Plugin](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins) mechanism to extend kubectl’s authentication to support GKE. Because plugins are already supported by kubectl, you can switch to the new mechanism now, before v1.26 becomes available.
+
+Below are the installation instructions and technical details of this new binary.
+
+### Kubectl authentication plugin installation instructions
+
+You will need to install the gke-gcloud-auth-plugin binary on all systems where kubectl or Kubernetes custom clients are used.
+
+#### Install using "apt-get install" for DEB based systems
+
+> **NOTE**: Customers using `apt-get install` may need to set up [Google Cloud-Sdk repository source](https://cloud.google.com/sdk/docs/install#deb), if not already set for other [CLOUD-SDK component installations](https://cloud.google.com/sdk/docs/components#external_package_managers).
+
+- Before installing the kubectl auth plugin, make sure that your operating system meets the following requirements:
+
+```bash
+# make sure the Ubuntu/Debian image has not reached it's end of life.
+# recently updated packages
+sudo apt-get update -y
+# make sure`apt-transport-https` and `sudo` are installed
+sudo apt-get install apt-transport-https ca-certificates gnupg curl sudo -y
+```
+
+- Install the Google Cloud-Sdk repository soource:
+
+```bash
+# For newer distributions (Debian 9+ or Ubuntu 18.04+) run the following command:
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo \
+  gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
+
+# For older distributions, run the following command:
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo \
+  apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
+
+# If your distribution's apt-key command doesn't support the --keyring argument, run the following command:
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
+```
+
+- Add the gcloud CLI distribution URI as a package source
+
+```bash
+# For newer distributions (Debian 9+ or Ubuntu 18.04+), run the following command
+echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo \
+  tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+
+# For older distributions that don't support the signed-by option, run the following command:
+echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | sudo \
+  tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+```
+
+> **NOTE**: Make sure you don't have duplicate entries for the **cloud-sdk** repo in **/etc/apt/sources.list.d/google-cloud-sdk.list**.
+
+- Finally, run the following command to install the plugin:
+
+```bash
+sudo apt-get update -y
+sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin -y
+```
diff --git a/modules/bastion/startup.sh b/modules/bastion/startup.sh
@@ -1,19 +1,56 @@
 #!/bin/bash
 
-sudo apt-get update -y
-curl -LO https://dl.k8s.io/release/v1.28.3/bin/linux/amd64/kubectl
-echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check
-
-sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
-chmod +x kubectl
-mkdir -p ~/.local/bin
-mv ./kubectl ~/.local/bin/kubectl
-kubectl version --client
-
-curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
-chmod 700 get_helm.sh
-./get_helm.sh
-helm version
-
-sudo apt-get update -y
-sudo apt-get install tinyproxy -y
+# Kubectl Setup: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+echo "|                                                                                                                                         |"
+echo "|                                                             INSTALL KUBECTL                                                             |"
+echo "|                                                                                                                                         |"
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+
+sudo apt-get update
+curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key |
+  sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list
+echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' |
+  sudo tee /etc/apt/sources.list.d/kubernetes.list
+sudo apt-get update && sudo apt-get install kubectl -y
+
+# Helm Setup: https://helm.sh/docs/intro/install/#from-apt-debianubuntu
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+echo "|                                                                                                                                         |"
+echo "|                                                              INSTALL HELM                                                               |"
+echo "|                                                                                                                                         |"
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+
+sudo apt-get update
+curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg >/dev/null
+sudo apt-get install apt-transport-https -y
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" |
+  sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
+sudo apt-get update && sudo apt-get install helm -y
+
+# GCloud Setup: https://cloud.google.com/sdk/docs/install#deb
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+echo "|                                                                                                                                         |"
+echo "|                                                         INSTALL GCLOUD PLUGINS                                                          |"
+echo "|                                                                                                                                         |"
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+
+sudo apt-get update
+sudo apt-get install apt-transport-https ca-certificates gnupg curl sudo -y
+curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
+echo \
+  "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" |
+  sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+sudo apt-get update
+sudo apt-get install google-cloud-cli -y
+sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin -y
+
+# Install tinyproxy for tunneling
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+echo "|                                                                                                                                         |"
+echo "|                                                            INSTALL TINYPROXY                                                            |"
+echo "|                                                                                                                                         |"
+echo "+-----------------------------------------------------------------------------------------------------------------------------------------+"
+
+sudo apt-get update && sudo apt-get install tinyproxy -y