functions/SoftwareInstall/SetupOnPremLoadBalancer.ps1

<#
.SYNOPSIS
SetupOnPremLoadBalancer
 
.DESCRIPTION
SetupOnPremLoadBalancer
 
.INPUTS
SetupOnPremLoadBalancer - The name of SetupOnPremLoadBalancer
 
.OUTPUTS
None
 
.EXAMPLE
SetupOnPremLoadBalancer
 
.EXAMPLE
SetupOnPremLoadBalancer
 
 
#>

function SetupOnPremLoadBalancer()
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $baseUrl
    )

    Write-Verbose 'SetupOnPremLoadBalancer: Starting'

    [hashtable]$Return = @{}

    WriteToConsole "deleting any old resources"
    # enable running pods on master
    # kubectl taint node mymasternode node-role.kubernetes.io/master:NoSchedule
    Write-Host "deleting existing resources with label traefik"
    kubectl delete 'pods,services,configMaps,deployments,ingress' -l k8s-traefik=traefik -n kube-system --ignore-not-found=true

    Write-Host "deleting existing service account for traefik"
    kubectl delete ServiceAccount traefik-ingress-controller-serviceaccount -n kube-system --ignore-not-found=true

    AskForSecretValue -secretname "customerid" -prompt "Customer ID "
    Write-Host "reading secret from kubernetes"
    $customerid = $(ReadSecretValue -secretname "customerid" -namespace "default")

    $fullhostname = $(hostname --fqdn)
    Write-Host "Full host name of current machine: $fullhostname"
    AskForSecretValue -secretname "dnshostname" -prompt "DNS name used to connect to the master VM (leave empty to use $fullhostname)" -namespace "default" -defaultvalue $fullhostname
    $dnsrecordname = $(ReadSecretValue -secretname "dnshostname" -namespace "default")

    $sslsecret = $(kubectl get secret traefik-cert-ahmn -n kube-system --ignore-not-found=true)

    if (!$sslsecret) {
        $certfolder = Read-Host -Prompt "Location of SSL cert files (tls.crt and tls.key): (leave empty to generate self-signed certificates)"

        if (!$certfolder) {
            Write-Host "Generating self-signed SSL certificate"
            sudo yum -y install openssl
            $u = "$(whoami)"
            $certfolder = "/opt/healthcatalyst/certs"
            Write-Host "Creating folder: $certfolder and giving access to $u"
            sudo mkdir -p "$certfolder"
            sudo setfacl -m u:$u:rwx "$certfolder"
            rm -rf "$certfolder/*"
            cd "$certfolder"
            # https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
            Write-Host "Generating CA cert"
            sudo openssl genrsa -out rootCA.key 2048
            sudo openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -subj /CN=HCKubernetes/O=HealthCatalyst/ -out rootCA.crt
            Write-Host "Generating certificate for $dnsrecordname"
            sudo openssl genrsa -out tls.key 2048
            sudo openssl req -new -key tls.key -subj /CN=$dnsrecordname/O=HealthCatalyst/ -out tls.csr
            sudo openssl x509 -req -in tls.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out tls.crt -days 3650 -sha256
            sudo cp tls.crt tls.pem
            cd "~"
        }

        ls -al "$certfolder"

        Write-Host "Deleting any old TLS certs"
        kubectl delete secret traefik-cert-ahmn -n kube-system --ignore-not-found=true

        Write-Host "Storing TLS certs as kubernetes secret"
        kubectl create secret generic traefik-cert-ahmn -n kube-system --from-file="$certfolder/tls.crt" --from-file="$certfolder/tls.key"

        kubectl create secret tls my-ssl-cert -n kube-system --key "$certfolder/tls.key" --cert "$certfolder/tls.crt"
    }

    $ingressInternalType = "public"
    $ingressExternalType = "onprem"
    $externalIp = ""
    $internalIp = ""

    # LoadLoadBalancerStack -baseUrl $baseUrl -ssl 1 -customerid $customerid `
    # -ingressInternalType $ingressInternalType -ingressExternalType $ingressExternalType `
    # -isOnPrem $true `
    # -externalSubnetName "" -externalIp "$externalIp" `
    # -internalSubnetName "" -internalIp "$internalIp" `
    # -local $False

    Write-Host "installing helm"
    curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh
    chmod 700 get_helm.sh
    ./get_helm.sh

    InitHelm

    [string] $package = "nginx"
    [string] $packageInternal = "nginx-internal"
    [string] $ngniximageTag = "0.20.0"

    Write-Output "Removing old deployment"
    helm del --purge $package
    helm del --purge $packageInternal

    Start-Sleep -Seconds 5

    # nginx configuration: https://github.com/helm/charts/tree/master/stable/nginx-ingress#configuration

    Write-Verbose "Installing the public nginx load balancer"
    helm install stable/nginx-ingress `
        --namespace "kube-system" `
        --name "$package" `
        --set controller.service.type="ClusterIP" `
        --set controller.hostNetwork=true `
        --set controller.image.tag="$ngniximageTag" `
        --set controller.extraArgs.default-ssl-certificate="kube-system/foo-tls" `
        --debug `
        --wait

    # setting values in helm: https://github.com/helm/helm/blob/master/docs/chart_best_practices/values.md
    # and https://github.com/helm/helm/blob/master/docs/using_helm.md
    # use "helm inspect values" to see values

    # Write-Verbose "Installing the internal nginx load balancer"
    # # NOTE: helm cannot handle spaces before or after "=" in --set command
    # helm install stable/nginx-ingress `
    # --namespace "kube-system" `
    # --name "$packageInternal" `
    # --set controller.service.type="ClusterIP" `
    # --set controller.hostNetwork=true `
    # --set controller.image.tag="$ngniximageTag"

        Write-Verbose 'SetupOnPremLoadBalancer: Done'

        return $Return
}

Export-ModuleMember -Function 'SetupOnPremLoadBalancer'