obch/deploy

97 lines
3.4 KiB
Plaintext
Raw Normal View History

2024-01-07 20:03:28 +00:00
#!/usr/bin/env bash
#
# Deploy app to k8s using fluxcd
#
2024-01-10 22:36:10 +00:00
set -o pipefail
2024-01-07 20:03:28 +00:00
DEPLOY_MODE="flux"
readonly DEPLOY_MODE
APP_NAMESPACE="app"
readonly APP_NAMESPACE
2024-01-10 22:40:48 +00:00
SECSCAN_NAMESPACE="security-scan"
readonly SECSCAN_NAMESPACE
2024-01-08 16:34:45 +00:00
MONITORING_NAMESPACE="monitoring"
readonly MONITORING_NAMESPACE
PGSQLHA_CHART_VERSION="12.3.7"
readonly PGSQLHA_CHART_VERSION
2024-01-07 20:03:28 +00:00
PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"
readonly PGSQLHA_OCI_URL
2024-01-08 16:34:45 +00:00
GTFSO_IMPORT_CHART_VERSION="0.1.0"
readonly GTFSO_IMPORT_CHART_VERSION
GTFSO_VBB_CHART_VERSION="0.1.0"
readonly GTFSO_VBB_CHART_VERSION
2024-01-10 22:36:10 +00:00
PROM_STACK_CHART_VERSION="55.7.0"
readonly PROM_STACK_CHART_VERSION
2024-01-10 22:40:48 +00:00
TRIVY_CHART_VERSION="0.18.4"
readonly TRIVY_CHART_VERSION
2024-01-08 16:34:45 +00:00
# Create namespaces
2024-01-07 20:03:28 +00:00
kubectl create namespace "${APP_NAMESPACE}"
2024-01-08 16:34:45 +00:00
kubectl create namespace "${MONITORING_NAMESPACE}"
2024-01-10 22:40:48 +00:00
kubectl create namespace "${SECSCAN_NAMESPACE}"
2024-01-07 20:03:28 +00:00
2024-01-08 16:34:45 +00:00
# Add Deployments / Helm Charts either via fluxcd or Helm
2024-01-07 20:03:28 +00:00
if [ "flux" == $DEPLOY_MODE ]; then
# Add Helm Charts via Flux HelmRelease CRD
printf "Using flux to create HelmRelease\n"
2024-01-10 22:36:10 +00:00
# App
# Add a git repository as source for Helm Charts
./flux create source git e2m \
--url=https://git.e2m.io/mue/obch \
--branch dev \
--namespace "${APP_NAMESPACE}"
# Add a Helm OCI repository as source for Helm Charts
./flux create source helm bitnami \
--url=oci://registry-1.docker.io/bitnamicharts \
--namespace "${APP_NAMESPACE}"
2024-01-07 20:03:28 +00:00
./flux create helmrelease pgsql-ha \
--chart postgresql-ha \
2024-01-08 16:34:45 +00:00
--chart-version "${PGSQLHA_CHART_VERSION}" \
2024-01-10 22:36:10 +00:00
--source HelmRepository/bitnami \
2024-01-07 20:03:28 +00:00
--namespace "${APP_NAMESPACE}"
2024-01-10 22:36:10 +00:00
./flux create helmrelease gtfso-import \
--chart charts/gtfso-import \
--namespace ${APP_NAMESPACE} \
--source GitRepository/e2m
./flux create helmrelease gtfso-vbb \
--chart charts/gtfso-vbb \
--namespace ${APP_NAMESPACE} \
--source GitRepository/e2m
# Monitoring
./flux create source helm prometheus-community \
--url=https://prometheus-community.github.io/helm-charts \
--namespace "${MONITORING_NAMESPACE}"
./flux create helmrelease prometheus \
--chart kube-prometheus-stack \
--chart-version "${PROM_STACK_CHART_VERSION}" \
--namespace "${MONITORING_NAMESPACE}" \
--source=HelmRepository/prometheus-community
2024-01-10 22:40:48 +00:00
# Vulnerability Scan
./flux create source helm aqua \
--url https://aquasecurity.github.io/helm-charts/ \
--namespace "${SECSCAN_NAMESPACE}"
./flux create helmrelease trivy \
--chart trivy-operator \
--chart-version "${TRIVY_CHART_VERSION}" \
--namespace "${SECSCAN_NAMESPACE}" \
--source=HelmRepository/aqua
2024-01-07 20:03:28 +00:00
elif [ "helm" == $DEPLOY_MODE ]; then
# Add Helm Charts via Helm
2024-01-10 22:36:10 +00:00
printf "Using Helm to install Charts\n"
# App
2024-01-07 20:03:28 +00:00
helm install pgsql-ha "${PGSQLHA_OCI_URL}" \
2024-01-08 16:34:45 +00:00
--version "${PGSQLHA_CHART_VERSION}" \
--namespace "${APP_NAMESPACE}"
helm install gtfso-import charts/gtfso-import \
--version "${GTFSO_IMPORT_CHART_VERSION}" \
--namespace "${APP_NAMESPACE}"
helm install gtfso-vbb charts/gtfso-vbb \
--version "${GTFSO_VBB_CHART_VERSION}" \
2024-01-07 20:03:28 +00:00
--namespace "${APP_NAMESPACE}"
2024-01-10 22:36:10 +00:00
# Monitoring
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack
2024-01-07 20:03:28 +00:00
fi