obch/deploy

#!/usr/bin/env bash
#
# Deploy app to k8s using fluxcd
#

set -o pipefail

# Namespaces
FLUX_MANIFEST_PATH="clusters/dev"
readonly FLUX_MANIFEST_PATH
APP_NAMESPACE="app"
readonly APP_NAMESPACE
SECSCAN_NAMESPACE="security-scan"
readonly SECSCAN_NAMESPACE
MONITORING_NAMESPACE="monitoring"
readonly MONITORING_NAMESPACE
SPINNAKER_NAMESPACE="cicd"
readonly SPINNAKER_NAMESPACE
MINIO_NAMESPACE="monitoring"
readonly MINIO_NAMESPACE

# Helm Chart versions
PGSQLHA_CHART_VERSION="12.3.7"
readonly PGSQLHA_CHART_VERSION
PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"
readonly PGSQLHA_OCI_URL
GTFSO_IMPORT_CHART_VERSION="0.1.0"
readonly GTFSO_IMPORT_CHART_VERSION
GTFSO_VBB_CHART_VERSION="0.1.0"
readonly GTFSO_VBB_CHART_VERSION
PROM_STACK_CHART_VERSION="55.7.0"
readonly PROM_STACK_CHART_VERSION
SPINNAKER_OPERATOR_CHART_VERSION="1.8.11"
readonly SPINNAKER_OPERATOR_CHART_VERSION
TRIVY_CHART_VERSION="0.18.4"
readonly TRIVY_CHART_VERSION
MINIO_CHART_VERSION="4.3.7"
readonly MINIO_CHART_VERSION

mkdir -p "${FLUX_MANIFEST_PATH}"

# Create namespaces
kubectl create namespace "${APP_NAMESPACE}"
kubectl create namespace "${MONITORING_NAMESPACE}"
kubectl create namespace "${SECSCAN_NAMESPACE}"
kubectl create namespace "${SPINNAKER_NAMESPACE}"
kubectl create namespace "${MINIO_NAMESPACE}"

# Add Deployments / Helm Charts via fluxcd
# Add Helm Charts via Flux HelmRelease CRD
printf "Using flux to create Sources and HelmReleases\n"
# App
# Add a git repository as source for Helm Charts
./flux create source git e2m \
    --url=https://git.e2m.io/mue/obch \
    --branch dev \
    --namespace "${APP_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"

# Add a Helm OCI repository as source for Helm Charts
./flux create source helm bitnami \
   --url=oci://registry-1.docker.io/bitnamicharts \
    --namespace "${APP_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"
./flux create helmrelease pgsql-ha \
    --chart postgresql-ha \
    --chart-version "${PGSQLHA_CHART_VERSION}" \
    --source HelmRepository/bitnami \
    --namespace "${APP_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"

./flux create helmrelease gtfso-import \
    --chart charts/gtfso-import \
    --namespace ${APP_NAMESPACE} \
    --source GitRepository/e2m \
    --export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"
./flux create helmrelease gtfso-vbb \
    --chart charts/gtfso-vbb \
    --namespace ${APP_NAMESPACE} \
    --source GitRepository/e2m \
    --export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"

# Monitoring
./flux create source helm prometheus-community \
    --url=https://prometheus-community.github.io/helm-charts \
    --namespace "${MONITORING_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml
./flux create helmrelease prometheus \
    --chart kube-prometheus-stack \
    --chart-version "${PROM_STACK_CHART_VERSION}" \
    --namespace "${MONITORING_NAMESPACE}" \
    --source=HelmRepository/prometheus-community \
    --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"

# Spinnaker
./flux create source helm armory \
    --url https://armory.jfrog.io/artifactory/charts/ \
    --namespace "${SPINNAKER_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml"
./flux create helmrelease spinnaker \
    --chart armory-spinnaker-operator \
    --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \
    --namespace "${SPINNAKER_NAMESPACE}" \
    --source=HelmRepository/armory \
    --export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml"

# Vulnerability Scan
./flux create source helm aqua \
    --url https://aquasecurity.github.io/helm-charts/ \
    --namespace "${SECSCAN_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"
./flux create helmrelease trivy \
    --chart trivy-operator \
    --chart-version "${TRIVY_CHART_VERSION}" \
    --namespace "${SECSCAN_NAMESPACE}" \
    --source=HelmRepository/aqua \
    --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"

# MinIO Object Storage
./flux create source helm minio \
    --url minio-operator https://operator.min.io \
    --namespace "${MINIO_NAMESPACE}" \
    --export > "${FLUX_MANIFEST_PATH}/source_minio.yaml"
./flux create helmrelease minio \
    --chart minio-operator \
    --chart-version "${MINIO_CHART_VERSION}" \
    --namespace "${MINIO_NAMESPACE}" \
    --source=HelmRepository/ \
    --export > "${FLUX_MANIFEST_PATH}/minio.yaml"
Initial commit 2024-01-07 20:03:28 +00:00			`#!/usr/bin/env bash`
			`#`
			`# Deploy app to k8s using fluxcd`
			`#`

CI: Add image scan 2024-01-10 22:36:10 +00:00			`set -o pipefail`

Add MinIO manifests 2024-02-19 13:34:26 +00:00			`# Namespaces`
			`FLUX_MANIFEST_PATH="clusters/dev"`
Update scripts 2024-01-12 06:19:55 +00:00			`readonly FLUX_MANIFEST_PATH`
Initial commit 2024-01-07 20:03:28 +00:00			`APP_NAMESPACE="app"`
			`readonly APP_NAMESPACE`
Deploy Trivy 2024-01-10 22:40:48 +00:00			`SECSCAN_NAMESPACE="security-scan"`
			`readonly SECSCAN_NAMESPACE`
Update scripts 2024-01-08 16:34:45 +00:00			`MONITORING_NAMESPACE="monitoring"`
			`readonly MONITORING_NAMESPACE`
Add spinnaker-operator deployment 2024-02-09 22:53:26 +00:00			`SPINNAKER_NAMESPACE="cicd"`
			`readonly SPINNAKER_NAMESPACE`
Add MinIO manifests 2024-02-19 13:34:26 +00:00			`MINIO_NAMESPACE="monitoring"`
			`readonly MINIO_NAMESPACE`

			`# Helm Chart versions`
Update scripts 2024-01-08 16:34:45 +00:00			`PGSQLHA_CHART_VERSION="12.3.7"`
			`readonly PGSQLHA_CHART_VERSION`
Initial commit 2024-01-07 20:03:28 +00:00			`PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"`
			`readonly PGSQLHA_OCI_URL`
Update scripts 2024-01-08 16:34:45 +00:00			`GTFSO_IMPORT_CHART_VERSION="0.1.0"`
			`readonly GTFSO_IMPORT_CHART_VERSION`
			`GTFSO_VBB_CHART_VERSION="0.1.0"`
			`readonly GTFSO_VBB_CHART_VERSION`
CI: Add image scan 2024-01-10 22:36:10 +00:00			`PROM_STACK_CHART_VERSION="55.7.0"`
			`readonly PROM_STACK_CHART_VERSION`
Add spinnaker-operator deployment 2024-02-09 22:53:26 +00:00			`SPINNAKER_OPERATOR_CHART_VERSION="1.8.11"`
			`readonly SPINNAKER_OPERATOR_CHART_VERSION`
Deploy Trivy 2024-01-10 22:40:48 +00:00			`TRIVY_CHART_VERSION="0.18.4"`
			`readonly TRIVY_CHART_VERSION`
Add MinIO manifests 2024-02-19 13:34:26 +00:00			`MINIO_CHART_VERSION="4.3.7"`
			`readonly MINIO_CHART_VERSION`
Update scripts 2024-01-08 16:34:45 +00:00
Update scripts 2024-01-12 06:19:55 +00:00			`mkdir -p "${FLUX_MANIFEST_PATH}"`

Update scripts 2024-01-08 16:34:45 +00:00			`# Create namespaces`
Initial commit 2024-01-07 20:03:28 +00:00			`kubectl create namespace "${APP_NAMESPACE}"`
Update scripts 2024-01-08 16:34:45 +00:00			`kubectl create namespace "${MONITORING_NAMESPACE}"`
Deploy Trivy 2024-01-10 22:40:48 +00:00			`kubectl create namespace "${SECSCAN_NAMESPACE}"`
Add spinnaker-operator deployment 2024-02-09 22:53:26 +00:00			`kubectl create namespace "${SPINNAKER_NAMESPACE}"`
minio: Add namespace 2024-02-19 13:22:39 +00:00			`kubectl create namespace "${MINIO_NAMESPACE}"`
Initial commit 2024-01-07 20:03:28 +00:00
Update scripts 2024-01-12 06:19:55 +00:00			`# Add Deployments / Helm Charts via fluxcd`
			`# Add Helm Charts via Flux HelmRelease CRD`
			`printf "Using flux to create Sources and HelmReleases\n"`
			`# App`
			`# Add a git repository as source for Helm Charts`
			`./flux create source git e2m \`
			`--url=https://git.e2m.io/mue/obch \`
			`--branch dev \`
			`--namespace "${APP_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"`

			`# Add a Helm OCI repository as source for Helm Charts`
			`./flux create source helm bitnami \`
			`--url=oci://registry-1.docker.io/bitnamicharts \`
			`--namespace "${APP_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"`
			`./flux create helmrelease pgsql-ha \`
			`--chart postgresql-ha \`
			`--chart-version "${PGSQLHA_CHART_VERSION}" \`
			`--source HelmRepository/bitnami \`
			`--namespace "${APP_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"`
Add spinnaker-operator deployment 2024-02-09 22:53:26 +00:00
Update scripts 2024-01-12 06:19:55 +00:00			`./flux create helmrelease gtfso-import \`
			`--chart charts/gtfso-import \`
			`--namespace ${APP_NAMESPACE} \`
			`--source GitRepository/e2m \`
			`--export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"`
			`./flux create helmrelease gtfso-vbb \`
			`--chart charts/gtfso-vbb \`
			`--namespace ${APP_NAMESPACE} \`
			`--source GitRepository/e2m \`
			`--export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"`

			`# Monitoring`
			`./flux create source helm prometheus-community \`
			`--url=https://prometheus-community.github.io/helm-charts \`
			`--namespace "${MONITORING_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml`
			`./flux create helmrelease prometheus \`
			`--chart kube-prometheus-stack \`
			`--chart-version "${PROM_STACK_CHART_VERSION}" \`
			`--namespace "${MONITORING_NAMESPACE}" \`
			`--source=HelmRepository/prometheus-community \`
			`--export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"`

Add spinnaker-operator deployment 2024-02-09 22:53:26 +00:00			`# Spinnaker`
			`./flux create source helm armory \`
			`--url https://armory.jfrog.io/artifactory/charts/ \`
			`--namespace "${SPINNAKER_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml"`
			`./flux create helmrelease spinnaker \`
			`--chart armory-spinnaker-operator \`
			`--chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \`
			`--namespace "${SPINNAKER_NAMESPACE}" \`
			`--source=HelmRepository/armory \`
			`--export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml"`

Update scripts 2024-01-12 06:19:55 +00:00			`# Vulnerability Scan`
			`./flux create source helm aqua \`
			`--url https://aquasecurity.github.io/helm-charts/ \`
			`--namespace "${SECSCAN_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"`
			`./flux create helmrelease trivy \`
			`--chart trivy-operator \`
			`--chart-version "${TRIVY_CHART_VERSION}" \`
			`--namespace "${SECSCAN_NAMESPACE}" \`
			`--source=HelmRepository/aqua \`
			`--export > "${FLUX_MANIFEST_PATH}/trivy.yaml"`
Add MinIO manifests 2024-02-19 13:34:26 +00:00
			`# MinIO Object Storage`
			`./flux create source helm minio \`
			`--url minio-operator https://operator.min.io \`
			`--namespace "${MINIO_NAMESPACE}" \`
			`--export > "${FLUX_MANIFEST_PATH}/source_minio.yaml"`
			`./flux create helmrelease minio \`
			`--chart minio-operator \`
			`--chart-version "${MINIO_CHART_VERSION}" \`
			`--namespace "${MINIO_NAMESPACE}" \`
			`--source=HelmRepository/ \`
			`--export > "${FLUX_MANIFEST_PATH}/minio.yaml"`