Update scripts

deploy

@@ -5,8 +5,8 @@
 
 set -o pipefail
 
-DEPLOY_MODE="flux"
+FLUX_MANIFEST_PATH="clusters/minikube"
-readonly DEPLOY_MODE
+readonly FLUX_MANIFEST_PATH
 APP_NAMESPACE="app"
 readonly APP_NAMESPACE
 SECSCAN_NAMESPACE="security-scan"
@@ -26,71 +26,66 @@ readonly PROM_STACK_CHART_VERSION
 TRIVY_CHART_VERSION="0.18.4"
 readonly TRIVY_CHART_VERSION
 
+mkdir -p "${FLUX_MANIFEST_PATH}"
+
 # Create namespaces
 kubectl create namespace "${APP_NAMESPACE}"
 kubectl create namespace "${MONITORING_NAMESPACE}"
 kubectl create namespace "${SECSCAN_NAMESPACE}"
 
-# Add Deployments / Helm Charts either via fluxcd or Helm
+# Add Deployments / Helm Charts via fluxcd
-if [ "flux" == $DEPLOY_MODE ]; then
 # Add Helm Charts via Flux HelmRelease CRD
-    printf "Using flux to create HelmRelease\n"
+printf "Using flux to create Sources and HelmReleases\n"
 # App
 # Add a git repository as source for Helm Charts
 ./flux create source git e2m \
     --url=https://git.e2m.io/mue/obch \
     --branch dev \
-        --namespace "${APP_NAMESPACE}"
+    --namespace "${APP_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"
+
 # Add a Helm OCI repository as source for Helm Charts
 ./flux create source helm bitnami \
    --url=oci://registry-1.docker.io/bitnamicharts \
-       --namespace "${APP_NAMESPACE}"
+    --namespace "${APP_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"
 ./flux create helmrelease pgsql-ha \
     --chart postgresql-ha \
     --chart-version "${PGSQLHA_CHART_VERSION}" \
     --source HelmRepository/bitnami \
-        --namespace "${APP_NAMESPACE}"
+    --namespace "${APP_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
 ./flux create helmrelease gtfso-import \
     --chart charts/gtfso-import \
     --namespace ${APP_NAMESPACE} \
-        --source GitRepository/e2m
+    --source GitRepository/e2m \
+    --export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"
 ./flux create helmrelease gtfso-vbb \
     --chart charts/gtfso-vbb \
     --namespace ${APP_NAMESPACE} \
-        --source GitRepository/e2m
+    --source GitRepository/e2m \
+    --export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"
+
 # Monitoring
 ./flux create source helm prometheus-community \
     --url=https://prometheus-community.github.io/helm-charts \
-        --namespace "${MONITORING_NAMESPACE}"
+    --namespace "${MONITORING_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml
 ./flux create helmrelease prometheus \
     --chart kube-prometheus-stack \
     --chart-version "${PROM_STACK_CHART_VERSION}" \
     --namespace "${MONITORING_NAMESPACE}" \
-        --source=HelmRepository/prometheus-community
+    --source=HelmRepository/prometheus-community \
+    --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
+
 # Vulnerability Scan
 ./flux create source helm aqua \
     --url https://aquasecurity.github.io/helm-charts/ \
-        --namespace "${SECSCAN_NAMESPACE}"
+    --namespace "${SECSCAN_NAMESPACE}" \
+    --export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"
 ./flux create helmrelease trivy \
     --chart trivy-operator \
     --chart-version "${TRIVY_CHART_VERSION}" \
     --namespace "${SECSCAN_NAMESPACE}" \
-        --source=HelmRepository/aqua
+    --source=HelmRepository/aqua \
-elif [ "helm" == $DEPLOY_MODE ]; then
+    --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"
-    # Add Helm Charts via Helm
-    printf "Using Helm to install Charts\n"
-    # App
-    helm install pgsql-ha "${PGSQLHA_OCI_URL}" \
-        --version "${PGSQLHA_CHART_VERSION}" \
-        --namespace "${APP_NAMESPACE}"
-    helm install gtfso-import charts/gtfso-import \
-        --version "${GTFSO_IMPORT_CHART_VERSION}" \
-        --namespace "${APP_NAMESPACE}"
-    helm install gtfso-vbb charts/gtfso-vbb \
-        --version "${GTFSO_VBB_CHART_VERSION}" \
-        --namespace "${APP_NAMESPACE}"
-    # Monitoring
-    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-    helm repo update
-    helm install prometheus prometheus-community/kube-prometheus-stack
-fi

setup-cluster

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Setup a local minikube cluster
+# Setup a local k8s minikube cluster
 # with k8s dashboard and flux
 #
 
@@ -39,14 +39,15 @@ readonly VERBOSE
 
 minikube_driver="podman"
 
+# We prefer podman but Ubuntu's podman is too old
 if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
     minikube_driver="docker"
 fi
 
 # Start minikube
-if ! $(minikube status) or $(minikube status | grep Nonexistent\|Stopped); then
+if ! $(minikube status | grep Nonexistent\|Stopped); then
     printf 'minikube is not running\nStarting minikube..'
-    if (( 0=="${VERBOSE}" )); then
+    if [[ 0 == "${VERBOSE}" ]]; then
         minikube start --driver="${minikube_driver}"
     else
         minikube start --driver="${minikube_driver}" --alsologtostderr -v=7
@@ -62,26 +63,25 @@ kubectl cluster-info
 # Deploy k8s dashboard
 if [[ $(kubectl get pods -A -o wide | grep kubernetes-dashboard | grep Running) ]]; then
     printf "Installing k8s dashboard\n"
-    minikube addons enable metrics-server
+    # The metrics server collides with kube-prometheus-stack
+    #minikube addons enable metrics-server
     minikube dashboard &
 else
     printf 'k8s dashboard is already running\n'
 fi
 
-# Install terraform if not in PATH
+# Install flux if local version enforced
-# or local version enforced
+if [[ "$TF_FORCE_LOCAL" = 1 ]]; then
-if ! $(which terraform) or 1=="$TF_FORCE_LOCAL"; then
     printf "Fetching terraform archive..\n"
     curl -LO "${TF_URL}"
-    unzip -o "${TF_ARCHIVE}"
+    unzip "${TF_ARCHIVE}"
     TF_CMD="./terraform"
 else
     TF_CMD="terraform"
 fi
 
-# Install flux if not in PATH
+# Install flux if local version enforced
-# or local version enforced
+if [[ "$FLUX_FORCE_LOCAL" = 1 ]]; then
-if ! $(which flux) ] or 1=="$FLUX_FORCE_LOCAL"; then
     printf "Fetching flux archive..\n"
     curl -LO "${FLUX_URL}"
     tar xf "${FLUX_ARCHIVE}"