Update scripts

This commit is contained in:
Björn Busse 2024-01-12 07:19:55 +01:00
parent 2d68b3b249
commit 5d313d6e2d
2 changed files with 71 additions and 76 deletions

89
deploy
View File

@ -5,8 +5,8 @@
set -o pipefail set -o pipefail
DEPLOY_MODE="flux" FLUX_MANIFEST_PATH="clusters/minikube"
readonly DEPLOY_MODE readonly FLUX_MANIFEST_PATH
APP_NAMESPACE="app" APP_NAMESPACE="app"
readonly APP_NAMESPACE readonly APP_NAMESPACE
SECSCAN_NAMESPACE="security-scan" SECSCAN_NAMESPACE="security-scan"
@ -26,71 +26,66 @@ readonly PROM_STACK_CHART_VERSION
TRIVY_CHART_VERSION="0.18.4" TRIVY_CHART_VERSION="0.18.4"
readonly TRIVY_CHART_VERSION readonly TRIVY_CHART_VERSION
mkdir -p "${FLUX_MANIFEST_PATH}"
# Create namespaces # Create namespaces
kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${APP_NAMESPACE}"
kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}"
kubectl create namespace "${SECSCAN_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}"
# Add Deployments / Helm Charts either via fluxcd or Helm # Add Deployments / Helm Charts via fluxcd
if [ "flux" == $DEPLOY_MODE ]; then # Add Helm Charts via Flux HelmRelease CRD
# Add Helm Charts via Flux HelmRelease CRD printf "Using flux to create Sources and HelmReleases\n"
printf "Using flux to create HelmRelease\n" # App
# App # Add a git repository as source for Helm Charts
# Add a git repository as source for Helm Charts ./flux create source git e2m \
./flux create source git e2m \
--url=https://git.e2m.io/mue/obch \ --url=https://git.e2m.io/mue/obch \
--branch dev \ --branch dev \
--namespace "${APP_NAMESPACE}" --namespace "${APP_NAMESPACE}" \
# Add a Helm OCI repository as source for Helm Charts --export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"
./flux create source helm bitnami \
# Add a Helm OCI repository as source for Helm Charts
./flux create source helm bitnami \
--url=oci://registry-1.docker.io/bitnamicharts \ --url=oci://registry-1.docker.io/bitnamicharts \
--namespace "${APP_NAMESPACE}" --namespace "${APP_NAMESPACE}" \
./flux create helmrelease pgsql-ha \ --export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"
./flux create helmrelease pgsql-ha \
--chart postgresql-ha \ --chart postgresql-ha \
--chart-version "${PGSQLHA_CHART_VERSION}" \ --chart-version "${PGSQLHA_CHART_VERSION}" \
--source HelmRepository/bitnami \ --source HelmRepository/bitnami \
--namespace "${APP_NAMESPACE}" --namespace "${APP_NAMESPACE}" \
./flux create helmrelease gtfso-import \ --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
./flux create helmrelease gtfso-import \
--chart charts/gtfso-import \ --chart charts/gtfso-import \
--namespace ${APP_NAMESPACE} \ --namespace ${APP_NAMESPACE} \
--source GitRepository/e2m --source GitRepository/e2m \
./flux create helmrelease gtfso-vbb \ --export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"
./flux create helmrelease gtfso-vbb \
--chart charts/gtfso-vbb \ --chart charts/gtfso-vbb \
--namespace ${APP_NAMESPACE} \ --namespace ${APP_NAMESPACE} \
--source GitRepository/e2m --source GitRepository/e2m \
# Monitoring --export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"
./flux create source helm prometheus-community \
# Monitoring
./flux create source helm prometheus-community \
--url=https://prometheus-community.github.io/helm-charts \ --url=https://prometheus-community.github.io/helm-charts \
--namespace "${MONITORING_NAMESPACE}" --namespace "${MONITORING_NAMESPACE}" \
./flux create helmrelease prometheus \ --export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml
./flux create helmrelease prometheus \
--chart kube-prometheus-stack \ --chart kube-prometheus-stack \
--chart-version "${PROM_STACK_CHART_VERSION}" \ --chart-version "${PROM_STACK_CHART_VERSION}" \
--namespace "${MONITORING_NAMESPACE}" \ --namespace "${MONITORING_NAMESPACE}" \
--source=HelmRepository/prometheus-community --source=HelmRepository/prometheus-community \
# Vulnerability Scan --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
./flux create source helm aqua \
# Vulnerability Scan
./flux create source helm aqua \
--url https://aquasecurity.github.io/helm-charts/ \ --url https://aquasecurity.github.io/helm-charts/ \
--namespace "${SECSCAN_NAMESPACE}" --namespace "${SECSCAN_NAMESPACE}" \
./flux create helmrelease trivy \ --export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"
./flux create helmrelease trivy \
--chart trivy-operator \ --chart trivy-operator \
--chart-version "${TRIVY_CHART_VERSION}" \ --chart-version "${TRIVY_CHART_VERSION}" \
--namespace "${SECSCAN_NAMESPACE}" \ --namespace "${SECSCAN_NAMESPACE}" \
--source=HelmRepository/aqua --source=HelmRepository/aqua \
elif [ "helm" == $DEPLOY_MODE ]; then --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"
# Add Helm Charts via Helm
printf "Using Helm to install Charts\n"
# App
helm install pgsql-ha "${PGSQLHA_OCI_URL}" \
--version "${PGSQLHA_CHART_VERSION}" \
--namespace "${APP_NAMESPACE}"
helm install gtfso-import charts/gtfso-import \
--version "${GTFSO_IMPORT_CHART_VERSION}" \
--namespace "${APP_NAMESPACE}"
helm install gtfso-vbb charts/gtfso-vbb \
--version "${GTFSO_VBB_CHART_VERSION}" \
--namespace "${APP_NAMESPACE}"
# Monitoring
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack
fi

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Setup a local minikube cluster # Setup a local k8s minikube cluster
# with k8s dashboard and flux # with k8s dashboard and flux
# #
@ -39,14 +39,15 @@ readonly VERBOSE
minikube_driver="podman" minikube_driver="podman"
# We prefer podman but Ubuntu's podman is too old
if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
minikube_driver="docker" minikube_driver="docker"
fi fi
# Start minikube # Start minikube
if ! $(minikube status) or $(minikube status | grep Nonexistent\|Stopped); then if ! $(minikube status | grep Nonexistent\|Stopped); then
printf 'minikube is not running\nStarting minikube..' printf 'minikube is not running\nStarting minikube..'
if (( 0=="${VERBOSE}" )); then if [[ 0 == "${VERBOSE}" ]]; then
minikube start --driver="${minikube_driver}" minikube start --driver="${minikube_driver}"
else else
minikube start --driver="${minikube_driver}" --alsologtostderr -v=7 minikube start --driver="${minikube_driver}" --alsologtostderr -v=7
@ -62,26 +63,25 @@ kubectl cluster-info
# Deploy k8s dashboard # Deploy k8s dashboard
if [[ $(kubectl get pods -A -o wide | grep kubernetes-dashboard | grep Running) ]]; then if [[ $(kubectl get pods -A -o wide | grep kubernetes-dashboard | grep Running) ]]; then
printf "Installing k8s dashboard\n" printf "Installing k8s dashboard\n"
minikube addons enable metrics-server # The metrics server collides with kube-prometheus-stack
#minikube addons enable metrics-server
minikube dashboard & minikube dashboard &
else else
printf 'k8s dashboard is already running\n' printf 'k8s dashboard is already running\n'
fi fi
# Install terraform if not in PATH # Install flux if local version enforced
# or local version enforced if [[ "$TF_FORCE_LOCAL" = 1 ]]; then
if ! $(which terraform) or 1=="$TF_FORCE_LOCAL"; then
printf "Fetching terraform archive..\n" printf "Fetching terraform archive..\n"
curl -LO "${TF_URL}" curl -LO "${TF_URL}"
unzip -o "${TF_ARCHIVE}" unzip "${TF_ARCHIVE}"
TF_CMD="./terraform" TF_CMD="./terraform"
else else
TF_CMD="terraform" TF_CMD="terraform"
fi fi
# Install flux if not in PATH # Install flux if local version enforced
# or local version enforced if [[ "$FLUX_FORCE_LOCAL" = 1 ]]; then
if ! $(which flux) ] or 1=="$FLUX_FORCE_LOCAL"; then
printf "Fetching flux archive..\n" printf "Fetching flux archive..\n"
curl -LO "${FLUX_URL}" curl -LO "${FLUX_URL}"
tar xf "${FLUX_ARCHIVE}" tar xf "${FLUX_ARCHIVE}"