Update scripts
This commit is contained in:
parent
2d68b3b249
commit
5d313d6e2d
89
deploy
89
deploy
|
@ -5,8 +5,8 @@
|
||||||
|
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
|
|
||||||
DEPLOY_MODE="flux"
|
FLUX_MANIFEST_PATH="clusters/minikube"
|
||||||
readonly DEPLOY_MODE
|
readonly FLUX_MANIFEST_PATH
|
||||||
APP_NAMESPACE="app"
|
APP_NAMESPACE="app"
|
||||||
readonly APP_NAMESPACE
|
readonly APP_NAMESPACE
|
||||||
SECSCAN_NAMESPACE="security-scan"
|
SECSCAN_NAMESPACE="security-scan"
|
||||||
|
@ -26,71 +26,66 @@ readonly PROM_STACK_CHART_VERSION
|
||||||
TRIVY_CHART_VERSION="0.18.4"
|
TRIVY_CHART_VERSION="0.18.4"
|
||||||
readonly TRIVY_CHART_VERSION
|
readonly TRIVY_CHART_VERSION
|
||||||
|
|
||||||
|
mkdir -p "${FLUX_MANIFEST_PATH}"
|
||||||
|
|
||||||
# Create namespaces
|
# Create namespaces
|
||||||
kubectl create namespace "${APP_NAMESPACE}"
|
kubectl create namespace "${APP_NAMESPACE}"
|
||||||
kubectl create namespace "${MONITORING_NAMESPACE}"
|
kubectl create namespace "${MONITORING_NAMESPACE}"
|
||||||
kubectl create namespace "${SECSCAN_NAMESPACE}"
|
kubectl create namespace "${SECSCAN_NAMESPACE}"
|
||||||
|
|
||||||
# Add Deployments / Helm Charts either via fluxcd or Helm
|
# Add Deployments / Helm Charts via fluxcd
|
||||||
if [ "flux" == $DEPLOY_MODE ]; then
|
# Add Helm Charts via Flux HelmRelease CRD
|
||||||
# Add Helm Charts via Flux HelmRelease CRD
|
printf "Using flux to create Sources and HelmReleases\n"
|
||||||
printf "Using flux to create HelmRelease\n"
|
# App
|
||||||
# App
|
# Add a git repository as source for Helm Charts
|
||||||
# Add a git repository as source for Helm Charts
|
./flux create source git e2m \
|
||||||
./flux create source git e2m \
|
|
||||||
--url=https://git.e2m.io/mue/obch \
|
--url=https://git.e2m.io/mue/obch \
|
||||||
--branch dev \
|
--branch dev \
|
||||||
--namespace "${APP_NAMESPACE}"
|
--namespace "${APP_NAMESPACE}" \
|
||||||
# Add a Helm OCI repository as source for Helm Charts
|
--export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"
|
||||||
./flux create source helm bitnami \
|
|
||||||
|
# Add a Helm OCI repository as source for Helm Charts
|
||||||
|
./flux create source helm bitnami \
|
||||||
--url=oci://registry-1.docker.io/bitnamicharts \
|
--url=oci://registry-1.docker.io/bitnamicharts \
|
||||||
--namespace "${APP_NAMESPACE}"
|
--namespace "${APP_NAMESPACE}" \
|
||||||
./flux create helmrelease pgsql-ha \
|
--export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"
|
||||||
|
./flux create helmrelease pgsql-ha \
|
||||||
--chart postgresql-ha \
|
--chart postgresql-ha \
|
||||||
--chart-version "${PGSQLHA_CHART_VERSION}" \
|
--chart-version "${PGSQLHA_CHART_VERSION}" \
|
||||||
--source HelmRepository/bitnami \
|
--source HelmRepository/bitnami \
|
||||||
--namespace "${APP_NAMESPACE}"
|
--namespace "${APP_NAMESPACE}" \
|
||||||
./flux create helmrelease gtfso-import \
|
--export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
|
||||||
|
./flux create helmrelease gtfso-import \
|
||||||
--chart charts/gtfso-import \
|
--chart charts/gtfso-import \
|
||||||
--namespace ${APP_NAMESPACE} \
|
--namespace ${APP_NAMESPACE} \
|
||||||
--source GitRepository/e2m
|
--source GitRepository/e2m \
|
||||||
./flux create helmrelease gtfso-vbb \
|
--export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"
|
||||||
|
./flux create helmrelease gtfso-vbb \
|
||||||
--chart charts/gtfso-vbb \
|
--chart charts/gtfso-vbb \
|
||||||
--namespace ${APP_NAMESPACE} \
|
--namespace ${APP_NAMESPACE} \
|
||||||
--source GitRepository/e2m
|
--source GitRepository/e2m \
|
||||||
# Monitoring
|
--export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"
|
||||||
./flux create source helm prometheus-community \
|
|
||||||
|
# Monitoring
|
||||||
|
./flux create source helm prometheus-community \
|
||||||
--url=https://prometheus-community.github.io/helm-charts \
|
--url=https://prometheus-community.github.io/helm-charts \
|
||||||
--namespace "${MONITORING_NAMESPACE}"
|
--namespace "${MONITORING_NAMESPACE}" \
|
||||||
./flux create helmrelease prometheus \
|
--export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml
|
||||||
|
./flux create helmrelease prometheus \
|
||||||
--chart kube-prometheus-stack \
|
--chart kube-prometheus-stack \
|
||||||
--chart-version "${PROM_STACK_CHART_VERSION}" \
|
--chart-version "${PROM_STACK_CHART_VERSION}" \
|
||||||
--namespace "${MONITORING_NAMESPACE}" \
|
--namespace "${MONITORING_NAMESPACE}" \
|
||||||
--source=HelmRepository/prometheus-community
|
--source=HelmRepository/prometheus-community \
|
||||||
# Vulnerability Scan
|
--export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
|
||||||
./flux create source helm aqua \
|
|
||||||
|
# Vulnerability Scan
|
||||||
|
./flux create source helm aqua \
|
||||||
--url https://aquasecurity.github.io/helm-charts/ \
|
--url https://aquasecurity.github.io/helm-charts/ \
|
||||||
--namespace "${SECSCAN_NAMESPACE}"
|
--namespace "${SECSCAN_NAMESPACE}" \
|
||||||
./flux create helmrelease trivy \
|
--export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"
|
||||||
|
./flux create helmrelease trivy \
|
||||||
--chart trivy-operator \
|
--chart trivy-operator \
|
||||||
--chart-version "${TRIVY_CHART_VERSION}" \
|
--chart-version "${TRIVY_CHART_VERSION}" \
|
||||||
--namespace "${SECSCAN_NAMESPACE}" \
|
--namespace "${SECSCAN_NAMESPACE}" \
|
||||||
--source=HelmRepository/aqua
|
--source=HelmRepository/aqua \
|
||||||
elif [ "helm" == $DEPLOY_MODE ]; then
|
--export > "${FLUX_MANIFEST_PATH}/trivy.yaml"
|
||||||
# Add Helm Charts via Helm
|
|
||||||
printf "Using Helm to install Charts\n"
|
|
||||||
# App
|
|
||||||
helm install pgsql-ha "${PGSQLHA_OCI_URL}" \
|
|
||||||
--version "${PGSQLHA_CHART_VERSION}" \
|
|
||||||
--namespace "${APP_NAMESPACE}"
|
|
||||||
helm install gtfso-import charts/gtfso-import \
|
|
||||||
--version "${GTFSO_IMPORT_CHART_VERSION}" \
|
|
||||||
--namespace "${APP_NAMESPACE}"
|
|
||||||
helm install gtfso-vbb charts/gtfso-vbb \
|
|
||||||
--version "${GTFSO_VBB_CHART_VERSION}" \
|
|
||||||
--namespace "${APP_NAMESPACE}"
|
|
||||||
# Monitoring
|
|
||||||
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
|
|
||||||
helm repo update
|
|
||||||
helm install prometheus prometheus-community/kube-prometheus-stack
|
|
||||||
fi
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
#
|
#
|
||||||
# Setup a local minikube cluster
|
# Setup a local k8s minikube cluster
|
||||||
# with k8s dashboard and flux
|
# with k8s dashboard and flux
|
||||||
#
|
#
|
||||||
|
|
||||||
|
@ -39,14 +39,15 @@ readonly VERBOSE
|
||||||
|
|
||||||
minikube_driver="podman"
|
minikube_driver="podman"
|
||||||
|
|
||||||
|
# We prefer podman but Ubuntu's podman is too old
|
||||||
if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
|
if [[ $(grep '^ID=' /etc/os-release | awk -F'=' '{print $2}') == "ubuntu" ]]; then
|
||||||
minikube_driver="docker"
|
minikube_driver="docker"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start minikube
|
# Start minikube
|
||||||
if ! $(minikube status) or $(minikube status | grep Nonexistent\|Stopped); then
|
if ! $(minikube status | grep Nonexistent\|Stopped); then
|
||||||
printf 'minikube is not running\nStarting minikube..'
|
printf 'minikube is not running\nStarting minikube..'
|
||||||
if (( 0=="${VERBOSE}" )); then
|
if [[ 0 == "${VERBOSE}" ]]; then
|
||||||
minikube start --driver="${minikube_driver}"
|
minikube start --driver="${minikube_driver}"
|
||||||
else
|
else
|
||||||
minikube start --driver="${minikube_driver}" --alsologtostderr -v=7
|
minikube start --driver="${minikube_driver}" --alsologtostderr -v=7
|
||||||
|
@ -62,26 +63,25 @@ kubectl cluster-info
|
||||||
# Deploy k8s dashboard
|
# Deploy k8s dashboard
|
||||||
if [[ $(kubectl get pods -A -o wide | grep kubernetes-dashboard | grep Running) ]]; then
|
if [[ $(kubectl get pods -A -o wide | grep kubernetes-dashboard | grep Running) ]]; then
|
||||||
printf "Installing k8s dashboard\n"
|
printf "Installing k8s dashboard\n"
|
||||||
minikube addons enable metrics-server
|
# The metrics server collides with kube-prometheus-stack
|
||||||
|
#minikube addons enable metrics-server
|
||||||
minikube dashboard &
|
minikube dashboard &
|
||||||
else
|
else
|
||||||
printf 'k8s dashboard is already running\n'
|
printf 'k8s dashboard is already running\n'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install terraform if not in PATH
|
# Install flux if local version enforced
|
||||||
# or local version enforced
|
if [[ "$TF_FORCE_LOCAL" = 1 ]]; then
|
||||||
if ! $(which terraform) or 1=="$TF_FORCE_LOCAL"; then
|
|
||||||
printf "Fetching terraform archive..\n"
|
printf "Fetching terraform archive..\n"
|
||||||
curl -LO "${TF_URL}"
|
curl -LO "${TF_URL}"
|
||||||
unzip -o "${TF_ARCHIVE}"
|
unzip "${TF_ARCHIVE}"
|
||||||
TF_CMD="./terraform"
|
TF_CMD="./terraform"
|
||||||
else
|
else
|
||||||
TF_CMD="terraform"
|
TF_CMD="terraform"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install flux if not in PATH
|
# Install flux if local version enforced
|
||||||
# or local version enforced
|
if [[ "$FLUX_FORCE_LOCAL" = 1 ]]; then
|
||||||
if ! $(which flux) ] or 1=="$FLUX_FORCE_LOCAL"; then
|
|
||||||
printf "Fetching flux archive..\n"
|
printf "Fetching flux archive..\n"
|
||||||
curl -LO "${FLUX_URL}"
|
curl -LO "${FLUX_URL}"
|
||||||
tar xf "${FLUX_ARCHIVE}"
|
tar xf "${FLUX_ARCHIVE}"
|
||||||
|
|
Loading…
Reference in New Issue