#!/usr/bin/env bash # # Deploy app to k8s using fluxcd # set -o pipefail DEPLOY_MODE="flux" readonly DEPLOY_MODE APP_NAMESPACE="app" readonly APP_NAMESPACE SECSCAN_NAMESPACE="security-scan" readonly SECSCAN_NAMESPACE MONITORING_NAMESPACE="monitoring" readonly MONITORING_NAMESPACE PGSQLHA_CHART_VERSION="12.3.7" readonly PGSQLHA_CHART_VERSION PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha" readonly PGSQLHA_OCI_URL GTFSO_IMPORT_CHART_VERSION="0.1.0" readonly GTFSO_IMPORT_CHART_VERSION GTFSO_VBB_CHART_VERSION="0.1.0" readonly GTFSO_VBB_CHART_VERSION PROM_STACK_CHART_VERSION="55.7.0" readonly PROM_STACK_CHART_VERSION TRIVY_CHART_VERSION="0.18.4" readonly TRIVY_CHART_VERSION # Create namespaces kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}" # Add Deployments / Helm Charts either via fluxcd or Helm if [ "flux" == $DEPLOY_MODE ]; then # Add Helm Charts via Flux HelmRelease CRD printf "Using flux to create HelmRelease\n" # App # Add a git repository as source for Helm Charts ./flux create source git e2m \ --url=https://git.e2m.io/mue/obch \ --branch dev \ --namespace "${APP_NAMESPACE}" # Add a Helm OCI repository as source for Helm Charts ./flux create source helm bitnami \ --url=oci://registry-1.docker.io/bitnamicharts \ --namespace "${APP_NAMESPACE}" ./flux create helmrelease pgsql-ha \ --chart postgresql-ha \ --chart-version "${PGSQLHA_CHART_VERSION}" \ --source HelmRepository/bitnami \ --namespace "${APP_NAMESPACE}" ./flux create helmrelease gtfso-import \ --chart charts/gtfso-import \ --namespace ${APP_NAMESPACE} \ --source GitRepository/e2m ./flux create helmrelease gtfso-vbb \ --chart charts/gtfso-vbb \ --namespace ${APP_NAMESPACE} \ --source GitRepository/e2m # Monitoring ./flux create source helm prometheus-community \ --url=https://prometheus-community.github.io/helm-charts \ --namespace "${MONITORING_NAMESPACE}" ./flux create helmrelease prometheus \ --chart kube-prometheus-stack \ --chart-version "${PROM_STACK_CHART_VERSION}" \ --namespace "${MONITORING_NAMESPACE}" \ --source=HelmRepository/prometheus-community # Vulnerability Scan ./flux create source helm aqua \ --url https://aquasecurity.github.io/helm-charts/ \ --namespace "${SECSCAN_NAMESPACE}" ./flux create helmrelease trivy \ --chart trivy-operator \ --chart-version "${TRIVY_CHART_VERSION}" \ --namespace "${SECSCAN_NAMESPACE}" \ --source=HelmRepository/aqua elif [ "helm" == $DEPLOY_MODE ]; then # Add Helm Charts via Helm printf "Using Helm to install Charts\n" # App helm install pgsql-ha "${PGSQLHA_OCI_URL}" \ --version "${PGSQLHA_CHART_VERSION}" \ --namespace "${APP_NAMESPACE}" helm install gtfso-import charts/gtfso-import \ --version "${GTFSO_IMPORT_CHART_VERSION}" \ --namespace "${APP_NAMESPACE}" helm install gtfso-vbb charts/gtfso-vbb \ --version "${GTFSO_VBB_CHART_VERSION}" \ --namespace "${APP_NAMESPACE}" # Monitoring helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update helm install prometheus prometheus-community/kube-prometheus-stack fi