#!/usr/bin/env bash
#
# Deploy app to k8s using fluxcd
#
set -o pipefail
FLUX_MANIFEST_PATH="clusters/minikube"
readonly FLUX_MANIFEST_PATH
APP_NAMESPACE="app"
readonly APP_NAMESPACE
SECSCAN_NAMESPACE="security-scan"
readonly SECSCAN_NAMESPACE
MONITORING_NAMESPACE="monitoring"
readonly MONITORING_NAMESPACE
SPINNAKER_NAMESPACE="cicd"
readonly SPINNAKER_NAMESPACE
PGSQLHA_CHART_VERSION="12.3.7"
readonly PGSQLHA_CHART_VERSION
PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha"
readonly PGSQLHA_OCI_URL
GTFSO_IMPORT_CHART_VERSION="0.1.0"
readonly GTFSO_IMPORT_CHART_VERSION
GTFSO_VBB_CHART_VERSION="0.1.0"
readonly GTFSO_VBB_CHART_VERSION
PROM_STACK_CHART_VERSION="55.7.0"
readonly PROM_STACK_CHART_VERSION
SPINNAKER_OPERATOR_CHART_VERSION="1.8.11"
readonly SPINNAKER_OPERATOR_CHART_VERSION
TRIVY_CHART_VERSION="0.18.4"
readonly TRIVY_CHART_VERSION
mkdir -p "${FLUX_MANIFEST_PATH}"
# Create namespaces
kubectl create namespace "${APP_NAMESPACE}"
kubectl create namespace "${MONITORING_NAMESPACE}"
kubectl create namespace "${SECSCAN_NAMESPACE}"
kubectl create namespace "${SPINNAKER_NAMESPACE}"
# Add Deployments / Helm Charts via fluxcd
# Add Helm Charts via Flux HelmRelease CRD
printf "Using flux to create Sources and HelmReleases\n"
# App
# Add a git repository as source for Helm Charts
./flux create source git e2m \
--url=https://git.e2m.io/mue/obch \
--branch dev \
--namespace "${APP_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml"
# Add a Helm OCI repository as source for Helm Charts
./flux create source helm bitnami \
--url=oci://registry-1.docker.io/bitnamicharts \
--namespace "${APP_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml"
./flux create helmrelease pgsql-ha \
--chart postgresql-ha \
--chart-version "${PGSQLHA_CHART_VERSION}" \
--source HelmRepository/bitnami \
--namespace "${APP_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml"
./flux create helmrelease gtfso-import \
--chart charts/gtfso-import \
--namespace ${APP_NAMESPACE} \
--source GitRepository/e2m \
--export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml"
./flux create helmrelease gtfso-vbb \
--chart charts/gtfso-vbb \
--namespace ${APP_NAMESPACE} \
--source GitRepository/e2m \
--export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml"
# Monitoring
./flux create source helm prometheus-community \
--url=https://prometheus-community.github.io/helm-charts \
--namespace "${MONITORING_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml
./flux create helmrelease prometheus \
--chart kube-prometheus-stack \
--chart-version "${PROM_STACK_CHART_VERSION}" \
--namespace "${MONITORING_NAMESPACE}" \
--source=HelmRepository/prometheus-community \
--export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml"
# Spinnaker
./flux create source helm armory \
--url https://armory.jfrog.io/artifactory/charts/ \
--namespace "${SPINNAKER_NAMESPACE}"
./flux create source helm armory \
--url https://armory.jfrog.io/artifactory/charts/ \
--namespace "${SPINNAKER_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml"
./flux create helmrelease spinnaker \
--chart armory-spinnaker-operator \
--chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \
--namespace "${SPINNAKER_NAMESPACE}" \
--source=HelmRepository/armory
./flux create helmrelease spinnaker \
--chart armory-spinnaker-operator \
--chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \
--namespace "${SPINNAKER_NAMESPACE}" \
--source=HelmRepository/armory \
--export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml"
# Vulnerability Scan
./flux create source helm aqua \
--url https://aquasecurity.github.io/helm-charts/ \
--namespace "${SECSCAN_NAMESPACE}" \
--export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml"
./flux create helmrelease trivy \
--chart trivy-operator \
--chart-version "${TRIVY_CHART_VERSION}" \
--namespace "${SECSCAN_NAMESPACE}" \
--source=HelmRepository/aqua \
--export > "${FLUX_MANIFEST_PATH}/trivy.yaml"