#!/usr/bin/env bash # # Deploy app to k8s using fluxcd # set -o pipefail FLUX_MANIFEST_PATH="clusters/minikube" readonly FLUX_MANIFEST_PATH APP_NAMESPACE="app" readonly APP_NAMESPACE SECSCAN_NAMESPACE="security-scan" readonly SECSCAN_NAMESPACE MONITORING_NAMESPACE="monitoring" readonly MONITORING_NAMESPACE SPINNAKER_NAMESPACE="cicd" readonly SPINNAKER_NAMESPACE PGSQLHA_CHART_VERSION="12.3.7" readonly PGSQLHA_CHART_VERSION PGSQLHA_OCI_URL="oci://registry-1.docker.io/bitnamicharts/postgresql-ha" readonly PGSQLHA_OCI_URL GTFSO_IMPORT_CHART_VERSION="0.1.0" readonly GTFSO_IMPORT_CHART_VERSION GTFSO_VBB_CHART_VERSION="0.1.0" readonly GTFSO_VBB_CHART_VERSION PROM_STACK_CHART_VERSION="55.7.0" readonly PROM_STACK_CHART_VERSION SPINNAKER_OPERATOR_CHART_VERSION="1.8.11" readonly SPINNAKER_OPERATOR_CHART_VERSION TRIVY_CHART_VERSION="0.18.4" readonly TRIVY_CHART_VERSION mkdir -p "${FLUX_MANIFEST_PATH}" # Create namespaces kubectl create namespace "${APP_NAMESPACE}" kubectl create namespace "${MONITORING_NAMESPACE}" kubectl create namespace "${SECSCAN_NAMESPACE}" kubectl create namespace "${SPINNAKER_NAMESPACE}" # Add Deployments / Helm Charts via fluxcd # Add Helm Charts via Flux HelmRelease CRD printf "Using flux to create Sources and HelmReleases\n" # App # Add a git repository as source for Helm Charts ./flux create source git e2m \ --url=https://git.e2m.io/mue/obch \ --branch dev \ --namespace "${APP_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/source_e2m.yaml" # Add a Helm OCI repository as source for Helm Charts ./flux create source helm bitnami \ --url=oci://registry-1.docker.io/bitnamicharts \ --namespace "${APP_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/source_bitnami.yaml" ./flux create helmrelease pgsql-ha \ --chart postgresql-ha \ --chart-version "${PGSQLHA_CHART_VERSION}" \ --source HelmRepository/bitnami \ --namespace "${APP_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/pgsql-ha.yaml" ./flux create helmrelease gtfso-import \ --chart charts/gtfso-import \ --namespace ${APP_NAMESPACE} \ --source GitRepository/e2m \ --export > "${FLUX_MANIFEST_PATH}/gtfso-import.yaml" ./flux create helmrelease gtfso-vbb \ --chart charts/gtfso-vbb \ --namespace ${APP_NAMESPACE} \ --source GitRepository/e2m \ --export > "${FLUX_MANIFEST_PATH}/gtfso-vbb.yaml" # Monitoring ./flux create source helm prometheus-community \ --url=https://prometheus-community.github.io/helm-charts \ --namespace "${MONITORING_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}"/source_prometheus.yaml ./flux create helmrelease prometheus \ --chart kube-prometheus-stack \ --chart-version "${PROM_STACK_CHART_VERSION}" \ --namespace "${MONITORING_NAMESPACE}" \ --source=HelmRepository/prometheus-community \ --export > "${FLUX_MANIFEST_PATH}/prometheus-stack.yaml" # Spinnaker ./flux create source helm armory \ --url https://armory.jfrog.io/artifactory/charts/ \ --namespace "${SPINNAKER_NAMESPACE}" ./flux create source helm armory \ --url https://armory.jfrog.io/artifactory/charts/ \ --namespace "${SPINNAKER_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/source_spinnaker.yaml" ./flux create helmrelease spinnaker \ --chart armory-spinnaker-operator \ --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ --namespace "${SPINNAKER_NAMESPACE}" \ --source=HelmRepository/armory ./flux create helmrelease spinnaker \ --chart armory-spinnaker-operator \ --chart-version "${SPINNAKER_OPERATOR_CHART_VERSION}" \ --namespace "${SPINNAKER_NAMESPACE}" \ --source=HelmRepository/armory \ --export > "${FLUX_MANIFEST_PATH}/spinnaker.yaml" # Vulnerability Scan ./flux create source helm aqua \ --url https://aquasecurity.github.io/helm-charts/ \ --namespace "${SECSCAN_NAMESPACE}" \ --export > "${FLUX_MANIFEST_PATH}/source_trivy.yaml" ./flux create helmrelease trivy \ --chart trivy-operator \ --chart-version "${TRIVY_CHART_VERSION}" \ --namespace "${SECSCAN_NAMESPACE}" \ --source=HelmRepository/aqua \ --export > "${FLUX_MANIFEST_PATH}/trivy.yaml"