mirror of
https://github.com/holos-run/holos.git
synced 2026-04-05 00:54:57 +00:00
f8c10e2190
Previously the podinfo components deployed to the wrong namespace. This patch uses a kustomize transformer to force the resources into the correct namespace. This patch also adds a reference grant to each component so the HTTPRoute works correctly.
89 lines
2.3 KiB
Bash
Executable File
89 lines
2.3 KiB
Bash
Executable File
#! /bin/bash
|
|
|
|
# cd to the repository root
|
|
TOPLEVEL="$(cd $(dirname "$0") && git rev-parse --show-toplevel)"
|
|
cd "$TOPLEVEL"
|
|
|
|
set -xeuo pipefail
|
|
|
|
apply() {
|
|
kubectl apply --force-conflicts --server-side=true -f "deploy/components/${1}/${1}.gen.yaml"
|
|
}
|
|
|
|
# Namespaces first
|
|
apply namespaces
|
|
|
|
|
|
# Custom Resource Definitions
|
|
apply argocd-crds
|
|
apply rollouts-crds
|
|
apply gateway-api
|
|
apply external-secrets-crds
|
|
kubectl wait --for=condition=Established crd --all --timeout=300s
|
|
|
|
# External Secrets
|
|
apply external-secrets
|
|
# Cert Manager (CRDs are included)
|
|
apply cert-manager
|
|
# Wait for cert manager to be available so we can manage the cluster issuer
|
|
kubectl wait --for=condition=Available deployment/cert-manager-webhook -n cert-manager --timeout=300s
|
|
|
|
# Manage the cluster issuer (local-ca)
|
|
apply local-ca
|
|
if ! kubectl wait --for=condition=Ready clusterissuer/local-ca --timeout=30s; then
|
|
echo 'Did you forget to apply your local CA? See: https://holos.run/docs/local-cluster/#reset-the-cluster' >&2
|
|
exit 1
|
|
fi
|
|
|
|
# ArgoCD
|
|
apply argocd
|
|
apply app-projects
|
|
apply rollouts
|
|
|
|
# Kargo
|
|
kubectl wait --for=condition=Available deployment/external-secrets-webhook -n external-secrets --timeout=300s
|
|
apply kargo-secrets
|
|
apply kargo # includes crds
|
|
|
|
# Istio
|
|
apply istio-base
|
|
apply istiod
|
|
apply istio-cni
|
|
apply istio-ztunnel
|
|
apply istio-gateway
|
|
|
|
# Podinfo across multiple Stages for Kargo Demo
|
|
apply dev-podinfo
|
|
apply test-podinfo
|
|
apply uat-podinfo
|
|
apply prod-us-east-podinfo
|
|
apply prod-us-central-podinfo
|
|
apply prod-us-west-podinfo
|
|
|
|
if ! kubectl wait --for=condition=Ready pod -l k8s-app=istio-cni-node --timeout=300s -n istio-system; then
|
|
echo 'istio-cni-node not ready' >&2
|
|
exit 1
|
|
fi
|
|
# Routes should be accepted, but all backends aren't valid yet.
|
|
apply httproutes
|
|
|
|
# ArgoCD Applications
|
|
kubectl apply --force-conflicts --server-side=true -f deploy/gitops
|
|
|
|
# Kargo Projects. They need the webhook but we don't need them until later.
|
|
kubectl wait --for=condition=Available deployment/kargo-webhooks-server -n kargo --timeout=300s
|
|
|
|
set +x
|
|
echo
|
|
echo "httproutes:"
|
|
echo " - https://argocd.holos.localhost"
|
|
echo " - https://kargo.holos.localhost"
|
|
echo " - https://podinfo.holos.localhost"
|
|
echo
|
|
echo "Kargo admin password:"
|
|
echo " run: kubectl get secret -n kargo admin-credentials -o json | jq --exit-status -r '.data.password | @base64d'"
|
|
echo
|
|
set -x
|
|
|
|
exit 0
|