#!/bin/bash # bashsupport disable=BP5006 set -euo pipefail ############################################################################## # Global Script Variables ############################################################################## SCRIPT="$(command -v "$0")" if [[ ! "$SCRIPT" =~ ^/ ]]; then SCRIPT="$PWD/$SCRIPT"; fi SCRIPT_DIR="${SCRIPT%/*}" SCRIPT_PARENT_DIR="$(dirname "$SCRIPT_DIR")" SCRIPT_FILE="$(basename "$SCRIPT")" # Default Parameters VALUES_FILE_APP=${VALUES_FILE_APP:-"values/fianu/values.yaml"} VALUES_FILE_MAIN=${VALUES_FILE_MAIN:-"values/main.yaml"} VALUES_FILE_DEP=${VALUES_FILE_DEP:-"values/dependencies.yaml"} VALUES_FILE_IMAGES=${VALUES_FILE_IMAGES:-"values/dependencies-images.yaml"} ############################################################################## # Logging helper for structured logs ############################################################################## log() { local level="$1" local action="$2" local details="$3" echo "$(date +'%Y-%m-%d %H:%M:%S') | LEVEL=$level | ACTION=$action | DETAILS=$details" } ############################################################################## # Namespace Utilities ############################################################################## namespace_exists() { local ns="$1" kubectl get namespace "$ns" &>/dev/null } create_namespace_helm_managed() { local ns="$1" local release_ns="$2" local release_name="$3" if ! namespace_exists "$ns"; then echo "creating and patching namespace for helm: $ns" >&2 kubectl create namespace "$ns" kubectl patch namespace "$ns" -p '{"metadata":{"labels":{"app.kubernetes.io/managed-by":"Helm"},"annotations":{"meta.helm.sh/release-name":"'"$release_name"'","meta.helm.sh/release-namespace":"'"$release_ns"'"}}}' fi } ############################################################################## # Check if a component is enabled in master.yaml ############################################################################## is_component_enabled() { local component="$1" local enabled_value # Look for lines under "component:" until we find "enabled:" enabled_value=$(grep -A 1 -E "^\s*${component}:\s*$" "$VALUES_FILE_DEP" \ | grep -E 'enabled:' \ | awk -F ': ' '{print $2}' \ | tr -d '[:space:]') [[ "$enabled_value" == "true" ]] } ############################################################################## # Generalized Component Installer ############################################################################## install_component() { local component="$1" local default_ns="$2" # Determine final namespace from environment variable override # e.g., EXTERNAL_SECRETS_NAMESPACE, KAFKA_NAMESPACE, etc. local upper_component upper_component=$(echo "$component" | tr '[:lower:]' '[:upper:]') local ns_var="${upper_component}_NAMESPACE" # If $ns_var is set, use it; otherwise, fall back to $default_ns local namespace="${!ns_var:-$default_ns}" log "INFO" "$component" "Checking if $component is enabled..." if is_component_enabled "$component"; then log "INFO" "$component" "Installing $component into namespace $namespace" # Create the namespace if it doesn't exist create_namespace_helm_managed "$namespace" "$namespace" "$component" # Base flags: disable everything except the target component # "core" and "plugins" appear in your script, so we disable them too local helm_flags="\ --set external-secrets.enabled=false \ --set kafka.enabled=false \ --set knative.enabled=false \ --set keycloak.enabled=false \ --set openfga.enabled=false \ --set sigstore.enabled=false \ --set fianu-core.enabled=false \ --set fianu-plugins.enabled=false \ --set nginx.enabled=false \ --set ${component}.enabled=true \ " # Some components require extra flags or multiple namespaces case "$component" in openfga) helm_flags+=" --set openfga.datastore.applyMigrations=true" ;; sigstore) helm_flags+=" --set sigstore.fulcio.createcerts.enabled=true" helm_flags+=" --set sigstore.copySecretJob.enabled=true" ;; keycloak) helm_flags+=" --set keycloak.keycloakConfigCli.enabled=true" ;; knative) # Knative script calls for two extra namespaces: knative-serving, knative-eventing create_namespace_helm_managed "$namespace" "$namespace" "knative-serving" create_namespace_helm_managed "$namespace" "$namespace" "knative-eventing" create_namespace_helm_managed "$namespace" "$namespace" "kourier-system" ;; esac # Perform the Helm install/upgrade helm upgrade "$component" . \ --install \ --namespace "$namespace" \ --create-namespace \ --values "$VALUES_FILE_APP" \ --values "$VALUES_FILE_MAIN" \ --values "$VALUES_FILE_DEP" \ --values "$VALUES_FILE_IMAGES" \ $helm_flags \ --timeout 5m if [[ $? -ne 0 ]]; then log "ERROR" "$component" "Failed to install $component. Exiting." exit 1 fi log "SUCCESS" "$component" "$component installed successfully." else log "INFO" "$component" "Skipping $component as it is disabled in master.yaml" fi } ############################################################################## # Main Control Flow ############################################################################## main() { log "INFO" "Script Start" "Fianu Core installation script started." # Install components in your desired order install_component "external-secrets" "external-secrets" install_component "kafka" "kafka" install_component "knative" "default" # old script used "default" for Knative install_component "keycloak" "keycloak" install_component "openfga" "openfga" install_component "sigstore" "sigstore" install_component "nginx" "nginx" log "SUCCESS" "Script Completion" "Fianu installation script completed successfully." } main