nkreiger · February 3, 2025 19:15
diff --git a/install_dependencies.sh b/install_dependencies.sh
 #!/bin/bash
 # bashsupport disable=BP5006

 set -euo pipefail

 ##############################################################################
 # Global Script Variables
 ##############################################################################
 SCRIPT="$(command -v "$0")"
 if [[ ! "$SCRIPT" =~ ^/ ]]; then SCRIPT="$PWD/$SCRIPT"; fi
 SCRIPT_DIR="${SCRIPT%/*}"
 SCRIPT_PARENT_DIR="$(dirname "$SCRIPT_DIR")"
 SCRIPT_FILE="$(basename "$SCRIPT")"

 # Default Parameters
 VALUES_FILE_APP=${VALUES_FILE_APP:-"values/fianu/values.yaml"}
 VALUES_FILE_MAIN=${VALUES_FILE_MAIN:-"values/master.yaml"}

 ##############################################################################
 # Logging helper for structured logs
 ##############################################################################
 log() {
  local level="$1"
  local action="$2"
  local details="$3"
  echo "$(date +'%Y-%m-%d %H:%M:%S') | LEVEL=$level | ACTION=$action | DETAILS=$details"
 }

 ##############################################################################
 # Namespace Utilities
 ##############################################################################
 namespace_exists() {
  local ns="$1"
  kubectl get namespace "$ns" &>/dev/null
 }

 create_namespace_helm_managed() {
  local ns="$1"
  local release_ns="$2"
  local release_name="$3"

  if ! namespace_exists "$ns"; then
    echo "creating and patching namespace for helm: $ns" >&2
    kubectl create namespace "$ns"
    kubectl patch namespace "$ns" -p '{"metadata":{"labels":{"app.kubernetes.io/managed-by":"Helm"},"annotations":{"meta.helm.sh/release-name":"'"$release_name"'","meta.helm.sh/release-namespace":"'"$release_ns"'"}}}'
  fi
 }

 ##############################################################################
 # Check if a component is enabled in master.yaml
 ##############################################################################
 is_component_enabled() {
  local component="$1"
  local enabled_value

  # Look for lines under "component:" until we find "enabled:"
  enabled_value=$(grep -A 1 -E "^\s*${component}:\s*$" "$VALUES_FILE_MAIN" \
    | grep -E 'enabled:' \
    | awk -F ': ' '{print $2}' \
    | tr -d '[:space:]')

  [[ "$enabled_value" == "true" ]]
 }

 ##############################################################################
 # Generalized Component Installer
 ##############################################################################
 install_component() {
  local component="$1"
  local default_ns="$2"

  # Determine final namespace from environment variable override
  # e.g., EXTERNAL_SECRETS_NAMESPACE, KAFKA_NAMESPACE, etc.
  local upper_component
  upper_component=$(echo "$component" | tr '[:lower:]' '[:upper:]')
  local ns_var="${upper_component}_NAMESPACE"
  # If $ns_var is set, use it; otherwise, fall back to $default_ns
  local namespace="${!ns_var:-$default_ns}"

  log "INFO" "$component" "Checking if $component is enabled..."

  if is_component_enabled "$component"; then
    log "INFO" "$component" "Installing $component into namespace $namespace"

    # Create the namespace if it doesn't exist
    create_namespace_helm_managed "$namespace" "$namespace" "$component"

    # Base flags: disable everything except the target component
    # "core" and "plugins" appear in your script, so we disable them too
    local helm_flags="\
      --set external-secrets.enabled=false \
      --set kafka.enabled=false \
      --set knative.enabled=false \
      --set keycloak.enabled=false \
      --set openfga.enabled=false \
      --set sigstore.enabled=false \
      --set core.enabled=false \
      --set plugins.enabled=false \
      --set ingress.enabled=false \
      --set ${component}.enabled=true \
    "

    # Some components require extra flags or multiple namespaces
    case "$component" in
      openfga)
        helm_flags+=" --set openfga.datastore.applyMigrations=true"
        ;;
      sigstore)
        helm_flags+=" --set sigstore.fulcio.createcerts.enabled=true"
        helm_flags+=" --set sigstore.copySecretJob.enabled=true"
        ;;
      keycloak)
        helm_flags+=" --set keycloak.keycloakConfigCli.enabled=true"
        ;;
      knative)
        # Knative script calls for two extra namespaces: knative-serving, knative-eventing
        create_namespace_helm_managed "$namespace" "$namespace" "knative-serving"
        create_namespace_helm_managed "$namespace" "$namespace" "knative-eventing"
        ;;
    esac

    # Perform the Helm install/upgrade
    helm upgrade "$component" . \
      --install \
      --namespace "$namespace" \
      --create-namespace \
      --values "$VALUES_FILE_APP" \
      --values "$VALUES_FILE_MAIN" \
      $helm_flags \
      --timeout 5m

    if [[ $? -ne 0 ]]; then
      log "ERROR" "$component" "Failed to install $component. Exiting."
      exit 1
    fi

    log "SUCCESS" "$component" "$component installed successfully."
  else
    log "INFO" "$component" "Skipping $component as it is disabled in master.yaml"
  fi
 }

 ##############################################################################
 # Main Control Flow
 ##############################################################################
 main() {
  log "INFO" "Script Start" "Fianu Core installation script started."

  # Install components in your desired order
  install_component "external-secrets" "external-secrets"
  install_component "kafka" "kafka"
  install_component "knative" "default"  # old script used "default" for Knative
  install_component "keycloak" "keycloak"
  install_component "openfga" "openfga"
  install_component "sigstore" "sigstore"

  log "SUCCESS" "Script Completion" "Fianu installation script completed successfully."
 }

 main
	#!/bin/bash
	# bashsupport disable=BP5006

	set -euo pipefail

	##############################################################################
	# Global Script Variables
	##############################################################################
	SCRIPT="$(command -v "$0")"
	if [[ ! "$SCRIPT" =~ ^/ ]]; then SCRIPT="$PWD/$SCRIPT"; fi
	SCRIPT_DIR="${SCRIPT%/*}"
	SCRIPT_PARENT_DIR="$(dirname "$SCRIPT_DIR")"
	SCRIPT_FILE="$(basename "$SCRIPT")"

	# Default Parameters
	VALUES_FILE_APP=${VALUES_FILE_APP:-"values/fianu/values.yaml"}
	VALUES_FILE_MAIN=${VALUES_FILE_MAIN:-"values/master.yaml"}

	##############################################################################
	# Logging helper for structured logs
	##############################################################################
	log() {
	local level="$1"
	local action="$2"
	local details="$3"
	echo "$(date +'%Y-%m-%d %H:%M:%S') \| LEVEL=$level \| ACTION=$action \| DETAILS=$details"
	}

	##############################################################################
	# Namespace Utilities
	##############################################################################
	namespace_exists() {
	local ns="$1"
	kubectl get namespace "$ns" &>/dev/null
	}

	create_namespace_helm_managed() {
	local ns="$1"
	local release_ns="$2"
	local release_name="$3"

	if ! namespace_exists "$ns"; then
	echo "creating and patching namespace for helm: $ns" >&2
	kubectl create namespace "$ns"
	kubectl patch namespace "$ns" -p '{"metadata":{"labels":{"app.kubernetes.io/managed-by":"Helm"},"annotations":{"meta.helm.sh/release-name":"'"$release_name"'","meta.helm.sh/release-namespace":"'"$release_ns"'"}}}'
	fi
	}

	##############################################################################
	# Check if a component is enabled in master.yaml
	##############################################################################
	is_component_enabled() {
	local component="$1"
	local enabled_value

	# Look for lines under "component:" until we find "enabled:"
	enabled_value=$(grep -A 1 -E "^\s${component}:\s$" "$VALUES_FILE_MAIN" \
	\| grep -E 'enabled:' \
	\| awk -F ': ' '{print $2}' \
	\| tr -d '[:space:]')

	[[ "$enabled_value" == "true" ]]
	}

	##############################################################################
	# Generalized Component Installer
	##############################################################################
	install_component() {
	local component="$1"
	local default_ns="$2"

	# Determine final namespace from environment variable override
	# e.g., EXTERNAL_SECRETS_NAMESPACE, KAFKA_NAMESPACE, etc.
	local upper_component
	upper_component=$(echo "$component" \| tr '[:lower:]' '[:upper:]')
	local ns_var="${upper_component}_NAMESPACE"
	# If $ns_var is set, use it; otherwise, fall back to $default_ns
	local namespace="${!ns_var:-$default_ns}"

	log "INFO" "$component" "Checking if $component is enabled..."

	if is_component_enabled "$component"; then
	log "INFO" "$component" "Installing $component into namespace $namespace"

	# Create the namespace if it doesn't exist
	create_namespace_helm_managed "$namespace" "$namespace" "$component"

	# Base flags: disable everything except the target component
	# "core" and "plugins" appear in your script, so we disable them too
	local helm_flags="\
	--set external-secrets.enabled=false \
	--set kafka.enabled=false \
	--set knative.enabled=false \
	--set keycloak.enabled=false \
	--set openfga.enabled=false \
	--set sigstore.enabled=false \
	--set core.enabled=false \
	--set plugins.enabled=false \
	--set ingress.enabled=false \
	--set ${component}.enabled=true \
	"

	# Some components require extra flags or multiple namespaces
	case "$component" in
	openfga)
	helm_flags+=" --set openfga.datastore.applyMigrations=true"
	;;
	sigstore)
	helm_flags+=" --set sigstore.fulcio.createcerts.enabled=true"
	helm_flags+=" --set sigstore.copySecretJob.enabled=true"
	;;
	keycloak)
	helm_flags+=" --set keycloak.keycloakConfigCli.enabled=true"
	;;
	knative)
	# Knative script calls for two extra namespaces: knative-serving, knative-eventing
	create_namespace_helm_managed "$namespace" "$namespace" "knative-serving"
	create_namespace_helm_managed "$namespace" "$namespace" "knative-eventing"
	;;
	esac

	# Perform the Helm install/upgrade
	helm upgrade "$component" . \
	--install \
	--namespace "$namespace" \
	--create-namespace \
	--values "$VALUES_FILE_APP" \
	--values "$VALUES_FILE_MAIN" \
	$helm_flags \
	--timeout 5m

	if [[ $? -ne 0 ]]; then
	log "ERROR" "$component" "Failed to install $component. Exiting."
	exit 1
	fi

	log "SUCCESS" "$component" "$component installed successfully."
	else
	log "INFO" "$component" "Skipping $component as it is disabled in master.yaml"
	fi
	}

	##############################################################################
	# Main Control Flow
	##############################################################################
	main() {
	log "INFO" "Script Start" "Fianu Core installation script started."

	# Install components in your desired order
	install_component "external-secrets" "external-secrets"
	install_component "kafka" "kafka"
	install_component "knative" "default" # old script used "default" for Knative
	install_component "keycloak" "keycloak"
	install_component "openfga" "openfga"
	install_component "sigstore" "sigstore"

	log "SUCCESS" "Script Completion" "Fianu installation script completed successfully."
	}

	main