diff --git a/docs/2_getting_started.md b/docs/2_getting_started.md
index 65d1f5283eb131f5cb33310618eb108dbf46749a..6b9314ebff2bdf8c28ba69f0cacc2e47c041f3e8 100644
--- a/docs/2_getting_started.md
+++ b/docs/2_getting_started.md
@@ -14,7 +14,6 @@ Table of Contents
- Admin tools
- [Docker](https://docs.docker.com/engine/install/)
- - [Flux CLI](https://toolkit.fluxcd.io/get-started/#install-the-flux-cli): `brew install fluxcd/tap/flux`
- [Git](https://git-scm.com/download/)
- [Helm](https://helm.sh/docs/intro/install/)
- [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
@@ -29,30 +28,24 @@ Table of Contents
## Flux Installation
-[Flux v2](https://toolkit.fluxcd.io/) must be installed into the Kubernetes cluster before deploying Big Bang. There are three options for doing this:
+[Flux v2](https://toolkit.fluxcd.io/) must be installed into the Kubernetes cluster before deploying Big Bang:
-1. (Recommended) Deploy officially through [Iron Bank](registry1.dso.mil)
+1. Deploy officially through [Iron Bank](registry1.dso.mil)
- ```bash
- # The script will do the following:
- # Check flux prerequisites
- # Interactively login to Iron Bank and store credentials in Secret
- # Install flux into Kubernetes cluster using Iron Bank repo
- # Remove Iron Bank credentials from cluster
- hack/flux-install.sh
- ```
+Official flux installation helper script:
-1. Deploy unofficially through [Big Bang's Repo](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/fluxv2/container_registry)
-
- ```bash
- flux install --registry registry.dso.mil/platform-one/big-bang/apps/sandbox/fluxv2
- ```
+```
+./scripts/install_flux.sh --help
+```
-1. Deploy for development through [DockerHub](https://hub.docker.com/search?q=fluxcd)
+Example baseline IronBank deployment:
- ```bash
- flux install
- ```
+```
+./scripts/install_flux.sh \
+ --registry-username "$REGISTRY_USERNAME" \
+ --registry-password "$REGISTRY_PASSWORD" \
+ --registry-email "$REGISTRY_EMAIL"
+```
## Configuration Template
diff --git a/scripts/deploy/00_deploy_flux.sh b/scripts/deploy/00_deploy_flux.sh
new file mode 100644
index 0000000000000000000000000000000000000000..e830e35eadafd3dc45725b614aab7b3fb00650f4
--- /dev/null
+++ b/scripts/deploy/00_deploy_flux.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+set -ex
+
+# install flux with the dedicated helper script
+./scripts/install_flux.sh \
+ --registry-username 'robot$bigbang' \
+ --registry-password "$REGISTRY1_PASSWORD" \
+ --registry-email bigbang@bigbang.dev
\ No newline at end of file
diff --git a/scripts/deploy/01_deploy_bigbang.sh b/scripts/deploy/01_deploy_bigbang.sh
index 640e40bb3625771803bf5b0455884c2cdbe72ccb..7d436401f0f2574b4718fe1282d3fe8463d4b51d 100755
--- a/scripts/deploy/01_deploy_bigbang.sh
+++ b/scripts/deploy/01_deploy_bigbang.sh
@@ -4,30 +4,6 @@ set -ex
CI_VALUES_FILE="tests/ci/k3d/values.yaml"
-# Deploy flux and wait for it to be ready
-echo "Installing Flux"
-flux --version
-flux check --pre
-
-# create flux namespace
-kubectl create ns flux-system || true
-
-# delete flux private-registry secret
-kubectl delete secret private-registry -n flux-system || true
-
-# create flux private-registry secret
-kubectl create secret docker-registry private-registry -n flux-system \
- --docker-server=registry1.dso.mil \
- --docker-username='robot$bigbang' \
- --docker-password=${REGISTRY1_PASSWORD} \
- --docker-email=bigbang@bigbang.dev || true
-
-# install flux
-kubectl apply -f ./scripts/deploy/flux.yaml
-
-# wait for flux
-flux check
-
if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]]; then
echo "On default branch, enabling all addons"
yq e ".addons.*.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
@@ -46,15 +22,16 @@ echo "Installing BigBang with the following configurations:"
cat $CI_VALUES_FILE
helm upgrade -i bigbang chart -n bigbang --create-namespace \
---set registryCredentials[0].username='robot$bigbang' --set registryCredentials[0].password=${REGISTRY1_PASSWORD} \
---set registryCredentials[0].registry=registry1.dso.mil \
--f ${CI_VALUES_FILE}
+ --set registryCredentials[0].username='robot$bigbang' \
+ --set registryCredentials[0].password="$REGISTRY1_PASSWORD" \
+ --set registryCredentials[0].registry=registry1.dso.mil \
+ -f ${CI_VALUES_FILE}
# apply secrets kustomization pointing to current branch
echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
-if [[ -z "${CI_COMMIT_TAG}" ]]; then
- cat tests/ci/shared-secrets.yaml | sed 's|master|'$CI_COMMIT_REF_NAME'|g' | kubectl apply -f -
+if [ -z "$CI_COMMIT_TAG" ]; then
+ cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
else
# NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
- cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '$CI_COMMIT_REF_NAME'|g' | kubectl apply -f -
+ cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
fi
\ No newline at end of file
diff --git a/scripts/install_flux.sh b/scripts/install_flux.sh
new file mode 100755
index 0000000000000000000000000000000000000000..24ff69a71e595a4970fd6a9bd7ac8ad5d64caf25
--- /dev/null
+++ b/scripts/install_flux.sh
@@ -0,0 +1,130 @@
+#!/usr/bin/env bash
+
+set -e
+
+# flux install --version=v0.7.7 --registry=registry1.dso.mil/ironbank/fluxcd --image-pull-secret=private-registry --export > flux.yaml
+
+#
+# global defaults
+#
+
+REGISTRY_URL=registry1.dso.mil
+FLUX_MANIFEST=scripts/deploy/flux.yaml
+FLUX_SECRET=private-registry
+WAIT_TIMEOUT=120
+
+
+#
+# helper functions
+#
+
+# script help message
+function help {
+ cat << EOF
+usage: $(basename "$0") <arguments>
+-h|--help - print this help message and exit
+-u|--registry-username - (required) registry username to use for flux installation
+-p|--registry-password - (required) registry password to use for flux installation
+-w|--wait-timeout - (optional, default: 120) how long to wait; in seconds, for each key flux resource component
+EOF
+}
+
+#
+# cli parsing
+#
+
+PARAMS=""
+while (( "$#" )); do
+ case "$1" in
+ # registry username required argument
+ -u|--registry-username)
+ if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+ REGISTRY_USERNAME=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ help; exit 1
+ fi
+ ;;
+ # registry password required argument
+ -p|--registry-password)
+ if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+ REGISTRY_PASSWORD=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ help; exit 1
+ fi
+ ;;
+ # registry email required argument
+ -e|--registry-email)
+ if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+ REGISTRY_EMAIL=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ help; exit 1
+ fi
+ ;;
+ # wait timeout optional argument
+ -w|--wait-timeout)
+ if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+ WAIT_TIMEOUT=$2
+ shift 2
+ else
+ echo "Error: Argument for $1 is missing" >&2
+ help; exit 1
+ fi
+ ;;
+ # help flag
+ -h|--help)
+ help; exit 0
+ ;;
+ # unsupported flags
+ -*|--*=)
+ echo "Error: Unsupported flag $1" >&2
+ help; exit 1
+ ;;
+ # preserve positional arguments
+ *)
+ PARAMS="$PARAMS $1"
+ shift
+ ;;
+ esac
+done
+
+# check required arguments
+if [ -z "$REGISTRY_USERNAME" ] || [ -z "$REGISTRY_PASSWORD" ]; then
+ help; exit 1
+fi
+
+# debug print cli args
+echo "REGISTRY_URL: $REGISTRY_URL"
+echo "REGISTRY_USERNAME: $REGISTRY_USERNAME"
+
+
+#
+# install flux
+#
+
+kubectl create namespace flux-system || true
+
+
+echo "Creating secret $FLUX_SECRET in namespace flux-system"
+kubectl create secret docker-registry "$FLUX_SECRET" -n flux-system \
+ --docker-server="$REGISTRY_URL" \
+ --docker-username="$REGISTRY_USERNAME" \
+ --docker-password="$REGISTRY_PASSWORD" \
+ --docker-email="$REGISTRY_EMAIL" \
+ --dry-run=client -o yaml | kubectl apply -n flux-system -f -
+
+echo "Installing flux from manifest"
+kubectl apply -f "$FLUX_MANIFEST"
+
+#
+# verify flux
+#
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/helm-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/source-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/kustomize-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/notification-controller"