Consolidate Flux Install

docs/2_getting_started.md

@@ -14,7 +14,6 @@ Table of Contents
 
 - Admin tools
   - [Docker](https://docs.docker.com/engine/install/)
-  - [Flux CLI](https://toolkit.fluxcd.io/get-started/#install-the-flux-cli):     `brew install fluxcd/tap/flux`
   - [Git](https://git-scm.com/download/)
   - [Helm](https://helm.sh/docs/intro/install/)
   - [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
@@ -29,30 +28,24 @@ Table of Contents
 
 ## Flux Installation
 
-[Flux v2](https://toolkit.fluxcd.io/) must be installed into the Kubernetes cluster before deploying Big Bang.  There are three options for doing this:
+[Flux v2](https://toolkit.fluxcd.io/) must be installed into the Kubernetes cluster before deploying Big Bang:
 
-1. (Recommended) Deploy officially through [Iron Bank](registry1.dso.mil)
+1. Deploy officially through [Iron Bank](registry1.dso.mil)
 
-    ```bash
-    # The script will do the following:
-    #   Check flux prerequisites
-    #   Interactively login to Iron Bank and store credentials in Secret
-    #   Install flux into Kubernetes cluster using Iron Bank repo
-    #   Remove Iron Bank credentials from cluster
-    hack/flux-install.sh
-    ```
+Official flux installation helper script:
 
-1. Deploy unofficially through [Big Bang's Repo](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/fluxv2/container_registry)
-
-   ```bash
-   flux install --registry registry.dso.mil/platform-one/big-bang/apps/sandbox/fluxv2
-   ```
+```
+./scripts/install_flux.sh --help
+```
 
-1. Deploy for development through [DockerHub](https://hub.docker.com/search?q=fluxcd)
+Example baseline IronBank deployment:
 
-   ```bash
-   flux install
-   ```
+```
+./scripts/install_flux.sh \
+  --registry-username "$REGISTRY_USERNAME" \
+  --registry-password "$REGISTRY_PASSWORD" \
+  --registry-email "$REGISTRY_EMAIL"
+```
 
 ## Configuration Template
 

scripts/deploy/00_deploy_flux.sh

+#!/usr/bin/env bash
+
+set -ex
+
+# install flux with the dedicated helper script
+./scripts/install_flux.sh \
+  --registry-username 'robot$bigbang' \
+  --registry-password "$REGISTRY1_PASSWORD" \
+  --registry-email bigbang@bigbang.dev 
\ No newline at end of file

scripts/deploy/01_deploy_bigbang.sh

@@ -4,30 +4,6 @@ set -ex
 
 CI_VALUES_FILE="tests/ci/k3d/values.yaml"
 
-# Deploy flux and wait for it to be ready
-echo "Installing Flux"
-flux --version
-flux check --pre
-
-# create flux namespace
-kubectl create ns flux-system || true
-
-# delete flux private-registry secret
-kubectl delete secret private-registry -n flux-system || true
-
-# create flux private-registry secret
-kubectl create secret docker-registry private-registry -n flux-system \
-   --docker-server=registry1.dso.mil \
-   --docker-username='robot$bigbang' \
-   --docker-password=${REGISTRY1_PASSWORD} \
-   --docker-email=bigbang@bigbang.dev || true
-
-# install flux
-kubectl apply -f ./scripts/deploy/flux.yaml
-
-# wait for flux
-flux check
-
 if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]]; then
   echo "On default branch, enabling all addons"
   yq e ".addons.*.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
@@ -46,15 +22,16 @@ echo "Installing BigBang with the following configurations:"
 cat $CI_VALUES_FILE
 
 helm upgrade -i bigbang chart -n bigbang --create-namespace \
---set registryCredentials[0].username='robot$bigbang' --set registryCredentials[0].password=${REGISTRY1_PASSWORD} \
---set registryCredentials[0].registry=registry1.dso.mil \
--f ${CI_VALUES_FILE}
+  --set registryCredentials[0].username='robot$bigbang' \
+  --set registryCredentials[0].password="$REGISTRY1_PASSWORD" \
+  --set registryCredentials[0].registry=registry1.dso.mil \
+  -f ${CI_VALUES_FILE}
 
 # apply secrets kustomization pointing to current branch
 echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
-if [[ -z "${CI_COMMIT_TAG}" ]]; then
-  cat tests/ci/shared-secrets.yaml | sed 's|master|'$CI_COMMIT_REF_NAME'|g' | kubectl apply -f -
+if [ -z "$CI_COMMIT_TAG" ]; then
+  cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
 else
   # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
-  cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '$CI_COMMIT_REF_NAME'|g' | kubectl apply -f -
+  cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
 fi
\ No newline at end of file

scripts/install_flux.sh

+#!/usr/bin/env bash
+
+set -e
+
+# flux install --version=v0.7.7 --registry=registry1.dso.mil/ironbank/fluxcd --image-pull-secret=private-registry --export > flux.yaml
+
+#
+# global defaults
+#
+
+REGISTRY_URL=registry1.dso.mil
+FLUX_MANIFEST=scripts/deploy/flux.yaml
+FLUX_SECRET=private-registry
+WAIT_TIMEOUT=120
+
+
+#
+# helper functions
+#
+
+# script help message
+function help {
+  cat << EOF
+usage: $(basename "$0") <arguments>
+-h|--help              - print this help message and exit
+-u|--registry-username - (required) registry username to use for flux installation
+-p|--registry-password - (required) registry password to use for flux installation
+-w|--wait-timeout      - (optional, default: 120) how long to wait; in seconds, for each key flux resource component
+EOF
+}
+
+#
+# cli parsing
+#
+
+PARAMS=""
+while (( "$#" )); do
+  case "$1" in
+    # registry username required argument
+    -u|--registry-username)
+      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+        REGISTRY_USERNAME=$2
+        shift 2
+      else
+        echo "Error: Argument for $1 is missing" >&2
+        help; exit 1
+      fi
+      ;;
+    # registry password required argument
+    -p|--registry-password)
+      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+        REGISTRY_PASSWORD=$2
+        shift 2
+      else
+        echo "Error: Argument for $1 is missing" >&2
+        help; exit 1
+      fi
+      ;;
+    # registry email required argument
+    -e|--registry-email)
+      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+        REGISTRY_EMAIL=$2
+        shift 2
+      else
+        echo "Error: Argument for $1 is missing" >&2
+        help; exit 1
+      fi
+      ;;
+    # wait timeout optional argument
+    -w|--wait-timeout)
+      if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
+        WAIT_TIMEOUT=$2
+        shift 2
+      else
+        echo "Error: Argument for $1 is missing" >&2
+        help; exit 1
+      fi
+      ;;
+    # help flag
+    -h|--help)
+      help; exit 0
+      ;;
+    # unsupported flags
+    -*|--*=)
+      echo "Error: Unsupported flag $1" >&2
+      help; exit 1
+      ;;
+    # preserve positional arguments
+    *)
+      PARAMS="$PARAMS $1"
+      shift
+      ;;
+  esac
+done
+
+# check required arguments
+if [ -z "$REGISTRY_USERNAME" ] || [ -z "$REGISTRY_PASSWORD" ]; then
+  help; exit 1
+fi
+
+# debug print cli args
+echo "REGISTRY_URL: $REGISTRY_URL"
+echo "REGISTRY_USERNAME: $REGISTRY_USERNAME"
+
+
+#
+# install flux
+#
+
+kubectl create namespace flux-system || true
+
+
+echo "Creating secret $FLUX_SECRET in namespace flux-system"
+kubectl create secret docker-registry "$FLUX_SECRET" -n flux-system \
+  --docker-server="$REGISTRY_URL" \
+  --docker-username="$REGISTRY_USERNAME" \
+  --docker-password="$REGISTRY_PASSWORD" \
+  --docker-email="$REGISTRY_EMAIL" \
+  --dry-run=client -o yaml | kubectl apply -n flux-system -f -
+
+echo "Installing flux from manifest"
+kubectl apply -f "$FLUX_MANIFEST" 
+
+#
+# verify flux
+#
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/helm-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/source-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/kustomize-controller"
+kubectl wait --for=condition=available --timeout "${WAIT_TIMEOUT}s" -n "flux-system" "deployment/notification-controller"