#!/bin/bash # Bakery IA HTTPS Setup Script # This script sets up HTTPS with cert-manager and Let's Encrypt for local development set -e echo "๐Ÿ”’ Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt" echo "===============================================================" # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Function to print colored output print_status() { echo -e "${BLUE}[INFO]${NC} $1" } print_success() { echo -e "${GREEN}[SUCCESS]${NC} $1" } print_warning() { echo -e "${YELLOW}[WARNING]${NC} $1" } print_error() { echo -e "${RED}[ERROR]${NC} $1" } # Check prerequisites check_prerequisites() { print_status "Checking prerequisites..." # Check required tools local missing_tools=() if ! command -v kubectl &> /dev/null; then missing_tools+=("kubectl") fi if ! command -v kind &> /dev/null; then missing_tools+=("kind") fi if ! command -v skaffold &> /dev/null; then missing_tools+=("skaffold") fi if ! command -v colima &> /dev/null; then missing_tools+=("colima") fi # Report missing tools if [ ${#missing_tools[@]} -ne 0 ]; then print_error "Missing required tools: ${missing_tools[*]}" print_error "Please install them with: brew install ${missing_tools[*]}" exit 1 fi # Check if Colima is running if ! colima status --profile k8s-local &> /dev/null; then print_error "Colima is not running. Please start it with:" print_error "colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local" exit 1 fi # Check if cluster is running if ! kubectl cluster-info &> /dev/null; then print_error "No Kubernetes cluster found. Please create your Kind cluster first:" print_error "kind create cluster --name bakery-ia-local" exit 1 fi print_success "Prerequisites check passed" } # Install cert-manager install_cert_manager() { print_status "Installing cert-manager..." # Install cert-manager kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml # Wait for cert-manager to be ready print_status "Waiting for cert-manager pods to be ready..." kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s print_success "cert-manager installed successfully" } # Install NGINX Ingress Controller install_nginx_ingress() { print_status "Installing NGINX Ingress Controller for Kind..." # Install NGINX Ingress Controller for Kind (correct URL) kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml # Wait for ingress controller to be ready print_status "Waiting for NGINX Ingress Controller to be ready..." kubectl wait --namespace ingress-nginx \ --for=condition=ready pod \ --selector=app.kubernetes.io/component=controller \ --timeout=300s print_success "NGINX Ingress Controller installed successfully" } # Setup cluster issuers setup_cluster_issuers() { print_status "Setting up cluster issuers..." # Apply cluster issuers kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml # Wait a bit for the issuers to be created sleep 10 # Check if issuers are ready print_status "Checking cluster issuer status..." kubectl get clusterissuers print_success "Cluster issuers configured successfully" } # Deploy the application with HTTPS using Skaffold deploy_with_https() { print_status "Deploying Bakery IA with HTTPS support using Skaffold..." # Check if Skaffold is available if ! command -v skaffold &> /dev/null; then print_error "Skaffold is not installed. Please install skaffold first:" print_error "brew install skaffold" exit 1 fi # Deploy with Skaffold (builds and deploys automatically) print_status "Building and deploying with Skaffold..." skaffold run --profile=dev # Apply the HTTPS ingress patch print_status "Applying HTTPS configuration..." kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml print_status "Waiting for deployments to be ready..." kubectl wait --for=condition=available --timeout=300s deployment --all -n bakery-ia print_success "Application deployed with HTTPS support using Skaffold" } # Check certificate status check_certificates() { print_status "Checking certificate status..." # Wait for certificate to be issued sleep 30 echo "" echo "Certificate status:" kubectl get certificates -n bakery-ia echo "" echo "Certificate details:" kubectl describe certificate bakery-ia-tls-cert -n bakery-ia echo "" echo "TLS secret status:" kubectl get secret bakery-ia-tls-cert -n bakery-ia } # Update hosts file update_hosts_file() { print_status "Checking hosts file configuration..." # Get the external IP for Kind EXTERNAL_IP="127.0.0.1" # Check if entries exist in hosts file if ! grep -q "bakery-ia.local" /etc/hosts; then print_warning "Please add the following entries to your /etc/hosts file:" echo "" echo "sudo tee -a /etc/hosts << EOF" echo "$EXTERNAL_IP bakery-ia.local" echo "$EXTERNAL_IP api.bakery-ia.local" echo "$EXTERNAL_IP monitoring.bakery-ia.local" echo "EOF" echo "" else print_success "Hosts file entries already exist" fi } # Export CA certificate for browser trust export_ca_certificate() { print_status "Exporting CA certificate for browser trust..." # Wait for CA certificate to be created sleep 10 # Extract the CA certificate kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt print_success "CA certificate exported as 'bakery-ia-ca.crt'" print_warning "To trust this certificate in your browser:" echo " 1. Import 'bakery-ia-ca.crt' into your browser's certificate store" echo " 2. Mark it as trusted for website authentication" echo "" print_warning "For macOS: Add to Keychain Access and set to 'Always Trust'" print_warning "For Linux: Add to /usr/local/share/ca-certificates/ and run 'sudo update-ca-certificates'" } # Display access information display_access_info() { print_success "๐ŸŽ‰ HTTPS setup completed!" echo "" echo "Access your application at:" echo " ๐ŸŒ Frontend: https://bakery-ia.local" echo " ๐Ÿ”— API: https://api.bakery-ia.local" echo " ๐Ÿ“Š Monitoring: https://monitoring.bakery-ia.local" echo "" echo "Useful commands:" echo " ๐Ÿ“‹ Check pods: kubectl get pods -n bakery-ia" echo " ๐Ÿ” Check ingress: kubectl get ingress -n bakery-ia" echo " ๐Ÿ“œ Check certificates: kubectl get certificates -n bakery-ia" echo " ๐Ÿ“ View logs: kubectl logs -f deployment/ -n bakery-ia" echo " ๐Ÿš€ Run Skaffold dev mode: skaffold dev --profile=dev" echo " ๐Ÿงน Clean up: skaffold delete" echo "" print_warning "Note: You may see certificate warnings until you import the CA certificate into your browser" } # Main execution main() { echo "Starting HTTPS setup for Bakery IA..." check_prerequisites install_cert_manager install_nginx_ingress setup_cluster_issuers deploy_with_https check_certificates update_hosts_file export_ca_certificate display_access_info print_success "Setup completed successfully! ๐Ÿš€" } # Run main function main "$@"