bakery-admin/bakery-ia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
83f1d9df871bf21338b29ebc4fd177425da765dd
bakery-ia/setup-https.sh
Urtzi Alfaro 3816383760 Add base kubernetes support final
2025-09-28 13:54:28 +02:00

256 lines
7.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Bakery IA HTTPS Setup Script
# This script sets up HTTPS with cert-manager and Let's Encrypt for local development
set -e
echo "🔒 Setting up HTTPS for Bakery IA with cert-manager and Let's Encrypt"
echo "==============================================================="
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Function to print colored output
print_status() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check prerequisites
check_prerequisites() {
print_status "Checking prerequisites..."
# Check required tools
local missing_tools=()
if ! command -v kubectl &> /dev/null; then
missing_tools+=("kubectl")
fi
if ! command -v kind &> /dev/null; then
missing_tools+=("kind")
fi
if ! command -v skaffold &> /dev/null; then
missing_tools+=("skaffold")
fi
if ! command -v colima &> /dev/null; then
missing_tools+=("colima")
fi
# Report missing tools
if [ ${#missing_tools[@]} -ne 0 ]; then
print_error "Missing required tools: ${missing_tools[*]}"
print_error "Please install them with: brew install ${missing_tools[*]}"
exit 1
fi
# Check if Colima is running
if ! colima status --profile k8s-local &> /dev/null; then
print_error "Colima is not running. Please start it with:"
print_error "colima start --cpu 4 --memory 8 --disk 50 --runtime docker --profile k8s-local"
exit 1
fi
# Check if cluster is running
if ! kubectl cluster-info &> /dev/null; then
print_error "No Kubernetes cluster found. Please create your Kind cluster first:"
print_error "kind create cluster --name bakery-ia-local"
exit 1
fi
print_success "Prerequisites check passed"
}
# Install cert-manager
install_cert_manager() {
print_status "Installing cert-manager..."
# Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.yaml
# Wait for cert-manager to be ready
print_status "Waiting for cert-manager pods to be ready..."
kubectl wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager -n cert-manager --timeout=300s
print_success "cert-manager installed successfully"
}
# Install NGINX Ingress Controller
install_nginx_ingress() {
print_status "Installing NGINX Ingress Controller for Kind..."
# Install NGINX Ingress Controller for Kind (correct URL)
kubectl apply -f https://kind.sigs.k8s.io/examples/ingress/deploy-ingress-nginx.yaml
# Wait for ingress controller to be ready
print_status "Waiting for NGINX Ingress Controller to be ready..."
kubectl wait --namespace ingress-nginx \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=controller \
--timeout=300s
print_success "NGINX Ingress Controller installed successfully"
}
# Setup cluster issuers
setup_cluster_issuers() {
print_status "Setting up cluster issuers..."
# Apply cluster issuers
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-staging.yaml
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/local-ca-issuer.yaml
kubectl apply -f infrastructure/kubernetes/base/components/cert-manager/cluster-issuer-production.yaml
# Wait a bit for the issuers to be created
sleep 10
# Check if issuers are ready
print_status "Checking cluster issuer status..."
kubectl get clusterissuers
print_success "Cluster issuers configured successfully"
}
# Deploy the application with HTTPS using Skaffold
deploy_with_https() {
print_status "Deploying Bakery IA with HTTPS support using Skaffold..."
# Check if Skaffold is available
if ! command -v skaffold &> /dev/null; then
print_error "Skaffold is not installed. Please install skaffold first:"
print_error "brew install skaffold"
exit 1
fi
# Deploy with Skaffold (builds and deploys automatically)
print_status "Building and deploying with Skaffold..."
skaffold run --profile=dev
# Apply the HTTPS ingress patch
print_status "Applying HTTPS configuration..."
kubectl patch ingress bakery-ingress -n bakery-ia --patch-file infrastructure/kubernetes/overlays/dev/ingress-https-patch.yaml
print_status "Waiting for deployments to be ready..."
kubectl wait --for=condition=available --timeout=300s deployment --all -n bakery-ia
print_success "Application deployed with HTTPS support using Skaffold"
}
# Check certificate status
check_certificates() {
print_status "Checking certificate status..."
# Wait for certificate to be issued
sleep 30
echo ""
echo "Certificate status:"
kubectl get certificates -n bakery-ia
echo ""
echo "Certificate details:"
kubectl describe certificate bakery-ia-tls-cert -n bakery-ia
echo ""
echo "TLS secret status:"
kubectl get secret bakery-ia-tls-cert -n bakery-ia
}
# Update hosts file
update_hosts_file() {
print_status "Checking hosts file configuration..."
# Get the external IP for Kind
EXTERNAL_IP="127.0.0.1"
# Check if entries exist in hosts file
if ! grep -q "bakery-ia.local" /etc/hosts; then
print_warning "Please add the following entries to your /etc/hosts file:"
echo ""
echo "sudo tee -a /etc/hosts << EOF"
echo "$EXTERNAL_IP bakery-ia.local"
echo "$EXTERNAL_IP api.bakery-ia.local"
echo "$EXTERNAL_IP monitoring.bakery-ia.local"
echo "EOF"
echo ""
else
print_success "Hosts file entries already exist"
fi
}
# Export CA certificate for browser trust
export_ca_certificate() {
print_status "Exporting CA certificate for browser trust..."
# Wait for CA certificate to be created
sleep 10
# Extract the CA certificate
kubectl get secret local-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 -d > bakery-ia-ca.crt
print_success "CA certificate exported as 'bakery-ia-ca.crt'"
print_warning "To trust this certificate in your browser:"
echo " 1. Import 'bakery-ia-ca.crt' into your browser's certificate store"
echo " 2. Mark it as trusted for website authentication"
echo ""
print_warning "For macOS: Add to Keychain Access and set to 'Always Trust'"
print_warning "For Linux: Add to /usr/local/share/ca-certificates/ and run 'sudo update-ca-certificates'"
}
# Display access information
display_access_info() {
print_success "🎉 HTTPS setup completed!"
echo ""
echo "Access your application at:"
echo " 🌐 Frontend: https://bakery-ia.local"
echo " 🔗 API: https://api.bakery-ia.local"
echo " 📊 Monitoring: https://monitoring.bakery-ia.local"
echo ""
echo "Useful commands:"
echo " 📋 Check pods: kubectl get pods -n bakery-ia"
echo " 🔍 Check ingress: kubectl get ingress -n bakery-ia"
echo " 📜 Check certificates: kubectl get certificates -n bakery-ia"
echo " 📝 View logs: kubectl logs -f deployment/<service-name> -n bakery-ia"
echo " 🚀 Run Skaffold dev mode: skaffold dev --profile=dev"
echo " 🧹 Clean up: skaffold delete"
echo ""
print_warning "Note: You may see certificate warnings until you import the CA certificate into your browser"
}
# Main execution
main() {
echo "Starting HTTPS setup for Bakery IA..."
check_prerequisites
install_cert_manager
install_nginx_ingress
setup_cluster_issuers
deploy_with_https
check_certificates
update_hosts_file
export_ca_certificate
display_access_info
print_success "Setup completed successfully! 🚀"
}
# Run main function
main "$@"
Reference in New Issue View Git Blame Copy Permalink