feat(infra): initial end to end keycloak deployment guide

scripts/cert-issuer.sh

@@ -1,40 +1,76 @@
 #!/usr/bin/env bash
-
-## This script installs the cert-manager
 set -e
 
-echo "Installing cert-manager"
-
-# Label the ingress-basic namespace to disable resource validation
-kubectl label namespace ingress-basic cert-manager.io/disable-validation=true
-
-# Add the Jetstack Helm repository
-helm repo add jetstack https://charts.jetstack.io
-
-# Update your local Helm chart repository cache
-helm repo update
-
-# Install the cert-manager Helm chart
-helm install \
-  cert-manager jetstack/cert-manager \
-  --namespace cert-manager \
-  --create-namespace \
-  # --set installCRDs=true
-
-kubectl apply -f - <<EOF
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: letsencrypt
-  namespace: cert-manager
-spec:
-  acme:
-    server: https://acme-v02.api.letsencrypt.org/directory
-    email: tyler@eqtylab.io
-    privateKeySecretRef:
-      name: letsencrypt
-    solvers:
-      - http01:
-          ingress:
-            class: nginx
-EOF
+
+SOURCE="${BASH_SOURCE[0]}"
+while [ -h "$SOURCE" ]; do SOURCE="$(readlink "$SOURCE")"; done
+ROOTDIR="$(cd -P "$(dirname "$SOURCE")/.." && pwd)"
+
+# shellcheck source=./helpers/output.sh
+source "$ROOTDIR/scripts/helpers/output.sh"
+# shellcheck source=./helpers/assert.sh
+source "$ROOTDIR/scripts/helpers/assert.sh"
+
+# Function to display usage
+usage() {
+  echo -e "\
+Install cert-manager via Helm
+
+Usage: $0 [options]
+  -n, --namespace <namespace>     Namespace for cert-manager (default: $NAMESPACE)
+  -h, --help                      Show this help message
+
+Examples:
+  $0
+  $0 --namespace cert-manager
+"
+}
+
+# Install cert-manager
+install() {
+  print_info "Installing cert-manager"
+
+  # Add the Jetstack Helm repository
+  helm repo add jetstack https://charts.jetstack.io
+
+  # Update your local Helm chart repository cache
+  helm repo update
+
+  # Install the cert-manager Helm chart
+  helm install \
+    cert-manager jetstack/cert-manager \
+    --namespace "$NAMESPACE" \
+    --create-namespace \
+    --set crds.enabled=true
+
+  print_info "cert-manager installed"
+}
+
+# Default values
+NAMESPACE="ingress-nginx"
+
+# Parse arguments
+while [[ $# -gt 0 ]]; do
+  case $1 in
+  -n | --namespace)
+    NAMESPACE="$2"
+    shift 2
+    ;;
+  -h | --help)
+    usage
+    exit 0
+    ;;
+  *)
+    print_error "Unknown option: $1"
+    usage
+    exit 1
+    ;;
+  esac
+done
+
+# Validate prerequisites
+assert_is_installed "helm"
+assert_is_installed "kubectl"
+
+# Install cert-manager
+install

scripts/helpers/array.sh

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+# Returns 0 if the given item (needle) is in the given array (haystack); returns 1 otherwise.
+function array_contains {
+  local -r needle="$1"
+  shift
+  local -ra haystack=("$@")
+
+  local item
+  for item in "${haystack[@]}"; do
+    if [[ "$item" == "$needle" ]]; then
+      return 0
+    fi
+  done
+
+  return 1
+}
+
+# Joins the elements of the given array into a string with the given separator between each element.
+#
+# Examples:
+#
+# array_join "," ("A" "B" "C")
+#   Returns: "A,B,C"
+#
+function array_join {
+  local -r separator="$1"
+  shift
+  local -ra values=("$@")
+
+  local out=""
+  for (( i=0; i<"${#values[@]}"; i++ )); do
+    if [[ "$i" -gt 0 ]]; then
+      out="${out}${separator}"
+    fi
+    out="${out}${values[i]}"
+  done
+
+  echo -n "$out"
+}

scripts/helpers/assert.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+# A collection of useful assertions. Each one checks a condition and if the
+# condition is not satisfied, exits the program. This is useful for defensive
+# programming.
+
+# shellcheck source=./log.sh
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/log.sh"
+# shellcheck source=./array.sh
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/array.sh"
+# shellcheck source=./string.sh
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/string.sh"
+# shellcheck source=./os.sh
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/os.sh"
+
+# Check that the given binary is available on the PATH. If it's not, exit with
+# an error.
+function assert_is_installed {
+  local -r name="$1"
+
+  if ! os_command_is_installed "$name"; then
+    log_error "The command '$name' is required by this script but is not installed or in the system's PATH."
+    exit 1
+  fi
+}
+
+# Check that the value of the given arg is not empty. If it is, exit with an
+# error.
+function assert_not_empty {
+  local -r arg_name="$1"
+  local -r arg_value="$2"
+  local -r reason="$3"
+
+  if [[ -z "$arg_value" ]]; then
+    log_error "The value for '$arg_name' cannot be empty. $reason"
+    exit 1
+  fi
+}
+
+# Check that the value of the given arg is empty. If it isn't, exit with an
+# error.
+function assert_empty {
+  local -r arg_name="$1"
+  local -r arg_value="$2"
+  local -r reason="$3"
+
+  if [[ ! -z "$arg_value" ]]; then
+    log_error "The value for '$arg_name' must be empty. $reason"
+    exit 1
+  fi
+}
+
+# Check that the given response from AWS is not empty or null (the null often
+# comes from trying to parse AWS responses with jq). If it is, exit with an
+# error.
+function assert_not_empty_or_null {
+  local -r response="$1"
+  local -r description="$2"
+
+  if string_is_empty_or_null "$response"; then
+    log_error "Got empty response for $description"
+    exit 1
+  fi
+}
+
+# Check that the given value is one of the values from the given list. If not, exit with an error.
+function assert_value_in_list {
+  local -r arg_name="$1"
+  local -r arg_value="$2"
+  shift 2
+  local -ar list=("$@")
+
+  if ! array_contains "$arg_value" "${list[@]}"; then
+    log_error "'$arg_value' is not a valid value for $arg_name. Must be one of: [${list[@]}]."
+    exit 1
+  fi
+}
+
+# Check that this script is running as root or sudo and exit with an error if it's not
+function assert_uid_is_root_or_sudo {
+  if ! os_user_is_root_or_sudo; then
+    log_error "This script should be run using sudo or as the root user"
+    exit 1
+  fi
+}
+
+# Check that the path provided exsists
+function assert_path_exists {
+  local -r arg_name="$1"
+  local -r arg_value="$2"
+
+  if [ ! -d "$arg_value" ]; then
+    log_error "The $arg_name provided does not exists."
+    exit 1
+  fi
+}
+
+# Check that the git repository url is valid
+function assert_git_validity {
+  local -r arg_name="$1"
+  local -r arg_value="$2"
+
+  if [ "$(git ls-remote "$arg_value" > /dev/null 2>&1 && echo $?)" != 0 ]; then
+    log_error "The $arg_name Git repository URL '$arg_value' is invalid."
+    exit 1
+  fi
+}
+
+# Check that the date is properly formatted
+function assert_date_formatting {
+  local -r arg_value="$1"
+
+  if [ "$(date +"%Y%m%d" -d "$arg_value" 2>/dev/null)" != "$arg_value" ]; then
+    EXAMPLE_DATE=$(date -d "1 day ago" +'%Y%m%d')
+    log_error "Incorrect date formatting: Ex. $EXAMPLE_DATE"
+    exit 1
+  fi
+}

scripts/helpers/log.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Log the given message at the given level. All logs are written to stderr with a timestamp.
+function log {
+  local -r level="$1"
+  local -r message="$2"
+  local -r timestamp=$(date +"%Y-%m-%d %H:%M:%S")
+  local -r script_name="$(basename "$0")"
+  >&2 echo -e "${timestamp} [${level}] [$script_name] ${message}"
+}
+
+# Log the given message at INFO level. All logs are written to stderr with a timestamp.
+function log_info {
+  local -r message="$1"
+  log "INFO" "$message"
+}
+
+# Log the given message at WARN level. All logs are written to stderr with a timestamp.
+function log_warn {
+  local -r message="$1"
+  log "WARN" "$message"
+}
+
+# Log the given message at ERROR level. All logs are written to stderr with a timestamp.
+function log_error {
+  local -r message="$1"
+  log "ERROR" "$message"
+}

scripts/helpers/os.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+# shellcheck source=./modules/bash-commons/src/log.sh
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/log.sh"
+
+# Return the available memory on the current OS in MB
+function os_get_available_memory_mb {
+  free -m | awk 'NR==2{print $2}'
+}
+
+# Returns true (0) if this is an Amazon Linux server at the given version or false (1) otherwise. The version number
+# can use regex. If you don't care about the version, leave it unspecified.
+function os_is_amazon_linux {
+  local -r version="$1"
+  grep -q "Amazon Linux * $version" /etc/*release
+}
+
+# Returns true (0) if this is an Ubuntu server at the given version or false (1) otherwise. The version number
+# can use regex. If you don't care about the version, leave it unspecified.
+function os_is_ubuntu {
+  local -r version="$1"
+  grep -q "Ubuntu $version" /etc/*release
+}
+
+# Returns true (0) if this is a CentOS server at the given version or false (1) otherwise. The version number
+# can use regex. If you don't care about the version, leave it unspecified.
+function os_is_centos {
+  local -r version="$1"
+  grep -q "CentOS Linux release $version" /etc/*release
+}
+
+# Returns true (0) if this is a RedHat server at the given version or false (1) otherwise. The version number
+# can use regex. If you don't care about the version, leave it unspecified.
+function os_is_redhat {
+  local -r version="$1"
+  grep -q "Red Hat Enterprise Linux Server release $version" /etc/*release
+}
+
+
+# Returns true (0) if this is an OS X server or false (1) otherwise.
+function os_is_darwin {
+  [[ $(uname -s) == "Darwin" ]]
+}
+
+# Validate that the given file has the given checksum of the given checksum type, where type is one of "md5" or
+# "sha256".
+function os_validate_checksum {
+  local -r filepath="$1"
+  local -r checksum="$2"
+  local -r checksum_type="$3"
+
+  case "$checksum_type" in
+    sha256)
+      log_info "Validating sha256 checksum of $filepath is $checksum"
+      echo "$checksum $filepath" | sha256sum -c
+      ;;
+    md5)
+      log_info "Validating md5 checksum of $filepath is $checksum"
+      echo "$checksum $filepath" | md5sum -c
+      ;;
+    *)
+      log_error "Unsupported checksum type: $checksum_type."
+      exit 1
+  esac
+}
+
+# Returns true (0) if this the given command/app is installed and on the PATH or false (1) otherwise.
+function os_command_is_installed {
+  local -r name="$1"
+  command -v "$name" > /dev/null
+}
+
+# Get the username of the current OS user
+function os_get_current_users_name {
+  id -u -n
+}
+
+# Get the name of the primary group for the current OS user
+function os_get_current_users_group {
+  id -g -n
+}
+
+# Returns true (0) if the current user is root or sudo and false (1) otherwise.
+function os_user_is_root_or_sudo {
+  [[ "$EUID" == 0 ]]
+}