File size: 3,412 Bytes

7c19d46

#!/usr/bin/env bash
# =============================================================================
# DevSecOps Platform — Bootstrap Script
# =============================================================================
# Deploys the full platform from scratch
# =============================================================================

set -euo pipefail

ENV="${1:?Usage: $0 <dev|staging|prod>}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PLATFORM_DIR="$(dirname "$SCRIPT_DIR")"

echo "============================================"
echo " DevSecOps Platform Bootstrap — ${ENV^^}"
echo "============================================"

# --- Prerequisites ---
echo "[1/8] Checking prerequisites..."
command -v terraform >/dev/null || { echo "ERROR: terraform not found"; exit 1; }
command -v kubectl >/dev/null || { echo "ERROR: kubectl not found"; exit 1; }
command -v helm >/dev/null || { echo "ERROR: helm not found"; exit 1; }
command -v aws >/dev/null || { echo "ERROR: aws CLI not found"; exit 1; }
command -v trivy >/dev/null || { echo "ERROR: trivy not found"; exit 1; }
echo "Prerequisites OK"

# --- Terraform Apply ---
echo "[2/8] Applying Terraform infrastructure..."
cd "${PLATFORM_DIR}/terraform/environments/${ENV}"
terraform init -backend-config="key=${ENV}/terraform.tfstate"
terraform plan -out=tfplan
terraform apply tfplan

# --- Update kubeconfig ---
echo "[3/8] Updating kubeconfig..."
CLUSTER_NAME=$(terraform output -raw cluster_id 2>/dev/null || echo "${ENV}-eks")
aws eks update-kubeconfig --name "${CLUSTER_NAME}" --region us-east-1

# --- Namespace Setup ---
echo "[4/8] Creating namespaces and base resources..."
kubectl apply -f "${PLATFORM_DIR}/k8s/base/namespaces/"
kubectl apply -f "${PLATFORM_DIR}/k8s/base/rbac/"
kubectl apply -f "${PLATFORM_DIR}/k8s/base/network-policies/"
kubectl apply -f "${PLATFORM_DIR}/k8s/base/resource-quotas/"
kubectl apply -f "${PLATFORM_DIR}/k8s/base/limit-ranges/"

# --- Platform Services ---
echo "[5/8] Installing platform services..."
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/cert-manager/"
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/external-secrets/"
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/istio/"
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/argo-cd/"

# --- Security ---
echo "[6/8] Installing security tools..."
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/trivy-operator/"
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/falco/"
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/kyverno/"

# --- Monitoring ---
echo "[7/8] Installing observability stack..."
kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/prometheus-stack/"
kubectl apply -f "${PLATFORM_DIR}/monitoring/prometheus/"
kubectl apply -f "${PLATFORM_DIR}/monitoring/alertmanager/"
kubectl apply -f "${PLATFORM_DIR}/monitoring/otel/"

# --- Security Scan ---
echo "[8/8] Running initial security scan..."
trivy k8s --report all --severity CRITICAL,HIGH

echo "============================================"
echo " Platform ${ENV^^} bootstrap complete!"
echo "============================================"
echo ""
echo "Next steps:"
echo "  1. Configure ArgoCD: kubectl get svc -n platform-system argocd-server"
echo "  2. Access Grafana:    kubectl get svc -n monitoring kube-prometheus-stack-grafana"
echo "  3. Check security:    kubectl get configauditreports -A"
echo "  4. Deploy workloads:  kubectl apply -f k8s/workloads/"