#!/usr/bin/env bash # ============================================================================= # DevSecOps Platform — Bootstrap Script # ============================================================================= # Deploys the full platform from scratch # ============================================================================= set -euo pipefail ENV="${1:?Usage: $0 }" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PLATFORM_DIR="$(dirname "$SCRIPT_DIR")" echo "============================================" echo " DevSecOps Platform Bootstrap — ${ENV^^}" echo "============================================" # --- Prerequisites --- echo "[1/8] Checking prerequisites..." command -v terraform >/dev/null || { echo "ERROR: terraform not found"; exit 1; } command -v kubectl >/dev/null || { echo "ERROR: kubectl not found"; exit 1; } command -v helm >/dev/null || { echo "ERROR: helm not found"; exit 1; } command -v aws >/dev/null || { echo "ERROR: aws CLI not found"; exit 1; } command -v trivy >/dev/null || { echo "ERROR: trivy not found"; exit 1; } echo "Prerequisites OK" # --- Terraform Apply --- echo "[2/8] Applying Terraform infrastructure..." cd "${PLATFORM_DIR}/terraform/environments/${ENV}" terraform init -backend-config="key=${ENV}/terraform.tfstate" terraform plan -out=tfplan terraform apply tfplan # --- Update kubeconfig --- echo "[3/8] Updating kubeconfig..." CLUSTER_NAME=$(terraform output -raw cluster_id 2>/dev/null || echo "${ENV}-eks") aws eks update-kubeconfig --name "${CLUSTER_NAME}" --region us-east-1 # --- Namespace Setup --- echo "[4/8] Creating namespaces and base resources..." kubectl apply -f "${PLATFORM_DIR}/k8s/base/namespaces/" kubectl apply -f "${PLATFORM_DIR}/k8s/base/rbac/" kubectl apply -f "${PLATFORM_DIR}/k8s/base/network-policies/" kubectl apply -f "${PLATFORM_DIR}/k8s/base/resource-quotas/" kubectl apply -f "${PLATFORM_DIR}/k8s/base/limit-ranges/" # --- Platform Services --- echo "[5/8] Installing platform services..." kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/cert-manager/" kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/external-secrets/" kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/istio/" kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/argo-cd/" # --- Security --- echo "[6/8] Installing security tools..." kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/trivy-operator/" kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/falco/" kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/kyverno/" # --- Monitoring --- echo "[7/8] Installing observability stack..." kubectl apply -f "${PLATFORM_DIR}/k8s/manifests/prometheus-stack/" kubectl apply -f "${PLATFORM_DIR}/monitoring/prometheus/" kubectl apply -f "${PLATFORM_DIR}/monitoring/alertmanager/" kubectl apply -f "${PLATFORM_DIR}/monitoring/otel/" # --- Security Scan --- echo "[8/8] Running initial security scan..." trivy k8s --report all --severity CRITICAL,HIGH echo "============================================" echo " Platform ${ENV^^} bootstrap complete!" echo "============================================" echo "" echo "Next steps:" echo " 1. Configure ArgoCD: kubectl get svc -n platform-system argocd-server" echo " 2. Access Grafana: kubectl get svc -n monitoring kube-prometheus-stack-grafana" echo " 3. Check security: kubectl get configauditreports -A" echo " 4. Deploy workloads: kubectl apply -f k8s/workloads/"