| #!/bin/bash | |
| # | |
| # author: Gary A. Stafford | |
| # site: https://programmaticponderings.com | |
| # license: MIT License | |
| # purpose: Deploy Kubernetes/Istio resources | |
| # Constants - CHANGE ME! | |
| readonly CERT_PATH=~/Documents/Articles/gke-kafka/sslforfree_non_prod | |
| readonly NAMESPACES=( 'dev' 'test' 'uat' ) | |
| # Kubernetes Secret to hold the server’s certificate and private key | |
| kubectl create -n istio-system secret tls istio-ingressgateway-certs \ | |
| --key $CERT_PATH/private.key --cert $CERT_PATH/certificate.crt | |
| # Istio Gateway and three ServiceEntry resources | |
| kubectl apply -f ./resources/other/istio-gateway.yaml | |
| # End-user auth applied per environment | |
| kubectl apply -f ./resources/other/auth-policy-dev.yaml | |
| kubectl apply -f ./resources/other/auth-policy-test.yaml | |
| kubectl apply -f ./resources/other/auth-policy-uat.yaml | |
| # Loop through each non-prod Namespace (environment) | |
| # Re-use same resources (incld. credentials) for all environments, just for the demo | |
| for namespace in ${NAMESPACES[@]}; do | |
| kubectl apply -n $namespace -f ./resources/config/confluent-cloud-kafka-configmap.yaml | |
| kubectl apply -n $namespace -f ./resources/config/mongodb-atlas-secret.yaml | |
| kubectl apply -n $namespace -f ./resources/config/confluent-cloud-kafka-secret.yaml | |
| kubectl apply -n $namespace -f ./resources/other/mongodb-atlas-external-mesh.yaml | |
| kubectl apply -n $namespace -f ./resources/other/confluent-cloud-external-mesh.yaml | |
| kubectl apply -n $namespace -f ./resources/services/accounts.yaml | |
| kubectl apply -n $namespace -f ./resources/services/fulfillment.yaml | |
| kubectl apply -n $namespace -f ./resources/services/orders.yaml | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment