part2_deploy_resources.sh

#!/bin/bash
#
# author: Gary A. Stafford
# site: https://programmaticponderings.com
# license: MIT License
# purpose: Deploy Kubernetes/Istio resources

# Constants - CHANGE ME!
readonly CERT_PATH=~/Documents/Articles/gke-kafka/sslforfree_non_prod
readonly NAMESPACES=( 'dev' 'test' 'uat' )

# Kubernetes Secret to hold the server’s certificate and private key
kubectl create -n istio-system secret tls istio-ingressgateway-certs \
  --key $CERT_PATH/private.key --cert $CERT_PATH/certificate.crt

# Istio Gateway and three ServiceEntry resources
kubectl apply -f ./resources/other/istio-gateway.yaml

# End-user auth applied per environment
kubectl apply -f ./resources/other/auth-policy-dev.yaml
kubectl apply -f ./resources/other/auth-policy-test.yaml
kubectl apply -f ./resources/other/auth-policy-uat.yaml

# Loop through each non-prod Namespace (environment)
# Re-use same resources (incld. credentials) for all environments, just for the demo
for namespace in ${NAMESPACES[@]}; do
  kubectl apply -n $namespace -f ./resources/config/confluent-cloud-kafka-configmap.yaml
  kubectl apply -n $namespace -f ./resources/config/mongodb-atlas-secret.yaml
  kubectl apply -n $namespace -f ./resources/config/confluent-cloud-kafka-secret.yaml

  kubectl apply -n $namespace -f ./resources/other/mongodb-atlas-external-mesh.yaml
  kubectl apply -n $namespace -f ./resources/other/confluent-cloud-external-mesh.yaml

  kubectl apply -n $namespace -f ./resources/services/accounts.yaml
  kubectl apply -n $namespace -f ./resources/services/fulfillment.yaml
  kubectl apply -n $namespace -f ./resources/services/orders.yaml
done