#!/usr/bin/env bash # # Phase 1: Foundation Infrastructure Deployment (RFC 0039) # # This script deploys the foundation infrastructure including: # - AWS resources via Terraform (VPC, EKS, S3, IAM) # - cert-manager for TLS certificate management # - CockroachDB cluster for distributed database # # Usage: # ./deploy-phase1-foundation.sh [--dry-run] [--skip-terraform] [--skip-cert-manager] [--skip-cockroachdb] # # Prerequisites: # - AWS CLI configured with appropriate credentials # - Terraform >= 1.6.0 # - kubectl configured for EKS cluster # - Helm 3.x installed # set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" INFRA_DIR="$(dirname "$SCRIPT_DIR")" TERRAFORM_DIR="$INFRA_DIR/terraform" K8S_DIR="$INFRA_DIR/kubernetes" # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Flags DRY_RUN=false SKIP_TERRAFORM=false SKIP_CERT_MANAGER=false SKIP_COCKROACHDB=false # Parse arguments while [[ $# -gt 0 ]]; do case $1 in --dry-run) DRY_RUN=true shift ;; --skip-terraform) SKIP_TERRAFORM=true shift ;; --skip-cert-manager) SKIP_CERT_MANAGER=true shift ;; --skip-cockroachdb) SKIP_COCKROACHDB=true shift ;; -h|--help) echo "Usage: $0 [--dry-run] [--skip-terraform] [--skip-cert-manager] [--skip-cockroachdb]" exit 0 ;; *) echo -e "${RED}Unknown option: $1${NC}" exit 1 ;; esac done log_info() { echo -e "${BLUE}[INFO]${NC} $1" } log_success() { echo -e "${GREEN}[SUCCESS]${NC} $1" } log_warn() { echo -e "${YELLOW}[WARN]${NC} $1" } log_error() { echo -e "${RED}[ERROR]${NC} $1" } run_cmd() { if [ "$DRY_RUN" = true ]; then echo -e "${YELLOW}[DRY-RUN]${NC} Would run: $*" else "$@" fi } check_prerequisites() { log_info "Checking prerequisites..." local missing=() if ! command -v aws &> /dev/null; then missing+=("aws") fi if ! command -v terraform &> /dev/null; then missing+=("terraform") fi if ! command -v kubectl &> /dev/null; then missing+=("kubectl") fi if ! command -v helm &> /dev/null; then missing+=("helm") fi if [ ${#missing[@]} -ne 0 ]; then log_error "Missing required tools: ${missing[*]}" exit 1 fi # Check AWS credentials if ! aws sts get-caller-identity &> /dev/null; then log_error "AWS credentials not configured or expired" exit 1 fi log_success "All prerequisites met" } deploy_terraform() { if [ "$SKIP_TERRAFORM" = true ]; then log_warn "Skipping Terraform deployment" return fi log_info "Deploying AWS resources via Terraform..." cd "$TERRAFORM_DIR" run_cmd terraform init -upgrade if [ "$DRY_RUN" = true ]; then run_cmd terraform plan else terraform plan -out=plan.tfplan terraform apply plan.tfplan rm -f plan.tfplan fi log_success "Terraform deployment complete" # Export outputs for downstream use if [ "$DRY_RUN" = false ]; then export CLUSTER_NAME=$(terraform output -raw cluster_name 2>/dev/null || echo "coherence-production") export CLUSTER_ENDPOINT=$(terraform output -raw cluster_endpoint 2>/dev/null || echo "") export AWS_REGION=$(terraform output -raw aws_region 2>/dev/null || echo "us-east-1") fi } configure_kubectl() { log_info "Configuring kubectl for EKS cluster..." local cluster_name="${CLUSTER_NAME:-coherence-production}" local region="${AWS_REGION:-us-east-1}" run_cmd aws eks update-kubeconfig --region "$region" --name "$cluster_name" # Verify connectivity if [ "$DRY_RUN" = false ]; then if kubectl cluster-info &> /dev/null; then log_success "kubectl configured and connected to cluster" else log_error "Failed to connect to EKS cluster" exit 1 fi fi } deploy_cert_manager() { if [ "$SKIP_CERT_MANAGER" = true ]; then log_warn "Skipping cert-manager deployment" return fi log_info "Deploying cert-manager..." # Install cert-manager CRDs log_info "Installing cert-manager CRDs..." run_cmd kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.0/cert-manager.crds.yaml # Add Jetstack Helm repository run_cmd helm repo add jetstack https://charts.jetstack.io 2>/dev/null || true run_cmd helm repo update # Install cert-manager log_info "Installing cert-manager via Helm..." run_cmd helm upgrade --install cert-manager jetstack/cert-manager \ --namespace cert-manager --create-namespace \ -f "$K8S_DIR/cert-manager/helm-values.yaml" \ --wait --timeout 300s # Wait for cert-manager to be ready if [ "$DRY_RUN" = false ]; then log_info "Waiting for cert-manager pods to be ready..." kubectl -n cert-manager wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager --timeout=300s fi # Apply ClusterIssuers log_info "Applying ClusterIssuers..." run_cmd kubectl apply -k "$K8S_DIR/cert-manager/" log_success "cert-manager deployment complete" } deploy_cockroachdb() { if [ "$SKIP_COCKROACHDB" = true ]; then log_warn "Skipping CockroachDB deployment" return fi log_info "Deploying CockroachDB cluster..." # Deploy CockroachDB StatefulSet run_cmd kubectl apply -k "$K8S_DIR/cockroachdb/" # Wait for CockroachDB pods if [ "$DRY_RUN" = false ]; then log_info "Waiting for CockroachDB pods to be ready (this may take several minutes)..." kubectl -n cockroachdb wait --for=condition=ready pod -l app=cockroachdb --timeout=600s fi # Initialize cluster (only needed on first deployment) log_info "Initializing CockroachDB cluster..." run_cmd kubectl apply -f "$K8S_DIR/cockroachdb/cluster-init.yaml" # Wait for init job to complete if [ "$DRY_RUN" = false ]; then log_info "Waiting for cluster initialization..." kubectl -n cockroachdb wait --for=condition=complete job/cockroachdb-init --timeout=120s || true fi # Initialize schemas log_info "Initializing database schemas..." run_cmd kubectl apply -f "$K8S_DIR/cockroachdb/schema-init-job.yaml" # Wait for schema init if [ "$DRY_RUN" = false ]; then log_info "Waiting for schema initialization..." kubectl -n cockroachdb wait --for=condition=complete job/schema-init --timeout=300s || true fi log_success "CockroachDB deployment complete" } validate_phase1() { log_info "Running Phase 1 validation..." local validation_script="$SCRIPT_DIR/validate-phase1.sh" if [ -x "$validation_script" ]; then if [ "$DRY_RUN" = true ]; then log_info "Would run validation script: $validation_script" else "$validation_script" fi else log_warn "Validation script not found or not executable: $validation_script" fi } main() { echo "========================================" echo "Phase 1: Foundation Infrastructure" echo "RFC 0039 Deployment" echo "========================================" echo "" if [ "$DRY_RUN" = true ]; then log_warn "Running in DRY-RUN mode - no changes will be made" echo "" fi check_prerequisites deploy_terraform configure_kubectl deploy_cert_manager deploy_cockroachdb validate_phase1 echo "" echo "========================================" log_success "Phase 1 deployment complete!" echo "========================================" echo "" echo "Next steps:" echo " 1. Run validate-phase1.sh to verify deployment" echo " 2. Tag this deployment: git tag -a v0.1.0-phase1 -m 'Phase 1: Foundation Infrastructure'" echo " 3. Proceed to Phase 2: ./deploy-phase2-core-services.sh" } main "$@"