superviber/hearth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hearth/scripts/deploy-phase1-foundation.sh
Eric Garcia e78000831e Initial commit: Port infrastructure from coherence-mcp 
Hearth is the infrastructure home for the letemcook ecosystem.

Ported from coherence-mcp/infra:
- Terraform modules (VPC, EKS, IAM, NLB, S3, storage)
- Kubernetes manifests (Forgejo, ingress, cert-manager, karpenter)
- Deployment scripts (phased rollout)

Status: Not deployed. EKS cluster needs to be provisioned.

Next steps:
1. Bootstrap terraform backend
2. Deploy phase 1 (foundation)
3. Deploy phase 2 (core services including Forgejo)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 06:06:13 -05:00

298 lines
8 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
#
# Phase 1: Foundation Infrastructure Deployment (RFC 0039)
#
# This script deploys the foundation infrastructure including:
# - AWS resources via Terraform (VPC, EKS, S3, IAM)
# - cert-manager for TLS certificate management
# - CockroachDB cluster for distributed database
#
# Usage:
# ./deploy-phase1-foundation.sh [--dry-run] [--skip-terraform] [--skip-cert-manager] [--skip-cockroachdb]
#
# Prerequisites:
# - AWS CLI configured with appropriate credentials
# - Terraform >= 1.6.0
# - kubectl configured for EKS cluster
# - Helm 3.x installed
#
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INFRA_DIR="$(dirname "$SCRIPT_DIR")"
TERRAFORM_DIR="$INFRA_DIR/terraform"
K8S_DIR="$INFRA_DIR/kubernetes"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Flags
DRY_RUN=false
SKIP_TERRAFORM=false
SKIP_CERT_MANAGER=false
SKIP_COCKROACHDB=false
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--dry-run)
DRY_RUN=true
shift
;;
--skip-terraform)
SKIP_TERRAFORM=true
shift
;;
--skip-cert-manager)
SKIP_CERT_MANAGER=true
shift
;;
--skip-cockroachdb)
SKIP_COCKROACHDB=true
shift
;;
-h|--help)
echo "Usage: $0 [--dry-run] [--skip-terraform] [--skip-cert-manager] [--skip-cockroachdb]"
exit 0
;;
*)
echo -e "${RED}Unknown option: $1${NC}"
exit 1
;;
esac
done
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
run_cmd() {
if [ "$DRY_RUN" = true ]; then
echo -e "${YELLOW}[DRY-RUN]${NC} Would run: $*"
else
"$@"
fi
}
check_prerequisites() {
log_info "Checking prerequisites..."
local missing=()
if ! command -v aws &> /dev/null; then
missing+=("aws")
fi
if ! command -v terraform &> /dev/null; then
missing+=("terraform")
fi
if ! command -v kubectl &> /dev/null; then
missing+=("kubectl")
fi
if ! command -v helm &> /dev/null; then
missing+=("helm")
fi
if [ ${#missing[@]} -ne 0 ]; then
log_error "Missing required tools: ${missing[*]}"
exit 1
fi
# Check AWS credentials
if ! aws sts get-caller-identity &> /dev/null; then
log_error "AWS credentials not configured or expired"
exit 1
fi
log_success "All prerequisites met"
}
deploy_terraform() {
if [ "$SKIP_TERRAFORM" = true ]; then
log_warn "Skipping Terraform deployment"
return
fi
log_info "Deploying AWS resources via Terraform..."
cd "$TERRAFORM_DIR"
run_cmd terraform init -upgrade
if [ "$DRY_RUN" = true ]; then
run_cmd terraform plan
else
terraform plan -out=plan.tfplan
terraform apply plan.tfplan
rm -f plan.tfplan
fi
log_success "Terraform deployment complete"
# Export outputs for downstream use
if [ "$DRY_RUN" = false ]; then
export CLUSTER_NAME=$(terraform output -raw cluster_name 2>/dev/null || echo "coherence-production")
export CLUSTER_ENDPOINT=$(terraform output -raw cluster_endpoint 2>/dev/null || echo "")
export AWS_REGION=$(terraform output -raw aws_region 2>/dev/null || echo "us-east-1")
fi
}
configure_kubectl() {
log_info "Configuring kubectl for EKS cluster..."
local cluster_name="${CLUSTER_NAME:-coherence-production}"
local region="${AWS_REGION:-us-east-1}"
run_cmd aws eks update-kubeconfig --region "$region" --name "$cluster_name"
# Verify connectivity
if [ "$DRY_RUN" = false ]; then
if kubectl cluster-info &> /dev/null; then
log_success "kubectl configured and connected to cluster"
else
log_error "Failed to connect to EKS cluster"
exit 1
fi
fi
}
deploy_cert_manager() {
if [ "$SKIP_CERT_MANAGER" = true ]; then
log_warn "Skipping cert-manager deployment"
return
fi
log_info "Deploying cert-manager..."
# Install cert-manager CRDs
log_info "Installing cert-manager CRDs..."
run_cmd kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.0/cert-manager.crds.yaml
# Add Jetstack Helm repository
run_cmd helm repo add jetstack https://charts.jetstack.io 2>/dev/null || true
run_cmd helm repo update
# Install cert-manager
log_info "Installing cert-manager via Helm..."
run_cmd helm upgrade --install cert-manager jetstack/cert-manager \
--namespace cert-manager --create-namespace \
-f "$K8S_DIR/cert-manager/helm-values.yaml" \
--wait --timeout 300s
# Wait for cert-manager to be ready
if [ "$DRY_RUN" = false ]; then
log_info "Waiting for cert-manager pods to be ready..."
kubectl -n cert-manager wait --for=condition=ready pod -l app.kubernetes.io/instance=cert-manager --timeout=300s
fi
# Apply ClusterIssuers
log_info "Applying ClusterIssuers..."
run_cmd kubectl apply -k "$K8S_DIR/cert-manager/"
log_success "cert-manager deployment complete"
}
deploy_cockroachdb() {
if [ "$SKIP_COCKROACHDB" = true ]; then
log_warn "Skipping CockroachDB deployment"
return
fi
log_info "Deploying CockroachDB cluster..."
# Deploy CockroachDB StatefulSet
run_cmd kubectl apply -k "$K8S_DIR/cockroachdb/"
# Wait for CockroachDB pods
if [ "$DRY_RUN" = false ]; then
log_info "Waiting for CockroachDB pods to be ready (this may take several minutes)..."
kubectl -n cockroachdb wait --for=condition=ready pod -l app=cockroachdb --timeout=600s
fi
# Initialize cluster (only needed on first deployment)
log_info "Initializing CockroachDB cluster..."
run_cmd kubectl apply -f "$K8S_DIR/cockroachdb/cluster-init.yaml"
# Wait for init job to complete
if [ "$DRY_RUN" = false ]; then
log_info "Waiting for cluster initialization..."
kubectl -n cockroachdb wait --for=condition=complete job/cockroachdb-init --timeout=120s || true
fi
# Initialize schemas
log_info "Initializing database schemas..."
run_cmd kubectl apply -f "$K8S_DIR/cockroachdb/schema-init-job.yaml"
# Wait for schema init
if [ "$DRY_RUN" = false ]; then
log_info "Waiting for schema initialization..."
kubectl -n cockroachdb wait --for=condition=complete job/schema-init --timeout=300s || true
fi
log_success "CockroachDB deployment complete"
}
validate_phase1() {
log_info "Running Phase 1 validation..."
local validation_script="$SCRIPT_DIR/validate-phase1.sh"
if [ -x "$validation_script" ]; then
if [ "$DRY_RUN" = true ]; then
log_info "Would run validation script: $validation_script"
else
"$validation_script"
fi
else
log_warn "Validation script not found or not executable: $validation_script"
fi
}
main() {
echo "========================================"
echo "Phase 1: Foundation Infrastructure"
echo "RFC 0039 Deployment"
echo "========================================"
echo ""
if [ "$DRY_RUN" = true ]; then
log_warn "Running in DRY-RUN mode - no changes will be made"
echo ""
fi
check_prerequisites
deploy_terraform
configure_kubectl
deploy_cert_manager
deploy_cockroachdb
validate_phase1
echo ""
echo "========================================"
log_success "Phase 1 deployment complete!"
echo "========================================"
echo ""
echo "Next steps:"
echo " 1. Run validate-phase1.sh to verify deployment"
echo " 2. Tag this deployment: git tag -a v0.1.0-phase1 -m 'Phase 1: Foundation Infrastructure'"
echo " 3. Proceed to Phase 2: ./deploy-phase2-core-services.sh"
}
main "$@"
Reference in a new issue View git blame Copy permalink