devMachineSetup/setup-k8s-workspace.sh

#!/usr/bin/env bash
set -euo pipefail

# Kubernetes workspace bootstrap script
#
# What this script handles:
# 1) kubectl context setup
# 2) k9s local config setup
# 3) Flux bootstrap to a Git repository
#
# Environment variables:
# - ENV_FILE: Optional env file path to load before execution (default: .env)
# - KUBECONFIG_SOURCE: Optional path to a kubeconfig file to copy to ~/.kube/config
# - KUBE_CONTEXT: Optional kube context name to switch to
# - APPLY_K9S_CONFIG: true|false (default: true)
# - FORCE_K9S_CONFIG: true|false (default: false)
# - FLUX_BOOTSTRAP: true|false (default: true)
# - FLUX_PROVIDER: gitea|forgejo|github|gitlab (default: gitea)
# - FLUX_GIT_URL: Git URL for flux bootstrap git (required for gitea/forgejo)
# - FLUX_GIT_BRANCH: Git branch for Flux manifests (default: main)
# - FLUX_GIT_PATH: Repository path for Flux manifests (default: clusters/<current-context>)
# - FLUX_NAMESPACE: Flux namespace (default: flux-system)
# - FLUX_GIT_PRIVATE_KEY_FILE: SSH private key for bootstrap auth (default: ~/.ssh/id_ed25519)
# - FLUX_INSECURE_HOSTKEYS: true|false (default: false)
# - FLUX_GITHUB_OWNER / FLUX_GITHUB_REPO: required for github provider
# - FLUX_GITLAB_OWNER / FLUX_GITLAB_REPO: required for gitlab provider
# - FLUX_GITLAB_HOSTNAME: optional gitlab hostname (default: gitlab.com)

require_cmd() {
  local cmd="$1"
  if ! command -v "$cmd" >/dev/null 2>&1; then
    echo "Required command not found: $cmd"
    echo "Install dependencies first (kubectl, k9s, flux, git)."
    exit 1
  fi
}

append_once() {
  local file="$1"
  local marker="$2"
  local payload="$3"

  touch "$file"
  if ! grep -q "$marker" "$file"; then
    printf "\n%s\n" "$payload" >> "$file"
  fi
}

load_env_file() {
  local env_file="$1"
  if [ -f "$env_file" ]; then
    echo "Loading environment from: $env_file"
    set -a
    # shellcheck disable=SC1090
    . "$env_file"
    set +a
  fi
}

echo "Starting Kubernetes workspace bootstrap..."

load_env_file "${ENV_FILE:-.env}"

require_cmd kubectl
require_cmd k9s
require_cmd flux
require_cmd git

mkdir -p "$HOME/.kube"
if [ -n "${KUBECONFIG_SOURCE:-}" ]; then
  if [ ! -f "$KUBECONFIG_SOURCE" ]; then
    echo "KUBECONFIG_SOURCE does not exist: $KUBECONFIG_SOURCE"
    exit 1
  fi

  echo "Copying kubeconfig from KUBECONFIG_SOURCE to ~/.kube/config"
  install -m 600 "$KUBECONFIG_SOURCE" "$HOME/.kube/config"
fi

if [ ! -f "$HOME/.kube/config" ]; then
  echo "No kubeconfig found at ~/.kube/config"
  echo "Provide KUBECONFIG_SOURCE or create ~/.kube/config before running this script."
  exit 1
fi

if [ -n "${KUBE_CONTEXT:-}" ]; then
  echo "Switching kubectl context to: $KUBE_CONTEXT"
  kubectl config use-context "$KUBE_CONTEXT"
fi

CURRENT_CONTEXT="$(kubectl config current-context 2>/dev/null || true)"
if [ -z "$CURRENT_CONTEXT" ]; then
  echo "Unable to determine current kubectl context."
  echo "Set KUBE_CONTEXT to a valid context and try again."
  exit 1
fi

echo "Current kubectl context: $CURRENT_CONTEXT"
if ! kubectl cluster-info >/dev/null 2>&1; then
  echo "kubectl cannot reach the cluster for context: $CURRENT_CONTEXT"
  echo "Validate credentials/network and rerun."
  exit 1
fi

if [ "${APPLY_K9S_CONFIG:-true}" = "true" ]; then
  mkdir -p "$HOME/.config/k9s"

  if [ ! -f "$HOME/.config/k9s/config.yaml" ] || [ "${FORCE_K9S_CONFIG:-false}" = "true" ]; then
    echo "Writing k9s config to ~/.config/k9s/config.yaml"
    cat > "$HOME/.config/k9s/config.yaml" <<EOF
k9s:
  refreshRate: 2
  maxConnRetry: 5
  readOnly: false
  noIcons: false
  logger:
    tail: 200
    buffer: 5000
    sinceSeconds: -1
  currentContext: ${CURRENT_CONTEXT}
EOF
  else
    echo "k9s config already exists; keeping existing file."
  fi
fi

append_once "$HOME/.bashrc" 'alias k9sctx=' "# Kubernetes workspace helpers\nalias k9sctx='kubectl config current-context'\nalias k9sn='k9s -n kube-system'"

if [ "${FLUX_BOOTSTRAP:-true}" = "true" ]; then
  FLUX_PROVIDER="${FLUX_PROVIDER:-gitea}"
  FLUX_GIT_BRANCH="${FLUX_GIT_BRANCH:-main}"
  FLUX_NAMESPACE="${FLUX_NAMESPACE:-flux-system}"
  FLUX_GIT_PATH="${FLUX_GIT_PATH:-clusters/${CURRENT_CONTEXT}}"

  echo "Running flux preflight checks..."
  flux check --pre

  case "${FLUX_PROVIDER}" in
    gitea|forgejo)
      if [ -z "${FLUX_GIT_URL:-}" ]; then
        echo "FLUX_GIT_URL is required for provider=${FLUX_PROVIDER}"
        exit 1
      fi

      FLUX_GIT_PRIVATE_KEY_FILE="${FLUX_GIT_PRIVATE_KEY_FILE:-$HOME/.ssh/id_ed25519}"
      if [ ! -f "$FLUX_GIT_PRIVATE_KEY_FILE" ]; then
        echo "Flux private key file not found: $FLUX_GIT_PRIVATE_KEY_FILE"
        exit 1
      fi

      echo "Bootstrapping Flux (${FLUX_PROVIDER}) to ${FLUX_GIT_URL} (branch=${FLUX_GIT_BRANCH}, path=${FLUX_GIT_PATH})"
      flux_cmd=(
        flux bootstrap git
        --url="$FLUX_GIT_URL"
        --branch="$FLUX_GIT_BRANCH"
        --path="$FLUX_GIT_PATH"
        --namespace="$FLUX_NAMESPACE"
        --private-key-file="$FLUX_GIT_PRIVATE_KEY_FILE"
      )

      if [ "${FLUX_INSECURE_HOSTKEYS:-false}" = "true" ]; then
        flux_cmd+=(--insecure-hostkey)
      fi

      "${flux_cmd[@]}"
      ;;
    github)
      if [ -z "${FLUX_GITHUB_OWNER:-}" ] || [ -z "${FLUX_GITHUB_REPO:-}" ]; then
        echo "FLUX_GITHUB_OWNER and FLUX_GITHUB_REPO are required for provider=github"
        exit 1
      fi

      if [ -z "${GITHUB_TOKEN:-}" ]; then
        echo "GITHUB_TOKEN must be set in environment for provider=github"
        exit 1
      fi

      echo "Bootstrapping Flux (github) to ${FLUX_GITHUB_OWNER}/${FLUX_GITHUB_REPO}"
      flux bootstrap github \
        --owner="$FLUX_GITHUB_OWNER" \
        --repository="$FLUX_GITHUB_REPO" \
        --branch="$FLUX_GIT_BRANCH" \
        --path="$FLUX_GIT_PATH" \
        --personal \
        --namespace="$FLUX_NAMESPACE"
      ;;
    gitlab)
      if [ -z "${FLUX_GITLAB_OWNER:-}" ] || [ -z "${FLUX_GITLAB_REPO:-}" ]; then
        echo "FLUX_GITLAB_OWNER and FLUX_GITLAB_REPO are required for provider=gitlab"
        exit 1
      fi

      if [ -z "${GITLAB_TOKEN:-}" ]; then
        echo "GITLAB_TOKEN must be set in environment for provider=gitlab"
        exit 1
      fi

      FLUX_GITLAB_HOSTNAME="${FLUX_GITLAB_HOSTNAME:-gitlab.com}"
      echo "Bootstrapping Flux (gitlab) to ${FLUX_GITLAB_OWNER}/${FLUX_GITLAB_REPO} on ${FLUX_GITLAB_HOSTNAME}"
      flux bootstrap gitlab \
        --hostname="$FLUX_GITLAB_HOSTNAME" \
        --owner="$FLUX_GITLAB_OWNER" \
        --repository="$FLUX_GITLAB_REPO" \
        --branch="$FLUX_GIT_BRANCH" \
        --path="$FLUX_GIT_PATH" \
        --namespace="$FLUX_NAMESPACE"
      ;;
    *)
      echo "Unsupported FLUX_PROVIDER: ${FLUX_PROVIDER}"
      echo "Supported values: gitea, forgejo, github, gitlab"
      exit 1
      ;;
  esac
fi

echo "Kubernetes workspace setup complete."
echo "Open a new shell or run: source ~/.bashrc"
new scripts 2026-05-17 22:26:57 +00:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

			`# Kubernetes workspace bootstrap script`
			`#`
			`# What this script handles:`
			`# 1) kubectl context setup`
			`# 2) k9s local config setup`
			`# 3) Flux bootstrap to a Git repository`
			`#`
			`# Environment variables:`
			`# - ENV_FILE: Optional env file path to load before execution (default: .env)`
			`# - KUBECONFIG_SOURCE: Optional path to a kubeconfig file to copy to ~/.kube/config`
			`# - KUBE_CONTEXT: Optional kube context name to switch to`
			`# - APPLY_K9S_CONFIG: true\|false (default: true)`
			`# - FORCE_K9S_CONFIG: true\|false (default: false)`
			`# - FLUX_BOOTSTRAP: true\|false (default: true)`
			`# - FLUX_PROVIDER: gitea\|forgejo\|github\|gitlab (default: gitea)`
			`# - FLUX_GIT_URL: Git URL for flux bootstrap git (required for gitea/forgejo)`
			`# - FLUX_GIT_BRANCH: Git branch for Flux manifests (default: main)`
			`# - FLUX_GIT_PATH: Repository path for Flux manifests (default: clusters/<current-context>)`
			`# - FLUX_NAMESPACE: Flux namespace (default: flux-system)`
			`# - FLUX_GIT_PRIVATE_KEY_FILE: SSH private key for bootstrap auth (default: ~/.ssh/id_ed25519)`
			`# - FLUX_INSECURE_HOSTKEYS: true\|false (default: false)`
			`# - FLUX_GITHUB_OWNER / FLUX_GITHUB_REPO: required for github provider`
			`# - FLUX_GITLAB_OWNER / FLUX_GITLAB_REPO: required for gitlab provider`
			`# - FLUX_GITLAB_HOSTNAME: optional gitlab hostname (default: gitlab.com)`

			`require_cmd() {`
			`local cmd="$1"`
			`if ! command -v "$cmd" >/dev/null 2>&1; then`
			`echo "Required command not found: $cmd"`
			`echo "Install dependencies first (kubectl, k9s, flux, git)."`
			`exit 1`
			`fi`
			`}`

			`append_once() {`
			`local file="$1"`
			`local marker="$2"`
			`local payload="$3"`

			`touch "$file"`
			`if ! grep -q "$marker" "$file"; then`
			`printf "\n%s\n" "$payload" >> "$file"`
			`fi`
			`}`

			`load_env_file() {`
			`local env_file="$1"`
			`if [ -f "$env_file" ]; then`
			`echo "Loading environment from: $env_file"`
			`set -a`
			`# shellcheck disable=SC1090`
			`. "$env_file"`
			`set +a`
			`fi`
			`}`

			`echo "Starting Kubernetes workspace bootstrap..."`

			`load_env_file "${ENV_FILE:-.env}"`

			`require_cmd kubectl`
			`require_cmd k9s`
			`require_cmd flux`
			`require_cmd git`

			`mkdir -p "$HOME/.kube"`
			`if [ -n "${KUBECONFIG_SOURCE:-}" ]; then`
			`if [ ! -f "$KUBECONFIG_SOURCE" ]; then`
			`echo "KUBECONFIG_SOURCE does not exist: $KUBECONFIG_SOURCE"`
			`exit 1`
			`fi`

			`echo "Copying kubeconfig from KUBECONFIG_SOURCE to ~/.kube/config"`
			`install -m 600 "$KUBECONFIG_SOURCE" "$HOME/.kube/config"`
			`fi`

			`if [ ! -f "$HOME/.kube/config" ]; then`
			`echo "No kubeconfig found at ~/.kube/config"`
			`echo "Provide KUBECONFIG_SOURCE or create ~/.kube/config before running this script."`
			`exit 1`
			`fi`

			`if [ -n "${KUBE_CONTEXT:-}" ]; then`
			`echo "Switching kubectl context to: $KUBE_CONTEXT"`
			`kubectl config use-context "$KUBE_CONTEXT"`
			`fi`

			`CURRENT_CONTEXT="$(kubectl config current-context 2>/dev/null \|\| true)"`
			`if [ -z "$CURRENT_CONTEXT" ]; then`
			`echo "Unable to determine current kubectl context."`
			`echo "Set KUBE_CONTEXT to a valid context and try again."`
			`exit 1`
			`fi`

			`echo "Current kubectl context: $CURRENT_CONTEXT"`
			`if ! kubectl cluster-info >/dev/null 2>&1; then`
			`echo "kubectl cannot reach the cluster for context: $CURRENT_CONTEXT"`
			`echo "Validate credentials/network and rerun."`
			`exit 1`
			`fi`

			`if [ "${APPLY_K9S_CONFIG:-true}" = "true" ]; then`
			`mkdir -p "$HOME/.config/k9s"`

			`if [ ! -f "$HOME/.config/k9s/config.yaml" ] \|\| [ "${FORCE_K9S_CONFIG:-false}" = "true" ]; then`
			`echo "Writing k9s config to ~/.config/k9s/config.yaml"`
			`cat > "$HOME/.config/k9s/config.yaml" <<EOF`
			`k9s:`
			`refreshRate: 2`
			`maxConnRetry: 5`
			`readOnly: false`
			`noIcons: false`
			`logger:`
			`tail: 200`
			`buffer: 5000`
			`sinceSeconds: -1`
			`currentContext: ${CURRENT_CONTEXT}`
			`EOF`
			`else`
			`echo "k9s config already exists; keeping existing file."`
			`fi`
			`fi`

			`append_once "$HOME/.bashrc" 'alias k9sctx=' "# Kubernetes workspace helpers\nalias k9sctx='kubectl config current-context'\nalias k9sn='k9s -n kube-system'"`

			`if [ "${FLUX_BOOTSTRAP:-true}" = "true" ]; then`
			`FLUX_PROVIDER="${FLUX_PROVIDER:-gitea}"`
			`FLUX_GIT_BRANCH="${FLUX_GIT_BRANCH:-main}"`
			`FLUX_NAMESPACE="${FLUX_NAMESPACE:-flux-system}"`
			`FLUX_GIT_PATH="${FLUX_GIT_PATH:-clusters/${CURRENT_CONTEXT}}"`

			`echo "Running flux preflight checks..."`
			`flux check --pre`

			`case "${FLUX_PROVIDER}" in`
			`gitea\|forgejo)`
			`if [ -z "${FLUX_GIT_URL:-}" ]; then`
			`echo "FLUX_GIT_URL is required for provider=${FLUX_PROVIDER}"`
			`exit 1`
			`fi`

			`FLUX_GIT_PRIVATE_KEY_FILE="${FLUX_GIT_PRIVATE_KEY_FILE:-$HOME/.ssh/id_ed25519}"`
			`if [ ! -f "$FLUX_GIT_PRIVATE_KEY_FILE" ]; then`
			`echo "Flux private key file not found: $FLUX_GIT_PRIVATE_KEY_FILE"`
			`exit 1`
			`fi`

			`echo "Bootstrapping Flux (${FLUX_PROVIDER}) to ${FLUX_GIT_URL} (branch=${FLUX_GIT_BRANCH}, path=${FLUX_GIT_PATH})"`
			`flux_cmd=(`
			`flux bootstrap git`
			`--url="$FLUX_GIT_URL"`
			`--branch="$FLUX_GIT_BRANCH"`
			`--path="$FLUX_GIT_PATH"`
			`--namespace="$FLUX_NAMESPACE"`
			`--private-key-file="$FLUX_GIT_PRIVATE_KEY_FILE"`
			`)`

			`if [ "${FLUX_INSECURE_HOSTKEYS:-false}" = "true" ]; then`
			`flux_cmd+=(--insecure-hostkey)`
			`fi`

			`"${flux_cmd[@]}"`
			`;;`
			`github)`
			`if [ -z "${FLUX_GITHUB_OWNER:-}" ] \|\| [ -z "${FLUX_GITHUB_REPO:-}" ]; then`
			`echo "FLUX_GITHUB_OWNER and FLUX_GITHUB_REPO are required for provider=github"`
			`exit 1`
			`fi`

			`if [ -z "${GITHUB_TOKEN:-}" ]; then`
			`echo "GITHUB_TOKEN must be set in environment for provider=github"`
			`exit 1`
			`fi`

			`echo "Bootstrapping Flux (github) to ${FLUX_GITHUB_OWNER}/${FLUX_GITHUB_REPO}"`
			`flux bootstrap github \`
			`--owner="$FLUX_GITHUB_OWNER" \`
			`--repository="$FLUX_GITHUB_REPO" \`
			`--branch="$FLUX_GIT_BRANCH" \`
			`--path="$FLUX_GIT_PATH" \`
			`--personal \`
			`--namespace="$FLUX_NAMESPACE"`
			`;;`
			`gitlab)`
			`if [ -z "${FLUX_GITLAB_OWNER:-}" ] \|\| [ -z "${FLUX_GITLAB_REPO:-}" ]; then`
			`echo "FLUX_GITLAB_OWNER and FLUX_GITLAB_REPO are required for provider=gitlab"`
			`exit 1`
			`fi`

			`if [ -z "${GITLAB_TOKEN:-}" ]; then`
			`echo "GITLAB_TOKEN must be set in environment for provider=gitlab"`
			`exit 1`
			`fi`

			`FLUX_GITLAB_HOSTNAME="${FLUX_GITLAB_HOSTNAME:-gitlab.com}"`
			`echo "Bootstrapping Flux (gitlab) to ${FLUX_GITLAB_OWNER}/${FLUX_GITLAB_REPO} on ${FLUX_GITLAB_HOSTNAME}"`
			`flux bootstrap gitlab \`
			`--hostname="$FLUX_GITLAB_HOSTNAME" \`
			`--owner="$FLUX_GITLAB_OWNER" \`
			`--repository="$FLUX_GITLAB_REPO" \`
			`--branch="$FLUX_GIT_BRANCH" \`
			`--path="$FLUX_GIT_PATH" \`
			`--namespace="$FLUX_NAMESPACE"`
			`;;`
			`*)`
			`echo "Unsupported FLUX_PROVIDER: ${FLUX_PROVIDER}"`
			`echo "Supported values: gitea, forgejo, github, gitlab"`
			`exit 1`
			`;;`
			`esac`
			`fi`

			`echo "Kubernetes workspace setup complete."`
			`echo "Open a new shell or run: source ~/.bashrc"`