-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy.sh
More file actions
executable file
·29 lines (25 loc) · 985 Bytes
/
deploy.sh
File metadata and controls
executable file
·29 lines (25 loc) · 985 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/usr/bin/env bash
# Two-phase deploy — required on fresh clusters.
#
# The Kubernetes and Helm providers authenticate at the very start of apply
# (before any resources exist), so a single `tofu apply` on a fresh cluster
# will always fail for eks_addons resources. Phase 1 brings the cluster and
# nodes up first; phase 2 applies everything else once the API server is ready.
#
# Subsequent applies (updates, drift fixes) can use plain `tofu apply`.
#
# Usage:
# ./deploy.sh # uses whatever creds are active
# ./deploy.sh -var="aws_profile=ethrc" # explicit local profile
set -euo pipefail
# Phase 1: AWS-only resources — VPC, EKS cluster + node group, WAF
echo "==> Phase 1: cluster infrastructure"
tofu apply \
-target=module.vpc \
-target=module.eks \
-target=module.waf \
-target=module.s3_ml_data \
"$@"
# Phase 2: everything else — Helm charts, k8s manifests, ArgoCD, Karpenter
echo "==> Phase 2: cluster addons"
tofu apply "$@"