Quick Start:
./deploy.sh --target kind-localci/scripts/
├── deploy.sh # Main entry point (143 lines)
├── manage_lifecycle.sh # Lifecycle management
└── lib/ # Modular libraries
├── common.sh # Logging, parsing, utilities (277 lines)
├── context.sh # Kubernetes context setup (87 lines)
├── infrastructure.sh # S3, TKMS, Crossplane (316 lines)
├── kms_deployment.sh # KMS core deployment (546 lines)
└── utils.sh # Port forwarding, logs (165 lines)
# Local deployment with Kind
./deploy.sh --target kind-local
# Build and load images locally
./deploy.sh --target kind-local --build
# Clean up and redeploy
./deploy.sh --target kind-local --cleanup
# Deploy and wait indefinitely (with port forwarding)
./deploy.sh --target kind-local --block./deploy.sh \
--target [kind-local|kind-ci|aws-ci|aws-perf] \
--namespace <namespace> \
--deployment-type [threshold|centralized|thresholdWithEnclave|centralizedWithEnclave] \
--tag <image-tag> \
--num-parties <count> \
--kms-chart-version <version> \
--cleanup \
--block \
--collect-logs \
--buildFor local development with Kind:
# Build and load images into Kind cluster
./deploy.sh --target kind-local --build
# Use specific Rust version
RUST_IMAGE_VERSION=1.94 ./deploy.sh --target kind-local --buildThe build process will:
- Build
core-serviceimage with Docker buildx - Load it into the Kind cluster
- Build
core-clientimage - Load it into the Kind cluster
| Need to modify... | Edit this file |
|---|---|
| Logging or argument parsing | lib/common.sh |
| Kind cluster setup | lib/context.sh |
| AWS/Tailscale config | lib/context.sh |
| LocalStack deployment | lib/infrastructure.sh |
| TKMS/Crossplane | lib/infrastructure.sh |
| Registry credentials | lib/infrastructure.sh |
| KMS Core deployment | lib/kms_deployment.sh |
| Helm overrides | lib/kms_deployment.sh |
| Docker image building | lib/utils.sh |
| Port forwarding | lib/utils.sh |
| Log collection | lib/utils.sh |
- Orchestrates the entire deployment
- Defines default configuration
- Loads library modules
- Executes main deployment flow
Common utilities and helper functions
log_info(),log_warn(),log_error()- Logging functionsparse_args()- Command-line argument parsingsed_inplace()- Cross-platform file editing- Interactive resource configuration (local dev)
- Path suffix determination
Kubernetes context management
setup_context()- Main context setup routersetup_kind_cluster()- Kind cluster creation/managementcreate_new_kind_cluster()- Kind cluster provisioningsetup_aws_context()- AWS/Tailscale configuration
Infrastructure provisioning and management
setup_infrastructure()- Main infrastructure setupdeploy_localstack()- S3 mock deployment (Kind)deploy_tkms_infra()- Crossplane infrastructure (AWS)wait_tkms_infra_ready()- Wait for infrastructure readinesswait_crossplane_resources_ready()- Crossplane resource waitingdeploy_registry_credentials()- Docker registry accessfetch_pcrs_from_image()- Extract PCR values from enclave images
KMS Core service deployment
deploy_kms()- Main KMS deployment orchestratordeploy_threshold_mode()- Multi-party threshold deploymentdeploy_centralized_mode()- Single-party centralized deploymentgenerate_helm_overrides()- Dynamic Helm values generationgenerate_peers_config()- Threshold peer configurationdeploy_init_job()- Initialization job deploymenthelm_upgrade_with_version()- Helm wrapper utility
Utility functions for operations
build_container()- Build and load Docker images (Kind)setup_port_forwarding()- Local port forwarding (Kind)wait_indefinitely()- Keep script runningcollect_logs()- Pod log collection for debugging
Enable verbose mode to see all function calls:
bash -x deploy.sh --target kind-local 2>&1 | lessCheck module loading:
bash -x deploy.sh --help 2>&1 | grep source