#!/usr/bin/env bash
set -euo pipefail

# Lab-oriented manual StackRox install (upstream open-source path)
# Do not use this exact script as production automation without review.

export ROX_ADMIN_PASSWORD="$(openssl rand -base64 20 | tr -d '/=+')"
export CLUSTER_NAME="prod-cluster-1"
export CENTRAL_ENDPOINT="central.stackrox.svc:443"

helm repo add stackrox https://raw.githubusercontent.com/stackrox/helm-charts/main/opensource/
helm repo update

helm upgrade --install -n stackrox --create-namespace stackrox-central-services   stackrox/stackrox-central-services   --set central.adminPassword.value="${ROX_ADMIN_PASSWORD}"

echo "$ROX_ADMIN_PASSWORD" | kubectl -n stackrox exec -i deploy/central -- bash -c 'ROX_ADMIN_PASSWORD=$(cat) roxctl --insecure-skip-tls-verify central init-bundles generate stackrox-init-bundle --output -' > stackrox-init-bundle.yaml

helm upgrade --install -n stackrox --create-namespace stackrox-secured-cluster-services   stackrox/stackrox-secured-cluster-services   -f stackrox-init-bundle.yaml   --set clusterName="$CLUSTER_NAME"   --set centralEndpoint="$CENTRAL_ENDPOINT"

echo "Admin password saved in ROX_ADMIN_PASSWORD"