-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
928c8a1
commit e599f0e
Showing
12 changed files
with
2,517 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.reason}{"\n"}{.message}{"\n"}' | ||
|
|
||
| echo "" | ||
|
|
||
| oc get kubeapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.reason}{"\n"}{.message}{"\n"}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| # Example LDAP BindPassword for DMEO ONLY. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| echo -n 'LDAPbindPassword-HERE' | oc create secret generic ldap-secret --dry-run=client --from-file=bindPassword=/dev/stdin -o yaml -n openshift-config \ | ||
| | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml > ../../clusters/all/clusterconfig/templates/sealed-ldap-bindpassword-secret.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # Example htpasswd for DMEO ONLY. | ||
|
|
||
| Users: admin, user[1..3] | ||
|
|
||
| Create a htpasswd like this: | ||
|
|
||
| htpasswd -B -b users.htpasswd user3 yoursuperpassword |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| cat users.htpasswd | oc create secret generic htpasswd-secret --dry-run=client --from-file=htpasswd=/dev/stdin -o yaml -n openshift-config \ | ||
| | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml > ../../clusters/all/clusterconfig/templates/htpasswd-sealed-secret.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| cat providers.html | oc create secret generic matrix-provider-template --dry-run=client --from-file=providers.html=/dev/stdin -o yaml -n openshift-config \ | ||
| | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml > ../../clusters/all/clusterbranding/templates/idp-provider-page-sealed-secret.yaml | ||
|
|
||
| cat login.html | oc create secret generic matrix-login-template --dry-run=client --from-file=login.html=/dev/stdin -o yaml -n openshift-config \ | ||
| | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml > ../../clusters/all/clusterbranding/templates/login-page-sealed-secret.yaml |
Large diffs are not rendered by default.
Oops, something went wrong.
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| #!/bin/bash | ||
| echo "Creating custom certificate for sealed secrets" | ||
|
|
||
| export PRIVATEKEY="fxtls.key" | ||
| export PUBLICKEY="fxtls.crt" | ||
| export NAMESPACE="sealed-secrets" | ||
| export SECRETNAME="fx-customsecret" | ||
|
|
||
| openssl req -x509 -days 3650 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out "$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret" | ||
|
|
||
| oc -n "$NAMESPACE" create secret tls "$SECRETNAME" --cert="$PUBLICKEY" --key="$PRIVATEKEY" | ||
| oc -n "$NAMESPACE" label secret "$SECRETNAME" sealedsecrets.bitnami.com/sealed-secrets-key=active | ||
|
|
||
| oc delete pod -l app.kubernetes.io/name=sealed-secrets -n "$NAMESPACE" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #!/bin/bash | ||
| echo "Getting public key from Sealed Secrets secret and copying it to ~/.bitnami" | ||
| echo "Create dir for Sealed Secrets public key. (~/.bitnami)." | ||
| mkdir -m 700 -p ~/.bitnami | ||
| echo "Backup secret itself" | ||
| oc get $(oc get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key=active -o name) -n sealed-secrets -o yaml > ~/.bitnami/sealed-secrets-secret.yaml | ||
| echo "Get the public key from the Sealed Secrets secret." | ||
| oc get $(oc get secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key=active -o name) -n sealed-secrets -o jsonpath='{.data.tls\.crt}' | base64 --decode > ~/.bitnami/publickey.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| #!/bin/bash | ||
| echo "Deleting existing secret." | ||
| oc delete secret -n sealed-secrets -l sealedsecrets.bitnami.com/sealed-secrets-key | ||
| echo "Creating secret from local drive." | ||
| oc create -f ~/.bitnami/sealed-secrets-secret.yaml -n sealed-secrets | ||
| echo "Restarting Sealed Secrets controller." | ||
| oc delete pod -l app.kubernetes.io/name=sealed-secrets -n sealed-secrets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| #!/bin/bash | ||
| echo -n 'PASSWORD-HERE' | oc create secret generic credentials --dry-run=client --from-file=adminpass=/dev/stdin -o yaml -n sonarqube \ | ||
| | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml > ../../clusters/management-cluster/sonarqube/templates/sealed-sonarqube-password.yaml |