wip

author: Trygve Laugstøl <trygvis@inamo.no> 2019-07-23 14:52:20 +0200
committer: Trygve Laugstøl <trygvis@inamo.no> 2019-07-23 14:52:20 +0200
commit: 0cad13cbb182ba4f98648be93db0b1e13e952fc8 (patch)
tree: f474b1ec3b30fff2fa889deb8c38161cefdb0225
parent: 67f5d1008eef96f13dbf8910092155b7aa1bcee4 (diff)
download: k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.gz
k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.bz2
k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.xz
k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.zip
12 files changed, 71 insertions, 10 deletions
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..f113073
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "thirdparty/ansible-vault-tools"]
+	path = thirdparty/ansible-vault-tools
+	url = https://github.com/building5/ansible-vault-tools
diff --git a/README.md b/README.md
index 7f55fd7..792e6ed 100644
--- a/README.md
+++ b/README.md
@@ -15,3 +15,12 @@ Secrets
 
     echo -n $password | base64
     kubectl exec -it mi-gateway-pod -- /bin/bash
+
+# Kubernetes Dashboard
+
+* https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
+
+Getting bearer token
+
+    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
+
diff --git a/apps/.gitignore b/apps/.gitignore
new file mode 100644
index 0000000..cd8b3d6
--- /dev/null
+++ b/apps/.gitignore
@@ -0,0 +1 @@
+.vault-password*
diff --git a/apps/ansible.cfg b/apps/ansible.cfg
new file mode 100644
index 0000000..96eecd6
--- /dev/null
+++ b/apps/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+vault_password_file = .vault-password
diff --git a/apps/k8s/.gitignore b/apps/k8s/.gitignore
new file mode 100644
index 0000000..03cdeec
--- /dev/null
+++ b/apps/k8s/.gitignore
@@ -0,0 +1 @@
+secrets.yaml
diff --git a/k8s/mi.yaml b/apps/k8s/mi.yaml
index 75b9254..c838f02 100644
--- a/k8s/mi.yaml
+++ b/apps/k8s/mi.yaml
@@ -92,6 +92,20 @@ spec:
 #          secret:
 #            secretName: membership-import-admin
 
+#---
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  name:mi-gateway-service
+#spec:
+#  selector:
+#    app: mi-gateway-pod
+#  type: LoadBalancer
+#  ports:
+#    - protocol: TCP
+#      port: 80
+#      targetPort: 8080
+
 ---
 apiVersion: v1
 kind: Service
@@ -100,8 +114,22 @@ metadata:
 spec:
   selector:
     app: mi-gateway-pod
-  type: LoadBalancer
   ports:
     - protocol: TCP
       port: 80
       targetPort: 8080
+
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: mi-gateway-ingress
+spec:
+  rules:
+#    - host: my-server.10.0.0.8.xip.io
+    - http:
+        paths:
+          - path: /
+            backend:
+              serviceName: mi-gateway-service
+              servicePort: 80
diff --git a/apps/k8s/secrets.yaml.j2 b/apps/k8s/secrets.yaml.j2
new file mode 100644
index 0000000..f23a233
--- /dev/null
+++ b/apps/k8s/secrets.yaml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: membership-import-admin
+type: Opaque
+data:
+  username: {{ membership_import_admin.username | b64encode }}
+  password: {{ membership_import_admin.password | b64encode }}
diff --git a/apps/kubernetes.secrets b/apps/kubernetes.secrets
new file mode 100644
index 0000000..8495051
--- /dev/null
+++ b/apps/kubernetes.secrets
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63363838613731363833316466363138306335306264366232356633633935373461316665636530
+6463393739386336626133636362333331663735396239620a333130383236363866393266636630
+38316231323236336535366663396633653437626163623736333335363261316232323537386136
+6131343537636639360a306233326164343736323932313666366537366563313233646237626334
+36333237323362613562643134336461666339636539356238636535363235313261376331376235
+64663334376463326236383063383566663734356633393334303664343938666365623366366666
+63393563386334366233363730313333363132303064383237363664376136336139383936646165
+31623134366361623035613531303534626435653730636261343230616161333131336235336331
+3864
diff --git a/apps/secrets-playbook.retry b/apps/secrets-playbook.retry
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/apps/secrets-playbook.retry
@@ -0,0 +1 @@
+localhost
diff --git a/apps/secrets-playbook.yml b/apps/secrets-playbook.yml
new file mode 100644
index 0000000..7a63eb8
--- /dev/null
+++ b/apps/secrets-playbook.yml
@@ -0,0 +1,7 @@
+- hosts: localhost
+  vars_files:
+    - kubernetes.secrets
+  tasks:
+    - template:
+        src: k8s/secrets.yaml.j2
+        dest: k8s/secrets.yaml
diff --git a/k8s/db.yaml b/k8s/db.yaml
deleted file mode 100644
index e97ca94..0000000
--- a/k8s/db.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: membership-import-admin
-data:
-  # mi-gateway
-  username: bWktZ2F0ZXdheQ==
-  password: bWktZ2F0ZXdheQ==
diff --git a/thirdparty/ansible-vault-tools b/thirdparty/ansible-vault-tools
new file mode 160000
+Subproject 1a7c7817dd3052b077fb6809e303e46d7b711df
author	Trygve Laugstøl <trygvis@inamo.no>	2019-07-23 14:52:20 +0200
committer	Trygve Laugstøl <trygvis@inamo.no>	2019-07-23 14:52:20 +0200
commit	0cad13cbb182ba4f98648be93db0b1e13e952fc8 (patch)
tree	f474b1ec3b30fff2fa889deb8c38161cefdb0225
parent	67f5d1008eef96f13dbf8910092155b7aa1bcee4 (diff)
download	k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.gz k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.bz2 k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.tar.xz k8s-sandbox-0cad13cbb182ba4f98648be93db0b1e13e952fc8.zip