aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitmodules3
-rw-r--r--README.md9
-rw-r--r--apps/.gitignore1
-rw-r--r--apps/ansible.cfg2
-rw-r--r--apps/k8s/.gitignore1
-rw-r--r--apps/k8s/mi.yaml (renamed from k8s/mi.yaml)30
-rw-r--r--apps/k8s/secrets.yaml.j28
-rw-r--r--apps/kubernetes.secrets10
-rw-r--r--apps/secrets-playbook.retry1
-rw-r--r--apps/secrets-playbook.yml7
-rw-r--r--k8s/db.yaml9
m---------thirdparty/ansible-vault-tools0
12 files changed, 71 insertions, 10 deletions
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..f113073
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "thirdparty/ansible-vault-tools"]
+ path = thirdparty/ansible-vault-tools
+ url = https://github.com/building5/ansible-vault-tools
diff --git a/README.md b/README.md
index 7f55fd7..792e6ed 100644
--- a/README.md
+++ b/README.md
@@ -15,3 +15,12 @@ Secrets
echo -n $password | base64
kubectl exec -it mi-gateway-pod -- /bin/bash
+
+# Kubernetes Dashboard
+
+* https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
+
+Getting bearer token
+
+ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
+
diff --git a/apps/.gitignore b/apps/.gitignore
new file mode 100644
index 0000000..cd8b3d6
--- /dev/null
+++ b/apps/.gitignore
@@ -0,0 +1 @@
+.vault-password*
diff --git a/apps/ansible.cfg b/apps/ansible.cfg
new file mode 100644
index 0000000..96eecd6
--- /dev/null
+++ b/apps/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+vault_password_file = .vault-password
diff --git a/apps/k8s/.gitignore b/apps/k8s/.gitignore
new file mode 100644
index 0000000..03cdeec
--- /dev/null
+++ b/apps/k8s/.gitignore
@@ -0,0 +1 @@
+secrets.yaml
diff --git a/k8s/mi.yaml b/apps/k8s/mi.yaml
index 75b9254..c838f02 100644
--- a/k8s/mi.yaml
+++ b/apps/k8s/mi.yaml
@@ -92,6 +92,20 @@ spec:
# secret:
# secretName: membership-import-admin
+#---
+#apiVersion: v1
+#kind: Service
+#metadata:
+# name:mi-gateway-service
+#spec:
+# selector:
+# app: mi-gateway-pod
+# type: LoadBalancer
+# ports:
+# - protocol: TCP
+# port: 80
+# targetPort: 8080
+
---
apiVersion: v1
kind: Service
@@ -100,8 +114,22 @@ metadata:
spec:
selector:
app: mi-gateway-pod
- type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 8080
+
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+ name: mi-gateway-ingress
+spec:
+ rules:
+# - host: my-server.10.0.0.8.xip.io
+ - http:
+ paths:
+ - path: /
+ backend:
+ serviceName: mi-gateway-service
+ servicePort: 80
diff --git a/apps/k8s/secrets.yaml.j2 b/apps/k8s/secrets.yaml.j2
new file mode 100644
index 0000000..f23a233
--- /dev/null
+++ b/apps/k8s/secrets.yaml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: membership-import-admin
+type: Opaque
+data:
+ username: {{ membership_import_admin.username | b64encode }}
+ password: {{ membership_import_admin.password | b64encode }}
diff --git a/apps/kubernetes.secrets b/apps/kubernetes.secrets
new file mode 100644
index 0000000..8495051
--- /dev/null
+++ b/apps/kubernetes.secrets
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63363838613731363833316466363138306335306264366232356633633935373461316665636530
+6463393739386336626133636362333331663735396239620a333130383236363866393266636630
+38316231323236336535366663396633653437626163623736333335363261316232323537386136
+6131343537636639360a306233326164343736323932313666366537366563313233646237626334
+36333237323362613562643134336461666339636539356238636535363235313261376331376235
+64663334376463326236383063383566663734356633393334303664343938666365623366366666
+63393563386334366233363730313333363132303064383237363664376136336139383936646165
+31623134366361623035613531303534626435653730636261343230616161333131336235336331
+3864
diff --git a/apps/secrets-playbook.retry b/apps/secrets-playbook.retry
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/apps/secrets-playbook.retry
@@ -0,0 +1 @@
+localhost
diff --git a/apps/secrets-playbook.yml b/apps/secrets-playbook.yml
new file mode 100644
index 0000000..7a63eb8
--- /dev/null
+++ b/apps/secrets-playbook.yml
@@ -0,0 +1,7 @@
+- hosts: localhost
+ vars_files:
+ - kubernetes.secrets
+ tasks:
+ - template:
+ src: k8s/secrets.yaml.j2
+ dest: k8s/secrets.yaml
diff --git a/k8s/db.yaml b/k8s/db.yaml
deleted file mode 100644
index e97ca94..0000000
--- a/k8s/db.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: membership-import-admin
-data:
- # mi-gateway
- username: bWktZ2F0ZXdheQ==
- password: bWktZ2F0ZXdheQ==
diff --git a/thirdparty/ansible-vault-tools b/thirdparty/ansible-vault-tools
new file mode 160000
+Subproject 1a7c7817dd3052b077fb6809e303e46d7b711df