From 0cad13cbb182ba4f98648be93db0b1e13e952fc8 Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Tue, 23 Jul 2019 14:52:20 +0200
Subject: wip

---
 .gitmodules                    |   3 +
 README.md                      |   9 +++
 apps/.gitignore                |   1 +
 apps/ansible.cfg               |   2 +
 apps/k8s/.gitignore            |   1 +
 apps/k8s/mi.yaml               | 135 +++++++++++++++++++++++++++++++++++++++++
 apps/k8s/secrets.yaml.j2       |   8 +++
 apps/kubernetes.secrets        |  10 +++
 apps/secrets-playbook.retry    |   1 +
 apps/secrets-playbook.yml      |   7 +++
 k8s/db.yaml                    |   9 ---
 k8s/mi.yaml                    | 107 --------------------------------
 thirdparty/ansible-vault-tools |   1 +
 13 files changed, 178 insertions(+), 116 deletions(-)
 create mode 100644 .gitmodules
 create mode 100644 apps/.gitignore
 create mode 100644 apps/ansible.cfg
 create mode 100644 apps/k8s/.gitignore
 create mode 100644 apps/k8s/mi.yaml
 create mode 100644 apps/k8s/secrets.yaml.j2
 create mode 100644 apps/kubernetes.secrets
 create mode 100644 apps/secrets-playbook.retry
 create mode 100644 apps/secrets-playbook.yml
 delete mode 100644 k8s/db.yaml
 delete mode 100644 k8s/mi.yaml
 create mode 160000 thirdparty/ansible-vault-tools

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..f113073
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "thirdparty/ansible-vault-tools"]
+	path = thirdparty/ansible-vault-tools
+	url = https://github.com/building5/ansible-vault-tools
diff --git a/README.md b/README.md
index 7f55fd7..792e6ed 100644
--- a/README.md
+++ b/README.md
@@ -15,3 +15,12 @@ Secrets
 
     echo -n $password | base64
     kubectl exec -it mi-gateway-pod -- /bin/bash
+
+# Kubernetes Dashboard
+
+* https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
+
+Getting bearer token
+
+    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
+
diff --git a/apps/.gitignore b/apps/.gitignore
new file mode 100644
index 0000000..cd8b3d6
--- /dev/null
+++ b/apps/.gitignore
@@ -0,0 +1 @@
+.vault-password*
diff --git a/apps/ansible.cfg b/apps/ansible.cfg
new file mode 100644
index 0000000..96eecd6
--- /dev/null
+++ b/apps/ansible.cfg
@@ -0,0 +1,2 @@
+[defaults]
+vault_password_file = .vault-password
diff --git a/apps/k8s/.gitignore b/apps/k8s/.gitignore
new file mode 100644
index 0000000..03cdeec
--- /dev/null
+++ b/apps/k8s/.gitignore
@@ -0,0 +1 @@
+secrets.yaml
diff --git a/apps/k8s/mi.yaml b/apps/k8s/mi.yaml
new file mode 100644
index 0000000..c838f02
--- /dev/null
+++ b/apps/k8s/mi.yaml
@@ -0,0 +1,135 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mi-processor-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mi-processor-pod
+  template:
+    metadata:
+      labels:
+        app: mi-processor-pod
+    spec:
+      containers:
+        - name: mi-processor
+          image: trygvis/mi-processor:latest
+          ports:
+            - containerPort: 8080
+
+#          volumeMounts:
+#            - name: pgpass
+#              mountPath: /secret/pgpass
+#      volumes:
+#        - name: pgpass
+#          secret:
+#            secretName: membership-import-admin
+
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: pg
+spec:
+ type: ClusterIP
+ ports:
+   - port: 5432
+     targetPort: 5432
+
+---
+kind: Endpoints
+apiVersion: v1
+metadata:
+ name: pg
+subsets:
+  - addresses:
+      - ip: 10.88.80.3
+    ports:
+      - port: 5432
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mi-gateway-deployment
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: mi-gateway-pod
+  template:
+    metadata:
+      labels:
+        app: mi-gateway-pod
+    spec:
+      containers:
+        - name: mi-gateway
+          image: trygvis/mi-gateway:latest
+          ports:
+            - containerPort: 8080
+          env:
+            - name: PGDATABASE
+              value: iqey
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: membership-import-admin
+                  key: username
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: membership-import-admin
+                  key: password
+            - name: PGHOST
+              value: pg.default.svc.cluster.local
+
+#          volumeMounts:
+#            - name: pgpass
+#              mountPath: /secret/pgpass
+#      volumes:
+#        - name: pgpass
+#          secret:
+#            secretName: membership-import-admin
+
+#---
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  name:mi-gateway-service
+#spec:
+#  selector:
+#    app: mi-gateway-pod
+#  type: LoadBalancer
+#  ports:
+#    - protocol: TCP
+#      port: 80
+#      targetPort: 8080
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mi-gateway-service
+spec:
+  selector:
+    app: mi-gateway-pod
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: mi-gateway-ingress
+spec:
+  rules:
+#    - host: my-server.10.0.0.8.xip.io
+    - http:
+        paths:
+          - path: /
+            backend:
+              serviceName: mi-gateway-service
+              servicePort: 80
diff --git a/apps/k8s/secrets.yaml.j2 b/apps/k8s/secrets.yaml.j2
new file mode 100644
index 0000000..f23a233
--- /dev/null
+++ b/apps/k8s/secrets.yaml.j2
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: membership-import-admin
+type: Opaque
+data:
+  username: {{ membership_import_admin.username | b64encode }}
+  password: {{ membership_import_admin.password | b64encode }}
diff --git a/apps/kubernetes.secrets b/apps/kubernetes.secrets
new file mode 100644
index 0000000..8495051
--- /dev/null
+++ b/apps/kubernetes.secrets
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+63363838613731363833316466363138306335306264366232356633633935373461316665636530
+6463393739386336626133636362333331663735396239620a333130383236363866393266636630
+38316231323236336535366663396633653437626163623736333335363261316232323537386136
+6131343537636639360a306233326164343736323932313666366537366563313233646237626334
+36333237323362613562643134336461666339636539356238636535363235313261376331376235
+64663334376463326236383063383566663734356633393334303664343938666365623366366666
+63393563386334366233363730313333363132303064383237363664376136336139383936646165
+31623134366361623035613531303534626435653730636261343230616161333131336235336331
+3864
diff --git a/apps/secrets-playbook.retry b/apps/secrets-playbook.retry
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/apps/secrets-playbook.retry
@@ -0,0 +1 @@
+localhost
diff --git a/apps/secrets-playbook.yml b/apps/secrets-playbook.yml
new file mode 100644
index 0000000..7a63eb8
--- /dev/null
+++ b/apps/secrets-playbook.yml
@@ -0,0 +1,7 @@
+- hosts: localhost
+  vars_files:
+    - kubernetes.secrets
+  tasks:
+    - template:
+        src: k8s/secrets.yaml.j2
+        dest: k8s/secrets.yaml
diff --git a/k8s/db.yaml b/k8s/db.yaml
deleted file mode 100644
index e97ca94..0000000
--- a/k8s/db.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: membership-import-admin
-data:
-  # mi-gateway
-  username: bWktZ2F0ZXdheQ==
-  password: bWktZ2F0ZXdheQ==
diff --git a/k8s/mi.yaml b/k8s/mi.yaml
deleted file mode 100644
index 75b9254..0000000
--- a/k8s/mi.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mi-processor-deployment
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mi-processor-pod
-  template:
-    metadata:
-      labels:
-        app: mi-processor-pod
-    spec:
-      containers:
-        - name: mi-processor
-          image: trygvis/mi-processor:latest
-          ports:
-            - containerPort: 8080
-
-#          volumeMounts:
-#            - name: pgpass
-#              mountPath: /secret/pgpass
-#      volumes:
-#        - name: pgpass
-#          secret:
-#            secretName: membership-import-admin
-
----
-kind: Service
-apiVersion: v1
-metadata:
- name: pg
-spec:
- type: ClusterIP
- ports:
-   - port: 5432
-     targetPort: 5432
-
----
-kind: Endpoints
-apiVersion: v1
-metadata:
- name: pg
-subsets:
-  - addresses:
-      - ip: 10.88.80.3
-    ports:
-      - port: 5432
-
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mi-gateway-deployment
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: mi-gateway-pod
-  template:
-    metadata:
-      labels:
-        app: mi-gateway-pod
-    spec:
-      containers:
-        - name: mi-gateway
-          image: trygvis/mi-gateway:latest
-          ports:
-            - containerPort: 8080
-          env:
-            - name: PGDATABASE
-              value: iqey
-            - name: PGUSER
-              valueFrom:
-                secretKeyRef:
-                  name: membership-import-admin
-                  key: username
-            - name: PGPASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: membership-import-admin
-                  key: password
-            - name: PGHOST
-              value: pg.default.svc.cluster.local
-
-#          volumeMounts:
-#            - name: pgpass
-#              mountPath: /secret/pgpass
-#      volumes:
-#        - name: pgpass
-#          secret:
-#            secretName: membership-import-admin
-
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: mi-gateway-service
-spec:
-  selector:
-    app: mi-gateway-pod
-  type: LoadBalancer
-  ports:
-    - protocol: TCP
-      port: 80
-      targetPort: 8080
diff --git a/thirdparty/ansible-vault-tools b/thirdparty/ansible-vault-tools
new file mode 160000
index 0000000..1a7c781
--- /dev/null
+++ b/thirdparty/ansible-vault-tools
@@ -0,0 +1 @@
+Subproject commit 1a7c7817dd3052b077fb6809e303e46d7b711df1
-- 
cgit v1.2.3