Last active
November 22, 2021 00:32
-
-
Save Vertiwell/d5a39526395c95b8e97151cbe00af4c8 to your computer and use it in GitHub Desktop.
harbor-ext-access.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Harbor Portal Access | |
## Set Variables: | |
# Set a domain to use (needs to be real if you want to access this externally from the internet) | |
echo "Provide a common name to use for browsing to (i.e: app.example.com):" | |
read DOMAIN | |
# Get the Cert-Manager Issuer | |
CI=$(kubectl get clusterissuer --output=jsonpath={.items..metadata.name}) | |
PS3='Please select a Cluster Issuer to provide certificates: ' | |
options=($CI) | |
select ISSUER in "${options[@]}" | |
do | |
echo "Using $ISSUER as the Cluster Issuer"; export ISSUER=$ISSUER; break | |
done | |
# Get the Namespace | |
NS=$(kubectl get namespaces --output=jsonpath={.items..metadata.name}) | |
PS3='Please select the Namespace in which the application lives: ' | |
options=($NS) | |
select NAMESPACE in "${options[@]}" | |
do | |
echo "Using $NAMESPACE as the Namespace"; export NAMESPACE=$NAMESPACE; break | |
done | |
# Get the Service | |
SE=$(kubectl get svc -n $NAMESPACE --output=jsonpath={.items..metadata.name}) | |
PS3='Please select the Service you want the Ingress to target: ' | |
options=($SE) | |
select SERVICE in "${options[@]}" | |
do | |
echo "Using $SERVICE as the Service"; export SERVICE=$SERVICE; break | |
done | |
# Create the Certificate (standard template against name.whatever.com your domain is) | |
cat <<EOF >$SERVICE-dashboard-cert.yaml | |
apiVersion: cert-manager.io/v1 | |
kind: Certificate | |
metadata: | |
name: $SERVICE-dashboard-cert | |
namespace: $NAMESPACE | |
spec: | |
commonName: $DOMAIN | |
secretName: $SERVICE-dashboard-cert | |
dnsNames: | |
- $DOMAIN | |
issuerRef: | |
name: $ISSUER | |
kind: ClusterIssuer | |
EOF | |
# Create the IngressRoute to direct traffic to your application | |
cat <<EOF >$SERVICE-dashboard-ingress.yaml | |
apiVersion: traefik.containo.us/v1alpha1 | |
kind: IngressRoute | |
metadata: | |
name: $SERVICE-dashboard-ingress | |
namespace: $NAMESPACE | |
spec: | |
entryPoints: | |
- websecure | |
routes: | |
- match: Host(\`$DOMAIN\`) && PathPrefix(\`/\`) | |
kind: Rule | |
services: | |
- name: $SERVICE | |
port: 80 | |
tls: | |
secretName: $SERVICE-dashboard-cert | |
EOF | |
# Deploy Certificate and Ingress to cluster | |
kubectl apply -f $SERVICE-dashboard-cert.yaml && kubectl apply -f $SERVICE-dashboard-ingress.yaml && \ | |
# Cleanup | |
rm $SERVICE-* | |
# Provide the user the URL | |
echo "URL is https://$DOMAIN" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment