Skip to content

Instantly share code, notes, and snippets.

@Vertiwell
Last active November 22, 2021 00:32
Show Gist options
  • Save Vertiwell/d5a39526395c95b8e97151cbe00af4c8 to your computer and use it in GitHub Desktop.
Save Vertiwell/d5a39526395c95b8e97151cbe00af4c8 to your computer and use it in GitHub Desktop.
harbor-ext-access.sh
#!/bin/bash
### Harbor Portal Access
## Set Variables:
# Set a domain to use (needs to be real if you want to access this externally from the internet)
echo "Provide a common name to use for browsing to (i.e: app.example.com):"
read DOMAIN
# Get the Cert-Manager Issuer
CI=$(kubectl get clusterissuer --output=jsonpath={.items..metadata.name})
PS3='Please select a Cluster Issuer to provide certificates: '
options=($CI)
select ISSUER in "${options[@]}"
do
echo "Using $ISSUER as the Cluster Issuer"; export ISSUER=$ISSUER; break
done
# Get the Namespace
NS=$(kubectl get namespaces --output=jsonpath={.items..metadata.name})
PS3='Please select the Namespace in which the application lives: '
options=($NS)
select NAMESPACE in "${options[@]}"
do
echo "Using $NAMESPACE as the Namespace"; export NAMESPACE=$NAMESPACE; break
done
# Get the Service
SE=$(kubectl get svc -n $NAMESPACE --output=jsonpath={.items..metadata.name})
PS3='Please select the Service you want the Ingress to target: '
options=($SE)
select SERVICE in "${options[@]}"
do
echo "Using $SERVICE as the Service"; export SERVICE=$SERVICE; break
done
# Create the Certificate (standard template against name.whatever.com your domain is)
cat <<EOF >$SERVICE-dashboard-cert.yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: $SERVICE-dashboard-cert
namespace: $NAMESPACE
spec:
commonName: $DOMAIN
secretName: $SERVICE-dashboard-cert
dnsNames:
- $DOMAIN
issuerRef:
name: $ISSUER
kind: ClusterIssuer
EOF
# Create the IngressRoute to direct traffic to your application
cat <<EOF >$SERVICE-dashboard-ingress.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: $SERVICE-dashboard-ingress
namespace: $NAMESPACE
spec:
entryPoints:
- websecure
routes:
- match: Host(\`$DOMAIN\`) && PathPrefix(\`/\`)
kind: Rule
services:
- name: $SERVICE
port: 80
tls:
secretName: $SERVICE-dashboard-cert
EOF
# Deploy Certificate and Ingress to cluster
kubectl apply -f $SERVICE-dashboard-cert.yaml && kubectl apply -f $SERVICE-dashboard-ingress.yaml && \
# Cleanup
rm $SERVICE-*
# Provide the user the URL
echo "URL is https://$DOMAIN"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment