Skip to content

Instantly share code, notes, and snippets.

@amcginlay

amcginlay/tlspk-helper-agent-install.md

Last active August 8, 2023 08:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save amcginlay/c024ec14cde4b0132376119d33740794 to your computer and use it in GitHub Desktop.
Save amcginlay/c024ec14cde4b0132376119d33740794 to your computer and use it in GitHub Desktop.
Download ZIP
Installing the TLSPK agent without jsctl
Raw
tlspk-helper-agent-install.md

Installing the TLSPK agent without jsctl

Steps as follows

Lightweight cluster creation

Create a disposable KinD cluster as follows.

nickname=<YOUR_NICKNAME>

k8s_name=${nickname}-$(date +"%y%m%d%H%M")
cat <<EOF | kind create cluster --config -
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: ${k8s_name}
nodes:
  - role: control-plane
EOF

Download tlspk-helper script (Linux & MacOS)

From a Bash/Zsh session, download the TLSPK helper script.

cd ${HOME}
curl -fsSLO https://venafi-ecosystem.s3.amazonaws.com/tlspk/v1/tlspk-helper.sh && chmod 700 tlspk-helper.sh

TLSPK service account credentials

Set the TLSPK service account credentials into environment variables. These can be generated via https://platform.jetstack.io/org/PLACE_ORG_NAME_HERE/manage/service_accounts

export TLSPK_SA_USER_ID=<ID>@<ORG>.platform.jetstack.io
export TLSPK_SA_USER_SECRET='<USER_SECRET>' # leave the quotes in place to preserve any control chars in the user secret

You may securely check these variables are in place as follows.

env | grep '^TLSPK_' | awk -F '=' '{print $1"=<redacted>"}'

Deploy baseline TLSPK components

The following step will deploy the TLSPK sgent.

./tlspk-helper.sh deploy-agent --auto-approve

Confirm that TLSPK agent successfully installed.

kubectl -n jetstack-secure get deploy
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment