This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# http://redsymbol.net/articles/unofficial-bash-strict-mode/ | |
set -euo pipefail | |
function cleanUp() { | |
local exitCode=$? | |
[ $exitCode -ne 0 ] && echo "ERROR: The script is exiting with an error. Please check the logs above." | |
[ -f "${myJceZip:-}" ] && echo "CLEANUP: Cleaning up jce zip..." && rm -f "${myJceZip}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
rm -rf /tmp/kr/kubernetes-replicator | |
mkdir -p /tmp/kr/kubernetes-replicator | |
(cd /tmp/kr/kubernetes-replicator && git clone --depth 1 --branch v1.0.0 git@github.com:mittwald/kubernetes-replicator.git .) | |
(cd /tmp/kr/kubernetes-replicator && helm upgrade --install --namespace kubernetes-replicator kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator) | |
kubectl get all -n kubernetes-replicator | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add_certificates() { | |
local envType=$1 | |
local secretName ns | |
kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml) | |
kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml) | |
kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml | |
kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml | |
# get the secret name | |
secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ kubectl -n kube-system get certificates | |
NAME READY SECRET AGE | |
jxing-nginx-ingress-controller-wildcard-prod True jxing-nginx-ingress-controller-wildcard-prod-tls 5d | |
jxing-nginx-ingress-controller-wildcard-staging True jxing-nginx-ingress-controller-wildcard-staging-tls 11d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
die() { echo "$@" 1>&2 ; exit 1; } | |
dieGracefully() { echo "$@" 1>&2 ; exit 0; } | |
confirm () { | |
# call with a prompt string or use a default | |
read -p "${1:-Are you sure?} [y/N]" -n 1 -r | |
[ -n "$REPLY" ] && echo # (optional) move to a new line | |
if [[ ! $REPLY =~ ^[Yy]$ ]]; then | |
dieGracefully "Received '${REPLY:-N}'. ${2:-Exiting gracefully}." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// SecurityRealm | |
import jenkins.model.Jenkins | |
import hudson.security.SecurityRealm | |
import org.jenkinsci.plugins.GithubSecurityRealm | |
clientID = null | |
clientSecret = null | |
securityRealm = null | |
// secret sanity check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenkins: | |
Master: | |
Image: my-reg/my-company/jenkins-x-image | |
ImageTag: 0.0.70-1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Execute with: | |
# ./refresh-jx-platform.sh | |
# or pass the JX_VERSION | |
# JX_VERSION=2.3.333 ./refresh-jx-platform.sh | |
set -eu | |
export JX_HOME=$(mktemp -d) | |
if [ -z "${JX_VERSION:-}" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ cat google-oauth-config | |
...someClientID... | |
...someClientSecret... | |
$ cat authz_strategy_config | |
{ | |
"strategy": "GlobalMatrixAuthorizationStrategy", | |
"user_permissions": { | |
"authenticated": [ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jenkins: | |
Master: | |
Image: my-company/my-project/jenkins-x-image | |
ImageTag: 0.0.70-2 | |
Persistence: | |
mounts: | |
- name: jenkins-security-secrets | |
mountPath: /etc/jenkins-secrets | |
readOnly: true | |
volumes: |
OlderNewer