Steve Boardwell sboardwell

## install-jce.sh
#!/usr/bin/env bash

# http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -euo pipefail


function cleanUp() {
    local exitCode=$?
    [ $exitCode -ne 0 ] && echo "ERROR: The script is exiting with an error. Please check the logs above."
    [ -f "${myJceZip:-}" ] && echo "CLEANUP: Cleaning up jce zip..." && rm -f "${myJceZip}"

## kubernetes-replicator-install.sh
{
rm -rf /tmp/kr/kubernetes-replicator
mkdir -p /tmp/kr/kubernetes-replicator
(cd /tmp/kr/kubernetes-replicator && git clone --depth 1 --branch v1.0.0 git@github.com:mittwald/kubernetes-replicator.git .)
(cd /tmp/kr/kubernetes-replicator && helm upgrade --install --namespace kubernetes-replicator kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator)
kubectl get all -n kubernetes-replicator
}

## add_certificates_function.sh
add_certificates() {
  local envType=$1
  local secretName ns
  kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml)
  kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml)
  kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml
  kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml

  # get the secret name
  secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName')

## untitled
$ kubectl -n kube-system get certificates
NAME                                              READY   SECRET                                                AGE
jxing-nginx-ingress-controller-wildcard-prod      True    jxing-nginx-ingress-controller-wildcard-prod-tls      5d
jxing-nginx-ingress-controller-wildcard-staging   True    jxing-nginx-ingress-controller-wildcard-staging-tls   11d

## add_default_ssl_cert.sh
die() { echo "$@" 1>&2 ; exit 1; }

dieGracefully() { echo "$@" 1>&2 ; exit 0; }

confirm () {
    # call with a prompt string or use a default
    read -p "${1:-Are you sure?} [y/N]" -n 1 -r
    [ -n "$REPLY" ] && echo    # (optional) move to a new line
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        dieGracefully "Received '${REPLY:-N}'. ${2:-Exiting gracefully}."

## jenkins-github-oauth.groovy
// SecurityRealm
import jenkins.model.Jenkins
import hudson.security.SecurityRealm
import org.jenkinsci.plugins.GithubSecurityRealm

clientID = null
clientSecret = null
securityRealm = null

// secret sanity check

## myvalues.yaml
jenkins:
  Master:
    Image: my-reg/my-company/jenkins-x-image
    ImageTag: 0.0.70-1

## refresh-jx-platform.sh
#!/usr/bin/env bash

# Execute with:
#     ./refresh-jx-platform.sh
# or pass the JX_VERSION
#     JX_VERSION=2.3.333 ./refresh-jx-platform.sh

set -eu
export JX_HOME=$(mktemp -d)
if [ -z "${JX_VERSION:-}" ]; then

## authz_strategy_config
$ cat google-oauth-config
...someClientID...
...someClientSecret...


$ cat authz_strategy_config
{
  "strategy": "GlobalMatrixAuthorizationStrategy",
  "user_permissions": {
    "authenticated": [

## myvalues.yaml
jenkins:
  Master:
    Image: my-company/my-project/jenkins-x-image
    ImageTag: 0.0.70-2
  Persistence:
    mounts:
      - name: jenkins-security-secrets
        mountPath: /etc/jenkins-secrets
        readOnly: true
    volumes:
	#!/usr/bin/env bash

	# http://redsymbol.net/articles/unofficial-bash-strict-mode/
	set -euo pipefail


	function cleanUp() {
	local exitCode=$?
	[ $exitCode -ne 0 ] && echo "ERROR: The script is exiting with an error. Please check the logs above."
	[ -f "${myJceZip:-}" ] && echo "CLEANUP: Cleaning up jce zip..." && rm -f "${myJceZip}"
	{
	rm -rf /tmp/kr/kubernetes-replicator
	mkdir -p /tmp/kr/kubernetes-replicator
	(cd /tmp/kr/kubernetes-replicator && git clone --depth 1 --branch v1.0.0 git@github.com:mittwald/kubernetes-replicator.git .)
	(cd /tmp/kr/kubernetes-replicator && helm upgrade --install --namespace kubernetes-replicator kubernetes-replicator ./deploy/helm-chart/kubernetes-replicator)
	kubectl get all -n kubernetes-replicator
	}
	add_certificates() {
	local envType=$1
	local secretName ns
	kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml)
	kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml)
	kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml
	kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml

	# get the secret name
	secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml \| docker run -i --rm evns/yq yq -r '.spec.secretName')
	$ kubectl -n kube-system get certificates
	NAME READY SECRET AGE
	jxing-nginx-ingress-controller-wildcard-prod True jxing-nginx-ingress-controller-wildcard-prod-tls 5d
	jxing-nginx-ingress-controller-wildcard-staging True jxing-nginx-ingress-controller-wildcard-staging-tls 11d
	die() { echo "$@" 1>&2 ; exit 1; }

	dieGracefully() { echo "$@" 1>&2 ; exit 0; }

	confirm () {
	# call with a prompt string or use a default
	read -p "${1:-Are you sure?} [y/N]" -n 1 -r
	[ -n "$REPLY" ] && echo # (optional) move to a new line
	if [[ ! $REPLY =~ ^[Yy]$ ]]; then
	dieGracefully "Received '${REPLY:-N}'. ${2:-Exiting gracefully}."
	// SecurityRealm
	import jenkins.model.Jenkins
	import hudson.security.SecurityRealm
	import org.jenkinsci.plugins.GithubSecurityRealm

	clientID = null
	clientSecret = null
	securityRealm = null

	// secret sanity check
	jenkins:
	Master:
	Image: my-reg/my-company/jenkins-x-image
	ImageTag: 0.0.70-1
	#!/usr/bin/env bash

	# Execute with:
	# ./refresh-jx-platform.sh
	# or pass the JX_VERSION
	# JX_VERSION=2.3.333 ./refresh-jx-platform.sh

	set -eu
	export JX_HOME=$(mktemp -d)
	if [ -z "${JX_VERSION:-}" ]; then
	$ cat google-oauth-config
	...someClientID...
	...someClientSecret...


	$ cat authz_strategy_config
	{
	"strategy": "GlobalMatrixAuthorizationStrategy",
	"user_permissions": {
	"authenticated": [
	jenkins:
	Master:
	Image: my-company/my-project/jenkins-x-image
	ImageTag: 0.0.70-2
	Persistence:
	mounts:
	- name: jenkins-security-secrets
	mountPath: /etc/jenkins-secrets
	readOnly: true
	volumes: