Skip to content

Instantly share code, notes, and snippets.

View timroster's full-sized avatar

Tim Robinson timroster

30 followers · 7 following
View GitHub Profile
@amitpj
amitpj / api_roks.md
Last active October 26, 2021 23:11
An API-based pattern for accessing a Red Hat OpenShift cluster on IBM Cloud (ROKS)

Accessing a ROKS (Red Hat OpenShift on IBM Cloud) cluster using IBM IAM and IBM Kubernetes Service APIs

  1. Retrieve IBM Cloud IAM <access_token> and <refresh_token> using the API key
curl -X POST -H "Authorization: Basic Yng6Yng=" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=<APIKey>" "https://iam.cloud.ibm.com/identity/token"

The string "Yng6Yng=" is nothing but base64 encoded "bx" credentials.

Look for <access_token> and <refresh_token> in JSON output as shown below:

@timroster
timroster / lecerts-with-cert-manager.md
Last active May 25, 2022 14:33
Configure LE certificates with Cert Manager

Requesting TLS certificates on Red Hat OpenShift using the cert-manager operator

OpenShift Container Platform typically supports edge-terminated TLS applications in a simple way for application developers through the route resource. This is accomplished through a wildcard certificate which will usually take a form like *.apps.cluster.domain.example.com. By default when exposing a service in OpenShift, a hostname is created by combining the service name (such as console) with a project (like openshift-console) to create a FQDN for a host, resulting in a host name like console-openshift-console.apps.cluster.domain.example.com. This just "works" due to the cluster wildcard certificate.

However, it is possible to manage custom certificates for use with OpenShift routes or Kubernetes ingress resources. The Cert-Manager CNCF project provides a handy tool to request custom TLS certificates for OpenShift, or any other Kubernetes platform. This gist will walk through setting

@timroster
timroster / lets-encrypt-free-iks.md
Last active September 1, 2022 02:29
Creating Let's Encrypt certificates for IBM free Kubernetes clusters

Creating Let's Encrypt certificates for IBM free Kubernetes clusters

The IBM Kubernetes service free clusters consist of a single worker node with 2 CPU and 4 GB of memory for experimenting with Kubernetes. Unlike the fee-based service, these clusters do not include capabilities for application load balancing using ingress out-of-the-box. However, if you manage a DNS domain (any provider will suffice) and can add an A record, it's possible for you to configure your own ingress that can provide http and https session termination for your containerized applications. Getting a TLS-enabled website or simply an external REST API couldn't be easier!

Prerequisites

  • Free IBM Kubernetes Cluster (IKS) - upgrade your account from Lite plan to create one. In the example commands, we'll assume that this cluster is named mycluster
  • kubectl - match your cluster API version (as of 12/5/20 - this is ~1.18.12)
  • helm v3
  • DNS domain that you can edit to configure