wstrange

#!/usr/bin/env bash
# Probably simpler way to do this??
kubectl get secrets/$1 -o json |  jq .data.\"$2\" | sed -e s/\"//g | base64 -d

wstrange

#!/usr/bin/env bash
# Export backend data using ldif or ds-backup
# This is done offline, and is expected to be run by a job that runs to termination

set -ex

# Target to export data to
BACKUP_DIR=${BACKUP_DIR:-/backup}

# The backup type defaults to ldif. Use ds-backup for a directory backup command

wstrange

FROM debian:stable-slim

ENV APT_OPTS="--no-install-recommends --yes"
RUN apt-get update \
        && apt-get install -y openldap-utils jq \
        && apt-get clean \
        && rm -r /var/lib/apt/lists /var/cache/apt/archives

COPY entrypoint.sh /
ENTRYPOINT [ "/entrypoint.sh" ]

wstrange

apiVersion: secret-agent.secrets.forgerock.io/v1alpha1
kind: SecretAgentConfiguration
metadata:
  name: platform-secrets
  namespace: warren  # secret-agent CRD is namespaced
spec:
  appConfig:
    createKubernetesObjects: true # True if we should create k8s secrets
    retainSecrets: true # retain secrets if the CRD is deleted. Not implemented
    secretsManager: none  # none, AWS, or GCP

wstrange

import 'dart:io';
import 'dart:async';

import 'package:firedart/generated/google/firestore/v1/common.pb.dart';
import 'package:firedart/generated/google/firestore/v1/document.pb.dart' as fs;
import 'package:firedart/generated/google/firestore/v1/firestore.pbgrpc.dart';
import 'package:firedart/generated/google/firestore/v1/query.pb.dart';
import 'package:grpc/grpc.dart';

import 'models.dart';

wstrange

#!/usr/bin/env bash
# Test script to access/generate secrets in Secret Manager

PROJECT="engineering-devops"
SCOPE="https://www.googleapis.com/auth/cloud-platform"
SERVICE_ACCOUNT_FILE=secret-manager.json
SECRET=my-secret

# Reference: https://gist.github.com/ryu1kn/c76aed0af8728f659730d9c26c9ee0ed

wstrange

# A CRD that describes secrets required by the platform, how to generate/find them,
#  how to mount them, etc.
# This should be able to cover all FRaaS and CDM use cases:
# 1) All random secrets every time this CRD is deployed
# 2) All secrets come from the GCP SM - assumed to be pre-created
# 3) Pull secret from GCP SM if available, otherwise generate random, then store in GCP SM for future use
# 4) Random on first install, but prefer an existing K8S secret if available
# 5) Other combinations of the above...
kind: org.forgerock.SecretSpec
apiVersion: betav1

wstrange

# Test pod to demonstrate process namespace sharing between tomcat (using the JRE) and
# OpenJDK tools (jmap, jstack, etc.)
# See https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
# Deploy using:  kubectl create -f process-test.yaml 
# Exec into the jdk container:  kubectl exec tomcat -c jdk -it bash
# Use some debug commands:  jps, jmap, jstack, etc.
apiVersion: v1
kind: Pod
metadata:
  name: tomcat

wstrange

#!/usr/bin/env bash

dump() {
    echo "******* Dump $1 *******"
    pid=`jps  -ml | grep $1 | awk '{print $1}'`
     if [ -n "$pid" ]; then
     echo $pid
        jstack $pid; 
    fi
}

wstrange

image:
  repository: gcr.io/engineering-devops
  pullPolicy: Always
  #pullPolicy: IfNotPresent
  tag: 6.5.0

djInstance: userstore

djPersistence: true