130 lines
3.1 KiB
Bash
Executable File
130 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
set -ex
|
|
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
helm upgrade \
|
|
--create-namespace \
|
|
--install \
|
|
--namespace=cert-manager \
|
|
cert-manager \
|
|
jetstack/cert-manager \
|
|
--version v1.2.0 \
|
|
--set installCRDs=true
|
|
|
|
./tools/deployment/common/wait-for-pods.sh cert-manager
|
|
|
|
key=$(base64 -w0 /etc/jarvis/certs/ca/ca-key.pem)
|
|
crt=$(base64 -w0 /etc/jarvis/certs/ca/ca.pem)
|
|
tee /tmp/ca-issuers.yaml <<EOF
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: jarvis-ca-key-pair
|
|
namespace: cert-manager
|
|
data:
|
|
tls.crt: $crt
|
|
tls.key: $key
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: jarvis-ca-issuer
|
|
spec:
|
|
ca:
|
|
secretName: jarvis-ca-key-pair
|
|
EOF
|
|
kubectl apply -f /tmp/ca-issuers.yaml
|
|
|
|
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
|
|
helm upgrade \
|
|
--create-namespace \
|
|
--install \
|
|
--namespace=ingress-nginx \
|
|
ingress-nginx \
|
|
ingress-nginx/ingress-nginx \
|
|
--version 3.23.0 \
|
|
--set controller.service.type=NodePort \
|
|
--set controller.service.nodePorts.http=80 \
|
|
--set controller.service.nodePorts.https=443
|
|
|
|
./tools/deployment/common/wait-for-pods.sh ingress-nginx
|
|
|
|
cat > /tmp/base.ldif <<EOF
|
|
dn: ou=Users,dc=jarvis,dc=local
|
|
changetype: add
|
|
objectClass: organizationalUnit
|
|
ou: Users
|
|
|
|
dn: ou=Groups,dc=jarvis,dc=local
|
|
changetype: add
|
|
objectClass: organizationalUnit
|
|
ou: Groups
|
|
|
|
dn: uid=jarvis,ou=Users,dc=jarvis,dc=local
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: inetOrgPerson
|
|
cn: jarvis
|
|
sn: User
|
|
displayname: jarvis User
|
|
mail: jarvis@cluster.local
|
|
userpassword: {SSHA}fCJ5vuW1BQ4/OfOVkkx1qjwi7yHFuGNB
|
|
|
|
dn: cn=jarvis-admins,ou=Groups,dc=jarvis,dc=local
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: groupOfUniqueNames
|
|
cn: jarvis-admins
|
|
description: Jarvis Administrators
|
|
uniqueMember: uid=jarvis,ou=Users,dc=jarvis,dc=local
|
|
EOF
|
|
|
|
ldif_add_user() {
|
|
local USER=$1
|
|
local PASSWORD=$2
|
|
cat >> /tmp/base.ldif << EOF
|
|
|
|
dn: uid=$USER,ou=Users,dc=jarvis,dc=local
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: person
|
|
objectClass: inetOrgPerson
|
|
cn: $USER
|
|
sn: User
|
|
displayname: $USER User
|
|
mail: $USER@cluster.local
|
|
userpassword: $PASSWORD
|
|
EOF
|
|
}
|
|
|
|
project_path=./tools/gate/jarvis/5G-SA-core
|
|
if [ -d "$project_path" ]; then
|
|
projects=$(find $project_path -maxdepth 1 -mindepth 1 -type d -printf '%f\n')
|
|
for proj in $projects; do
|
|
# password: "harbor-user-password"
|
|
ldif_add_user $proj-harbor "{SSHA}u1BT4/+0D4CRCZEFYQHRieswErdUc5Zm"
|
|
# password: "harbor-staging-user-password"
|
|
ldif_add_user $proj-harbor-staging "{SSHA}gYtZk9+9j59ytEj9z6/KUsKw4/CvpaEU"
|
|
# password: "dev-password"
|
|
ldif_add_user $proj-dev "{SSHA}o8PQMzyBjq7+3wlnyFmjWILphtfnZ5tA"
|
|
done
|
|
fi
|
|
|
|
export LDIFFILE=$(cat /tmp/base.ldif)
|
|
yq -i eval '.customLdifFiles."groups.ldif" = strenv(LDIFFILE)' charts/ldap/values_overrides/default.yaml
|
|
|
|
helm repo add stable https://charts.helm.sh/stable
|
|
# shellcheck disable=SC2046
|
|
helm upgrade \
|
|
--create-namespace \
|
|
--install \
|
|
--namespace=ldap \
|
|
ldap \
|
|
stable/openldap \
|
|
--version 1.2.7 \
|
|
$(./tools/deployment/common/get-values-overrides.sh ldap)
|
|
|
|
./tools/deployment/common/wait-for-pods.sh ldap
|