From 0b469da89262bdd1a5c7f4823718d9284c320866 Mon Sep 17 00:00:00 2001
From: ducoterra <ducoterra@gmail.com>
Date: Thu, 26 Nov 2020 22:33:24 -0500
Subject: [PATCH] upgrade script and fix a few issues

---
 README.md                              |  9 +++++++++
 example.config                         | 20 ++++++++++++++++++++
 genuserspace.sh                        | 20 +++++++++++++++-----
 namespace/templates/limitrange.yaml    | 14 ++++++++++++++
 namespace/templates/resourcequota.yaml |  5 ++---
 namespace/templates/role.yaml          |  1 +
 wireguard.example                      |  9 +++++++++
 7 files changed, 70 insertions(+), 8 deletions(-)
 create mode 100644 example.config
 create mode 100644 namespace/templates/limitrange.yaml
 create mode 100644 wireguard.example

diff --git a/README.md b/README.md
index 42d5f02..c00e7d3 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,15 @@ kubectl apply -f certsigner
 ./userspace.sh tester
 ```
 
+```bash
+export USER=$1
+openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text
+helm template $USER ./namespace | kubectl --context admin apply -f -
+kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
+kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
+kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
+```
+
 ### Update a user
 
 ```bash
diff --git a/example.config b/example.config
new file mode 100644
index 0000000..76d2c4f
--- /dev/null
+++ b/example.config
@@ -0,0 +1,20 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority: server-ca.crt
+    server: https://3.14.3.100:6443
+  name: mainframe
+contexts:
+- context:
+    cluster: mainframe
+    namespace: $USER
+    user: $USER
+  name: $USER
+current-context: $USER
+kind: Config
+preferences: {}
+users:
+- name: $USER
+  user:
+    client-certificate: users/$USER/$USER.crt
+    client-key: users/$USER/$USER.key
\ No newline at end of file
diff --git a/genuserspace.sh b/genuserspace.sh
index 0f6e6da..ae67276 100755
--- a/genuserspace.sh
+++ b/genuserspace.sh
@@ -1,8 +1,18 @@
 #!/bin/bash
 
 export USER=$1
-openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text
-helm template $USER ./namespace | kubectl --context admin apply -f -
-kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
-kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
-kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
\ No newline at end of file
+echo "setting up certsigner"
+kubectl apply -f ./certsigner
+sleep 5
+echo "generating certs"
+mkdir $HOME/.kube/users/$USER
+docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048
+docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user"
+echo "creating userspace"
+helm template $USER ./namespace | kubectl apply -f -
+echo "copying and signing certs"
+kubectl cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
+kubectl exec certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
+kubectl cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
+echo "deleting certsigner"
+kubectl delete -f ./certsigner
\ No newline at end of file
diff --git a/namespace/templates/limitrange.yaml b/namespace/templates/limitrange.yaml
new file mode 100644
index 0000000..7d0201f
--- /dev/null
+++ b/namespace/templates/limitrange.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: default
+  namespace: {{ .Release.Name }}
+spec:
+  limits:
+  - default:
+      memory: 128Mi
+      cpu: 100m
+    defaultRequest:
+      memory: 1Mi
+      cpu: 1m
+    type: Container
\ No newline at end of file
diff --git a/namespace/templates/resourcequota.yaml b/namespace/templates/resourcequota.yaml
index 858e817..6c41854 100644
--- a/namespace/templates/resourcequota.yaml
+++ b/namespace/templates/resourcequota.yaml
@@ -9,8 +9,7 @@ spec:
     requests.memory: "24G"
     limits.cpu: "48"
     limits.memory: "64G"
-    hdd.storageclass.storage.k8s.io/requests.storage: 1Ti
-    nvme.storageclass.storage.k8s.io/persistentvolumeclaims: "2"
-    nvme.storageclass.storage.k8s.io/requests.storage: 100Gi
+    nvme.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
+    nvme.storageclass.storage.k8s.io/requests.storage: 0Gi
     external-ssd.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
     external-ssd.storageclass.storage.k8s.io/requests.storage: 0Mi
\ No newline at end of file
diff --git a/namespace/templates/role.yaml b/namespace/templates/role.yaml
index 7b9f38f..3aa92c7 100644
--- a/namespace/templates/role.yaml
+++ b/namespace/templates/role.yaml
@@ -38,6 +38,7 @@ rules:
     - ingressroutes
     - middlewares
     - endpoints
+    - deployments/scale
   verbs: 
     - "*"
 - apiGroups:
diff --git a/wireguard.example b/wireguard.example
new file mode 100644
index 0000000..cbe55e1
--- /dev/null
+++ b/wireguard.example
@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey =
+Address = 10.10.0.16/32
+DNS = 10.10.0.1
+
+[Peer]
+PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
+AllowedIPs = 3.14.3.0/24, 10.10.0.1/32
+Endpoint = duco.ddns.net:51820