services/userspace
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

upgrade script and fix a few issues

Browse Source
This commit is contained in:
ducoterra
2020-11-26 22:33:24 -05:00
parent e5f261f642
commit 0b469da892
7 changed files with 70 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -12,6 +12,15 @@ kubectl apply -f certsigner
./userspace.sh tester ./userspace.sh tester
``` ```
```bash
export USER=$1
openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text
helm template $USER ./namespace | kubectl --context admin apply -f -
kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
```
### Update a user ### Update a user
```bash ```bash

20
example.config Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority: server-ca.crt
server: https://3.14.3.100:6443
name: mainframe
contexts:
- context:
cluster: mainframe
namespace: $USER
user: $USER
name: $USER
current-context: $USER
kind: Config
preferences: {}
users:
- name: $USER
user:
client-certificate: users/$USER/$USER.crt
client-key: users/$USER/$USER.key

20
genuserspace.sh
View File

@@ -1,8 +1,18 @@
#!/bin/bash #!/bin/bash
export USER=$1 export USER=$1
openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text echo "setting up certsigner"
helm template $USER ./namespace | kubectl --context admin apply -f - kubectl apply -f ./certsigner
kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr sleep 5
kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 echo "generating certs"
kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt mkdir $HOME/.kube/users/$USER
docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048
docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=$USER/O=user"
echo "creating userspace"
helm template $USER ./namespace | kubectl apply -f -
echo "copying and signing certs"
kubectl cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr
kubectl exec certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000
kubectl cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt
echo "deleting certsigner"
kubectl delete -f ./certsigner

14
namespace/templates/limitrange.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: LimitRange
metadata:
name: default
namespace: {{ .Release.Name }}
spec:
limits:
- default:
memory: 128Mi
cpu: 100m
defaultRequest:
memory: 1Mi
cpu: 1m
type: Container

5
namespace/templates/resourcequota.yaml
View File

@@ -9,8 +9,7 @@ spec:
requests.memory: "24G" requests.memory: "24G"
limits.cpu: "48" limits.cpu: "48"
limits.memory: "64G" limits.memory: "64G"
hdd.storageclass.storage.k8s.io/requests.storage: 1Ti nvme.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
nvme.storageclass.storage.k8s.io/persistentvolumeclaims: "2" nvme.storageclass.storage.k8s.io/requests.storage: 0Gi
nvme.storageclass.storage.k8s.io/requests.storage: 100Gi
external-ssd.storageclass.storage.k8s.io/persistentvolumeclaims: "0" external-ssd.storageclass.storage.k8s.io/persistentvolumeclaims: "0"
external-ssd.storageclass.storage.k8s.io/requests.storage: 0Mi external-ssd.storageclass.storage.k8s.io/requests.storage: 0Mi

1
namespace/templates/role.yaml
View File

@@ -38,6 +38,7 @@ rules:
- ingressroutes - ingressroutes
- middlewares - middlewares
- endpoints - endpoints
- deployments/scale
verbs: verbs:
- "*" - "*"
- apiGroups: - apiGroups:

9
wireguard.example Normal file
View File

@@ -0,0 +1,9 @@
[Interface]
PrivateKey =
Address = 10.10.0.16/32
DNS = 10.10.0.1
[Peer]
PublicKey = G/zeQG4Q/IZhqIGc7v2HNXIMmhp74vQBdbDCwOXDihQ=
AllowedIPs = 3.14.3.0/24, 10.10.0.1/32
Endpoint = duco.ddns.net:51820