diff --git a/adduser.sh b/adduser.sh deleted file mode 100644 index 3b757f2..0000000 --- a/adduser.sh +++ /dev/null @@ -1,2 +0,0 @@ -kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key -kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER diff --git a/createadmin.sh b/admin.sh similarity index 71% rename from createadmin.sh rename to admin.sh index f57a941..e12b8ed 100755 --- a/createadmin.sh +++ b/admin.sh @@ -2,7 +2,7 @@ export USER=$1 docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl genrsa -out /$USER/$USER.key 2048 docker run -it -v $HOME/.kube/users/$USER:/$USER python:latest openssl req -new -key /$USER/$USER.key -out /$USER/$USER.csr -subj "/CN=admin/O=manager" kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr -kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 +kubectl --context admin exec certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 kubectl --context admin cp certsigner:/certs/$USER.crt $HOME/.kube/users/$USER/$USER.crt kubectl config set-credentials $USER --client-certificate=$HOME/.kube/users/$USER/$USER.crt --client-key=$HOME/.kube/users/$USER/$USER.key kubectl config set-context $USER --cluster=mainframe --namespace=kube-system --user=$USER \ No newline at end of file diff --git a/certsigner/pod.yaml b/certsigner/pod.yaml index f0c6972..eaf9908 100644 --- a/certsigner/pod.yaml +++ b/certsigner/pod.yaml @@ -24,7 +24,7 @@ spec: volumes: - name: keys secret: - secretName: certs + secretName: certsigner - name: certs emptyDir: {} diff --git a/createuserspace.sh b/genuserspace.sh similarity index 89% rename from createuserspace.sh rename to genuserspace.sh index efe5359..0f6e6da 100755 --- a/createuserspace.sh +++ b/genuserspace.sh @@ -1,6 +1,7 @@ #!/bin/bash export USER=$1 +openssl req -in $HOME/.kube/users/$USER/$USER.csr -noout -text helm template $USER ./namespace | kubectl --context admin apply -f - kubectl --context admin cp $HOME/.kube/users/$USER/$USER.csr certsigner:/certs/$USER.csr kubectl --context admin exec --context admin certsigner -- openssl x509 -in /certs/$USER.csr -req -CA /keys/client-ca.crt -CAkey /keys/client-ca.key -set_serial $(python -c "import random; print(random.randint(1000000000, 9999999999))") -out /certs/$USER.crt -days 5000 diff --git a/namespace/templates/resourcequota.yaml b/namespace/templates/resourcequota.yaml new file mode 100644 index 0000000..9b94515 --- /dev/null +++ b/namespace/templates/resourcequota.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: default + namespace: {{ .Release.Name }} +spec: + hard: + requests.cpu: "12" + requests.memory: "24G" + limits.cpu: "48" + limits.memory: "64G" \ No newline at end of file diff --git a/namespace/templates/role.yaml b/namespace/templates/role.yaml index ce04e74..7b9f38f 100644 --- a/namespace/templates/role.yaml +++ b/namespace/templates/role.yaml @@ -14,6 +14,7 @@ rules: - traefik.containo.us - rbac.authorization.k8s.io - metrics.k8s.io + - policy resources: - deployments - replicasets @@ -48,6 +49,7 @@ rules: - roles verbs: - list + - get --- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1