Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix gcp ingress #1138

Merged
merged 1 commit into from
Dec 12, 2023
Merged

fix: fix gcp ingress #1138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion aws/k8s/secret-challenge-vault-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-aws-secretsmanager"
containers:
- image: jeroenwillemsen/wrongsecrets:1.8.0RC6-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.8.0RC9-k8s-vault
imagePullPolicy: IfNotPresent
name: secret-challenge
securityContext:
Expand Down
13 changes: 10 additions & 3 deletions gcp/k8s-vault-gcp-ingress-start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ echo "This is a script to bootstrap the configuration. You need to have installe
echo "This script is based on the steps defined in https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube. Vault is awesome!"

export GCP_PROJECT=$(gcloud config list --format 'value(core.project)' 2>/dev/null)
#export USE_GKE_GCLOUD_AUTH_PLUGIN=True

export REGION="$(terraform output -raw region)"
export CLUSTER_NAME="$(terraform output -raw kubernetes_cluster_name)"

gcloud container clusters get-credentials --project ${GCP_PROJECT} --zone ${REGION} ${CLUSTER_NAME}

kubectl get configmaps | grep 'secrets-file' &>/dev/null
if [ $? == 0 ]; then
Expand All @@ -24,24 +30,25 @@ if [ $? == 0 ]; then
echo "secrets secret is already installed"
else
kubectl apply -f ../k8s/secrets-secret.yml
kubectl apply -f ../k8s/challenge33.yml
fi

helm list | grep 'consul' &>/dev/null
if [ $? == 0 ]; then
echo "Consul is already installed"
else
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install consul hashicorp/consul --version 0.30.0 --values ../k8s/helm-consul-values.yml
helm install consul hashicorp/consul --values ../k8s/helm-consul-values.yml
fi

while [[ $(kubectl get pods -l app=consul -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True True True True" ]]; do echo "waiting for Consul" && sleep 2; done
while [[ $(kubectl get pods -l app=consul -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') != "True True True True True True" ]]; do echo "waiting for Consul" && sleep 2; done

helm list | grep 'vault' &>/dev/null
if [ $? == 0 ]; then
echo "Vault is already installed"
else
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault --version 0.9.1 --values ../k8s/helm-vault-values.yml
helm install vault hashicorp/vault --values ../k8s/helm-vault-values.yml
fi

isvaultrunning=$(kubectl get pods --field-selector=status.phase=Running)
Expand Down
2 changes: 1 addition & 1 deletion gcp/k8s/secret-challenge-vault-deployment.yml.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ spec:
volumeAttributes:
secretProviderClass: "wrongsecrets-gcp-secretsmanager"
containers:
- image: jeroenwillemsen/wrongsecrets:1.8.0RC4B-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.8.0RC9-k8s-vault
imagePullPolicy: IfNotPresent
name: secret-challenge
ports:
Expand Down
26 changes: 13 additions & 13 deletions k8s/secret-challenge-vault-deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
runAsNonRoot: true
serviceAccountName: vault
containers:
- image: jeroenwillemsen/wrongsecrets:1.8.0RC4B-k8s-vault
- image: jeroenwillemsen/wrongsecrets:1.8.0RC9-k8s-vault
imagePullPolicy: IfNotPresent
name: secret-challenge
securityContext:
Expand All @@ -47,32 +47,32 @@ spec:
protocol: TCP
readinessProbe:
httpGet:
path: '/actuator/health/readiness'
path: "/actuator/health/readiness"
port: 8080
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 5
failureThreshold: 8
livenessProbe:
httpGet:
path: '/actuator/health/liveness'
path: "/actuator/health/liveness"
port: 8080
initialDelaySeconds: 35
timeoutSeconds: 30
periodSeconds: 40
failureThreshold: 5
resources:
requests:
memory: '512Mi'
cpu: '200m'
ephemeral-storage: '1Gi'
memory: "512Mi"
cpu: "200m"
ephemeral-storage: "1Gi"
limits:
memory: '512Mi'
cpu: '1200m'
ephemeral-storage: '2Gi'
memory: "512Mi"
cpu: "1200m"
ephemeral-storage: "2Gi"
volumeMounts:
- name: 'ephemeral'
mountPath: '/tmp'
- name: "ephemeral"
mountPath: "/tmp"
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
Expand All @@ -98,8 +98,8 @@ spec:
- name: JWT_PATH
value: "/var/run/secrets/kubernetes.io/serviceaccount/token"
volumes:
- name: 'ephemeral'
emptyDir: { }
- name: "ephemeral"
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
Expand Down
Loading