From b2c9237d915c8219e77f84a522452ddce8e284df Mon Sep 17 00:00:00 2001 From: Hao Xin Date: Thu, 27 Jan 2022 11:08:44 +0800 Subject: [PATCH] remove extra setup scripts (#220) --- .../oidc-auth/overlays/dex/auth-setup.sh | 14 ---------- .../oidc-auth/overlays/keycloak/auth-setup.sh | 26 ------------------- 2 files changed, 40 deletions(-) delete mode 100755 distribution/oidc-auth/overlays/dex/auth-setup.sh delete mode 100755 distribution/oidc-auth/overlays/keycloak/auth-setup.sh diff --git a/distribution/oidc-auth/overlays/dex/auth-setup.sh b/distribution/oidc-auth/overlays/dex/auth-setup.sh deleted file mode 100755 index 4aba73f8..00000000 --- a/distribution/oidc-auth/overlays/dex/auth-setup.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -COOKIE_SECRET=$(python3 -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())') -OIDC_CLIENT_ID=$(python3 -c 'import secrets; print(secrets.token_hex(16))') -OIDC_CLIENT_SECRET=$(python3 -c 'import secrets; print(secrets.token_hex(32))') - -kubectl create secret generic -n auth oauth2-proxy --from-literal=client-id=${OIDC_CLIENT_ID} --from-literal=client-secret=${OIDC_CLIENT_SECRET} --from-literal=cookie-secret=${COOKIE_SECRET} --dry-run=client -o yaml | kubeseal | yq eval -P > oauth2-proxy-secret.yaml - -read -p 'Email: ' EMAIL -read -p 'Username: ' USERNAME - -ADMIN_PASS=$(python3 -c 'from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))') - -yq eval ".staticClients[0].id = \"${OIDC_CLIENT_ID}\" | .staticClients[0].secret = \"${OIDC_CLIENT_SECRET}\" | .staticPasswords[0].hash = \"${ADMIN_PASS}\" | .staticPasswords[0].email = \"${EMAIL}\" | .staticPasswords[0].username = \"${USERNAME}\"" dex-config-template.yaml | kubectl create secret generic -n auth dex-config --dry-run=client --from-file=config.yaml=/dev/stdin -o yaml | kubeseal | yq eval -P > dex-config-secret.yaml diff --git a/distribution/oidc-auth/overlays/keycloak/auth-setup.sh b/distribution/oidc-auth/overlays/keycloak/auth-setup.sh deleted file mode 100755 index cbae9dfd..00000000 --- a/distribution/oidc-auth/overlays/keycloak/auth-setup.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -COOKIE_SECRET=$(python3 -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(16)).decode())') -OIDC_CLIENT_ID=$(python3 -c 'import secrets; print(secrets.token_hex(16))') -OIDC_CLIENT_SECRET=$(python3 -c 'import secrets; print(secrets.token_hex(32))') - -kubectl create secret generic -n auth oauth2-proxy --from-literal=client-id=${OIDC_CLIENT_ID} --from-literal=client-secret=${OIDC_CLIENT_SECRET} --from-literal=cookie-secret=${COOKIE_SECRET} --dry-run=client -o yaml | kubeseal | yq eval -P > oauth2-proxy-secret.yaml - -DATABASE_PASS=$(python3 -c 'import secrets; print(secrets.token_hex(16))') -POSTGRESQL_PASS=$(python3 -c 'import secrets; print(secrets.token_hex(16))') -read -p 'Keycloak Admin Password (not for Kubeflow sign in): ' KEYCLOAK_ADMIN_PASS -read -p 'Keycloak Management Password (not for Kubeflow sign in): ' KEYCLOAK_MANAGEMENT_PASS - -kubectl create secret generic -n auth keycloak-secret --from-literal=admin-password=${KEYCLOAK_ADMIN_PASS} --from-literal=database-password=${DATABASE_PASS} --from-literal=management-password=${KEYCLOAK_MANAGEMENT_PASS} --dry-run=client -o yaml | kubeseal | yq eval -P > keycloak-secret.yaml - - - -kubectl create secret generic -n auth keycloak-postgresql --from-literal=postgresql-password=${DATABASE_PASS} --from-literal=postgresql-postgres-password=${POSTGRESQL_PASS} --dry-run=client -o yaml | kubeseal | yq eval -P > postgresql-secret.yaml - -read -p 'Email (for Kubeflow login): ' EMAIL -read -p 'First name (for Kubeflow account): ' FIRSTNAME -read -p 'Last name (for Kubeflow account): ' LASTNAME -read -p 'Username (for Kubeflow login): ' USERNAME -read -p 'Password (for Kubeflow login): ' ADMIN_PASS - -yq eval -j -P ".users[0].username = \"${USERNAME}\" | .users[0].email = \"${EMAIL}\" | .users[0].firstName = \"${FIRSTNAME}\" | .users[0].lastName = \"${LASTNAME}\" | .users[0].credentials[0].value = \"${ADMIN_PASS}\" | .clients[0].clientId = \"${OIDC_CLIENT_ID}\" | .clients[0].secret = \"${OIDC_CLIENT_SECRET}\"" kubeflow-realm-template.json | kubectl create secret generic -n auth kubeflow-realm --dry-run=client --from-file=kubeflow-realm.json=/dev/stdin -o json | kubeseal | yq eval -P > kubeflow-realm-secret.yaml