mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-23 01:24:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

feat: get credentials automatically in post install script

Browse Source
This commit is contained in:
Khue Doan 2022-07-23 23:59:29 +07:00
parent 318988939a
commit 2b7fb0fb73
1 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
scripts/hacks
View File

@ -3,41 +3,35 @@
""" """
Quick and dirty script for things that I can't/don't have time to do properly yet Quick and dirty script for things that I can't/don't have time to do properly yet
TODO: retire this script TODO: retire this script
export DOMAIN=khuedoan.com
export GITEA_USER=gitea_admin
export GITEA_PASSWORD='xxx'
export GITEA_HOST='git.khuedoan.com'
export VAULT_HOST='https://vault.khuedoan.com'
export VAULT_TOKEN='s.xxx'
./scripts/hacks
""" """
import base64
import json import json
import os
import sys
import requests import requests
import urllib.parse import sys
from rich.console import Console
from rich.console import Console
from kubernetes import client, config
# https://git.khuedoan.com/user/settings/applications # https://git.khuedoan.com/user/settings/applications
# Doing this properly inside the cluster requires: # Doing this properly inside the cluster requires:
# - Kubernetes service account # - Kubernetes service account
# - Vault Kubernetes auth # - Vault Kubernetes auth
domain = os.environ['DOMAIN'] config.load_kube_config(config_file='./metal/kubeconfig.yaml')
vault_host = os.environ['VAULT_HOST']
vault_token = os.environ['VAULT_TOKEN']
gitea_host = os.getenv('GITEA_HOST', "gitea-http:3000") gitea_host = client.NetworkingV1Api().read_namespaced_ingress('gitea', 'gitea').spec.rules[0].host
gitea_user = os.environ['GITEA_USER'] gitea_user = base64.b64decode(client.CoreV1Api().read_namespaced_secret('gitea-admin-secret', 'gitea').data['username']).decode("utf-8")
gitea_pass = urllib.parse.quote_plus(os.environ['GITEA_PASSWORD']) gitea_pass = base64.b64decode(client.CoreV1Api().read_namespaced_secret('gitea-admin-secret', 'gitea').data['password']).decode("utf-8")
gitea_url = f"http://{gitea_user}:{gitea_pass}@{gitea_host}" gitea_url = f"http://{gitea_user}:{gitea_pass}@{gitea_host}"
vault_host = client.NetworkingV1Api().read_namespaced_ingress('vault', 'vault').spec.rules[0].host
vault_token = base64.b64decode(client.CoreV1Api().read_namespaced_secret('vault-unseal-keys', 'vault').data['vault-root']).decode("utf-8")
vault_url = f"https://{vault_host}"
def create_vault_secret(path: str, data) -> None: def create_vault_secret(path: str, data) -> None:
requests.post( requests.post(
url=f"{vault_host}/v1/secret/data/{path}", url=f"{vault_url}/v1/secret/data/{path}",
headers={ headers={
'X-Vault-Token': vault_token 'X-Vault-Token': vault_token
}, },
@ -108,13 +102,14 @@ def setup_gitea_oauth_app(name: str, redirect_uri: str) -> None:
def main() -> None: def main() -> None:
with Console().status("Completing the remaining sorcery"): with Console().status("Completing the remaining sorcery"):
gitea_access_tokens = [ gitea_access_tokens = [
'renovate' 'renovate'
] ]
gitea_oauth_apps = [ gitea_oauth_apps = [
{'name': 'dex', 'redirect_uri': f"https://dex.{domain}/callback"} {'name': 'dex', 'redirect_uri': f"https://{client.NetworkingV1Api().read_namespaced_ingress('dex', 'dex').spec.rules[0].host}/callback"}
] ]
for token_name in gitea_access_tokens: for token_name in gitea_access_tokens: