Skip to content

Commit

Permalink
updated OpenShift scripts
Browse files Browse the repository at this point in the history 
Signed-off-by: Mariusz Sabath <[email protected]>
  • Loading branch information
@mrsabath
mrsabath committed Sep 17, 2021
1 parent f313c9d commit 3291c84
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 16 deletions.
6 changes: 3 additions & 3 deletions utils/install-open-shift-spire.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,14 +109,14 @@ fi
}

installSpireAgent(){
oc get projects | grep "${PROJECT}"
oc get projects | grep "${PROJECT}" 2>/dev/null
if [ "$?" != "0" ]; then
echo "Project $PROJECT must be created first"
echo "oc new-project $PROJECT --description=\"My TSI Spire Agent project on OpenShift\" "
exit 1
fi

oc -n $PROJECT get scc $SPIREAG_SCC
oc -n $PROJECT get scc $SPIREAG_SCC 2>/dev/null
if [ "$?" == "0" ]; then
# check if spire-agent project exists:
echo "SPIRE Agent environment in $PROJECT project already exists. "
Expand All @@ -137,7 +137,7 @@ installSpireAgent(){
# Need to copy the spire-bundle from the server namespace
oc -n "$PROJECT" get cm spire-bundle
if [ "$?" == "0" ]; then
echo "WARNING: using the existing configmap spire-bundle in $PROJECT. "
echo "Using the existing configmap spire-bundle in $PROJECT. "
else
echo "ConfigMap 'spire-bundle' must be created"
exit 1
Expand Down
27 changes: 14 additions & 13 deletions utils/install-open-shift-tornjak.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ fi

# function for executing oc cli calls
oc_cli() {
oc "$@"
oc -n "$PROJECT" "$@"
if [ "$?" != "0" ]; then
echo "Error executing: oc" "$@"
exit 1
Expand Down Expand Up @@ -126,14 +126,15 @@ installSpireServer(){
cleanup
# while (oc get projects | grep "$PROJECT"); do echo "Waiting for "$PROJECT" removal to complete"; sleep 2; done
# oc new-project "$PROJECT" --description="My TSI Spire SERVER project on OpenShift" 2> /dev/null
oc project "$PROJECT" 2> /dev/null
else
echo "Keeping the existing $PROJECT project as is"
echo 0
fi

fi

# switch to `tornjak` namespace:
oc project "$PROJECT" 2> /dev/null

# get ingress information:
INGSEC=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressSecretName')
if [ -z "${INGSEC}" ]; then
Expand Down Expand Up @@ -210,8 +211,8 @@ helm list

# oc -n $PROJECT expose svc/$SPIRESERVER
# Ingress route for spire-server
oc_cli -n "$PROJECT" create route passthrough --service spire-server
oc_cli -n "$PROJECT" get route
oc_cli create route passthrough --service spire-server
oc_cli get route
INGRESS=$(oc -n "$PROJECT" get route spire-server -o jsonpath='{.spec.host}{"\n"}')
echo "$INGRESS"

Expand Down Expand Up @@ -244,34 +245,34 @@ spec:
EOF

# create route for Tornjak TLS:
oc_cli -n "$PROJECT" create route passthrough tornjak-tls --service tornjak-tls
oc_cli create route passthrough tornjak-tls --service tornjak-tls
# create route for Tornjak mTLS:
oc_cli -n "$PROJECT" create route passthrough tornjak-mtls --service tornjak-mtls
oc_cli create route passthrough tornjak-mtls --service tornjak-mtls
# create route for Tornjak HTTP:
# oc create route passthrough tornjak-http --service tornjak-http
oc_cli -n "$PROJECT" expose svc/tornjak-http
oc_cli expose svc/tornjak-http

if $OIDC ; then
# open edge access for oidc
oc -n $PROJECT create route edge oidc --service spire-oidc
fi

SPIRESERV=$(oc get route spire-server --output json | jq -r '.spec.host')
SPIRESERV=$(oc -n "$PROJECT" get route spire-server --output json | jq -r '.spec.host')
echo # "https://$SPIRESERV"
echo "export SPIRE_SERVER=$SPIRESERV"
echo # empty line to separate visually

TORNJAKHTTP=$(oc get route tornjak-http --output json | jq -r '.spec.host')
TORNJAKHTTP=$(oc -n "$PROJECT" get route tornjak-http --output json | jq -r '.spec.host')
echo "Tornjak (http): http://$TORNJAKHTTP/"
TORNJAKTLS=$(oc get route tornjak-tls --output json | jq -r '.spec.host')
TORNJAKTLS=$(oc -n "$PROJECT" get route tornjak-tls --output json | jq -r '.spec.host')
echo "Tornjak (TLS): https://$TORNJAKTLS/"
TORNJAKMTLS=$(oc get route tornjak-mtls --output json | jq -r '.spec.host')
TORNJAKMTLS=$(oc -n "$PROJECT" get route tornjak-mtls --output json | jq -r '.spec.host')
echo "Tornjak (mTLS): https://$TORNJAKMTLS/"
echo # empty line to separate visually

echo "Trust Domain: $TRUSTDOMAIN"
if $OIDC ; then
OIDCURL=$(oc get route oidc --output json | jq -r '.spec.host')
OIDCURL=$(oc -n "$PROJECT" get route oidc --output json | jq -r '.spec.host')
echo "Tornjak (oidc): "
echo " https://$OIDCURL/"
echo "For testing oidc: "
Expand Down

0 comments on commit 3291c84

Please sign in to comment.