platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: improve argo remote cluster credentials reset

Browse Source
This commit is contained in:
Jonas Juselius
2025-05-11 10:16:31 +02:00
parent 7de100a4d4
commit e511edefcd
5 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
argocd/_ekman.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: v1
stringData:
config: '{"bearerToken":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjFja0VGbHBYYjMxVEZiWFBNYVNERldhZTlHUXFWdDM2cGpGZUhTVFB3QU0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjbHVzdGVyLWFkbWluLXRva2VuIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNsdXN0ZXItYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI0YjE2ZmQzYi1mNjJiLTQ2MzctOGIwNC0yMGNiNTBlNzhiMmYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06Y2x1c3Rlci1hZG1pbiJ9.sd3AP4HmHgjLXSmQMZC6lEeVX2y1_RdzCK34-TKtu2k_6NhGtGopc10ZdNXy68uigwVLVNFW1fREpj5z3mgpWyQPUzZrXN0ANp0C3oM8rt77cKRrmn_ZQuiMjH_0_t4tmjwIWla5rQ52Y7QC-zoCMfAkalofh1Jo0yu8QeWIXd3Q0hnfGiIKCwVrfWrZXopLbiuntKColFMQPkenz-pPo5DjcMAarmlXGy-TztGvN1X5NkVWy8DXrSUPLL_JZ5Ok5DZoGejilrssj45sXBeUyTM5pIYZi7gE5ngB2y1nod9UakkPKXeF_ZyFtvLMtvXOCi1YNgfYM9crtuECz8DoRA","tlsClientConfig":{"insecure":true}}'
name: ekman
server: https://10.255.241.99:4443
kind: Secret
metadata:
labels:
argocd.argoproj.io/secret-type: cluster
name: cluster-ekman
namespace: argocd
type: Opaque
argocd/ekman-cluster-admin-token.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: cluster-admin
name: cluster-admin-token
namespace: kube-system
type: kubernetes.io/service-account-token
argocd/ekman.yaml
+3 -3
View File
@@ -1,14 +1,14 @@
apiVersion: v1 apiVersion: v1
stringData: stringData:
config: | config: '{"bearerToken":"@token@","tlsClientConfig":{"insecure":true}}'
{"bearerToken":"","tlsClientConfig":{"insecure":true}}
name: ekman name: ekman
server: https://10.255.241.99:4443 server: https://10.255.241.99:4443
kind: Secret kind: Secret
metadata: metadata:
labels: labels:
argocd.argoproj.io/secret-type: cluster argocd.argoproj.io/secret-type: cluster
name: cluster-10.255.241.99-4046803085 name: cluster-ekman
namespace: argocd namespace: argocd
type: Opaque type: Opaque
argocd/kustomize-helm-with-rewrite/generate.sh
+2
View File
@@ -23,6 +23,8 @@ fi
[ -f values-$PARAM_ENV.yaml ] && VALUES="$VALUES -f values-$PARAM_ENV.yaml" [ -f values-$PARAM_ENV.yaml ] && VALUES="$VALUES -f values-$PARAM_ENV.yaml"
VALUES="$VALUES -f parameters.yaml" VALUES="$VALUES -f parameters.yaml"
helm dependency update $CHART >/tmp/$ARGOCD_APP_NAME-helm-dependency-build.out
mkdir -p base mkdir -p base
echo "helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART" > /tmp/$ARGOCD_APP_NAME-helm.sh echo "helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART" > /tmp/$ARGOCD_APP_NAME-helm.sh
helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
argocd/reset-ekman-cluster.sh
+8 -2
View File
@@ -1,9 +1,15 @@
#!/bin/sh #!/bin/sh
echo "reset ekman cluster admin token... "
kubectl --context ekman delete -f ekman-cluster-admin-token.yaml kubectl --context ekman delete -f ekman-cluster-admin-token.yaml
sleep 1
kubectl --context ekman apply -f ekman-cluster-admin-token.yaml kubectl --context ekman apply -f ekman-cluster-admin-token.yaml
secret=$(kubectl --context ekman get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1) secret=$(kubectl --context ekman get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1)
token=$(kubectl --context ekman get secret -n kube-system $secret -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d) token=$(kubectl --context ekman get secret -n kube-system $secret -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
sed -r "s/:\"ey[^\"]+/:\"$token/" ekman.yaml sed "s/@token@/$token/" ekman.yaml > _ekman.yaml
kubectl --context oceanbox apply -f ekman.yaml echo "configure argocd ekman-cluster..."
cat _ekman.yaml
kubectl --context oceanbox apply -f _ekman.yaml
echo "done."