forked from brightzheng100/kubernetes-dex-ldap-integration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.sh
executable file
·118 lines (97 loc) · 4.2 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
function log {
echo "$(date +"%Y-%m-%d %H:%M:%S %Z"): $@"
}
function logn {
echo -n "$(date +"%Y-%m-%d %H:%M:%S %Z"): $@"
}
function is_required_tool_missed {
logn "--> Checking required tool: $1 ... "
if [ -x "$(command -v $1)" ]; then
echo "installed"
false
else
echo "NOT installed"
true
fi
}
# Firstly, let's do a quick check for required tools
missed_tools=0
log "Firstly, let's do a quick check for required tools ..."
# check docker
if is_required_tool_missed "docker"; then missed_tools=$((missed_tools+1)); fi
# check git
if is_required_tool_missed "git"; then missed_tools=$((missed_tools+1)); fi
# check cfssl
if is_required_tool_missed "cfssl"; then missed_tools=$((missed_tools+1)); fi
# check cfssljson
if is_required_tool_missed "cfssljson"; then missed_tools=$((missed_tools+1)); fi
# check kind
if is_required_tool_missed "kind"; then missed_tools=$((missed_tools+1)); fi
# check kubectl
if is_required_tool_missed "kubectl"; then missed_tools=$((missed_tools+1)); fi
# final check
if [[ $missed_tools > 0 ]]; then
log "Abort! There are some required tools missing, please have a check."
exit 98
fi
# Generating TLS for both Kubernetes and Dex
log "Generating TLS for both Kubernetes and Dex ..."
pushd tls-setup
make ca req-dex req-k8s
popd
# Creating Kubernetes cluster with API Server configured
log "Creating Kubernetes cluster with API Server configured ..."
PROJECT_ROOT="$(pwd)" envsubst < kind/kind.yaml | kind create cluster --name dex-ldap-cluster --config -
# Deploying OpenLDAP in namespace 'ldap' as the LDAP Server
log "Deploying OpenLDAP in namespace 'ldap' as the LDAP Server ..."
kubectl create ns ldap
kubectl create secret generic openldap \
--namespace ldap \
--from-literal=adminpassword=adminpassword
kubectl create configmap ldap \
--namespace ldap \
--from-file=ldap/ldif
kubectl apply --namespace ldap -f ldap/ldap.yaml
kubectl wait --namespace ldap --for=condition=ready pod -l app.kubernetes.io/name=openldap
# Initializing some dummy LDAP entities
log "Initializing some dummy LDAP entities ..."
sleep 5
LDAP_POD=$(kubectl -n ldap get pod -l "app.kubernetes.io/name=openldap" -o jsonpath="{.items[0].metadata.name}")
kubectl -n ldap exec $LDAP_POD -- ldapadd -x -D "cn=admin,dc=example,dc=org" -w adminpassword -H ldap://localhost:389 -f /ldifs/0-ous.ldif
kubectl -n ldap exec $LDAP_POD -- ldapadd -x -D "cn=admin,dc=example,dc=org" -w adminpassword -H ldap://localhost:389 -f /ldifs/1-users.ldif
kubectl -n ldap exec $LDAP_POD -- ldapadd -x -D "cn=admin,dc=example,dc=org" -w adminpassword -H ldap://localhost:389 -f /ldifs/2-groups.ldif
# List down the entities loaded
kubectl -n ldap exec $LDAP_POD -- \
ldapsearch -LLL -x -H ldap://localhost:389 -D "cn=admin,dc=example,dc=org" -w adminpassword -b "ou=people,dc=example,dc=org" dn
# Deploying Dex in namespace 'dex'
log "Deploying Dex in namespace 'dex' ..."
kubectl create ns dex
kubectl create secret tls dex-tls \
--namespace dex \
--cert=tls-setup/_certs/dex.pem \
--key=tls-setup/_certs/dex-key.pem
kubectl apply --namespace dex -f dex/dex.yaml
kubectl wait --namespace dex --for=condition=ready pod -l app=dex
# Creating a proxy to access Dex directly from laptop
log "Creating a proxy to access Dex directly from laptop ..."
SVC_PORT="$(kubectl get -n dex svc/dex -o json | jq '.spec.ports[0].nodePort')"
docker run -d --restart always \
--name dex-kind-proxy-$SVC_PORT \
--publish 127.0.0.1:$SVC_PORT:$SVC_PORT \
--link dex-ldap-cluster-control-plane:target \
--network kind \
alpine/socat -dd \
tcp-listen:$SVC_PORT,fork,reuseaddr tcp-connect:target:$SVC_PORT
# install dashboard
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
# kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# kubectl proxy
# open dashboard in browser
# http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
#
# open projectset-api app
#
# http://localhost:8001/api/v1/namespaces/projectset-api-system/services/projectset-api-service:8082/proxy/
#
# open oidc app in browser
# http://127.0.0.1:5555