From 9c22cb624a3cfbc5a22bead2faa96c550bc83520 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Wed, 13 Nov 2024 12:04:36 +0100 Subject: [PATCH] add idpsecrets for SERVERS too --- infrastructure/scripts/rucio_secrets_2-servers.sh | 7 ++++++- .../secrets/rucio/ss_servers-idpsecrets.yaml | 15 +++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 infrastructure/secrets/rucio/ss_servers-idpsecrets.yaml diff --git a/infrastructure/scripts/rucio_secrets_2-servers.sh b/infrastructure/scripts/rucio_secrets_2-servers.sh index e18884a..f31049c 100644 --- a/infrastructure/scripts/rucio_secrets_2-servers.sh +++ b/infrastructure/scripts/rucio_secrets_2-servers.sh @@ -64,7 +64,12 @@ kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLE kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_SERVER_AUTH}-server-cafile.yaml -echo " *** Create and apply OIDC secrets for SERVER AUTH" +echo " *** Create and apply OIDC secrets for both SERVER and SERVER AUTH" + +kubectl create secret generic ${HELM_RELEASE_SERVER}-idpsecrets --dry-run=client --from-file=${RAW_SECRETS_IDP} -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_SERVER}-idpsecrets.yaml + +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_SERVER}-idpsecrets.yaml kubectl create secret generic ${HELM_RELEASE_SERVER_AUTH}-idpsecrets --dry-run=client --from-file=${RAW_SECRETS_IDP} -o yaml | \ kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_SERVER_AUTH}-idpsecrets.yaml diff --git a/infrastructure/secrets/rucio/ss_servers-idpsecrets.yaml b/infrastructure/secrets/rucio/ss_servers-idpsecrets.yaml new file mode 100644 index 0000000..48c686c --- /dev/null +++ b/infrastructure/secrets/rucio/ss_servers-idpsecrets.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: servers-idpsecrets + namespace: rucio +spec: + encryptedData: + idpsecrets.json: AgCRKS02lwCKA7zKG13YpDMlJ2HvQx+c+cTMwTOFVhbA1YtjlwWPEtIzuLEZh2SbhxnhovkL6RFhhClFaQ+Z4LTRbvJj0XWNqXNO8MRTqwJyRPDyYmss0BT3Oho3ad/fpDiXtsttw4do+o00QcQakQ40N8qzN0JddXRxA0yRaql931srqCWnxJvocjCj3HyDUXBhgSqc44HtwNH0eouSl5plC98jEvpCLjRTveFX+r+8OCI9Fj/AQZ0mbGuA0YlfD67xKT6t/fm0+DlxRmMQi4MitpcoAsi4mD4hqxH9KUxRH/R4B7xaVCbwdmlUJ84YLwC+ymu4l3V4BVJISIXRDJoxrU4MpCqHyc256yqXna1mZn2fp1K7VoJQlL1BKEgt7jBNbkxw41FYag19OsvODysnipmdOVolpQ3WbK0tiT3vCrjAGS5fWGVypYFZYv1BxLSFXwYccSfBO1UoDtzIlNMlNTLsoe0dXH47GurKmbJUYmRbr458lEXfL5rhiNagGnsETbp6ka3o0Zxaqk1ISTD3QWf458QQDj/rV+Ss5XC8pJLbh9wPw7qvG20UrQZ9nFEKN6wkjjJXVvYt1zwEpBvfJAHSbMUrQEeo27lpk7zLy9kP8moI5icmWEdujLGAHdODUi3QpG66IXMl2K8mRlSxofA8m2MhrfA+wXGCUhMiqccnFdT2DFFAsnhYfeiSgmwk3vpq1pxEBGBQYImthEgnMIcB5fFb9bnn82kuiXbPQ/Qlw2kV5gRW9YgCslx1N3TI9ibqHMlvv43d2u9PXMDAlItUEcTkaRHt9jtoolwtfOpUBb018QgcXq/FO6qZYnn/AGg712sRQu7K+MjM7zcgNa+nNpzK3akfFnjaYyzjrRyPZSMTis2zPtWshUn7vwtNH8bMo2hWrnbCe+hgOOAvoMxLVeJgjc3eHJaT5tSrJnsVm6/FY9attNWGc8XB9hSrZvlJW3X88C8lGXCJGkpbHXs5TR8vF7bmF+HgPWTqsqQ0jFtozlR8qtrkk4010JsCrO4fUj2HZo7vmiE2Tl0LqyVJHBinPWu7iC6KETHuFoJU4ERw5PKtkK3jbrZZ0XSthI/XgQVnrYKqiNEVPXzmsK70Yay5dVdkoc9aAd2w7pAdhB/bDM9zZOBrxXWk+hbveBO3rU5KefEh0k2KjzKysCCly5iVROlYpdUM1i/OWJUA5XbAQa9dKlw2uys4L6hZR5QXqXW39eAvS6Zi/QBsV2VpQ+zJLBOzbzl73n3megJniJtshjrwe0cTuUwpv/TyQNZTuPzxRi9Kz1D3hGvqE9tZyC0qqjNhLg1nSAIvUGZ/O64yDDsKmLh1hxV7Ji2uG/4GqOEGikwZQ4LihQdo/DMQf/cBEy7XMxDNHYefFRctziSiennSWGd4cH27GPmBvef0eU8jCaSvDpZBSdznZI0XPK257pT2HAhIiDq2NPETaGvilbwVhA/5baXqHb62CWgZfIwidgfxs1SUwmurHunJji1+AEo8r64PV0+e4eltUnMZycaWULW49AvkvkcrQGuiQ01ezdHuEyuVZt9JWKWv5QTs2Kplp2tHEgEhCd09YUqNltdS9IyxyrerxmEsdn2J493f9jOQ4CNHa/vqs08tD9bFV8RRAZpX4mW31ydqE18bkYrGLO/xbvdnscZ9c0oZIe3HfsUhx7k1OfeGTQewOPRGXFfa1+qW2nBjiR/YAXe7EaZm7Hw5xNU32dc8+2M1jIdlYhPGwkLq/5Z2ANpODBsPCJPXUtQdc0yvmiWrpnnGXFZlSojqH9ASAfJ1gBcQpoPRzphA6HTiKIdtwoahSPlD5iiirAGrPUHwb/ULSPZXaIvl6g8QUhX7byuSuMkF/x22Jq/rO4LDethFinDFJSxAylZsARZk/aNETiZOZfyjQqRnWZdWCbsYsk+2BlmcYcBwU9o1L/hQ0v7cWlJ1awXGhM5JLGG8+tVaTtE4/qSRUwMGk4jETvovSG5dvAMDMwq6QlLF/qDXMHXpx6WOikVkpTRXLF9PqBEzryrtV33HVlbYfC+lwxqvk0ED+eMBKaf+npKLopjNPCGv7QFqEVAr5diG2Y5lwaErf7ONFc4UOC09CrwtfAIFh5WCE/K5v/10ycn6ST7cJ/+ieecxxapWUE/BQms9bS8ouA/FQO5+whc4DARSZsGgE4PB7YC+Y1cm3XBmqVymgt/EFvJLjc+Yw8HnZcLzc8bk2zT8WwnlC3j9lGWX0eYMU7cm+TQguf/HLw7eR+XnbECb6F42aWBcNarwRct527cxtGOZ1QxEQPEceoJOnqzfuD7ZCbmIWudYxbIBo08piAfJOrZpGGv33dmjlLSVFfTLVlWQ8waedM6ipbS+Dlgen4G9oHVkAFjW4/gXoxsDvJJnTcRlx/v2GZJICQGvdBvwKFtSteSMopbA4GJXz4rQlAkWtq+ptUdVuZC4umJnGJ0Ob/K2ZqppZQxDdisDFfcj5qTBp05WDHPf2JI5kczKzQia/SFIf7uHZOnEtojMhHLsDd7pe1tBNkLjN8EDVG/y+3Hi3FIsV2brvab5vTkZvguOi7Ra9XHkLcrLEUxmKMV4rpigJ9CTil1fJvgr5ckW59XPtoZLByZOkWvRmgC6rg/LKyPNUlxG2PdGlWBkVpIHNA9BPenqjInASDvqHSijMw4jZGaAuHOgxeIp0wA8+WGCMdKfAKtY5gXjgwsFhg216Ch2qtf5JIMO8qSivM+wlXq7osqqCWe89cqZuptPhEPSCcDnvpQXhaYnksPTE5jsuy7L6TkNErJNDC7buBES41fDANpKuo8DHNAvD9XTrXg3E3slkIOMDWWvwWHzNexaCjnGlEfXoKceVEDmdC1n2AAf+Ce5hcCDAxQbaeTFvtgNApg84A8v64wvFOQmCs2d9GK4xJgDmdMfc9Phxxh6ORBjckTbfTk16BQHyqZlRPXW7x+v3ysv76Qsrk+N/IPmvaw87KDlqZi4piAV5cLC+n5ecMy6EEPY3Ofdlk5dKWajx2yhJp3Y0Qjx6QR+gcKvTZt8FiFr+NPtsT80Il0ic2EA+KFazw65+hYunCKjfJHbHn4g5jQcmu0R5OToWtI98l23JXpVuJe0X9IZHdXep+0PKwxyz4kn3Fv3eIKTE35v3bPCzB1fYuweNMG5nH7gJPdCv/vF96yqsD4CNRoskHvuIQcHG+9ecrU5NdemidvSdWk+14oUwOeHc/1aOzTD2zyVTqG40JmvqHq94MJonoEaQZmNYQ== + template: + metadata: + creationTimestamp: null + name: servers-idpsecrets + namespace: rucio