diff --git a/utils/install-open-shift-spire.sh b/utils/install-open-shift-spire.sh index 92f31c57..ab2e6c1b 100755 --- a/utils/install-open-shift-spire.sh +++ b/utils/install-open-shift-spire.sh @@ -23,9 +23,25 @@ Where: -r - region, geo-location (required) -t - the trust root of SPIFFE identity provider, default: spiretest.com (optional) -p - OpenShift project [namespace] to install the Server, default: spire-server (optional) + --clean - performs removal of project (allows additional parameters i.e. -p|--project). HELPMEHELPME } +cleanup() { + oc project $PROJECT + helm uninstall spire -n $PROJECT 2>/dev/null + + # in case the helm information is not available + oc delete ClusterRole "$PROJECT-agent-spire-cluster-role" "$PROJECT-k8s-registrar-spire-cluster-role" 2>/dev/null + oc delete ClusterRoleBinding "$PROJECT-agent-spire-cluster-role-binding" "$PROJECT-k8s-registrar-spire-cluster-role-binding" 2>/dev/null + oc delete deploy spire-registrar + + oc delete scc $SPIREAG_SCC 2>/dev/null + oc delete sa $SPIRE_AG_SA 2>/dev/null + # oc delete project $PROJECT 2>/dev/null +} + + POSITIONAL=() while [[ $# -gt 0 ]] do @@ -57,6 +73,10 @@ case $key in shift # past argument shift # past value ;; + --clean) + cleanup + exit 0 + ;; -h|--help) helpme exit 0 @@ -264,19 +284,5 @@ else fi } -cleanup() { - oc project $PROJECT - helm uninstall spire -n $PROJECT 2>/dev/null - - # in case the helm information is not available - oc delete ClusterRole "$PROJECT-agent-spire-cluster-role" "$PROJECT-k8s-registrar-spire-cluster-role" 2>/dev/null - oc delete ClusterRoleBinding "$PROJECT-agent-spire-cluster-role-binding" "$PROJECT-k8s-registrar-spire-cluster-role-binding" 2>/dev/null - oc delete deploy spire-registrar - - oc delete scc $SPIREAG_SCC 2>/dev/null - oc delete sa $SPIRE_AG_SA 2>/dev/null - # oc delete project $PROJECT 2>/dev/null -} - checkPrereqs installSpireAgent diff --git a/utils/install-open-shift-tornjak.sh b/utils/install-open-shift-tornjak.sh index e688cdd4..dc0b8382 100755 --- a/utils/install-open-shift-tornjak.sh +++ b/utils/install-open-shift-tornjak.sh @@ -25,9 +25,28 @@ Where: -t - the trust root of SPIFFE identity provider, default: spiretest.com (optional) -p - OpenShift project [namespace] to install the Server, default: spire-server (optional) --oidc - execute OIDC installation (optional) + --clean - performs removal of project (allows additional parameters i.e. -p|--project). HELPMEHELPME } +cleanup() { + oc project "$PROJECT" + helm uninstall tornjak -n "$PROJECT" 2>/dev/null + + oc delete ClusterRole spire-server-role 2>/dev/null + oc delete ClusterRoleBinding spire-server-binding 2>/dev/null + + oc delete scc "$SPIRE_SCC" 2>/dev/null + oc delete sa "$SPIRE_SA" 2>/dev/null + oc delete route spire-server 2>/dev/null + oc delete route tornjak-http 2>/dev/null + oc delete route tornjak-mtls 2>/dev/null + oc delete route tornjak-tls 2>/dev/null + oc delete ingress spireingress 2>/dev/null + #oc delete group $GROUPNAME --ignore-not-found=true + #oc delete project "$PROJECT" 2>/dev/null +} + POSITIONAL=() while [[ $# -gt 0 ]] do @@ -53,6 +72,10 @@ case $key in OIDC=true shift # past argument ;; + --clean) + cleanup + exit 0 + ;; -h|--help) helpme exit 0 @@ -109,6 +132,16 @@ installSpireServer(){ fi +# get ingress information: +INGSEC=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressSecretName') +if [ -z "${INGSEC}" ]; then + echo "Ingress security name was not retrieved, please check admin rights for your account." + exit 1 +fi +# TODO: check if needed +# INGSTATUS=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressStatus') +ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressMessage' + # create serviceAccount and setup permissions oc_cli create sa $SPIRE_SA oc_cli policy add-role-to-user cluster-admin "system:serviceaccount:$PROJECT:$SPIRE_SA" @@ -136,12 +169,6 @@ groups: EOF #oc_cli describe scc $SPIRE_SCC -# get ingress information: -ING=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressHostname') -INGSEC=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressSecretName') -INGSTATUS=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressStatus') -ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressMessage' - # TODO we disabled the create Keys here. Instead we will use the default keys # included in the helm charts. This process can be done manually, when needed. # @@ -167,6 +194,7 @@ if ! $OIDC ; then --set "openShift=true" \ tornjak charts/tornjak # --debug else + ING=$(ibmcloud oc cluster get --cluster "$CLUSTERNAME" --output json | jq -r '.ingressHostname') helm install --set "namespace=$PROJECT" \ --set "clustername=$CLUSTERNAME" \ --set "trustdomain=$TRUSTDOMAIN" \ @@ -323,23 +351,5 @@ else fi } -cleanup() { - oc project "$PROJECT" - helm uninstall tornjak -n "$PROJECT" 2>/dev/null - - oc delete ClusterRole spire-server-role 2>/dev/null - oc delete ClusterRoleBinding spire-server-binding 2>/dev/null - - oc delete scc "$SPIRE_SCC" 2>/dev/null - oc delete sa "$SPIRE_SA" 2>/dev/null - oc delete route spire-server 2>/dev/null - oc delete route tornjak-http 2>/dev/null - oc delete route tornjak-mtls 2>/dev/null - oc delete route tornjak-tls 2>/dev/null - oc delete ingress spireingress 2>/dev/null - #oc delete group $GROUPNAME --ignore-not-found=true - # oc delete project "$PROJECT" 2>/dev/null -} - checkPrereqs installSpireServer