dlbewley
/ extract-kubeconfig-acm-created-cluster.sh
Last active
April 19, 2024 15:09
How to extract kubeconfig and kubeadmin password from OpenShift ClusterDeployment using RHACM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # https://guifreelife.com/blog/2021/08/13/RHACM-Recover-Created-Cluster-Credentials-and-Kubeconfig/ | |
| # | |
| # If an OpenShift cluster was created by RHACM this script will extract the | |
| # kubeconfig and the default kubeadmin credentials. | |
| # | |
| # Prereqs: | |
| # - Authenticated to hub cluster | |
| # - Managed cluster name is the sames as the hosting namespace on hub cluster |
dlbewley
/ get-install-config.sh
Last active
August 4, 2021 19:04
How to recover the install-config.yaml used to deploy an OpenShift cluster
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| oc extract cm/cluster-config-v1 -n kube-system --to=- |
dlbewley
/ asciinema-clear-screen.json
Created
August 8, 2021 23:25
How to add a clear screen command to an asciinema recording
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [0.000001, "o", "\u001b[H\u001b[J"] |
dlbewley
/ pre-commit
Last active
August 20, 2021 00:57
Git pre-commit hook to allow tracking of example secrets but deny changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # once you have tracked a file, .gitignore will not have an effect on it, even if you | |
| # ignore the enclosing directory. | |
| # be sure to commit example secrets before adding this to .git/hooks/pre-commit | |
| # Redirect output to stderr. | |
| exec 1>&2 | |
| DENY_LIST="secrets|certs" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # read values from 1Password, YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" | |
| ROX_CENTRAL_ENDPOINT="$(op read op://$VAULT/$CLUSTER/acs/endpoint)" # cluster | |
| ROX_CENTRAL_ENDPOINT_PUB="$(op read op://$VAULT/$CLUSTER/acs/endpoint-pub)" # public | |
| ROX_CA_CERT="$(op read op://$VAULT/$CLUSTER/acs/ca)" | |
| ROX_API_TOKEN="$(op read op://$VAULT/$CLUSTER/acs/admin-token)" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ROXCTL_IMAGE="registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8:3.71" | |
| # Central CA cert: | |
| # oc extract secrets/service-ca -n stackrox --keys=ca.pem --to=- | |
| # read values from 1Password YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" |
dlbewley
/ login-pull-secrets.sh
Created
November 2, 2022 22:34
Podman login to all registries in pull secret
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you don't want to just use --authfile or set REGISTRY_AUTH_FILE for whatever reason | |
| # you may login to each registry in your pull secret thusly | |
| # spoiler alert, here's how to extract usernames and passwords from your pull secret | |
| PULL_SECRET_PATH=pull-secret.json | |
| for R in $(jq -r '.auths|keys[]' $PULL_SECRET_PATH ); do | |
| echo "Logging into $R" | |
| U=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $1}') | |
| P=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $2}') |
dlbewley
/ split-policies.sh
Created
November 12, 2022 00:05
decompose policy.open-cluster-management.io/v1 policies into manifests for use with PolicyGenerator Kustomize plugin
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # split a file having multiple policies into multiple files | |
| # each file is named policy-<policy_name> and contains 1 policy | |
| yq e '.|split_doc' -s '.kind + "-" + .metadata.name | downcase' multi-policy.yaml | |
| # create manifests dir for each policy | |
| # place object definitions from each policy into corresponding manifest dir | |
| for p in policy-*; do | |
| policy_name=$(yq '.metadata.name' $p); | |
| mkdir -p "manifests-$policy_name" | |
| yq '.spec.policy-templates[].objectDefinition[].object-templates[].objectDefinition | split_doc' \ |
dlbewley
/ ext-kubeconfig-cacerts.sh
Last active
September 29, 2023 23:17
Extract OpenShift CA Certificates from Install Generated Kubeconfig
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cat $KUBECONFIG \ | |
| | yq e '.clusters[0].cluster."certificate-authority-data"' \ | |
| | base64 -d > kubeconfig-ca-data.pem | |
| split -p "-----BEGIN CERTIFICATE-----" kubeconfig-ca-data.pem cert- | |
| for c in cert-??; do | |
| subject=`openssl x509 -in $c -noout -subject | sed 's/^.*CN[[:space:]]*=[[:space:]]*\(.*\)/\1/'` | |
| echo $subject |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Connect to the OVN northbound database pod. | |
| # Optionally specify the node and or command | |
| # https://guifreelife.com/blog/2024/11/19/Open-Virtual-Network-Inspection-on-OpenShift/ | |
| node=$1; shift; cmd=$* | |
| if [[ -n "$node" ]]; then | |
| nbdbpod=$(oc get pod \ | |
| -l app=ovnkube-node \ |