| 2025-02-12T20:47:19.158253962Z 2025-02-12T20:47:19Z info Diagnostics server disabled {"v": 0} | |
| 2025-02-12T20:47:19.159085861Z 2025-02-12T20:47:19Z info setup Starting controller manager {"v": 0, "release": "3.4.1", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "9e84f95865ce430cae38f0524ef0e4bfaf61c55e"} | |
| 2025-02-12T20:47:19.159095768Z 2025-02-12T20:47:19Z info setup The ingress class name has been set {"v": 0, "value": "kong"} | |
| 2025-02-12T20:47:19.159098765Z 2025-02-12T20:47:19Z info setup Getting enabled options and features {"v": 0} | |
| 2025-02-12T20:47:19.159101831Z 2025-02-12T20:47:19Z info setup Found configuration option for gated feature {"v": 0, "feature": "GatewayAlpha", "enabled": true} | |
| 2025-02-12T20:47:19.159104450Z 2025-02-12T20:47:19Z info setup Getting the kubernetes client configuration {"v": 0} | |
| 2025-02-12T20:47:19.159115081Z W0212 20:47:19.158777 1 client_config.go:667] Neither --kubeconfi |
This script will deploy a single VM talos cluster, Ingress NGINX, and local path provisioner. It was tested on Ubuntu 20.04, 22.04, and 24.04. It will pre-configure the networking configuration with a static IP, DNS, and time server. Before running, you must have the folloing installed:
Make sure all of these commands available from sudo
| import yaml | |
| import os | |
| def generate_markdown(crd_file, output_file, ignore_list): | |
| f = open(crd_file, 'r') | |
| crds = yaml.safe_load_all(f) | |
| markdown = "# OpenUnison Kubernetes CRD Documentation\n\n" | |
| for crd in crds: |
| --- | |
| applicationSet: | |
| allowAnyNamespace: true | |
| configs: | |
| cm: | |
| url: https://argocd.eksblog.tremolo.dev | |
| oidc.config: |- | |
| name: OpenUnison | |
| issuer: https://k8sou.eksblog.tremolo.dev/auth/idp/k8sIdp | |
| clientID: argocd |
| #!/bin/python3 | |
| # takes the secrets from a ns as listed, pushes them into Vault, then generates External Secret Operator objects | |
| # requireminets | |
| # hvac | |
| # kubernetes | |
| # usage | |
| # make sure your kubectl configuration is set |
| --- | |
| apiVersion: openunison.tremolo.io/v1 | |
| kind: Trust | |
| metadata: | |
| name: istio | |
| namespace: openunison | |
| spec: | |
| accessTokenSkewMillis: 120000 | |
| accessTokenTimeToLive: 120000 | |
| authChainName: login-service |
| cicd_proxy: | |
| image: docker.io/tremolosecurity/kube-oidc-proxy:latest | |
| replicas: 1 | |
| explicit_certificate_trust: true | |
| oidc: | |
| audience: https://cicd.apps-crc.testing/ | |
| issuer: ou.apps.192-168-2-79.nip.io/auth/idp/remotek8s | |
| claims: | |
| user: sub | |
| ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDakNDQXZLZ0F3SUJBZ0lHQVlpZzJnN0RNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1IOHhKREFpQmdOVkJBTU0KRzI5MUxtRndjSE11TVRreUxURTJPQzB5TFRjNUxtNXBjQzVwYnpFVE1CRUdBMVVFQ3d3S1MzVmlaWEp1WlhSbApjekVPTUF3R0ExVUVDZ3dGVFhsUGNtY3hFekFSQmdOVkJBY01DazE1SUVOc2RYTjBaWEl4Q1RBSEJnTlZCQWdNCkFERVNNQkFHQTFVRUJoTUpUWGxEYjNWdWRISjVNQjRYRFRJek1EWXdPVEUxTlRBeU5Gb1hEVEkwTURZd09ERTEKTlRBeU5Gb3dmekVrTUNJR0ExVUVBd3diYjNVdVlYQndjeTR4T1RJdE1UWTRMVEl0TnprdWJtbHdMbWx2TVJNdwpFUVlEVlFRTERBcExkV0psY201bGRHVnpNUTR3REFZRFZRUUtEQVZOZVU5eVp6RVRNQkVHQTFVRUJ3d0tUWGtnClEyeDFjM1JsY2pFSk1BY0dBMVVFQ0F3QU1SSXdFQVlEVlFRR0V3bE5lVU52ZFc1MGNua3dnZ0VpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREljZWNoS3lqVWsyQUlVUnBDblFMMjNRQWZkeXdnUHRacwpaNWx6UHV |
| from kubernetes import client, config | |
| from kubernetes.client import CustomObjectsApi | |
| from datetime import datetime,timezone | |
| from sys import argv | |
| config.load_kube_config() | |
| group = "openunison.tremolo.io" | |
| version = "v2" | |
| plural = "oidc-sessions" |
| --- | |
| apiVersion: openunison.tremolo.io/v2 | |
| kind: Application | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: openunison-applications | |
| app.kubernetes.io/instance: openunison-orchestra-login-portal | |
| app.kubernetes.io/name: openunison | |
| app.kubernetes.io/part-of: openunison | |
| name: aws |