mlbiam

import yaml
import os

def generate_markdown(crd_file, output_file, ignore_list):
    f = open(crd_file, 'r')
    crds = yaml.safe_load_all(f)
    
    markdown = "# OpenUnison Kubernetes CRD Documentation\n\n"
    
    for crd in crds:

mlbiam

---
applicationSet:
  allowAnyNamespace: true
configs:
  cm:
    url: https://argocd.eksblog.tremolo.dev
    oidc.config: |-
      name: OpenUnison
      issuer: https://k8sou.eksblog.tremolo.dev/auth/idp/k8sIdp
      clientID: argocd

mlbiam

#!/bin/python3

# takes the secrets from a ns as listed, pushes them into Vault, then generates External Secret Operator objects

# requireminets
# hvac
# kubernetes

# usage
# make sure your kubectl configuration is set

mlbiam

---
apiVersion: openunison.tremolo.io/v1
kind: Trust
metadata:
  name: istio
  namespace: openunison
spec:
  accessTokenSkewMillis: 120000
  accessTokenTimeToLive: 120000
  authChainName: login-service

mlbiam

cicd_proxy:
    image: docker.io/tremolosecurity/kube-oidc-proxy:latest
    replicas: 1
    explicit_certificate_trust: true
    oidc:
      audience: https://cicd.apps-crc.testing/
      issuer: ou.apps.192-168-2-79.nip.io/auth/idp/remotek8s
      claims:
        user: sub
      ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDakNDQXZLZ0F3SUJBZ0lHQVlpZzJnN0RNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1IOHhKREFpQmdOVkJBTU0KRzI5MUxtRndjSE11TVRreUxURTJPQzB5TFRjNUxtNXBjQzVwYnpFVE1CRUdBMVVFQ3d3S1MzVmlaWEp1WlhSbApjekVPTUF3R0ExVUVDZ3dGVFhsUGNtY3hFekFSQmdOVkJBY01DazE1SUVOc2RYTjBaWEl4Q1RBSEJnTlZCQWdNCkFERVNNQkFHQTFVRUJoTUpUWGxEYjNWdWRISjVNQjRYRFRJek1EWXdPVEUxTlRBeU5Gb1hEVEkwTURZd09ERTEKTlRBeU5Gb3dmekVrTUNJR0ExVUVBd3diYjNVdVlYQndjeTR4T1RJdE1UWTRMVEl0TnprdWJtbHdMbWx2TVJNdwpFUVlEVlFRTERBcExkV0psY201bGRHVnpNUTR3REFZRFZRUUtEQVZOZVU5eVp6RVRNQkVHQTFVRUJ3d0tUWGtnClEyeDFjM1JsY2pFSk1BY0dBMVVFQ0F3QU1SSXdFQVlEVlFRR0V3bE5lVU52ZFc1MGNua3dnZ0VpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREljZWNoS3lqVWsyQUlVUnBDblFMMjNRQWZkeXdnUHRacwpaNWx6UHV

mlbiam

from kubernetes import client, config
from kubernetes.client import CustomObjectsApi
from datetime import datetime,timezone
from sys import argv

config.load_kube_config()  

group = "openunison.tremolo.io"
version = "v2"
plural = "oidc-sessions"

mlbiam

---
apiVersion: openunison.tremolo.io/v2
kind: Application
metadata:
  labels:
    app.kubernetes.io/component: openunison-applications
    app.kubernetes.io/instance: openunison-orchestra-login-portal
    app.kubernetes.io/name: openunison
    app.kubernetes.io/part-of: openunison
  name: aws

mlbiam

package XXXXXX;

import java.util.ArrayList;
import java.util.List;

import javax.servlet.http.Cookie;

import com.google.gson.Gson;
import com.tremolosecurity.proxy.cookies.UnisonCookie;
import com.tremolosecurity.proxy.filter.HttpFilter;

mlbiam

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server-http-ingress
  namespace: argocd
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:

mlbiam

network:
  openunison_host: "k8sou.apps.212.2.242.251.nip.io"
  dashboard_host: "k8sdb.apps.212.2.242.251.nip.io"
  api_server_host: "k8sapi.apps.212.2.242.251.nip.io"
  session_inactivity_timeout_seconds: 900
  k8s_url: https://0.0.0.0:6443
  force_redirect_to_tls: true
  createIngressCertificate: true
  ingress_type: nginx
  ingress_annotations: