Skip to content

Instantly share code, notes, and snippets.

@mlbiam
mlbiam / generate_crd_docs.py
Created November 15, 2024 22:51
Generate Markdown Docs from Kubernetes CRD yaml
import yaml
import os
def generate_markdown(crd_file, output_file, ignore_list):
f = open(crd_file, 'r')
crds = yaml.safe_load_all(f)
markdown = "# OpenUnison Kubernetes CRD Documentation\n\n"
for crd in crds:
@mlbiam
mlbiam / argocd-values.yaml
Last active October 15, 2024 10:20
multitenant-eks
---
applicationSet:
allowAnyNamespace: true
configs:
cm:
url: https://argocd.eksblog.tremolo.dev
oidc.config: |-
name: OpenUnison
issuer: https://k8sou.eksblog.tremolo.dev/auth/idp/k8sIdp
clientID: argocd
#!/bin/python3
# takes the secrets from a ns as listed, pushes them into Vault, then generates External Secret Operator objects
# requireminets
# hvac
# kubernetes
# usage
# make sure your kubectl configuration is set
@mlbiam
mlbiam / istio-app.yaml
Created February 13, 2024 14:18
istio-livestream
---
apiVersion: openunison.tremolo.io/v1
kind: Trust
metadata:
name: istio
namespace: openunison
spec:
accessTokenSkewMillis: 120000
accessTokenTimeToLive: 120000
authChainName: login-service
@mlbiam
mlbiam / cicdproxy-values.yaml
Last active August 29, 2023 19:26
ocp demo
cicd_proxy:
image: docker.io/tremolosecurity/kube-oidc-proxy:latest
replicas: 1
explicit_certificate_trust: true
oidc:
audience: https://cicd.apps-crc.testing/
issuer: ou.apps.192-168-2-79.nip.io/auth/idp/remotek8s
claims:
user: sub
ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVDakNDQXZLZ0F3SUJBZ0lHQVlpZzJnN0RNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1IOHhKREFpQmdOVkJBTU0KRzI5MUxtRndjSE11TVRreUxURTJPQzB5TFRjNUxtNXBjQzVwYnpFVE1CRUdBMVVFQ3d3S1MzVmlaWEp1WlhSbApjekVPTUF3R0ExVUVDZ3dGVFhsUGNtY3hFekFSQmdOVkJBY01DazE1SUVOc2RYTjBaWEl4Q1RBSEJnTlZCQWdNCkFERVNNQkFHQTFVRUJoTUpUWGxEYjNWdWRISjVNQjRYRFRJek1EWXdPVEUxTlRBeU5Gb1hEVEkwTURZd09ERTEKTlRBeU5Gb3dmekVrTUNJR0ExVUVBd3diYjNVdVlYQndjeTR4T1RJdE1UWTRMVEl0TnprdWJtbHdMbWx2TVJNdwpFUVlEVlFRTERBcExkV0psY201bGRHVnpNUTR3REFZRFZRUUtEQVZOZVU5eVp6RVRNQkVHQTFVRUJ3d0tUWGtnClEyeDFjM1JsY2pFSk1BY0dBMVVFQ0F3QU1SSXdFQVlEVlFRR0V3bE5lVU52ZFc1MGNua3dnZ0VpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREljZWNoS3lqVWsyQUlVUnBDblFMMjNRQWZkeXdnUHRacwpaNWx6UHV
@mlbiam
mlbiam / clear-oidc-sessions.py
Created May 23, 2023 20:04
clear-oidc-sessions
from kubernetes import client, config
from kubernetes.client import CustomObjectsApi
from datetime import datetime,timezone
from sys import argv
config.load_kube_config()
group = "openunison.tremolo.io"
version = "v2"
plural = "oidc-sessions"
@mlbiam
mlbiam / aws-saml1-idp.yaml
Last active April 5, 2023 00:48
aws-sts-openunison
---
apiVersion: openunison.tremolo.io/v2
kind: Application
metadata:
labels:
app.kubernetes.io/component: openunison-applications
app.kubernetes.io/instance: openunison-orchestra-login-portal
app.kubernetes.io/name: openunison
app.kubernetes.io/part-of: openunison
name: aws
@mlbiam
mlbiam / DeleteCookies.java
Created March 9, 2023 15:00
cookie monster
package XXXXXX;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.Cookie;
import com.google.gson.Gson;
import com.tremolosecurity.proxy.cookies.UnisonCookie;
import com.tremolosecurity.proxy.filter.HttpFilter;
@mlbiam
mlbiam / argocd-ingress.yaml
Last active January 9, 2023 00:08
blog-k8s-auth-compare
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: argocd-server-http-ingress
namespace: argocd
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
spec:
@mlbiam
mlbiam / openunison-vcluster-values.yaml
Last active December 18, 2023 06:15
vcluster-blog
network:
openunison_host: "k8sou.apps.212.2.242.251.nip.io"
dashboard_host: "k8sdb.apps.212.2.242.251.nip.io"
api_server_host: "k8sapi.apps.212.2.242.251.nip.io"
session_inactivity_timeout_seconds: 900
k8s_url: https://0.0.0.0:6443
force_redirect_to_tls: true
createIngressCertificate: true
ingress_type: nginx
ingress_annotations: