nil1729 · June 2, 2025 08:53
diff --git a/contour-init.sh b/contour-init.sh
 # project contour setup
 # https://projectcontour.io/getting-started/

 # helm installation
 helm repo add bitnami https://charts.bitnami.com/bitnami

 helm install projectcontour bitnami/contour --namespace projectcontour --create-namespace

 # verify resources
 kubectl -n projectcontour get po,svc

 # kind cluster port forward
 kubectl -n projectcontour port-forward service/projectcontour-envoy 8888:80  # http
 kubectl -n projectcontour port-forward service/projectcontour-envoy 8443:443 # https 
diff --git a/external-secret-operator-init.sh b/external-secret-operator-init.sh
 # external secret operator setup
 # https://external-secrets.io/v0.5.5/guides-getting-started/

 # helm installation
 helm repo add external-secrets https://charts.external-secrets.io

 helm install external-secrets \
   external-secrets/external-secrets \
    -n external-secrets \
    --create-namespace \
    --set installCRDs=true
diff --git a/external-secret.yaml b/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
  name: test-external-secret
  namespace: default
 spec:
  refreshInterval: 24h
  secretStoreRef:
    kind: ClusterSecretStore
    name: gcp-secret-manager
  target:
    name: secret-to-be-created
    creationPolicy: Owner
  data:
    - secretKey: test_key
      remoteRef:
        key: gcp-secret-manager-secret-key
diff --git a/gcp-cluster-secret-store.yaml b/gcp-cluster-secret-store.yaml
 apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
  name: gcp-secret-manager
 spec:
  provider:
    gcpsm:
      auth:
        secretRef:
          secretAccessKeySecretRef:
            name: google-credentials
            key: sa.json # service account having access to gcp secret manager
            namespace: external-secrets
      projectID: pwa-demo-nil1729
diff --git a/google-credentials-k8s-secret.sh b/google-credentials-k8s-secret.sh
 kubectl create secret generic google-credentials \
 --from-file=/path/to/sa.json \
 -n external-secrets
diff --git a/k8s-tls-secret.sh b/k8s-tls-secret.sh
 kubectl create secret tls test-tls-secret \
  --cert=/path/to/cert \
  --key=/path/to/key \
  -n default
diff --git a/local-lets-encrypt-cert.sh b/local-lets-encrypt-cert.sh
 sudo certbot certonly --manual --preferred-challenges dns -d trino.k8s.test.nilanjandeb.com
diff --git a/public-lets-encrypt-cert.sh b/public-lets-encrypt-cert.sh
 sudo certbot certonly --standalone -d trino.k8s.test.nilanjandeb.com
	# project contour setup
	# https://projectcontour.io/getting-started/

	# helm installation
	helm repo add bitnami https://charts.bitnami.com/bitnami

	helm install projectcontour bitnami/contour --namespace projectcontour --create-namespace

	# verify resources
	kubectl -n projectcontour get po,svc

	# kind cluster port forward
	kubectl -n projectcontour port-forward service/projectcontour-envoy 8888:80 # http
	kubectl -n projectcontour port-forward service/projectcontour-envoy 8443:443 # https
	# external secret operator setup
	# https://external-secrets.io/v0.5.5/guides-getting-started/

	# helm installation
	helm repo add external-secrets https://charts.external-secrets.io

	helm install external-secrets \
	external-secrets/external-secrets \
	-n external-secrets \
	--create-namespace \
	--set installCRDs=true
	apiVersion: external-secrets.io/v1
	kind: ExternalSecret
	metadata:
	name: test-external-secret
	namespace: default
	spec:
	refreshInterval: 24h
	secretStoreRef:
	kind: ClusterSecretStore
	name: gcp-secret-manager
	target:
	name: secret-to-be-created
	creationPolicy: Owner
	data:
	- secretKey: test_key
	remoteRef:
	key: gcp-secret-manager-secret-key
	kubectl create secret generic google-credentials \
	--from-file=/path/to/sa.json \
	-n external-secrets
	kubectl create secret tls test-tls-secret \
	--cert=/path/to/cert \
	--key=/path/to/key \
	-n default