-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy path2_initialize_conjur.sh
executable file
·30 lines (23 loc) · 1.36 KB
/
2_initialize_conjur.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#!/bin/bash
set -euo pipefail
# initialize conjur
## create the account defined in bootstrap.env
## store the admin key in the admin.key file so next script can change the password
## save the conjur certificate to store in the config map
export SERVICE_IP=$(kubectl get svc --namespace conjur \
conjur-oss-ingress \
-o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo -e " Service is exposed at ${SERVICE_IP}:443\n" \
"Ensure that domain "conjur.demo.com" has an A record to ${SERVICE_IP}\n" \
"and only use the DNS endpoint https://conjur.demo.com:443 to connect.\n"
export POD_NAME=$(kubectl get pods --namespace $CONJUR_NAMESPACE \
-l "app=conjur-oss,release=conjur-oss" \
-o jsonpath="{.items[0].metadata.name}")
API_KEY_ADMIN=$(kubectl exec $POD_NAME --container=$CONJUR_APP_NAME --namespace $CONJUR_NAMESPACE conjurctl account create "$CONJUR_ACCOUNT") \
&& API_KEY_ADMIN=${API_KEY_ADMIN##* }
echo 'admin key:' $API_KEY_ADMIN
echo $API_KEY_ADMIN > admin.key
#ejecutar manualmente
###
echo -e "\n+\n+ \n Agregar manualmente el siguiente registro al archivo /etc/hosts y en gcloud dns \n \
$SERVICE_IP $CONJUR_HOSTNAME_SSL"