91 lines
3.8 KiB
PowerShell
91 lines
3.8 KiB
PowerShell
|
function Reset-MinikubeSecrets {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Resets secrets used in the local service development environment
|
||
|
|
||
|
.DESCRIPTION
|
||
|
Resets secrets used in the local service development environment: aws access key, ecr access key, kerberos ticket
|
||
|
|
||
|
.PARAMETER AwsProfile
|
||
|
[string] Will use the specified AWS profile when refreshing AWS credentials
|
||
|
|
||
|
.EXAMPLE
|
||
|
Refresh-Secrets -AwsProfile SRE
|
||
|
#>
|
||
|
[CmdletBinding()]
|
||
|
param(
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[string]$AwsProfile = "Dev"
|
||
|
)
|
||
|
|
||
|
$ErrorActionPreference = "Stop"
|
||
|
$logLead = (Get-LogLeadName)
|
||
|
$tempAwsProfile = "temp-$AwsProfile".ToLower()
|
||
|
|
||
|
Write-Host "$logLead : Verifying kube context..."
|
||
|
|
||
|
kubectl config use-context minikube
|
||
|
|
||
|
Write-Host "$logLead : Refreshing aws session with profile: $tempAwsProfile..."
|
||
|
|
||
|
Update-AWSProfile -Profile $AwsProfile
|
||
|
$AWS_ECR_LOGIN = aws ecr get-login-password --region us-east-1 --profile $tempAwsProfile
|
||
|
docker login --username AWS --password $AWS_ECR_LOGIN 327695573722.dkr.ecr.us-east-1.amazonaws.com
|
||
|
docker login --username AWS --password $AWS_ECR_LOGIN 790953160341.dkr.ecr.us-east-1.amazonaws.com
|
||
|
|
||
|
Write-Host "$logLead : Re-Mounting docker credentials for ECR access..."
|
||
|
|
||
|
$DOCKER_AWS_AUTH = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("AWS:$AWS_ECR_LOGIN"))
|
||
|
$DOCKER_CONFIG_JSON = "
|
||
|
{
|
||
|
'auths': {
|
||
|
'327695573722.dkr.ecr.us-east-1.amazonaws.com': {
|
||
|
'auth': '$DOCKER_AWS_AUTH'
|
||
|
},
|
||
|
'790953160341.dkr.ecr.us-east-1.amazonaws.com': {
|
||
|
'auth': '$DOCKER_AWS_AUTH'
|
||
|
}
|
||
|
}
|
||
|
}" -replace "'", '"'
|
||
|
|
||
|
$DOCKER_CONFIG_JSON | Out-File dockerconfig.json -Encoding Ascii
|
||
|
|
||
|
if (kubectl get secret awsecr-cred -n localhost --ignore-not-found --output=yaml) {
|
||
|
Write-Host "$logLead : Deleting existing Kubernetes ECR access secret: awssecr-cred..."
|
||
|
kubectl delete secret awsecr-cred -n localhost
|
||
|
}
|
||
|
|
||
|
Write-Host "$logLead : Creating Kubernetes ECR access secret: awssecr-cred..."
|
||
|
kubectl create secret generic awsecr-cred -n localhost --from-file=.dockerconfigjson=dockerconfig.json --type=kubernetes.io/dockerconfigjson
|
||
|
Remove-Item dockerconfig.json
|
||
|
|
||
|
Write-Host "$logLead : Re-Mounting config map for AWS resource access..."
|
||
|
|
||
|
$AWS_ACCESS_KEY_ID = aws configure get aws_access_key_id --profile $tempAwsProfile
|
||
|
$AWS_SECRET_ACCESS_KEY = aws configure get aws_secret_access_key --profile $tempAwsProfile
|
||
|
$AWS_SESSION_TOKEN = aws configure get aws_session_token --profile $tempAwsProfile
|
||
|
|
||
|
if (kubectl get configmap aws-config -n localhost --ignore-not-found --output=yaml) {
|
||
|
Write-Host "$logLead : Deleting existing Kubernetes AWS access config map: aws-config..."
|
||
|
kubectl delete configmap aws-config -n localhost
|
||
|
}
|
||
|
|
||
|
Write-Host "$logLead : Creating Kubernetes AWS access config map: aws-config..."
|
||
|
kubectl create configmap aws-config -n localhost --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal=AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
|
||
|
|
||
|
Write-Host "$logLead : Re-Mounting Kerberos ticket for database access..."
|
||
|
|
||
|
Write-Host "$logLead : Purging existing Kerberos tickets..."
|
||
|
klist purge
|
||
|
|
||
|
Write-Host "$logLead : Obtaining new Kerberos ticket..."
|
||
|
kinit
|
||
|
|
||
|
if (kubectl get configmap kerberos-config -n localhost --ignore-not-found --output=yaml) {
|
||
|
Write-Host "$logLead : Deleting existing Kerberos ticket config map: kerberos-config..."
|
||
|
kubectl delete configmap kerberos-config -n localhost
|
||
|
}
|
||
|
|
||
|
Write-Host "$logLead : Creating Kerberos ticket config map: kerberos-config..."
|
||
|
kubectl create configmap kerberos-config -n localhost --from-file=c:\ProgramData\MIT\Kerberos5\
|
||
|
}
|