cbrand/ps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
ps/Modules/Alkami.DevOps.Minikube/Public/Reset-MiniKubeSecrets.ps1

91 lines
3.8 KiB
PowerShell
Raw Permalink Normal View History

First full commit
2023-05-30 22:51:22 -07:00
function Reset-MinikubeSecrets {
<#
.SYNOPSIS
Resets secrets used in the local service development environment
.DESCRIPTION
Resets secrets used in the local service development environment: aws access key, ecr access key, kerberos ticket
.PARAMETER AwsProfile
[string] Will use the specified AWS profile when refreshing AWS credentials
.EXAMPLE
Refresh-Secrets -AwsProfile SRE
#>
[CmdletBinding()]
param(
[Parameter(Mandatory = $false)]
[string]$AwsProfile = "Dev"
)
$ErrorActionPreference = "Stop"
$logLead = (Get-LogLeadName)
$tempAwsProfile = "temp-$AwsProfile".ToLower()
Write-Host "$logLead : Verifying kube context..."
kubectl config use-context minikube
Write-Host "$logLead : Refreshing aws session with profile: $tempAwsProfile..."
Update-AWSProfile -Profile $AwsProfile
$AWS_ECR_LOGIN = aws ecr get-login-password --region us-east-1 --profile $tempAwsProfile
docker login --username AWS --password $AWS_ECR_LOGIN 327695573722.dkr.ecr.us-east-1.amazonaws.com
docker login --username AWS --password $AWS_ECR_LOGIN 790953160341.dkr.ecr.us-east-1.amazonaws.com
Write-Host "$logLead : Re-Mounting docker credentials for ECR access..."
$DOCKER_AWS_AUTH = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("AWS:$AWS_ECR_LOGIN"))
$DOCKER_CONFIG_JSON = "
{
'auths': {
'327695573722.dkr.ecr.us-east-1.amazonaws.com': {
'auth': '$DOCKER_AWS_AUTH'
},
'790953160341.dkr.ecr.us-east-1.amazonaws.com': {
'auth': '$DOCKER_AWS_AUTH'
}
}
}" -replace "'", '"'
$DOCKER_CONFIG_JSON | Out-File dockerconfig.json -Encoding Ascii
if (kubectl get secret awsecr-cred -n localhost --ignore-not-found --output=yaml) {
Write-Host "$logLead : Deleting existing Kubernetes ECR access secret: awssecr-cred..."
kubectl delete secret awsecr-cred -n localhost
}
Write-Host "$logLead : Creating Kubernetes ECR access secret: awssecr-cred..."
kubectl create secret generic awsecr-cred -n localhost --from-file=.dockerconfigjson=dockerconfig.json --type=kubernetes.io/dockerconfigjson
Remove-Item dockerconfig.json
Write-Host "$logLead : Re-Mounting config map for AWS resource access..."
$AWS_ACCESS_KEY_ID = aws configure get aws_access_key_id --profile $tempAwsProfile
$AWS_SECRET_ACCESS_KEY = aws configure get aws_secret_access_key --profile $tempAwsProfile
$AWS_SESSION_TOKEN = aws configure get aws_session_token --profile $tempAwsProfile
if (kubectl get configmap aws-config -n localhost --ignore-not-found --output=yaml) {
Write-Host "$logLead : Deleting existing Kubernetes AWS access config map: aws-config..."
kubectl delete configmap aws-config -n localhost
}
Write-Host "$logLead : Creating Kubernetes AWS access config map: aws-config..."
kubectl create configmap aws-config -n localhost --from-literal=AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --from-literal=AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --from-literal=AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
Write-Host "$logLead : Re-Mounting Kerberos ticket for database access..."
Write-Host "$logLead : Purging existing Kerberos tickets..."
klist purge
Write-Host "$logLead : Obtaining new Kerberos ticket..."
kinit
if (kubectl get configmap kerberos-config -n localhost --ignore-not-found --output=yaml) {
Write-Host "$logLead : Deleting existing Kerberos ticket config map: kerberos-config..."
kubectl delete configmap kerberos-config -n localhost
}
Write-Host "$logLead : Creating Kerberos ticket config map: kerberos-config..."
kubectl create configmap kerberos-config -n localhost --from-file=c:\ProgramData\MIT\Kerberos5\
}
Reference in New Issue Copy Permalink