Add ip secret to list

Add matrix deploy role
Add matrix.sunet.se ip to lb
2024-11-06 15:09:58 +01:00 · 2024-11-06 15:07:53 +01:00 · 2024-11-06 15:06:05 +01:00 · 2024-11-06 12:52:53 +01:00 · 2024-11-06 12:38:48 +01:00
6 changed files with 102 additions and 0 deletions
--- a/IaC-test/securitygroups-lb.tf
+++ b/IaC-test/securitygroups-lb.tf
@ -85,3 +85,14 @@ resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule7_v4_dco" {
  remote_ip_prefix  = "89.47.191.66/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }
+
+resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule8_v4_dco" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "tcp"
+  port_range_min    = "16443"
+  port_range_max    = "16443"
+  provider          = openstack.dco
+  remote_ip_prefix  = "89.47.184.88/32"
+  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
+}
--- a/k8s/clusterroles/role-namespaces-read.yaml
+++ b/k8s/clusterroles/role-namespaces-read.yaml
@ -0,0 +1,9 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: clusterrole-read-namespaces
+rules:
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list"]
--- a/k8s/examples/registry/matrix-registry-ingress.yaml
+++ b/k8s/examples/registry/matrix-registry-ingress.yaml
@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+  name: matrix-registry-ingress
+  namespace: matrix-registry
+spec:
+  defaultBackend:
+    service:
+      name: matrix-registry-service
+      port:
+        number: 5000
+  ingressClassName: nginx
+  rules:
+    - host: registry.matrix.test.sunet.se
+      http:
+        paths:
+          - backend:
+              service:
+                name: matrix-registry-service
+                port:
+                  number: 5000
+            path: /
+            pathType: Prefix
+  tls:
+    - hosts:
+        - registry.matrix.test.sunet.se
+      secretName: tls-secret
--- a/k8s/matrix/matrix-deploy-role.yaml
+++ b/k8s/matrix/matrix-deploy-role.yaml
@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: btsystem-registry
+  name: btsystemregistry-reader
+rules:
+  - apiGroups: [""] # "" indicates the core API group
+    resources:
+      - pods
+      - configmaps
+      - events
+      - limitranges
+      - persistentvolumeclaims
+      - podtemplates
+      - replicationcontrollers
+      - resourcequotas
+      - secrets
+      - services
+      - controllerrevisions
+      - daemonsets
+      - deployments
+      - replicasets
+      - statefulsets
+      - localsubjectaccessreviews
+      - horizontalpodautoscalers
+      - cronjobs
+      - jobs
+      - leases
+      - networkpolicies
+      - networksets
+      - endpointslices
+      - events
+      - ingresses
+      - networkpolicies
+      - objectbucketclaims
+      - poddisruptionbudgets
+      - rolebindings
+      - roles
+      - csistoragecapacities
+    verbs:
+      - get
+      - watch
+      - list
--- a/k8s/matrix/matrix-namespace.yaml
+++ b/k8s/matrix/matrix-namespace.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: matrix
+  labels:
+    name: matrix
--- a/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ b/lb1.matrix.test.sunet.se/overlay/etc/hiera/data/local.eyaml
@ -2,3 +2,4 @@
 sourceips:
  - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAXJshcFEueSHFlLo3kKvRWqUltrPBNrEligleurVbh64R2T/Qhq6/vwVfT6cmOkXO6AsPQk2+uyPOKQHvHoSqnYuyRS3bhWzmUUpXk8GpCws5w+1mwuB74J4ngK9ALo5CWisnoaAEDuuWvwPJVCrb6ofbkEj66Wz2BIU2Kt+GpvlV8IR79VYm2XQ8K7sk6Yv2/kT/eAHa5xvrzWieFAbXcxeaT92yrKGLkkVuUepu0T8iN+gbacusPRCVXVYKCqJ8t3erqlw3qheL6Q63xb19FMLptsAPClG4KJLSnMtss60pWiP2TaUhvgF1NH0QCQq2SjGjhRSkgzJV9YdRBccRe7TAKLUHcYy/oStMPuv3GaN7C5WhldPcN4bO16ziVCZfKA6yBGW/ezLMd9nk8dnzk3XsIHtCMCeqXiUDPVLFCHY0ekxorcKlppSgZTKB1EBi2xIf14v2ACZA8AKlXrBJ++DXQTL566pffvVMWHwVJX2FJ1X1vtmny4leIs1LOA19DZWkyHF48fM6U7clFwY6WfMXzTdl3oFepcxpOdyLoGa+wvQ9bfpUQNAYP4mQW0gJadPctXxkS1Oi+mYHSDMxrWzAKtbOLA8StQWXvg8LGs9yxcd6KZWufbz1uMTg7WIDcJadG/z3qc5ZEUoVZNbbHOEMnEFVzDgEfeB8+cwtfAkwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQSsM2NFbe2higpR4dySelE4AQoyqyRowuyTxaSZ0lZELn3A==]
  - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAD3dP3VZajW3lYO5xOQHNNFweEWKcQLunkXRE5eSL88DGNUje7pjATH3bfj7g693Acxy3o/7gmH4kqF6O695I44qf31x2P05HlgzKrIzIx1h8DlSpJEAAF1l3yq8EFkpuT50Bs006lMfb7UmSfEiKtbpqVTWryYf49tevZ/g9xoGE6r1g1Ym31syT7zt2bYkl0T/1TfBg/t9JuQBBawKZifMDKgB+w4ZWvmbuN5n9kIlxqCQupJom8IWSyc9umIQ4Q32NQmTRN7DYOPbGUFAunZ3aGJHvx5xBiy9lh8aswA3odugGU8v8yYqe0ivs1Hu3JV/f/U2pGHeE9t1wQ0QjA1ES+3oexdzJZYpI44q4udxstRhwnZFkFtj7+m7yDUJSDP8eB9UJzdhx63LxxcsNPCFnsUEM7vIr4oL1ZTe86PG7ZljA6v2P+uQmWAUs18PbB1Y4dIAnKewd4d0EyhPz3c4yV4S9dgP1zt0EM9GRj6bCRKSFOnd59vaFOAOKCYZeiNajwNI+Mk2QVagR6NFzgneHRay5quv6yRmNP9Fkmsgc7rtckS03uGCx2sNnfZKZsa6lGc9xekkjKPbTkOjvKa+L+VKc/PTxpTGGroAuDfY5ck68IECQORrqo2irOOM2+Z+BeultL1iwKOVLz5QVY1gVXHKuuXL6z8rcXzEEN9AwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQIxx9tE+wzDqf5i+RWvZo/YAQv0GytVs5YW6BHziK0n7+MQ==]
+  - ENC[PKCS7,MIIC3AYJKoZIhvcNAQcDoIICzTCCAskCAQAxggKEMIICgAIBADBoMFAxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxITAfBgNVBAMMGGxiMS5tYXRyaXgudGVzdC5zdW5ldC5zZQIUPX0gRG82aZiAotUfxSI1PCZufhUwDQYJKoZIhvcNAQEBBQAEggIAOxSw9yfoFWKbVqPzlozmv99ZmgANjPZtvtIDgKz/sx1xf6k1rIptL+iidO/+hOse6RG1+BBjvioFg+D0gWOeBfFFy1iU21VqFzdJpxJiLAbFQ81pJUTwbfglQIV+zFA73J7aJTERhYb3CG1mx6MZJLwxhTQojWoXP8fZjEa8s7BZpIHtVzBzwz4ynlQ3L/VrC8kIOLu93qtmKcz97fMKGmm0cqrC/BkF0fA487Uco+CBqlRurkc3MB/QrrbNkKEI5JK/OtLWg7wRXiW1oN8AS7iKNBl7Ic23JlFyQbW4XF7mhuPLyOlMNZEXu/7FrvPyK+Te+8YIKi8Q9Zj1ZpW5HNqIMX2Lqc3qyr/Cj+12ztgu9nQdUQmGOQAn7GEYvFoRIZXyIR/FGSI+iuG0R0+fTWh5v2wiHX9fop/U3xKcQq9oCp0kJ9hP59nf/JcFRH1b36+lQhk6PvAZvfsh5JONbOAxxKLhhrliC18PDhiddEmXY1gkqUPTQ+N9Yc+4rSzKQnVNTjP0gT9yOY2Kc6pUzW8Kp76qzewoWWUTdo71DpmmvPGpHUCqGvAPzjkbVB+iiZVKlpR1K/0YRYY0AOipAqY9L50RncPqoGwZ+5qgJ3zVjPhUdmJu2lysOxpZeRZNH4wfG047ISF1IIyLNmCVhOcX8CqVwdpSO/f37yhGzUUwPAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQcyXQqNfMcDEwrWJRMnF1oIAQBXHWNrsRXMG677xMSWMF8g==]
Author	SHA1	Message	Date
Magnus Andersson	2a103b0da4	Add ip secret to list	2024-11-06 15:09:58 +01:00
Magnus Andersson	666b81af9c	Add matrix deploy role	2024-11-06 15:07:53 +01:00
Magnus Andersson	132a2dd771	Add matrix.sunet.se ip to lb	2024-11-06 15:06:05 +01:00
Magnus Andersson	035524863a	Add cluster role to get namespaces	2024-11-06 12:52:53 +01:00
Magnus Andersson	4515bafe6c	Add rexistry example ingress	2024-11-06 12:38:48 +01:00