-
Notifications
You must be signed in to change notification settings - Fork 134
/
setup-central.sh
executable file
·41 lines (36 loc) · 1.23 KB
/
setup-central.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env bash
# Setup secrets for StackRox Central
#
# Usage:
# ./setup.sh
#
# Using a different command:
# The KUBE_COMMAND environment variable will override the default of kubectl
#
# Examples:
# To use the default command to create resources:
# $ ./setup.sh
# To use another command instead:
# $ export KUBE_COMMAND='kubectl --context prod-cluster'
# $ ./setup.sh
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
KUBE_COMMAND=${KUBE_COMMAND:-{{.K8sConfig.Command}}}
NAMESPACE="${ROX_NAMESPACE:-stackrox}"
${KUBE_COMMAND} get namespace "$NAMESPACE" &>/dev/null || ${KUBE_COMMAND} create namespace "$NAMESPACE"
${KUBE_COMMAND} annotate "namespace/${NAMESPACE}" --overwrite openshift.io/node-selector=""
if ! ${KUBE_COMMAND} get secret/stackrox -n "$NAMESPACE" > /dev/null; then
registry_auth="$("${DIR}/docker-auth.sh" -m k8s "{{.K8sConfig.Registry}}")"
[[ -n "$registry_auth" ]] || { echo >&2 "Unable to get registry auth info." ; exit 1 ; }
${KUBE_COMMAND} create --namespace "$NAMESPACE" -f - <<EOF
apiVersion: v1
data:
.dockerconfigjson: ${registry_auth}
kind: Secret
metadata:
name: stackrox
namespace: "$NAMESPACE"
labels:
app.kubernetes.io/name: stackrox
type: kubernetes.io/dockerconfigjson
EOF
fi