From 473be80cf6d57b87e52f2c5b7ad3fb843c1aae95 Mon Sep 17 00:00:00 2001 From: razo7 Date: Mon, 29 May 2023 15:23:37 +0300 Subject: [PATCH] Add TLS secret for kube-rbac-proxy container Using OpenSSL to create RSA key and certificate. Then change to Base64 --- .../manifests/far-rbac-container-secret_v1_secret.yaml | 8 ++++++++ config/manifests/kustomization.yaml | 1 + config/secret/kustomization.yaml | 2 ++ config/secret/manager_auth_proxy_secret.yaml | 9 +++++++++ 4 files changed, 20 insertions(+) create mode 100644 bundle/manifests/far-rbac-container-secret_v1_secret.yaml create mode 100644 config/secret/kustomization.yaml create mode 100644 config/secret/manager_auth_proxy_secret.yaml diff --git a/bundle/manifests/far-rbac-container-secret_v1_secret.yaml b/bundle/manifests/far-rbac-container-secret_v1_secret.yaml new file mode 100644 index 00000000..e8e0c08f --- /dev/null +++ b/bundle/manifests/far-rbac-container-secret_v1_secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + tls.cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lVR1BndlRWWUhPQmRVVlROSWZuUDdCRkNFdG5jd0RRWUpLb1pJaHZjTkFRRUwKQlFBd09ERVRNQkVHQTFVRUF3d0tiV1ZrYVdzNGN5NXBiekVoTUI4R0ExVUVDZ3dZWm1WdVkyVXRZV2RsYm5SegpMWEpsYldWa2FXRjBhVzl1TUI0WERUSXpNRFV5T1RFeE5UTXlORm9YRFRJME1EVXlPREV4TlRNeU5Gb3dPREVUCk1CRUdBMVVFQXd3S2JXVmthV3M0Y3k1cGJ6RWhNQjhHQTFVRUNnd1labVZ1WTJVdFlXZGxiblJ6TFhKbGJXVmsKYVdGMGFXOXVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJYb1RLREJuYmtFUgpJQ1Z0L2I0aFE1RjQvc0QwTjVxcWhETXl3bmd2Rm94MXNlYTg5UUp5OFBIL3R2UzBReS9adThEcktodVhoSy9nCmpic0czSVdrZzMyNGkvVndDWUhOeWJNM0NPKzNpalcxc1ViSTRRdlc2VjFBVGMrNExndmlVb3RoV3dUK2l6RXMKTHhhcHZiemdlV3NZUTY0SWd4QWRZMGx6M0MwaDlJWThYVUt1MkNLMFhoTEp0L0dGdHRKbGRZQlhScDkyc24vaQpiUWZ3U3FMVExVY21MT2lNS1BxazdncDRZK3BFZkpVK1VBMUZiS3Raak5QYmFsVm1nbmUzd3EwLzlxd0tHK3NjCnVCbHRqRDNlQmxnR3lBQlJaSmpqU1ZOVFEvTEdkWlFQYmJQb3RXUUhvd2ZLRmIxdzJ6RHFlV1ozY0hqZU0ybXgKMVZPTFEwR0JHUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVVzBUL21HVGlhZHdra2pJZFFsUDYvbVhWZ3dNdwpId1lEVlIwakJCZ3dGb0FVVzBUL21HVGlhZHdra2pJZFFsUDYvbVhWZ3dNd0R3WURWUjBUQVFIL0JBVXdBd0VCCi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXQ3FQQVFDKzYwMGdSZHNsbG4xU0xCYktidkpEMDlYSVVUNEgKYXBibGJoRmcvalE3MjRUaytTc2dBNXFJUlhDSElPNmNsb05oMFExbXY5TGltYVpxYkNvRFZkakdiR3ZWSWZOdwpvNDRiUnJSTDF5OEk2K1ZVY25UV2M2MWRlZzV4UDRYQW1lMWJ6R1ZSWGxyQkVSVXgzQ0NiaW95TnQyVlVQQkNSCnMrZU9ZZ3BJaVhSVUFHRTN1YmpHcHlxeXRFRCtaNk8rbzdFYUFsYlFBaVRaTnFlUlBlYzhhMklRYjFoQzVVUjIKeG9leFA1a1M4Wk10ODR6L2JmaUNXRDAwYnFiVldyTkJOZVFsWndram9ueEplL2NPM2ltSGZPeGFBY3dWUUpOQQozRjhKMXpHNW9ybDlsbTRVbzMzMDZHbGQxRk9WdVEySEN3VUg0V1BtbFVPaG8rWE5lZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3RlaE1vTUdkdVFSRWcKSlczOXZpRkRrWGord1BRM21xcUVNekxDZUM4V2pIV3g1cnoxQW5MdzhmKzI5TFJETDltN3dPc3FHNWVFcitDTgp1d2JjaGFTRGZiaUw5WEFKZ2MzSnN6Y0k3N2VLTmJXeFJzamhDOWJwWFVCTno3Z3VDK0pTaTJGYkJQNkxNU3d2CkZxbTl2T0I1YXhoRHJnaURFQjFqU1hQY0xTSDBoanhkUXE3WUlyUmVFc20zOFlXMjBtVjFnRmRHbjNheWYrSnQKQi9CS290TXRSeVlzNkl3bytxVHVDbmhqNmtSOGxUNVFEVVZzcTFtTTA5dHFWV2FDZDdmQ3JULzJyQW9iNnh5NApHVzJNUGQ0R1dBYklBRkZrbU9OSlUxTkQ4c1oxbEE5dHMraTFaQWVqQjhvVnZYRGJNT3A1Wm5kd2VONHphYkhWClU0dERRWUVaQWdNQkFBRUNnZ0VBQWUvTlM1M211YllPUVRsSndMM0xxZkVlS2JIeEhXSE9WT0FzSHBHd1FqbmEKalRHUjhIdW1MdHgweWcvSFVoZGZBSmZ4eUN3N1dudzFoSlRrU2JmNjZJdVJ4alk4N3ZqbnJ1c2ZuOVkvOVZJTwpMNUY3dlU5MWh4dHh2cXlsVmhaRWk1UUtIVFd4WmMvQnVqRGE2a2NKTm9ja2pvbzEzQjRQbTBQVVZhUHlCTVIvCmhCSWwwanhSMm1hN0dlRzc2Q2puWTBEbWZvaUxkZXRCVDF5SWN5ZERTdE41V2Z0T3FWUmRSc0srN0F4anNZbSsKNERpVm41VWNTdVhWblRFSlBMT0xHbVBGcmZ6K2NlS0ljM21Hc2VpU2RCUXZ5Wk1lalNUZXZuRm5MbE05MC9YZgpnZFk5U0luMVhiaFdiVmF3a3FIYWxuN0JnNFA4cXB4SytNU092VUpqRVFLQmdRRFJoMFdPUGcyTjQ0cmFuYXFkClVjUFAyenhka3Z5WFhGODJ3Tmw1bWRDL2pEZ3NOdDZKYmhadm54ZVN0SWc5dEZ1UEdZeE5XdUFIVDhMOUp6dmcKYVhDaEJrZEVnanRFOHlhWlVTSlJKbDlwNDVhMEw1Sm9pdEFQMDVkZzdUVENRWnpCRGdWRjJ5QlZyVkFXMFIzWApNOUdhRVltQktzei9qWTVpK0hwM0FHa0RKUUtCZ1FEVDg5akc1WnZUVGFocURGYlgzdUl3eDhROUUvVTI0UVBtCldyYUV5NzdwQjA2WDh6NG01VGY0Q05qaUpFQ2s5TDJRTTRzcmo1enlYZWttNmFhNlVwbzUzVlRRUlBoZjJlOHkKeng5bnRHSWVFYnlXY0xFTEtmNkRzV1dLS3ZtdFBuTmFJMXR3Rkg2Q1h3VTA5TEVnSVhNdU9sL1ErUHpjN0RLeApScTJoNlpTZDVRS0JnQTlUcjlqWjNTLzE1eUJhekRJNTJ2TUhmSUR6MFpwWTNYWXA0VDZ0NjhFM1JweWxYdDM2CnVaVnNzOUs5ZGdIZGdaMFVKMWs1UG80S1haOGJFWncyMmxCTkgwVjVxVkEvNFNEeCtHcXJQZXVIQkcwbDFiWGsKQVpoR3lCb0ZBQWo5dDdPL2pNOHhXa29xSldPbDVHTHJuWGVCdE9kSDlEcjFaZWNEZWlIZVc5QXBBb0dCQU05MQpCMEt2TFZXbTFtaHVpWFlrSjd0ZFhQdjNrL1hTU3pIbXFtM1N5NXRsVm8wdVBqQnQvZGxlTjRNcHZzaDI4VEM2CjhzYUJmRHBTcDBvNk9zSjI1WlFyeXI5TU10d0hBYlQydktPU0VOT2p3clp4dVNqWFF0SitDWWd5eGszSEtic1oKam45bTMra1Z2by8xellWSW1HZXdKV2J5dnZZeWp1K3I0WG53bWxIdEFvR0FBSmprenloYkpZUytnUDBJMjZuZgpFZFNvYWR6M1o1anRJTlpqeHl6eHdseEJ4cDNVa281a210WUJtdk55akR0TGRLL1liZHAyK3JlMkk5Mm5heHd3CjBCTU1jTUpueUVmc0hvNnoza3Rybkp5eVNFQ2lRM2phNWVXMUw1cU4xWDN2VmhsYTlvK2RvSERKQjA2SnBTN0UKbldpRklXL3ZNMTF4SXNlL1BYaUtlb1U9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: far-rbac-container-secret +type: kubernetes.io/tls diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index ecbb499f..21f30b0f 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -5,6 +5,7 @@ resources: - ../default - ../samples - ../scorecard +- ../secret # [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. # Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. diff --git a/config/secret/kustomization.yaml b/config/secret/kustomization.yaml new file mode 100644 index 00000000..26c9c3ff --- /dev/null +++ b/config/secret/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager_auth_proxy_secret.yaml diff --git a/config/secret/manager_auth_proxy_secret.yaml b/config/secret/manager_auth_proxy_secret.yaml new file mode 100644 index 00000000..b40ae611 --- /dev/null +++ b/config/secret/manager_auth_proxy_secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: far-rbac-container-secret + namespace: default +type: kubernetes.io/tls +data: + tls.cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lVR1BndlRWWUhPQmRVVlROSWZuUDdCRkNFdG5jd0RRWUpLb1pJaHZjTkFRRUwKQlFBd09ERVRNQkVHQTFVRUF3d0tiV1ZrYVdzNGN5NXBiekVoTUI4R0ExVUVDZ3dZWm1WdVkyVXRZV2RsYm5SegpMWEpsYldWa2FXRjBhVzl1TUI0WERUSXpNRFV5T1RFeE5UTXlORm9YRFRJME1EVXlPREV4TlRNeU5Gb3dPREVUCk1CRUdBMVVFQXd3S2JXVmthV3M0Y3k1cGJ6RWhNQjhHQTFVRUNnd1labVZ1WTJVdFlXZGxiblJ6TFhKbGJXVmsKYVdGMGFXOXVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJYb1RLREJuYmtFUgpJQ1Z0L2I0aFE1RjQvc0QwTjVxcWhETXl3bmd2Rm94MXNlYTg5UUp5OFBIL3R2UzBReS9adThEcktodVhoSy9nCmpic0czSVdrZzMyNGkvVndDWUhOeWJNM0NPKzNpalcxc1ViSTRRdlc2VjFBVGMrNExndmlVb3RoV3dUK2l6RXMKTHhhcHZiemdlV3NZUTY0SWd4QWRZMGx6M0MwaDlJWThYVUt1MkNLMFhoTEp0L0dGdHRKbGRZQlhScDkyc24vaQpiUWZ3U3FMVExVY21MT2lNS1BxazdncDRZK3BFZkpVK1VBMUZiS3Raak5QYmFsVm1nbmUzd3EwLzlxd0tHK3NjCnVCbHRqRDNlQmxnR3lBQlJaSmpqU1ZOVFEvTEdkWlFQYmJQb3RXUUhvd2ZLRmIxdzJ6RHFlV1ozY0hqZU0ybXgKMVZPTFEwR0JHUUlEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVVzBUL21HVGlhZHdra2pJZFFsUDYvbVhWZ3dNdwpId1lEVlIwakJCZ3dGb0FVVzBUL21HVGlhZHdra2pJZFFsUDYvbVhWZ3dNd0R3WURWUjBUQVFIL0JBVXdBd0VCCi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFXQ3FQQVFDKzYwMGdSZHNsbG4xU0xCYktidkpEMDlYSVVUNEgKYXBibGJoRmcvalE3MjRUaytTc2dBNXFJUlhDSElPNmNsb05oMFExbXY5TGltYVpxYkNvRFZkakdiR3ZWSWZOdwpvNDRiUnJSTDF5OEk2K1ZVY25UV2M2MWRlZzV4UDRYQW1lMWJ6R1ZSWGxyQkVSVXgzQ0NiaW95TnQyVlVQQkNSCnMrZU9ZZ3BJaVhSVUFHRTN1YmpHcHlxeXRFRCtaNk8rbzdFYUFsYlFBaVRaTnFlUlBlYzhhMklRYjFoQzVVUjIKeG9leFA1a1M4Wk10ODR6L2JmaUNXRDAwYnFiVldyTkJOZVFsWndram9ueEplL2NPM2ltSGZPeGFBY3dWUUpOQQozRjhKMXpHNW9ybDlsbTRVbzMzMDZHbGQxRk9WdVEySEN3VUg0V1BtbFVPaG8rWE5lZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3RlaE1vTUdkdVFSRWcKSlczOXZpRkRrWGord1BRM21xcUVNekxDZUM4V2pIV3g1cnoxQW5MdzhmKzI5TFJETDltN3dPc3FHNWVFcitDTgp1d2JjaGFTRGZiaUw5WEFKZ2MzSnN6Y0k3N2VLTmJXeFJzamhDOWJwWFVCTno3Z3VDK0pTaTJGYkJQNkxNU3d2CkZxbTl2T0I1YXhoRHJnaURFQjFqU1hQY0xTSDBoanhkUXE3WUlyUmVFc20zOFlXMjBtVjFnRmRHbjNheWYrSnQKQi9CS290TXRSeVlzNkl3bytxVHVDbmhqNmtSOGxUNVFEVVZzcTFtTTA5dHFWV2FDZDdmQ3JULzJyQW9iNnh5NApHVzJNUGQ0R1dBYklBRkZrbU9OSlUxTkQ4c1oxbEE5dHMraTFaQWVqQjhvVnZYRGJNT3A1Wm5kd2VONHphYkhWClU0dERRWUVaQWdNQkFBRUNnZ0VBQWUvTlM1M211YllPUVRsSndMM0xxZkVlS2JIeEhXSE9WT0FzSHBHd1FqbmEKalRHUjhIdW1MdHgweWcvSFVoZGZBSmZ4eUN3N1dudzFoSlRrU2JmNjZJdVJ4alk4N3ZqbnJ1c2ZuOVkvOVZJTwpMNUY3dlU5MWh4dHh2cXlsVmhaRWk1UUtIVFd4WmMvQnVqRGE2a2NKTm9ja2pvbzEzQjRQbTBQVVZhUHlCTVIvCmhCSWwwanhSMm1hN0dlRzc2Q2puWTBEbWZvaUxkZXRCVDF5SWN5ZERTdE41V2Z0T3FWUmRSc0srN0F4anNZbSsKNERpVm41VWNTdVhWblRFSlBMT0xHbVBGcmZ6K2NlS0ljM21Hc2VpU2RCUXZ5Wk1lalNUZXZuRm5MbE05MC9YZgpnZFk5U0luMVhiaFdiVmF3a3FIYWxuN0JnNFA4cXB4SytNU092VUpqRVFLQmdRRFJoMFdPUGcyTjQ0cmFuYXFkClVjUFAyenhka3Z5WFhGODJ3Tmw1bWRDL2pEZ3NOdDZKYmhadm54ZVN0SWc5dEZ1UEdZeE5XdUFIVDhMOUp6dmcKYVhDaEJrZEVnanRFOHlhWlVTSlJKbDlwNDVhMEw1Sm9pdEFQMDVkZzdUVENRWnpCRGdWRjJ5QlZyVkFXMFIzWApNOUdhRVltQktzei9qWTVpK0hwM0FHa0RKUUtCZ1FEVDg5akc1WnZUVGFocURGYlgzdUl3eDhROUUvVTI0UVBtCldyYUV5NzdwQjA2WDh6NG01VGY0Q05qaUpFQ2s5TDJRTTRzcmo1enlYZWttNmFhNlVwbzUzVlRRUlBoZjJlOHkKeng5bnRHSWVFYnlXY0xFTEtmNkRzV1dLS3ZtdFBuTmFJMXR3Rkg2Q1h3VTA5TEVnSVhNdU9sL1ErUHpjN0RLeApScTJoNlpTZDVRS0JnQTlUcjlqWjNTLzE1eUJhekRJNTJ2TUhmSUR6MFpwWTNYWXA0VDZ0NjhFM1JweWxYdDM2CnVaVnNzOUs5ZGdIZGdaMFVKMWs1UG80S1haOGJFWncyMmxCTkgwVjVxVkEvNFNEeCtHcXJQZXVIQkcwbDFiWGsKQVpoR3lCb0ZBQWo5dDdPL2pNOHhXa29xSldPbDVHTHJuWGVCdE9kSDlEcjFaZWNEZWlIZVc5QXBBb0dCQU05MQpCMEt2TFZXbTFtaHVpWFlrSjd0ZFhQdjNrL1hTU3pIbXFtM1N5NXRsVm8wdVBqQnQvZGxlTjRNcHZzaDI4VEM2CjhzYUJmRHBTcDBvNk9zSjI1WlFyeXI5TU10d0hBYlQydktPU0VOT2p3clp4dVNqWFF0SitDWWd5eGszSEtic1oKam45bTMra1Z2by8xellWSW1HZXdKV2J5dnZZeWp1K3I0WG53bWxIdEFvR0FBSmprenloYkpZUytnUDBJMjZuZgpFZFNvYWR6M1o1anRJTlpqeHl6eHdseEJ4cDNVa281a210WUJtdk55akR0TGRLL1liZHAyK3JlMkk5Mm5heHd3CjBCTU1jTUpueUVmc0hvNnoza3Rybkp5eVNFQ2lRM2phNWVXMUw1cU4xWDN2VmhsYTlvK2RvSERKQjA2SnBTN0UKbldpRklXL3ZNMTF4SXNlL1BYaUtlb1U9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K