diff --git a/backend/__pycache__/app.cpython-310.pyc b/backend/__pycache__/app.cpython-310.pyc
deleted file mode 100644
index 5e3e32b7347019cd077bfa008a7dbcd7d69794b1..0000000000000000000000000000000000000000
Binary files a/backend/__pycache__/app.cpython-310.pyc and /dev/null differ
diff --git a/backend/__pycache__/exception.cpython-310.pyc b/backend/__pycache__/exception.cpython-310.pyc
deleted file mode 100644
index c497ee42336b0877868d75a927f631ee471672e8..0000000000000000000000000000000000000000
Binary files a/backend/__pycache__/exception.cpython-310.pyc and /dev/null differ
diff --git a/backend/__pycache__/myworker.cpython-310.pyc b/backend/__pycache__/myworker.cpython-310.pyc
deleted file mode 100644
index d91eaf30b74cb819268754cbc2a451f00415e422..0000000000000000000000000000000000000000
Binary files a/backend/__pycache__/myworker.cpython-310.pyc and /dev/null differ
diff --git a/backend/__pycache__/worker.cpython-310.pyc b/backend/__pycache__/worker.cpython-310.pyc
deleted file mode 100644
index a502878d5e116e489cbcadce3d28c5f2c6e64814..0000000000000000000000000000000000000000
Binary files a/backend/__pycache__/worker.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/__pycache__/__init__.cpython-310.pyc b/backend/api/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 2604e3a390d86635d53325bab5f255477185a400..0000000000000000000000000000000000000000
Binary files a/backend/api/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/api_v1/__pycache__/__init__.cpython-310.pyc b/backend/api/api_v1/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index fcbfd79aac7122b1910ab10b29fc646bddc62088..0000000000000000000000000000000000000000
Binary files a/backend/api/api_v1/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/api_v1/__pycache__/api.cpython-310.pyc b/backend/api/api_v1/__pycache__/api.cpython-310.pyc
deleted file mode 100644
index b35baab250e2c82679bab0dbbfb72ecb0cff9819..0000000000000000000000000000000000000000
Binary files a/backend/api/api_v1/__pycache__/api.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/api_v1/__pycache__/deps.cpython-310.pyc b/backend/api/api_v1/__pycache__/deps.cpython-310.pyc
deleted file mode 100644
index 4990f6fc6e98054a9a31cb0b57670f5e87c92806..0000000000000000000000000000000000000000
Binary files a/backend/api/api_v1/__pycache__/deps.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/api_v1/endpoints/__pycache__/__init__.cpython-310.pyc b/backend/api/api_v1/endpoints/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index e225b1b59962e6d9b74b12b2362f9c4975828afd..0000000000000000000000000000000000000000
Binary files a/backend/api/api_v1/endpoints/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/api/api_v1/endpoints/__pycache__/cluster.cpython-310.pyc b/backend/api/api_v1/endpoints/__pycache__/cluster.cpython-310.pyc
deleted file mode 100644
index ff60f1689e716553d6f7d406bfe6d7c02f0d49d5..0000000000000000000000000000000000000000
Binary files a/backend/api/api_v1/endpoints/__pycache__/cluster.cpython-310.pyc and /dev/null differ
diff --git a/backend/core/__pycache__/__init__.cpython-310.pyc b/backend/core/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 0fa706f8b4aaab5d92a20c4e6778f424465a6cb2..0000000000000000000000000000000000000000
Binary files a/backend/core/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/core/__pycache__/config.cpython-310.pyc b/backend/core/__pycache__/config.cpython-310.pyc
deleted file mode 100644
index 103ef1a36f03b4108e23c48f0e4f1ac3e6fe5fc7..0000000000000000000000000000000000000000
Binary files a/backend/core/__pycache__/config.cpython-310.pyc and /dev/null differ
diff --git a/backend/core/__pycache__/database.cpython-310.pyc b/backend/core/__pycache__/database.cpython-310.pyc
deleted file mode 100644
index e94cfa4ec5e1ef8812a2794aac62dcf774eb6137..0000000000000000000000000000000000000000
Binary files a/backend/core/__pycache__/database.cpython-310.pyc and /dev/null differ
diff --git a/backend/core/__pycache__/taskiq.cpython-310.pyc b/backend/core/__pycache__/taskiq.cpython-310.pyc
deleted file mode 100644
index 53df6244d3915fb1adb5bd3648ad7a6f8cf74780..0000000000000000000000000000000000000000
Binary files a/backend/core/__pycache__/taskiq.cpython-310.pyc and /dev/null differ
diff --git a/backend/exceptions/__pycache__/__init__.cpython-310.pyc b/backend/exceptions/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 7921bae8c0c15cd892936dd7f5ab78b2801c7600..0000000000000000000000000000000000000000
Binary files a/backend/exceptions/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/exceptions/__pycache__/cluster.cpython-310.pyc b/backend/exceptions/__pycache__/cluster.cpython-310.pyc
deleted file mode 100644
index 045fad92fde2d7aa1dfc71c1cdc7e3a0bc8bee1b..0000000000000000000000000000000000000000
Binary files a/backend/exceptions/__pycache__/cluster.cpython-310.pyc and /dev/null differ
diff --git a/backend/exceptions/__pycache__/deps.cpython-310.pyc b/backend/exceptions/__pycache__/deps.cpython-310.pyc
deleted file mode 100644
index 73d34e4f093d9c3053493797ee8c1e34e0838e92..0000000000000000000000000000000000000000
Binary files a/backend/exceptions/__pycache__/deps.cpython-310.pyc and /dev/null differ
diff --git a/backend/models/__pycache__/__init__.cpython-310.pyc b/backend/models/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 2a1d2eb4686646285d016b9b4429579d0b1c543b..0000000000000000000000000000000000000000
Binary files a/backend/models/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/models/__pycache__/cluster.cpython-310.pyc b/backend/models/__pycache__/cluster.cpython-310.pyc
deleted file mode 100644
index de7e4b1e55de6ac8d2add548407f1526130e9302..0000000000000000000000000000000000000000
Binary files a/backend/models/__pycache__/cluster.cpython-310.pyc and /dev/null differ
diff --git a/backend/models/__pycache__/deps.cpython-310.pyc b/backend/models/__pycache__/deps.cpython-310.pyc
deleted file mode 100644
index 2f5a55bbb91cdc2572972027ed017596fa5326c8..0000000000000000000000000000000000000000
Binary files a/backend/models/__pycache__/deps.cpython-310.pyc and /dev/null differ
diff --git a/backend/models/__pycache__/user.cpython-310.pyc b/backend/models/__pycache__/user.cpython-310.pyc
deleted file mode 100644
index a15724ced4ae573577f5af352e66a9488a0ab5ff..0000000000000000000000000000000000000000
Binary files a/backend/models/__pycache__/user.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/__pycache__/__init__.cpython-310.pyc b/backend/schemas/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 0ed08b617bca1ee7e9fec81a6ea2b794ed93759f..0000000000000000000000000000000000000000
Binary files a/backend/schemas/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/__pycache__/cluster.cpython-310.pyc b/backend/schemas/__pycache__/cluster.cpython-310.pyc
deleted file mode 100644
index d5c47d112fa2c0b64343544f155c3cf5099a7c17..0000000000000000000000000000000000000000
Binary files a/backend/schemas/__pycache__/cluster.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/__pycache__/task.cpython-310.pyc b/backend/schemas/__pycache__/task.cpython-310.pyc
deleted file mode 100644
index d12b423f7a19eea938c7fe5b43e679f11f6929ec..0000000000000000000000000000000000000000
Binary files a/backend/schemas/__pycache__/task.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/__pycache__/vm.cpython-310.pyc b/backend/schemas/__pycache__/vm.cpython-310.pyc
deleted file mode 100644
index 476aafad650c72df8ddd461a852598c7ee895505..0000000000000000000000000000000000000000
Binary files a/backend/schemas/__pycache__/vm.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/vm/__pycache__/__init__.cpython-310.pyc b/backend/schemas/vm/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 34f779ddf61ac3b4f0a0895609aad50063dee6c3..0000000000000000000000000000000000000000
Binary files a/backend/schemas/vm/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/vm/__pycache__/flavor.cpython-310.pyc b/backend/schemas/vm/__pycache__/flavor.cpython-310.pyc
deleted file mode 100644
index 543f52c4fdb3e3358191f789f19ee838c4a0094f..0000000000000000000000000000000000000000
Binary files a/backend/schemas/vm/__pycache__/flavor.cpython-310.pyc and /dev/null differ
diff --git a/backend/schemas/vm/__pycache__/vm.cpython-310.pyc b/backend/schemas/vm/__pycache__/vm.cpython-310.pyc
deleted file mode 100644
index 910b8f92180b52aeb4c96bf3f5fc1dbd82f11dd6..0000000000000000000000000000000000000000
Binary files a/backend/schemas/vm/__pycache__/vm.cpython-310.pyc and /dev/null differ
diff --git a/backend/tasks/__pycache__/__init__.cpython-310.pyc b/backend/tasks/__pycache__/__init__.cpython-310.pyc
deleted file mode 100644
index 3f857c84e3059aeb81f2bf4eb12cdf306670f427..0000000000000000000000000000000000000000
Binary files a/backend/tasks/__pycache__/__init__.cpython-310.pyc and /dev/null differ
diff --git a/backend/tasks/__pycache__/examples.cpython-310.pyc b/backend/tasks/__pycache__/examples.cpython-310.pyc
deleted file mode 100644
index 9dd2fdbaa95d1916484cd1e117e717000b507a6f..0000000000000000000000000000000000000000
Binary files a/backend/tasks/__pycache__/examples.cpython-310.pyc and /dev/null differ
diff --git a/backend/tasks/__pycache__/ttt.cpython-310.pyc b/backend/tasks/__pycache__/ttt.cpython-310.pyc
deleted file mode 100644
index 702017030d008f5d555d94f9db157ef7a450feff..0000000000000000000000000000000000000000
Binary files a/backend/tasks/__pycache__/ttt.cpython-310.pyc and /dev/null differ
diff --git a/https/Dockerfile b/https/Dockerfile
deleted file mode 100644
index 6c81094a90f775811725551166bcf1f27ade5330..0000000000000000000000000000000000000000
--- a/https/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM python:3.10-slim
-WORKDIR /api-flask
-COPY requirements.txt /api-flask/
-RUN pip3 install --upgrade pip && pip install --no-cache-dir -r requirements.txt
-COPY server.flask.py /api-flask/
-EXPOSE 443
-CMD ["python3", "server.flask.py"]
diff --git a/https/ingress.sh b/https/ingress.sh
deleted file mode 100644
index 08bc2abd29a79af660e04075dc4586dc120ac54f..0000000000000000000000000000000000000000
--- a/https/ingress.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-helm upgrade --install ingress-nginx ingress-nginx \
- --repo https://kubernetes.github.io/ingress-nginx \
- --namespace ingress-nginx --create-namespace
-
-kubectl wait --namespace ingress-nginx \
- --for=condition=ready pod \
- --selector=app.kubernetes.io/component=controller \
- --timeout=120s
-
-IP=$(kubectl get service ingress-nginx-controller --namespace=ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-
-echo $IP
-
-HOSTNAME=demo-nginx.default.svc
-#openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=FR/L=Sophia Antipolis/O=SLICES-RI/CN=$HOSTNAME" -out server.csr
-#openssl x509 -req -extfile <(printf "subjectAltName=DNS:$HOSTNAME") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
-#kubectl create secret tls $HOSTNAME-secret --cert=server.crt --key=server.key
-
-cat << EOF > ingress-demo.yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: demo-nginx
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
-spec:
- ingressClassName: nginx
- tls:
- - hosts:
- - www.demo.io # The hostname for HTTPS
- secretName: $HOSTNAME-secret # TLS secret for SSL termination
- rules:
- - host: www.demo.io
- http:
- paths:
- - backend:
- service:
- name: demo-nginx
- port:
- number: 5000
- path: /
- pathType: Prefix
-EOF
diff --git a/https/launch.sh b/https/launch.sh
deleted file mode 100755
index 19bbc90d15f9f3c9dc39ccd79667ebad943b8a85..0000000000000000000000000000000000000000
--- a/https/launch.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/bash
-# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=FR/L=Sophia Antipolis/O=SLICES-RI/CN=$HOSTNAME" -out server.csr
-# openssl x509 -req -extfile <(printf "subjectAltName=DNS:$HOSTNAME") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
-# kubectl create secret generic tls-secret --from-file=server.key --from-file=server.crt
-
-#python3 -m venv .
-#source ./bin/activate
-#pip3 install -r requirements.txt
-#python3/server.flask.py
diff --git a/https/requirements.txt b/https/requirements.txt
deleted file mode 100644
index 95fef4eb6610cb155983d86c4b22f59d83e4046b..0000000000000000000000000000000000000000
--- a/https/requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-Flask==3.0.3
diff --git a/https/server.flask.py b/https/server.flask.py
deleted file mode 100644
index 19f4a6d0862cdb13cd1afe489b04211a4e4fd6dd..0000000000000000000000000000000000000000
--- a/https/server.flask.py
+++ /dev/null
@@ -1,126 +0,0 @@
-# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=172.29.7.11" -out server.csr
-# openssl x509 -req -extfile <(printf "subjectAltName=DNS:172.29.7.11,IP:172.29.7.11") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
-# kubectl create secret generic tls-secret --from-file=server.key --from-file=server.crt
-
-# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=172.29.7.11" -out server.csr
-# openssl x509 -req -extfile <(printf "subjectAltName=DNS:172.29.7.11,IP:172.29.7.11") -days 365 -in server.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out server.crt
-# python3 -m venv ~/https
-# source ~/https/bin/activate
-# pip3 install -r requirements.txt
-
-from flask import Flask, request, jsonify
-import argparse
-import os
-
-def check_environment_variables():
- """
- Checks and returns the 'KEY', 'CERTIFICATE', and 'PORT' values.
-
- - Both 'KEY' and 'CERTIFICATE' are optional environment variables, but if one is set,
- both must be defined. If only one is set without the other, a ValueError is raised.
- - 'PORT' can be provided via an environment variable. Defaults to 80 if 'KEY' is not defined,
- and 443 if 'KEY' is defined, if the environment variable is not set.
-
- Returns:
- tuple: A tuple containing the values of 'KEY', 'CERTIFICATE', and 'PORT'. If neither
- 'KEY' nor 'CERTIFICATE' is set, both values will be None.
-
- Raises:
- ValueError: If one of 'KEY' or 'CERTIFICATE' is set but the other is not.
- """
- key = os.getenv('KEY')
- certificate = os.getenv('CERTIFICATE')
-
- if key is not None or certificate is not None:
- if not (key and certificate):
- raise ValueError("Both 'KEY' and 'CERTIFICATE' must be defined if one is set.")
-
- # Determine port value from environment variable
- port_env = os.getenv('PORT')
- if port_env is not None:
- try:
- port = int(port_env)
- except ValueError:
- raise ValueError("Environment variable 'PORT' must be an integer.")
- else:
- # Default port values based on the presence of 'key'
- if key is not None:
- port = 443
- else:
- port = 80
-
- return key, certificate, port
-
-app = Flask(__name__)
-
-@app.route("/namespace", methods = ['GET', 'POST'])
-
-def hello():
- print (request.json)
- uid = request.json['request']['uid']
- ns = request.json['request']['name']
- operation = request.json['request']['operation']
- username = request.json['request']['userInfo']['username']
- groups = request.json['request']['userInfo']['groups']
-
- if "SLICES-RI" not in groups:
- print ("skip check")
- msg = { "apiVersion": "admission.k8s.io/v1",
- "kind": "AdmissionReview",
- "response": {
- "uid": f"{uid}",
- "allowed": True
- }
- }
- return msg
-
-
- if not ns.startswith(username):
- if operation == "CREATE":
- msg = {
- "apiVersion": "admission.k8s.io/v1",
- "kind": "AdmissionReview",
- "response": {
- "uid": f"{uid}",
- "allowed": False,
- "status": {
- "code": 403,
- "message": f"Invalid namespace, your namsespace must be of the form '{username}-*'"
- }
- }
- }
- elif operation == "DELETE":
- msg = {
- "apiVersion": "admission.k8s.io/v1",
- "kind": "AdmissionReview",
- "response": {
- "uid": f"{uid}",
- "allowed": False,
- "status": {
- "code": 403,
- "message": f"Invalid namespace, your namsespace to delete must be of the form '{username}-*'"
- }
- }
- }
- else:
- msg = { "apiVersion": "admission.k8s.io/v1",
- "kind": "AdmissionReview",
- "response": {
- "uid": f"{uid}",
- "allowed": True
- }
- }
- print ("Should install everything in the ns {}".format(ns))
- print (request.remote_addr)
- return msg
-
-if __name__ == "__main__":
- try:
- key, certificate, port = check_environment_variables()
- except ValueError as e:
- print(f"Error: {e}")
-
- if key is None:
- app.run(host='0.0.0.0', port=port)
- else:
- app.run(host='0.0.0.0', port=port, ssl_context=(certificate, key))
diff --git a/k8s/add_roles.sh b/k8s/add_roles.sh
deleted file mode 100755
index 92ad9e3b4d6a7e20aacb49ea55fba4a31a0f7b50..0000000000000000000000000000000000000000
--- a/k8s/add_roles.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/usr/bin/bash
-echo "Create the roles"
-kubectl create -f roles.yaml
diff --git a/k8s/add_user.sh b/k8s/add_user.sh
deleted file mode 100755
index 2f4d862270ba4b2d5d68d5868d4b5fcf07cd4534..0000000000000000000000000000000000000000
--- a/k8s/add_user.sh
+++ /dev/null
@@ -1,150 +0,0 @@
-#!/usr/bin/bash
-# Function to display usage with parameter explanations and example
-usage() {
- echo "Usage: $0 --username <username> --api-server-endpoint <api-server-endpoint> --cluster-name <cluster-name> [--duration <duration>]"
- echo ""
- echo "Parameters:"
- echo " --username : (Required) The username to create in the cluster."
- echo " --api-server-endpoint : (Required) The API server endpoint, must be in URL format (e.g., https://192.0.2.1:6443)."
- echo " --cluster-name : (Required) The name of the cluster you're targeting."
- echo " --duration : (Optional) The duration of the session in days. Must be a positive integer. Default is 7 days."
- echo ""
- echo "Example:"
- echo "$0 --username toto --api-server-endpoint https://192.0.2.1:6443 --cluster-name cluster --duration 7"
- exit 1
-}
-
-# Function to check if a value is an integer
-is_integer() {
- [[ "$1" =~ ^[0-9]+$ ]]
-}
-
-# Set default value for duration
-DURATION=7
-
-# Check if the number of arguments is at least 6 (3 mandatory parameters and their values)
-if [ "$#" -lt 6 ]; then
- usage
-fi
-
-# Parse the named parameters
-while [[ "$#" -gt 0 ]]; do
- case $1 in
- --username)
- USERNAME="$2"
- shift 2
- ;;
- --api-server-endpoint)
- API_SERVER_ENDPOINT="$2"
- shift 2
- ;;
- --cluster-name)
- CLUSTER_NAME="$2"
- shift 2
- ;;
- --duration)
- DURATION="$2"
- if ! is_integer "$DURATION"; then
- echo "Error: --duration must be an integer representing the number of days."
- usage
- fi
- shift 2
- ;;
- *)
- echo "Unknown parameter: $1"
- usage
- ;;
- esac
-done
-
-# Check if all required parameters are provided
-if [[ -z "$USERNAME" || -z "$API_SERVER_ENDPOINT" || -z "$CLUSTER_NAME" ]]; then
- usage
-fi
-
-# Display the parameters (you can replace this part with your actual logic)
-echo "Username: $USERNAME"
-echo "API Server Endpoint: $API_SERVER_ENDPOINT"
-echo "Cluster Name: $CLUSTER_NAME"
-
-
-# If duration is provided, display it
-if [[ -n "$DURATION" ]]; then
- echo "Duration: $DURATION days"
-fi
-
-#USERNAME=pos1
-#API_SERVER_ENDPOINT="https://172.29.7.62:6443"
-#CLUSTER_NAME="centralhub"
-
-GROUP=SLICES-RI
-
-DIR=RBAC
-
-USER_KEY=$DIR/$USERNAME/$USERNAME.key
-USER_CSR=$DIR/$USERNAME/$USERNAME.csr
-USER_CRT=$DIR/$USERNAME/$USERNAME.crt
-K8S_SIGN_REQUEST=$DIR/$USERNAME/${USERNAME}_k8s_sign_request.yaml
-KUBECONFIG=$DIR/$USERNAME/config-${USERNAME}
-
-EXPIRATION_SECONDS=$(( $DURATION * 3600 * 24))
-
-mkdir -p $DIR/$USERNAME
-
-echo "Create private key"
-openssl genrsa -out $USER_KEY 2048
-
-echo "Create CSR"
-openssl req -new -key $USER_KEY -out $USER_CSR -subj "/CN=$USERNAME/O=${GROUP}" #/O=kubeadm:cluster-admins"
-
-request=$(cat $USER_CSR | base64 | tr -d "\n")
-
-echo "Generate k8s sign request"
-cat > $K8S_SIGN_REQUEST <<EOF
-apiVersion: certificates.k8s.io/v1
-kind: CertificateSigningRequest
-metadata:
- name: $USERNAME
-spec:
- request: $request
- signerName: kubernetes.io/kube-apiserver-client
- expirationSeconds: $EXPIRATION_SECONDS
- usages:
- - client auth
-EOF
-
-echo "Submit k8s sign request"
-kubectl apply -f $K8S_SIGN_REQUEST
-
-echo "Validate the request"
-kubectl certificate approve $USERNAME
-
-echo "Obtain the certificate"
-kubectl get csr $USERNAME -o jsonpath='{.status.certificate}'| base64 -d > $USER_CRT
-
-echo "Bind the roles to the user"
-kubectl create clusterrolebinding $USERNAME-slicesViewRole --clusterrole=slicesViewRole --user=$USERNAME
-kubectl create clusterrolebinding $USERNAME-slicesCreateRole --clusterrole=slicesCreateRole --user=$USERNAME
-kubectl create clusterrolebinding $USERNAME-slicesUpdateRole --clusterrole=slicesUpdateRole --user=$USERNAME
-kubectl create clusterrolebinding $USERNAME-slicesDeleteRole --clusterrole=slicesDeleteRole --user=$USERNAME
-
-echo "Add user and context to kubeconfig"
-cat << EOF > $KUBECONFIG
----
-apiVersion: v1
-clusters:
-- cluster:
- certificate-authority-data: $(cat /etc/kubernetes/pki/ca.crt | base64 | tr -d "\n")
- server: $API_SERVER_ENDPOINT
- name: $CLUSTER_NAME
-EOF
-
-kubectl --kubeconfig=$KUBECONFIG config set-credentials $USERNAME --client-key=$USER_KEY --client-certificate=$USER_CRT --embed-certs=true
-kubectl --kubeconfig=$KUBECONFIG config set-context $USERNAME --cluster=$CLUSTER_NAME --user=$USERNAME
-kubectl --kubeconfig=$KUBECONFIG config use-context $USERNAME
-
-echo "# To remove the user:"
-echo "# ==================="
-echo '# kubectl delete clusterrolebinding $(kubectl get clusterrolebinding | grep pos1-slices | awk '\''{print $1}'\'')'
-echo "# kubectl delete csr $USERNAME"
-exit
diff --git a/k8s/roles.yaml b/k8s/roles.yaml
deleted file mode 100644
index f9e5230a9de3e44737e7a395001eb4e316b9b32f..0000000000000000000000000000000000000000
--- a/k8s/roles.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: slicesViewRole
-rules:
- - apiGroups: ['*']
- resources: ['*']
- verbs: ['get', 'list', 'watch']
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: slicesCreateRole
-rules:
- - apiGroups: ['*']
- resources: ['*']
- verbs: ['create']
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: slicesUpdateRole
-rules:
- - apiGroups: ['*']
- resources: ['*']
- verbs: ['update', 'patch']
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: slicesDeleteRole
-rules:
- - apiGroups: ['*']
- resources: ['*']
- verbs: ['delete', 'deletecollection']
diff --git a/k8s/service.yaml b/k8s/service.yaml
deleted file mode 100644
index f16326206e4667e6fa864a3bff42f72d6fb77f65..0000000000000000000000000000000000000000
--- a/k8s/service.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: demo-nginx
- labels:
- app.kubernetes.io/name: proxy
-spec:
- containers:
- - name: demo-nginx
- image: 172.29.7.10:5001/k8s-webhook
- env:
- - name: KEY
- value: "/server.key"
- - name: CERTIFICATE
- value: "/server.crt"
- volumeMounts:
- - name: secret-volume
- mountPath: "/server.key"
- subPath: server.key
- readOnly: true
- - name: secret-volume
- mountPath: "/server.crt"
- subPath: server.crt
- readOnly: true
- ports:
- - containerPort: 443
- name: http-web-svc
- volumes:
- - name: secret-volume
- secret:
- secretName: tls-secret
- items:
- - key: server.key
- path: server.key
- - key: server.crt
- path: server.crt
-
----
-apiVersion: v1
-kind: Service
-metadata:
- name: demo-nginx
-spec:
- selector:
- app.kubernetes.io/name: proxy
- ports:
- - name: name-of-service-port
- protocol: TCP
- port: 443
- targetPort: http-web-svc
diff --git a/k8s/webhook.sh b/k8s/webhook.sh
deleted file mode 100644
index a8e240b3c1329a1007cb9e1a928e8ccedc4a4b64..0000000000000000000000000000000000000000
--- a/k8s/webhook.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-cat <<EOF > webhook.yaml
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
- name: my-webhook
-webhooks:
-- name: my-webhook.example.org
- clientConfig:
- url: "https://172.29.7.11:8000/namespace"
- caBundle: $(sudo cat /etc/kubernetes/pki/ca.crt | base64|tr -d "\n")
- rules:
- - operations: ["CREATE", "DELETE"]
- apiGroups: [""]
- apiVersions: ["v1"]
- resources: ["namespaces"]
- admissionReviewVersions: ["v1"]
- timeoutSeconds: 5
- sideEffects: NoneOnDryRun
-EOF
-
-kubectl create -f webhook.yaml
diff --git a/k8s/webhook_service.sh b/k8s/webhook_service.sh
deleted file mode 100644
index 760ef9f695f0a5fb80cc1908fd9dbbd097989b06..0000000000000000000000000000000000000000
--- a/k8s/webhook_service.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-cat <<EOF > webhook.yaml
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
- name: my-webhook
-webhooks:
-- name: www.demo.io
- clientConfig:
- service:
- namespace: default
- name: demo-nginx
- path: /namespace
- caBundle: $(sudo cat /etc/kubernetes/pki/ca.crt | base64 | tr -d "\n")
- rules:
- - operations: ["CREATE", "DELETE"]
- apiGroups: [""]
- apiVersions: ["v1"]
- resources: ["namespaces"]
- admissionReviewVersions: ["v1"]
- timeoutSeconds: 5
- sideEffects: NoneOnDryRun
-EOF
-
-kubectl create -f webhook.yaml