Last active
December 4, 2020 01:33
-
-
Save cdoan1/4cc8e9b2b8b5a4e476254c5840958c7f to your computer and use it in GitHub Desktop.
RHACM 2.1 create multicloud-ca-cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# manually recreate the Issuers and Certificates | |
# for cert-manager | |
# | |
# WHEN to use this script | |
# * when console-header fails to start because multicloud-ca-cert is missing | |
# * when Issuers and Certificates are not present | |
# | |
# This script will create the Issuers/Certificates, and cause the multicloud-ca-cert to be | |
# generated | |
# | |
# RHACM 2.1 | |
# | |
NS=open-cluster-management | |
oc get Issuers,Certificates -n $NS | |
APPLICATION_UI_DEPLOYMENT=$(oc get deployment -n $NS | grep applicationui | awk '{print $1}') | |
CONSOLE_CHART=$(oc get helmrelease -A | grep console | awk '{print $2}') | |
MGMT_INGRESS_CHART=$(oc get helmrelease -A | grep ingress | awk '{print $2}') | |
GRC_CHART=$(oc get helmrelease -A | grep grc | awk '{print $2}') | |
SEARCH_CHART=$(oc get helmrelease -A | grep search-prod | awk '{print $2}') | |
TOPOLOGY_CHART=$(oc get helmrelease -A | grep topology | awk '{print $2}') | |
CLUSTER=acmhub | |
BASE_DOMAIN=rhd-qe.com | |
cat > hack.yaml <<EOF | |
--- | |
apiVersion: v1 | |
items: | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: cert-manager-rhacm-selfsign | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: cert-manager-webhook-selfsign | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: multicloud-ca-issuer | |
namespace: open-cluster-management | |
spec: | |
ca: | |
secretName: multicloud-ca-cert | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: multicluster-hub-mcm-server-ca-issuer | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${APPLICATION_UI_DEPLOYMENT}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: applicationui | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${APPLICATION_UI_DEPLOYMENT}-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${CONSOLE_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${CONSOLE_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${CONSOLE_CHART}-uiapi-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${GRC_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${GRC_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${GRC_CHART}-grc-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: kui-proxy | |
namespace: open-cluster-management | |
spec: | |
commonName: kui-proxy | |
dnsNames: | |
- kui-proxy.kube-system | |
- kui-proxy.kube-system.svc | |
- localhost | |
- 127.0.0.1 | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
secretName: kui-proxy-secret | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${MGMT_INGRESS_CHART}-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: management-ingress | |
dnsNames: | |
- mycluster.icp | |
- ${MGMT_INGRESS_CHART}-cluster-management | |
- ${MGMT_INGRESS_CHART}.open-cluster-management.svc | |
- ${MGMT_INGRESS_CHART} | |
- ${MGMT_INGRESS_CHART}.open-cluster-management | |
- ${MGMT_INGRESS_CHART}.open-cluster-management.svc | |
- management-ingress | |
- management-ingress.open-cluster-management | |
- management-ingress.open-cluster-management.svc | |
- multicloud-console.apps.wilds.${CLUSTER_NAME}.${BASE_DOMAIN} | |
- localhost | |
duration: 2160h0m0s | |
ipAddresses: | |
- 127.0.0.1 | |
- 127.0.0.1 | |
- 127.0.0.1 | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
renewBefore: 24h0m0s | |
secretName: ${MGMT_INGRESS_CHART}-tls-secret | |
usages: | |
- server auth | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: multicloud-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: www.redhat.com | |
dnsNames: | |
- www.redhat.com | |
duration: 43800h0m0s | |
isCA: true | |
issuerRef: | |
kind: Issuer | |
name: cert-manager-rhacm-selfsign | |
keySize: 4096 | |
organization: | |
- OpenShift ACM | |
renewBefore: 720h0m0s | |
secretName: multicloud-ca-cert | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: search-aggregator-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-aggregator | |
dnsNames: | |
- search-aggregator | |
- search-aggregator.open-cluster-management | |
- search-aggregator.open-cluster-management.svc | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: search-aggregator-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${SEARCH_CHART}-redis-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-redisgraph | |
dnsNames: | |
- ${SEARCH_CHART}-search-redisgraph | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${SEARCH_CHART}-redisgraph-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${SEARCH_CHART}-search-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-api | |
dnsNames: | |
- ${SEARCH_CHART}-search-api | |
- ${SEARCH_CHART}-search-api.open-cluster-management | |
- ${SEARCH_CHART}-search-api.open-cluster-management.svc | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${SEARCH_CHART}-search-api-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${TOPOLOGY_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${TOPOLOGY_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${TOPOLOGY_CHART}-topology-secrets | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
EOF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.1/html/release_notes/red-hat-advanced-cluster-management-for-kubernetes-release-notes#security-known-issues