Forked from cdoan1/generate-update-issuer-cert-manifest.sh
Last active
December 4, 2020 16:05
-
-
Save mdelder/8bc939a2b849130fd841d7866487d4ba to your computer and use it in GitHub Desktop.
Update certificate from cert-manager certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# manually recreate the Issuers and Certificates for cert-manager | |
NS=${NS:-open-cluster-management} | |
CLUSTER_NAME=${CLUSTER:-mycluster} | |
BASE_DOMAIN=${BASE_DOMAIN:-mydomain.com} | |
APPLICATION_UI_DEPLOYMENT=$(oc get deployment -n $NS | grep applicationui | awk '{print $1}') | |
CONSOLE_CHART=$(oc get helmrelease -A | grep console | awk '{print $2}') | |
MGMT_INGRESS_CHART=$(oc get helmrelease -A | grep ingress | awk '{print $2}') | |
GRC_CHART=$(oc get helmrelease -A | grep grc | awk '{print $2}') | |
SEARCH_CHART=$(oc get helmrelease -A | grep search-prod | awk '{print $2}') | |
TOPOLOGY_CHART=$(oc get helmrelease -A | grep topology | awk '{print $2}') | |
echo "Current ACM Certificate ..." | |
oc get -n $NS certificates.certmanager.k8s.io | |
oc apply -n $NS -f - <<EOF | |
--- | |
apiVersion: v1 | |
items: | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: cert-manager-rhacm-selfsign | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: cert-manager-webhook-selfsign | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: multicloud-ca-issuer | |
namespace: open-cluster-management | |
spec: | |
ca: | |
secretName: multicloud-ca-cert | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Issuer | |
metadata: | |
name: multicluster-hub-mcm-server-ca-issuer | |
namespace: open-cluster-management | |
spec: | |
selfSigned: {} | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${APPLICATION_UI_DEPLOYMENT}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: applicationui | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${APPLICATION_UI_DEPLOYMENT}-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${CONSOLE_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${CONSOLE_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${CONSOLE_CHART}-uiapi-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${GRC_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${GRC_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${GRC_CHART}-grc-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: kui-proxy | |
namespace: open-cluster-management | |
spec: | |
commonName: kui-proxy | |
dnsNames: | |
- kui-proxy.kube-system | |
- kui-proxy.kube-system.svc | |
- localhost | |
- 127.0.0.1 | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
secretName: kui-proxy-secret | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${MGMT_INGRESS_CHART}-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: management-ingress | |
dnsNames: | |
- mycluster.icp | |
- ${MGMT_INGRESS_CHART}-cluster-management | |
- ${MGMT_INGRESS_CHART}.open-cluster-management.svc | |
- ${MGMT_INGRESS_CHART} | |
- ${MGMT_INGRESS_CHART}.open-cluster-management | |
- ${MGMT_INGRESS_CHART}.open-cluster-management.svc | |
- management-ingress | |
- management-ingress.open-cluster-management | |
- management-ingress.open-cluster-management.svc | |
- multicloud-console.apps.wilds.${CLUSTER_NAME}.${BASE_DOMAIN} | |
- localhost | |
duration: 2160h0m0s | |
ipAddresses: | |
- 127.0.0.1 | |
- 127.0.0.1 | |
- 127.0.0.1 | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
renewBefore: 24h0m0s | |
secretName: ${MGMT_INGRESS_CHART}-tls-secret | |
usages: | |
- server auth | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: multicloud-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: www.redhat.com | |
dnsNames: | |
- www.redhat.com | |
duration: 43800h0m0s | |
isCA: true | |
issuerRef: | |
kind: Issuer | |
name: cert-manager-rhacm-selfsign | |
keySize: 4096 | |
organization: | |
- OpenShift ACM | |
renewBefore: 720h0m0s | |
secretName: multicloud-ca-cert | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: search-aggregator-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-aggregator | |
dnsNames: | |
- search-aggregator | |
- search-aggregator.open-cluster-management | |
- search-aggregator.open-cluster-management.svc | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: search-aggregator-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${SEARCH_CHART}-redis-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-redisgraph | |
dnsNames: | |
- ${SEARCH_CHART}-search-redisgraph | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${SEARCH_CHART}-redisgraph-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${SEARCH_CHART}-search-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: search-api | |
dnsNames: | |
- ${SEARCH_CHART}-search-api | |
- ${SEARCH_CHART}-search-api.open-cluster-management | |
- ${SEARCH_CHART}-search-api.open-cluster-management.svc | |
issuerRef: | |
kind: Issuer | |
name: multicloud-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${SEARCH_CHART}-search-api-secrets | |
- apiVersion: certmanager.k8s.io/v1alpha1 | |
kind: Certificate | |
metadata: | |
name: ${TOPOLOGY_CHART}-ca-cert | |
namespace: open-cluster-management | |
spec: | |
commonName: ${TOPOLOGY_CHART} | |
issuerRef: | |
kind: Issuer | |
name: multicluster-hub-mcm-server-ca-issuer | |
organization: | |
- Red Hat | |
secretName: ${TOPOLOGY_CHART}-topology-secrets | |
kind: List | |
metadata: | |
resourceVersion: "" | |
selfLink: "" | |
EOF | |
sleep 20 | |
echo "Verify All Certificate in True state..." | |
oc get -n $NS certificates.certmanager.k8s.io |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment