Last active
February 3, 2020 17:40
-
-
Save rudolphjacksonm/78e622f90d9b6913f029065193933839 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Backup all cert-manager data before upgrade | |
kubectl get -o yaml \ | |
--all-namespaces \ | |
issuer,clusterissuer,certificates > cert-manager-backup.yaml | |
# Backing up certificaterequests separately as our cluster | |
# didn't have this type of resource and hence would error out | |
kubectl get -o yaml \ | |
--all-namespaces \ | |
certificaterequests >> cert-manager-backup.yaml | |
# Remove cert-manager from kube-system | |
helm uninstall cert-manager -n kube-system | |
# Ensure CRDs are removed | |
kubectl delete crd \ | |
certificates.certmanager.k8s.io \ | |
issuers.certmanager.k8s.io \ | |
clusterissuers.certmanager.k8s.io | |
# Remove ClusterrRoleBinding(s) | |
if kubectl get clusterrolebinding -l app=cert-manager 2>&1 > /dev/null; then | |
echo 'Removing ClusterRoleBindings for cert-manager' | |
kubectl delete clusterrolebinding -l app=cert-manager | |
fi | |
# Remove ClusterRole(s) | |
if kubectl get clusterrole -l app=cert-manager 2>&1 > /dev/null; then | |
echo 'Removing ClusterRoles for cert-manager' | |
kubectl delete clusterrole -l app=cert-manager | |
fi | |
# Remove ServiceAccount(s) | |
if kubectl get serviceaccount -l app=cert-manager -n kube-system 2>&1 > /dev/null; then | |
echo 'Deleting ServiceAccounts for cert-manager' | |
kubectl delete serviceaccount -l app=cert-manager | |
fi | |
# Apply CRDs | |
kubectl apply \ | |
-f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml | |
# Create the cert-manager namespace if it doesn't already exist | |
kubectl create namespace cert-manager | |
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true" | |
# Install the new version of cert-manager | |
helm repo add jetstack https://charts.jetstack.io | |
helm install cert-manager --namespace cert-manager jetstack/cert-manager --version "v0.7.2" --wait --timeout 180s | |
# Wait for webhook component to be ready before restoring backup | |
kubectl wait --for=condition=ready pod -n cert-manager -l app=webhook | |
# Restore all resources from backup we made earlier | |
kubectl apply -f ./cert-manager-backup.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment