Skip to content

Instantly share code, notes, and snippets.

@rudolphjacksonm
Last active February 3, 2020 17:40
Show Gist options
  • Save rudolphjacksonm/78e622f90d9b6913f029065193933839 to your computer and use it in GitHub Desktop.
Save rudolphjacksonm/78e622f90d9b6913f029065193933839 to your computer and use it in GitHub Desktop.
#!/bin/bash
# Backup all cert-manager data before upgrade
kubectl get -o yaml \
--all-namespaces \
issuer,clusterissuer,certificates > cert-manager-backup.yaml
# Backing up certificaterequests separately as our cluster
# didn't have this type of resource and hence would error out
kubectl get -o yaml \
--all-namespaces \
certificaterequests >> cert-manager-backup.yaml
# Remove cert-manager from kube-system
helm uninstall cert-manager -n kube-system
# Ensure CRDs are removed
kubectl delete crd \
certificates.certmanager.k8s.io \
issuers.certmanager.k8s.io \
clusterissuers.certmanager.k8s.io
# Remove ClusterrRoleBinding(s)
if kubectl get clusterrolebinding -l app=cert-manager 2>&1 > /dev/null; then
echo 'Removing ClusterRoleBindings for cert-manager'
kubectl delete clusterrolebinding -l app=cert-manager
fi
# Remove ClusterRole(s)
if kubectl get clusterrole -l app=cert-manager 2>&1 > /dev/null; then
echo 'Removing ClusterRoles for cert-manager'
kubectl delete clusterrole -l app=cert-manager
fi
# Remove ServiceAccount(s)
if kubectl get serviceaccount -l app=cert-manager -n kube-system 2>&1 > /dev/null; then
echo 'Deleting ServiceAccounts for cert-manager'
kubectl delete serviceaccount -l app=cert-manager
fi
# Apply CRDs
kubectl apply \
-f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
# Create the cert-manager namespace if it doesn't already exist
kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
# Install the new version of cert-manager
helm repo add jetstack https://charts.jetstack.io
helm install cert-manager --namespace cert-manager jetstack/cert-manager --version "v0.7.2" --wait --timeout 180s
# Wait for webhook component to be ready before restoring backup
kubectl wait --for=condition=ready pod -n cert-manager -l app=webhook
# Restore all resources from backup we made earlier
kubectl apply -f ./cert-manager-backup.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment