Skip to content

Instantly share code, notes, and snippets.

@sboardwell
Last active June 25, 2019 13:27
Show Gist options
  • Save sboardwell/36d8204d24890992800f200cb689a0b3 to your computer and use it in GitHub Desktop.
Save sboardwell/36d8204d24890992800f200cb689a0b3 to your computer and use it in GitHub Desktop.
add_certificates() {
local envType=$1
local secretName ns
kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml)
kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml)
kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml
kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml
# get the secret name
secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName')
# get the namespace
ns=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.metadata.namespace')
# wait until the secret is available
while ! kubectl get secret $secretName -n $ns &> /dev/null; do
echo "Waiting to patch secret $ns/$secretName..."; sleep 2
done
# add the annotations
kubectl patch secret $secretName -n $ns --type merge -p '{"metadata": {"annotations": {
"replicator.v1.mittwald.de/replication-allowed": "true",
"replicator.v1.mittwald.de/replication-allowed-namespaces": ".*"
}}}'
echo "Please ensure the '${envType}' certificates were created properly."
echo "Run:"
echo " kubectl -n kube-system get certificates"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment