Skip to content

Instantly share code, notes, and snippets.

@superbrothers superbrothers/kind-load-certfile
Last active Mar 25, 2020

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
kind-load-certfile
#!/usr/bin/env bash
set -e -o pipefail; [[ -n "$DEBUG" ]] && set -x
CERT_DIR="${CERT_DIR:-"/usr/local/share/ca-certificates"}"
function usage() {
echo "Usage: $(basename "$0") [-n name] certflie ..." >&2
}
while getopts n: OPT; do
case $OPT in
n) name="$OPTARG"
;;
*) usage
exit 1
;;
esac
done
shift "$((OPTIND - 1))"
name="${name:-"kind"}"
if [[ $# -eq 0 ]]; then
usage
exit 1
fi
containers="$(kind get nodes --name="$name" 2>/dev/null)"
if [[ "$containers" == "" ]]; then
echo "No kind nodes found for cluster \"$name\"" >&2
exit 1
fi
while IFS= read -r container; do
for certfile in "$@"; do
echo "Copying ${certfile} to ${container}:${CERT_DIR}"
docker cp "$certfile" "${container}:${CERT_DIR}"
done
echo "Updating CA certificates in ${container}..."
docker exec "$container" update-ca-certificates
echo "Restarting containerd"
docker exec "$container" systemctl restart containerd
done <<< "$containers"
# vim: ai ts=2 sw=2 et sts=2 ft=sh
@jrobison153

This comment has been minimized.

Sign in to view
Copy link

jrobison153 commented Mar 17, 2020
edited

Great script, saved me a bunch of leg work. One thing though, I ran into an issue with the for loop on line 35. This loop isn't splitting the newline separated list of container names correctly. I had to modify it to the following and all was well

while IFS= read -r container
do
  for certfile in "$@"; do
    echo "Copying ${certfile} to ${container}:${CERT_DIR}"
    docker cp "$certfile" "${container}:${CERT_DIR}"
  done

  echo "Updating CA certificates in ${container}..."
  docker exec "$container" update-ca-certificates

  echo "Restarting containerd"
  docker exec "$container" systemctl restart containerd
done <<< "$containers"
@superbrothers

This comment has been minimized.

Sign in to view
Copy link
Owner Author

superbrothers commented Mar 18, 2020
edited

@jrobison153 Thanks for the suggestion. I changed it like that 😊
@knowings

This comment has been minimized.

Sign in to view
Copy link

knowings commented Mar 25, 2020
edited

Hi,

First, Bravo for the script and I also vote for kind supporting this feature.

While I was struggling with certs, I fell on https://askubuntu.com/a/1159454 and I experienced exactly what is described: you must update /etc/ca-certificates.conf to make update-ca-certificates success. My 2 cents...

Best regards
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.