tosin2013/configure-keys-on-openshift.sh

## configure-keys-on-openshift.sh
#!/bin/bash
set -xe

if [[ $# -ne 3 ]]; then
    echo "Usage: $0 <AWS_ACCESS_KEY> <AWS_SECRET_ACCESS_KEY> <CONTAINER_RUN_TIME>"
    exit 1
fi

# Check if logged on to OpenShift and if not exit
if ! oc whoami &> /dev/null; then
    echo "Not logged on to OpenShift"
    exit 1
fi


AWS_ACCESS_KEY_ID="$1"
AWS_SECRET_ACCESS_KEY="$2"
CONTAINER_RUN_TIME="$3"
export LE_API=$(oc whoami --show-server | cut -f 2 -d ':' | cut -f 3 -d '/' | sed 's/-api././')
export LE_WILDCARD=$(oc get ingresscontroller default -n openshift-ingress-operator -o jsonpath='{.status.domain}')

if [[ "$CONTAINER_RUN_TIME" == "docker" ]]; then
    echo "Using Docker"
    docker run --rm -it --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" -v "/etc/letsencrypt:/etc/letsencrypt" certbot/dns-route53 certonly --dns-route53 -d "$LE_API" -d "*.$LE_WILDCARD" --agree-tos
elif [[ "$CONTAINER_RUN_TIME" == "podman" ]]; then
    echo "Using Podman"
    mkdir -p /etc/letsencrypt/
    podman run --rm -it \
        --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
        --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
        -v "/etc/letsencrypt:/etc/letsencrypt:Z" \
        certbot/dns-route53 \
        certonly --dns-route53 \
        -d "$LE_API" \
        -d "*.$LE_WILDCARD" \
        --agree-tos
else
    echo "Invalid container runtime"
    exit 1
fi

CERTDIR="/etc/letsencrypt/live/$LE_API"
oc create secret tls router-certs --cert="${CERTDIR}/fullchain.pem" --key="${CERTDIR}/privkey.pem" -n openshift-ingress

oc patch ingresscontroller default -n openshift-ingress-operator --type=merge --patch='{"spec": { "defaultCertificate": { "name": "router-certs" }}}'

oc get po -n openshift-ingress
oc get co
	#!/bin/bash
	set -xe

	if [[ $# -ne 3 ]]; then
	echo "Usage: $0 <AWS_ACCESS_KEY> <AWS_SECRET_ACCESS_KEY> <CONTAINER_RUN_TIME>"
	exit 1
	fi

	# Check if logged on to OpenShift and if not exit
	if ! oc whoami &> /dev/null; then
	echo "Not logged on to OpenShift"
	exit 1
	fi


	AWS_ACCESS_KEY_ID="$1"
	AWS_SECRET_ACCESS_KEY="$2"
	CONTAINER_RUN_TIME="$3"
	export LE_API=$(oc whoami --show-server \| cut -f 2 -d ':' \| cut -f 3 -d '/' \| sed 's/-api././')
	export LE_WILDCARD=$(oc get ingresscontroller default -n openshift-ingress-operator -o jsonpath='{.status.domain}')

	if [[ "$CONTAINER_RUN_TIME" == "docker" ]]; then
	echo "Using Docker"
	docker run --rm -it --env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" --env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" -v "/etc/letsencrypt:/etc/letsencrypt" certbot/dns-route53 certonly --dns-route53 -d "$LE_API" -d "*.$LE_WILDCARD" --agree-tos
	elif [[ "$CONTAINER_RUN_TIME" == "podman" ]]; then
	echo "Using Podman"
	mkdir -p /etc/letsencrypt/
	podman run --rm -it \
	--env AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
	--env AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
	-v "/etc/letsencrypt:/etc/letsencrypt:Z" \
	certbot/dns-route53 \
	certonly --dns-route53 \
	-d "$LE_API" \
	-d "*.$LE_WILDCARD" \
	--agree-tos
	else
	echo "Invalid container runtime"
	exit 1
	fi

	CERTDIR="/etc/letsencrypt/live/$LE_API"
	oc create secret tls router-certs --cert="${CERTDIR}/fullchain.pem" --key="${CERTDIR}/privkey.pem" -n openshift-ingress

	oc patch ingresscontroller default -n openshift-ingress-operator --type=merge --patch='{"spec": { "defaultCertificate": { "name": "router-certs" }}}'

	oc get po -n openshift-ingress
	oc get co