AlexisDucastel · April 14, 2023 18:00
diff --git a/rancher-upgrade-cert-manager-version.sh b/rancher-upgrade-cert-manager-version.sh
 #!/bin/bash
 function failure { echo $@ >&2; exit 1; }

 RANCHER_NAMESPACE=${RANCHER_NAMESPACE:-cattle-system}
 RANCHER_RELEASE_NAME=${RANCHER_RELEASE_NAME:-rancher}

 # Pre-Flight checks
 echo "ok"|sed -r "s/^(ok)/yes/"|grep yes >/dev/null \
    && echo "Preflight test : sed ok" \
    || failure "Your sed does not support extended regexp, more info at https://github.com/rancher/rancher/issues/35319#issuecomment-1173825923"

 # Detecting revision number
 RANCHER_REVISION=$(helm list -n ${RANCHER_NAMESPACE} |grep -E "^${RANCHER_RELEASE_NAME} " | awk '{print $3}')
 # Calculating secret name
 SECRET_NAME=sh.helm.release.v1.${RANCHER_RELEASE_NAME}.v${RANCHER_REVISION}


 # Checking if patch is needed
 echo "Checking if cert-manager beta or alpha is present in the release :"
 kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
    | jq .data.release -r | base64 -d | base64 -d | gzip -d \
    | grep -Eo 'cert-manager.io/v1(alpha|beta)1' \
    || failure "[WARNING] No reference found to cert-manager alpha or beta, nothing to patch"

 # Create temporary file to backup secret
 TMP_FILE=$(mktemp)

 echo "Creating backup of helm release in file : ${TMP_FILE}"
 kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o yaml > ${TMP_FILE}

 # Calculating patch data with cert-manager version replacement
 SECRET_RELEASE_DATA=$(kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
    | jq .data.release -r | base64 -d | base64 -d | gzip -d \
    | sed -r '[email protected]/v1(alpha|beta)[email protected]/v1@' \
    | gzip | base64 | base64)

 # Applying patch
 echo "Applying patch"
 kubectl patch secret ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -p='{"data":{"release":"'${SECRET_RELEASE_DATA}'"}}'

 # Checking patch
 kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
    | jq .data.release -r | base64 -d | base64 -d | gzip -d \
    | grep -Eo 'cert-manager.io/v1(alpha|beta)1' \
    && failure "[ERROR] Patch failed, there is still some reference to cert-manager alpha or beta, please check manually"
    
 echo "Patch done :)"
	#!/bin/bash
	function failure { echo $@ >&2; exit 1; }

	RANCHER_NAMESPACE=${RANCHER_NAMESPACE:-cattle-system}
	RANCHER_RELEASE_NAME=${RANCHER_RELEASE_NAME:-rancher}

	# Pre-Flight checks
	echo "ok"\|sed -r "s/^(ok)/yes/"\|grep yes >/dev/null \
	&& echo "Preflight test : sed ok" \
	\|\| failure "Your sed does not support extended regexp, more info at https://github.com/rancher/rancher/issues/35319#issuecomment-1173825923"

	# Detecting revision number
	RANCHER_REVISION=$(helm list -n ${RANCHER_NAMESPACE} \|grep -E "^${RANCHER_RELEASE_NAME} " \| awk '{print $3}')
	# Calculating secret name
	SECRET_NAME=sh.helm.release.v1.${RANCHER_RELEASE_NAME}.v${RANCHER_REVISION}


	# Checking if patch is needed
	echo "Checking if cert-manager beta or alpha is present in the release :"
	kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
	\| jq .data.release -r \| base64 -d \| base64 -d \| gzip -d \
	\| grep -Eo 'cert-manager.io/v1(alpha\|beta)1' \
	\|\| failure "[WARNING] No reference found to cert-manager alpha or beta, nothing to patch"

	# Create temporary file to backup secret
	TMP_FILE=$(mktemp)

	echo "Creating backup of helm release in file : ${TMP_FILE}"
	kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o yaml > ${TMP_FILE}

	# Calculating patch data with cert-manager version replacement
	SECRET_RELEASE_DATA=$(kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
	\| jq .data.release -r \| base64 -d \| base64 -d \| gzip -d \
	\| sed -r '[email protected]/v1(alpha\|beta)[email protected]/v1@' \
	\| gzip \| base64 \| base64)

	# Applying patch
	echo "Applying patch"
	kubectl patch secret ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -p='{"data":{"release":"'${SECRET_RELEASE_DATA}'"}}'

	# Checking patch
	kubectl get secrets ${SECRET_NAME} -n ${RANCHER_NAMESPACE} -o json \
	\| jq .data.release -r \| base64 -d \| base64 -d \| gzip -d \
	\| grep -Eo 'cert-manager.io/v1(alpha\|beta)1' \
	&& failure "[ERROR] Patch failed, there is still some reference to cert-manager alpha or beta, please check manually"

	echo "Patch done :)"