liveaverage · January 27, 2022 12:44
diff --git a/zyncque-letsencrypt-fix.sh b/zyncque-letsencrypt-fix.sh
 ### POSSIBLE FIX with ZEROSSL – execute as opentlc-mgr
 oc new-project z-ngx
 oc new-app --docker-image=quay.io/shifti/openshift-nginx-adc:latest --name=ngx -n z-ngx
 oc expose service/ngx

 ## Backup existing routes
 oc get route keycloak -n sso -o yaml | kubectl neat > route-keycloak-orig.yaml
 oc get route keycloak-metrics-rewrite -n sso -o yaml | kubectl neat > route-keycloak-met-orig.yaml

 oc get route ngx -n z-ngx -o yaml | kubectl neat > route-ngx-orig.yaml

 export HOST_SSO=`oc get route keycloak -n sso -o=jsonpath='{.spec.host}'`
 export HOST_NGX=`oc get route ngx -n z-ngx -o=jsonpath='{.spec.host}'`

 #sed "s/host.*/host: ${HOST_SSO}/g" route-ngx-orig.yaml > route-ngx-sso.yaml
 #sed -i "s/name:.*/name: ngx-sso/g" route-ngx-sso.yaml ## FIXME - FIRST OCCURRENCE ONLY


 ## Purge existing route (and we’ll recreate later)
 oc scale --replicas=0 deployment/rhsso-operator -n sso
 oc delete route keycloak -n sso
 oc delete route keycloak-metrics-rewrite -n sso
 oc expose service/ngx --name=ngx-sso --hostname=${HOST_SSO} -n z-ngx

 export POD_NGX=`oc get pods -n z-ngx --selector='deployment=ngx' -o=jsonpath='{.items[0].metadata.name}'`

 export CMD="cd /tmp; export HOME=/tmp/; curl https://get.acme.sh | sh -xe -s [email protected] --force; /tmp/.acme.sh/acme.sh --issue -d ${HOST_NGX} -d ${HOST_SSO} -w /usr/share/nginx/html/ --fullchain-file /tmp/sso-full.cer --key-file /tmp/sso.key --force"

 oc -n z-ngx exec deploy/ngx -- bash -c "${CMD}"

 oc -n z-ngx cp ${POD_NGX}:/tmp/ /tmp
 oc -n z-ngx delete route ngx-sso
 oc create route reencrypt --service=keycloak --cert=/tmp/sso-full.cer --key=/tmp/sso.key --hostname=${HOST_SSO} -n sso
	### POSSIBLE FIX with ZEROSSL – execute as opentlc-mgr
	oc new-project z-ngx
	oc new-app --docker-image=quay.io/shifti/openshift-nginx-adc:latest --name=ngx -n z-ngx
	oc expose service/ngx

	## Backup existing routes
	oc get route keycloak -n sso -o yaml \| kubectl neat > route-keycloak-orig.yaml
	oc get route keycloak-metrics-rewrite -n sso -o yaml \| kubectl neat > route-keycloak-met-orig.yaml

	oc get route ngx -n z-ngx -o yaml \| kubectl neat > route-ngx-orig.yaml

	export HOST_SSO=`oc get route keycloak -n sso -o=jsonpath='{.spec.host}'`
	export HOST_NGX=`oc get route ngx -n z-ngx -o=jsonpath='{.spec.host}'`

	#sed "s/host.*/host: ${HOST_SSO}/g" route-ngx-orig.yaml > route-ngx-sso.yaml
	#sed -i "s/name:.*/name: ngx-sso/g" route-ngx-sso.yaml ## FIXME - FIRST OCCURRENCE ONLY


	## Purge existing route (and we’ll recreate later)
	oc scale --replicas=0 deployment/rhsso-operator -n sso
	oc delete route keycloak -n sso
	oc delete route keycloak-metrics-rewrite -n sso
	oc expose service/ngx --name=ngx-sso --hostname=${HOST_SSO} -n z-ngx

	export POD_NGX=`oc get pods -n z-ngx --selector='deployment=ngx' -o=jsonpath='{.items[0].metadata.name}'`

	export CMD="cd /tmp; export HOME=/tmp/; curl https://get.acme.sh \| sh -xe -s [email protected] --force; /tmp/.acme.sh/acme.sh --issue -d ${HOST_NGX} -d ${HOST_SSO} -w /usr/share/nginx/html/ --fullchain-file /tmp/sso-full.cer --key-file /tmp/sso.key --force"

	oc -n z-ngx exec deploy/ngx -- bash -c "${CMD}"

	oc -n z-ngx cp ${POD_NGX}:/tmp/ /tmp
	oc -n z-ngx delete route ngx-sso
	oc create route reencrypt --service=keycloak --cert=/tmp/sso-full.cer --key=/tmp/sso.key --hostname=${HOST_SSO} -n sso