Last active
June 25, 2019 13:27
-
-
Save sboardwell/36d8204d24890992800f200cb689a0b3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_certificates() { | |
| local envType=$1 | |
| local secretName ns | |
| kubectl apply -f <(sops -d cert-manager-utils/01-clouddns-service-account.yaml) | |
| kubectl apply -f <(sops -d cert-manager-utils/01-cloudflare-api-key.yaml) | |
| kubectl apply -f cert-manager-utils/02-clusterissuer-${envType}.yaml | |
| kubectl apply -f cert-manager-utils/03-cluster-certificate-${envType}.yaml | |
| # get the secret name | |
| secretName=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.spec.secretName') | |
| # get the namespace | |
| ns=$(cat cert-manager-utils/03-cluster-certificate-${envType}.yaml | docker run -i --rm evns/yq yq -r '.metadata.namespace') | |
| # wait until the secret is available | |
| while ! kubectl get secret $secretName -n $ns &> /dev/null; do | |
| echo "Waiting to patch secret $ns/$secretName..."; sleep 2 | |
| done | |
| # add the annotations | |
| kubectl patch secret $secretName -n $ns --type merge -p '{"metadata": {"annotations": { | |
| "replicator.v1.mittwald.de/replication-allowed": "true", | |
| "replicator.v1.mittwald.de/replication-allowed-namespaces": ".*" | |
| }}}' | |
| echo "Please ensure the '${envType}' certificates were created properly." | |
| echo "Run:" | |
| echo " kubectl -n kube-system get certificates" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment