added sync-certs-job
This commit is contained in:
74
casa-limbosolutions-com/sync-certs-job/docker-compose.yaml
Normal file
74
casa-limbosolutions-com/sync-certs-job/docker-compose.yaml
Normal file
@@ -0,0 +1,74 @@
|
||||
|
||||
configs:
|
||||
sync-certs-sh:
|
||||
content: |
|
||||
#!/bin/bash
|
||||
##############################################################################################################################
|
||||
# notes:
|
||||
# --certificate-authority="$${KUBERNETES_CRT_AUTHORITY}" not working, dont hnow why, so using --insecure-skip-tls-verify
|
||||
##############################################################################################################################
|
||||
|
||||
|
||||
set -e
|
||||
mkdir -p /tmp/.kube
|
||||
|
||||
echo "Trace: Setup kube"
|
||||
base64 -d <<< "${KUBERNETES_CRT_AUTHORITY_DATA}" > "$${KUBERNETES_CRT_AUTHORITY}"
|
||||
base64 -d <<< "${KUBERNETES_CLIENT_CRT_DATA}" > "$${KUBERNETES_CLIENT_CRT}"
|
||||
base64 -d <<< "${KUBERNETES_CLIENT_KEY_DATA}" > "$${KUBERNETES_CLIENT_KEY}"
|
||||
|
||||
# while true ; do
|
||||
# sleep 5
|
||||
# done
|
||||
|
||||
|
||||
echo "Trace: Fetching secrets"
|
||||
CERT_NAMES=$(kubectl get secrets \
|
||||
-n casa-limbosolutions-com \
|
||||
--server="$${KUBERNETES_SERVER}" \
|
||||
--client-key="$${KUBERNETES_CLIENT_KEY}" \
|
||||
--client-certificate="$${KUBERNETES_CLIENT_CRT}" \
|
||||
--insecure-skip-tls-verify \
|
||||
-o json | jq -r '.items[].metadata.name')
|
||||
|
||||
for CERT_NAME in $$CERT_NAMES; do
|
||||
echo "Trace: Syncing certificate: $$CERT_NAME"
|
||||
kubectl get secret "$$CERT_NAME" \
|
||||
-n casa-limbosolutions-com \
|
||||
--server="$${KUBERNETES_SERVER}" \
|
||||
--client-key="$${KUBERNETES_CLIENT_KEY}" \
|
||||
--client-certificate="$${KUBERNETES_CLIENT_CRT}" \
|
||||
--insecure-skip-tls-verify \
|
||||
-o json | \
|
||||
jq -r '.data | to_entries[] | "\(.key) \(.value)"' | \
|
||||
while IFS=' ' read -r KEY VALUE; do
|
||||
echo "Processing key: $$KEY"
|
||||
# Decode the base64 value and save it to the appropriate file
|
||||
echo "Trace: Saving key: $$KEY"
|
||||
echo "$$VALUE" | base64 -d > "/etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
|
||||
done
|
||||
done
|
||||
|
||||
echo "Info: Certificates synced successfully."
|
||||
|
||||
services:
|
||||
kubectl:
|
||||
image: bitnami/kubectl:latest
|
||||
environment:
|
||||
KUBERNETES_SERVER: ${KUBERNETES_SERVER}
|
||||
KUBERNETES_CRT_AUTHORITY: /tmp/.kube/ca.crt
|
||||
KUBERNETES_CLIENT_CRT: /tmp/.kube/client.crt
|
||||
KUBERNETES_CLIENT_KEY: /tmp/.kube/client.key
|
||||
container_name: sync-certs-job
|
||||
entrypoint: bash -c /app/sync-certs.sh
|
||||
configs:
|
||||
- source: sync-certs-sh
|
||||
target: /app/sync-certs.sh
|
||||
mode: 0755
|
||||
volumes:
|
||||
- casa-certs:/etc/ssl/certs/casa-limbosolutions-com-certs:rw
|
||||
volumes:
|
||||
casa-certs:
|
||||
name: casa-limbosolutions-com-certs
|
||||
external: true # Atention permission must be set to 1001:1001 (using chown on nginx container command)
|
||||
|
||||
Reference in New Issue
Block a user