myLimbo/casa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a595747c2ce4772f97561183d0779b826b63ad41
casa/casa-limbosolutions-com/sync-certs-job/docker-compose.yaml
Márcio Fernandes f448b03ed7
All checks were successful
/ deploy-to-homesrv01 (push) Successful in 3m18s
Details
imp: sync certs removed ansible playbook, changed env names - working using gitactions ci/cd
2025-10-18 20:40:48 +00:00

75 lines
2.7 KiB
YAML
Raw Blame History

configs:
sync-certs-sh:
content: |
#!/bin/bash
##############################################################################################################################
set -e
mkdir -p /tmp/.kube
echo "Trace: Setup kube"
echo "Trace: Processing KUBERNETES_CRT_AUTHORITY_BASE64"
base64 -d <<< "${KUBERNETES_CRT_AUTHORIT_BASE64}" > "$${KUBERNETES_CRT_AUTHORITY}"
echo "Trace: Processing KUBERNETES_CLIENT_CRT_BASE64"
base64 -d <<< "${KUBERNETES_CLIENT_CRT_BASE64}" > "$${KUBERNETES_CLIENT_CRT}"
echo "Trace: Processing KUBERNETES_CLIENT_KEY_BASE64"
base64 -d <<< "${KUBERNETES_CLIENT_KEY_BASE64}" > "$${KUBERNETES_CLIENT_KEY}"
# while true ; do
# sleep 5
# done
echo "Trace: Fetching secrets"
CERT_NAMES=$(kubectl get secrets \
-n casa-limbosolutions-com \
--server="$${KUBERNETES_SERVER}" \
--client-key="$${KUBERNETES_CLIENT_KEY}" \
--client-certificate="$${KUBERNETES_CLIENT_CRT}" \
--insecure-skip-tls-verify \
-o json | jq -r '.items[].metadata.name')
for CERT_NAME in $$CERT_NAMES; do
echo "Trace: Syncing certificate: $$CERT_NAME"
kubectl get secret "$$CERT_NAME" \
-n casa-limbosolutions-com \
--server="$${KUBERNETES_SERVER}" \
--client-key="$${KUBERNETES_CLIENT_KEY}" \
--client-certificate="$${KUBERNETES_CLIENT_CRT}" \
--insecure-skip-tls-verify \
-o json | \
jq -r '.data | to_entries[] | "\(.key) \(.value)"' | \
while IFS=' ' read -r KEY VALUE; do
echo "Processing key: $$KEY"
# Decode the base64 value and save it to the appropriate file
echo "Trace: Saving key: /etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
echo "$$VALUE" | base64 -d > "/etc/ssl/certs/casa-limbosolutions-com-certs/$${CERT_NAME}_$${KEY}"
done
done
echo "Info: Certificates synced successfully."
services:
kubectl:
image: bitnami/kubectl:latest
environment:
KUBERNETES_SERVER: ${KUBERNETES_SERVER}
KUBERNETES_CRT_AUTHORITY: /tmp/.kube/ca.crt
KUBERNETES_CLIENT_CRT: /tmp/.kube/client.crt
KUBERNETES_CLIENT_KEY: /tmp/.kube/client.key
container_name: sync-certs-job
entrypoint: bash -c /app/sync-certs.sh
configs:
- source: sync-certs-sh
target: /app/sync-certs.sh
mode: 0755
volumes:
- casa-certs:/etc/ssl/certs/casa-limbosolutions-com-certs:rw
volumes:
casa-certs:
name: casa-limbosolutions-com-certs
external: true # Atention permission must be set to 1001:1001 (using chown on nginx container command)
Reference in New Issue View Git Blame Copy Permalink