-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathentrypoint.sh
executable file
·50 lines (42 loc) · 1.55 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
if [[ -z $EMAIL || -z $DOMAINS || -z $SECRET ]]; then
echo "EMAIL, DOMAINS, and SECRET env vars required"
env
exit 1
fi
echo "Inputs:"
echo " EMAIL: $EMAIL"
echo " DOMAINS: $DOMAINS"
echo " SECRET: $SECRET"
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
echo "Current Kubernetes namespce: $NAMESPACE"
echo "Starting HTTP server..."
python -m SimpleHTTPServer 80 &
PID=$!
echo "Starting certbot..."
certbot certonly --webroot -w $HOME -n --agree-tos --email ${EMAIL} --no-self-upgrade -d ${DOMAINS}
kill $PID
echo "Certbot finished. Killing http server..."
echo "Finiding certs. Exiting if certs are not found ..."
CERTPATH=/etc/letsencrypt/live/$(echo $DOMAINS | cut -f1 -d',')
ls $CERTPATH || exit 1
echo "Creating update for secret..."
cat /secret-patch-template.json | \
sed "s/NAMESPACE/${NAMESPACE}/" | \
sed "s/NAME/${SECRET}/" | \
sed "s/TLSCERT/$(cat ${CERTPATH}/fullchain.pem | base64 | tr -d '\n')/" | \
sed "s/TLSKEY/$(cat ${CERTPATH}/privkey.pem | base64 | tr -d '\n')/" \
> /secret-patch.json
echo "Checking json file exists. Exiting if not found..."
ls /secret-patch.json || exit 1
# Update Secret
echo "Updating secret..."
curl \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
-XPATCH \
-H "Accept: application/json, */*" \
-H "Content-Type: application/strategic-merge-patch+json" \
-d @/secret-patch.json https://kubernetes/api/v1/namespaces/${NAMESPACE}/secrets/${SECRET} \
-k -v
echo "Done"