Refactor cert-manager and ExternalDNS configurations
- Updated the namespace for the internal wildcard certificate from 'internal' to 'cert-manager'. - Adjusted the DNS zone selectors in Let's Encrypt configurations to use CLOUDFLARE_DOMAIN consistently. - Changed the namespace for the wildcard certificate from 'default' to 'cert-manager'. - Modified ExternalDNS configuration to use OWNER_ID instead of CLUSTER_ID for TXT owner ID. - Cleaned up setup-cert-manager.sh by removing unnecessary internal namespace creation and secret duplication. - Updated certificate wait commands to reflect the new namespace structure. - Simplified the copying of certificates to the example-admin namespace. - Removed test service deployment from setup-externaldns.sh for a cleaner setup process.
This commit is contained in:
41
bin/copy-secret
Executable file
41
bin/copy-secret
Executable file
@@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Check if at least secret and namespaces are provided
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: $0 <source-namespace:secret-name> [namespace1 namespace2 ...]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Parse secret and namespace
|
||||
SOURCE_INPUT="$1"
|
||||
shift
|
||||
|
||||
# Split source input into namespace and secret name
|
||||
IFS=":" read -r SOURCE_NAMESPACE SECRET_NAME <<< "$SOURCE_INPUT"
|
||||
|
||||
if [ -z "$SOURCE_NAMESPACE" ] || [ -z "$SECRET_NAME" ]; then
|
||||
echo "Error: Source must be in format namespace:secret-name"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Collect target namespaces
|
||||
if [ $# -gt 0 ]; then
|
||||
NAMESPACES=("$@")
|
||||
else
|
||||
echo "Enter target namespaces (space-separated), then press Ctrl+D:"
|
||||
read -a NAMESPACES
|
||||
fi
|
||||
|
||||
for ns in "${NAMESPACES[@]}"; do
|
||||
echo "Copying secret '$SECRET_NAME' from namespace '$SOURCE_NAMESPACE' to namespace: '$ns'"
|
||||
|
||||
# Delete the existing secret if it exists
|
||||
kubectl delete secret "$SECRET_NAME" -n "$ns" --ignore-not-found
|
||||
|
||||
# Get the secret YAML, change the namespace, and apply it
|
||||
kubectl get secret "$SECRET_NAME" -n "$SOURCE_NAMESPACE" -o yaml \
|
||||
| sed "s/namespace: $SOURCE_NAMESPACE/namespace: $ns/" \
|
||||
| kubectl apply -n "$ns" -f -
|
||||
done
|
||||
|
||||
echo "✅ Secret '$SECRET_NAME' copied successfully."
|
||||
@@ -127,6 +127,9 @@ if [[ -n "$NAMESPACE" ]]; then
|
||||
# Create the namespace if it doesn't exist (using kubectl create which is idempotent with --dry-run=client)
|
||||
echo "Creating namespace $NAMESPACE if it doesn't exist..."
|
||||
kubectl create namespace "$NAMESPACE" --dry-run=client | kubectl create -f - 2>/dev/null || true
|
||||
# Copy certificates to the namespace
|
||||
copy-secret cert-manager:wildcard-internal-sovereign-cloud-tls $NAMESPACE
|
||||
copy-secret cert-manager:wildcard-sovereign-cloud-tls $NAMESPACE
|
||||
fi
|
||||
|
||||
# Apply the service
|
||||
|
||||
Reference in New Issue
Block a user