-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
# Elasticsearch Creates `elastic-certs.sh` script to pull renewed SSL certificate from `traefik` and patch the kubernetes secret in the `elastic` namespace. ## Usage ```sh # Update elastic cert ./elastic-certs.sh update-elasticsearch # Update kibana cert ./elastic-certs.sh update-kibana ``` Closes #56
- Loading branch information
Showing
2 changed files
with
50 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| #!/bin/bash | ||
|
|
||
| help() { | ||
| echo | ||
| echo "Usage: $0 <update-elasticsearch|update-kibana>" | ||
| echo | ||
| echo This script gets the latest certificate from Traefik | ||
| echo and updates the Elasticsearch or Kibana k8s secret | ||
| echo | ||
| } | ||
|
|
||
| get-traefik() { | ||
| # Get the name of the running Traefik pod | ||
| TRAEFIK=$(kubectl -n traefik -o json get po | jq -r .items[0].metadata.name) | ||
|
|
||
| if [ -z "$TRAEFIK" ]; then | ||
| echo "Traefik pod not found" | ||
| exit 1 | ||
| fi | ||
| echo "$TRAEFIK" | ||
| } | ||
|
|
||
| get-cert() { | ||
| # Get the certificate object from Traefik that matches the domain | ||
| DOMAIN=$1 | ||
| CERT=$(kubectl exec -n traefik $TRAEFIK -- cat /ssl-certs/acme-production.json | jq --arg domain $DOMAIN -r '.production.Certificates[] | select( .domain.main==$domain ).certificate') | ||
|
|
||
| if [ -z "$CERT" ]; then | ||
| echo "Certificate not found for $DOMAIN" | ||
| exit 1 | ||
| fi | ||
| echo "$CERT" | ||
| } | ||
|
|
||
| update-elasticsearch() { | ||
| # Update the Elasticsearch secret with the latest certificate | ||
| TRAEFIK=$(get-traefik) | ||
| CERT=$(get-cert "elastic.wgbh-mla.org") | ||
| kubectl -n elastic patch secret elastic-certs -p "{\"data\":{\"tls.crt\":\"$CERT\"}}" | ||
| } | ||
|
|
||
| update-kibana() { | ||
| # Update the Kibana secret with the latest certificate | ||
| TRAEFIK=$(get-traefik) | ||
| CERT=$(get-cert "search.wgbh-mla.org") | ||
| kubectl -n elastic patch secret kibana-certs -p "{\"data\":{\"tls.crt\":\"$CERT\"}}" | ||
| } | ||
|
|
||
| "$@" || (help && exit 1) |