| #!/bin/bash |
| # |
| # ============LICENSE_START======================================================= |
| # Copyright (C) 2023 Nordix Foundation. |
| # ================================================================================ |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # ============LICENSE_END========================================================= |
| # |
| |
| if [ -z "$1" ] |
| then |
| echo "No argument supplied" |
| exit 1 |
| fi |
| |
| OPERATION=$1 |
| WORKDIR=$(dirname "$(realpath "$0")") |
| |
| if [ "$OPERATION" == "deploy" ]; then |
| echo "Deploying cert-manager application..." |
| echo "-------------------------------------" |
| kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml |
| echo "" |
| echo "Waiting for pods to start..." |
| echo "----------------------------" |
| kubectl wait deployment -n cert-manager cert-manager --for=condition=available --timeout=300s |
| kubectl wait deployment -n cert-manager cert-manager-cainjector --for=condition=available --timeout=300s |
| kubectl wait deployment -n cert-manager cert-manager-webhook --for=condition=available --timeout=300s |
| echo "" |
| echo "Checking pod status..." |
| echo "----------------------" |
| kubectl get pods -n cert-manager |
| echo "" |
| # Once the pods are up and running we still need to wait for the certificate controller process to start |
| # before certificates can be issued |
| echo "Waiting for certificate controller..." |
| echo "------------------------------------" |
| sleep 100 |
| echo "" |
| echo "Creating certificates..." |
| echo "------------------------" |
| kubectl apply -f $WORKDIR/cluster-issuer.yaml |
| kubectl apply -f $WORKDIR/issuer.yaml |
| kubectl apply -f $WORKDIR/webhook-server-certificate.yaml |
| kubectl apply -f $WORKDIR/keycloak-server-certificate.yaml |
| kubectl apply -f $WORKDIR/keycloak-client-certificate.yaml |
| elif [ "$OPERATION" == "undeploy" ]; then |
| echo "Deleting certificates..." |
| echo "------------------------" |
| kubectl delete -f $WORKDIR/cluster-issuer.yaml |
| kubectl delete -f $WORKDIR/issuer.yaml |
| kubectl delete -f $WORKDIR/webhook-server-certificate.yaml |
| kubectl delete -f $WORKDIR/keycloak-server-certificate.yaml |
| kubectl delete -f $WORKDIR/keycloak-client-certificate.yaml |
| kubectl delete secret -n default cm-cluster-issuer-rootca-secret |
| kubectl delete secret -n default cm-keycloak-client-certs |
| kubectl delete secret -n default cm-keycloak-server-certs |
| kubectl delete secret -n default cm-webhook-server-certs |
| echo "Undeploying cert-manager application..." |
| echo "---------------------------------------" |
| kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml |
| else |
| echo "Unrecogized operation ${OPERATION}" |
| exit 1 |
| fi |
| |
| exit 0 |