From 618739bef71e4547db68355c89c7b7d720889d25 Mon Sep 17 00:00:00 2001 From: Asara Date: Fri, 5 Aug 2022 13:42:50 -0400 Subject: [PATCH] Update cert-manager install/uninstall process --- 003-cert-manager/external-secrets.yaml | 10 --------- 003-cert-manager/install.sh | 12 +++++++---- 003-cert-manager/serviceaccounttoken.yaml | 10 +++++++++ 003-cert-manager/uninstall.sh | 25 +++++++++++++++++------ 4 files changed, 37 insertions(+), 20 deletions(-) create mode 100644 003-cert-manager/serviceaccounttoken.yaml diff --git a/003-cert-manager/external-secrets.yaml b/003-cert-manager/external-secrets.yaml index 325b741..403062b 100644 --- a/003-cert-manager/external-secrets.yaml +++ b/003-cert-manager/external-secrets.yaml @@ -1,14 +1,4 @@ --- -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: serviceaccounttoken - namespace: cert-manager - annotations: - kubernetes.io/service-account.name: "cert-manager" -... ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/003-cert-manager/install.sh b/003-cert-manager/install.sh index 59b51ed..54e7f20 100755 --- a/003-cert-manager/install.sh +++ b/003-cert-manager/install.sh @@ -1,16 +1,15 @@ #!/bin/bash -CHART_VERSION=1.8.0 +CHART_VERSION=1.9.1 NAMESPACE=cert-manager EMAIL=amarpreet@minhas.io -./vault-role.sh +kubectl create ns ${NAMESPACE} +#kubectl create serviceaccount -n ${NAMESPACE} cert-manager helm repo add jetstack https://charts.jetstack.io helm repo update -kubectl create ns ${NAMESPACE} -kubectl create serviceaccount -n ${NAMESPACE} cert-manager kubectl apply -n ${NAMESPACE} -f external-secrets.yaml helm upgrade --install \ @@ -22,6 +21,9 @@ helm upgrade --install \ --set installCRDs=true \ --cleanup-on-fail +kubectl apply -n ${NAMESPACE} -f serviceaccounttoken.yaml +./vault-role.sh + helm upgrade -install \ cert-manager-csi-driver \ jetstack/cert-manager-csi-driver \ @@ -48,4 +50,6 @@ helm upgrade --install \ --cleanup-on-fail popd +rm -rf cert-manager-webhook-namecheap + kubectl apply -f issuers.yaml diff --git a/003-cert-manager/serviceaccounttoken.yaml b/003-cert-manager/serviceaccounttoken.yaml new file mode 100644 index 0000000..5bf0229 --- /dev/null +++ b/003-cert-manager/serviceaccounttoken.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: serviceaccounttoken + namespace: cert-manager + annotations: + kubernetes.io/service-account.name: "cert-manager" +... diff --git a/003-cert-manager/uninstall.sh b/003-cert-manager/uninstall.sh index f7db6b1..d2fd0e8 100755 --- a/003-cert-manager/uninstall.sh +++ b/003-cert-manager/uninstall.sh @@ -1,9 +1,22 @@ #!/bin/bash -CHART_VERSION=1.8.0 +CHART_VERSION=1.9.1 -kubectl delete -f vault-issuer.yaml -kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces -#helm -n cert-manager delete cert-manager -#kubectl delete ns cert-manager -#kubectl delete -f https://github.com/jetstack/cert-manager/releases/download/v${CHART_VERSION}/cert-manager.crds.yaml +kubectl delete -f issuers.yaml +for i in $(kubectl get Issuers -n cert-manager | grep -v NAME | cut -d' ' -f1); do + kubectl delete Issuers -n cert-manager $i +done +for i in $(kubectl get ClusterIssuers | grep -v NAME | cut -d' ' -f1); do + kubectl delete ClusterIssuers $i +done +for i in $(kubectl get Certificates -n cert-manager | grep -v NAME | cut -d' ' -f1); do + kubectl delete Certificates -n cert-manager $i +done + +helm -n cert-manager delete namecheap-webhook +helm -n cert-manager delete letsencrypt-namecheap-issuer +helm -n cert-manager delete cert-manager + +kubectl delete -n ${NAMESPACE} -f external-secrets.yaml +kubectl delete -n ${NAMESPACE} -f serviceaccounttoken.yaml +kubectl delete ns cert-manager