37 lines
1.4 KiB
Bash
37 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
function unifi_update_cert(){
|
|
NAMESPACE=unifi
|
|
DEPLOYMENT=unifi
|
|
P12_TEMP=/tmp/p12_temp
|
|
ALIAS=unifi
|
|
PASSWORD=aircontrolenterprise
|
|
KEYSTORE=/unifi/data/keystore
|
|
SIGNED_CRT=/etc/letsencrypt/tls.crt
|
|
CHAIN_FILE=/etc/letsencrypt-pem/isrgrootx1.pem
|
|
PRIV_KEY=/etc/letsencrypt/tls.key
|
|
|
|
POD=$(kubectl -n "$NAMESPACE" get pod --selector=app.kubernetes.io/name=unifi --template "{{range .items}}{{.metadata.name}}{{\"\n\"}}{{end}}")
|
|
|
|
|
|
kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "keytool -delete -alias ${ALIAS} -keystore ${KEYSTORE} -deststorepass ${PASSWORD}"
|
|
kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "openssl pkcs12 -export \
|
|
-in ${CHAIN_FILE} \
|
|
-in ${SIGNED_CRT} \
|
|
-inkey ${PRIV_KEY} \
|
|
-out ${P12_TEMP} -passout pass:${PASSWORD} \
|
|
-name ${ALIAS}"
|
|
kubectl -n "$NAMESPACE" exec -it "$POD" -- bash -c "keytool -importkeystore \
|
|
-srckeystore ${P12_TEMP} -srcstoretype PKCS12 \
|
|
-srcstorepass ${PASSWORD} \
|
|
-destkeystore ${KEYSTORE} \
|
|
-deststorepass ${PASSWORD} \
|
|
-destkeypass ${PASSWORD} \
|
|
-alias ${ALIAS} -trustcacerts"
|
|
|
|
kubectl -n "$NAMESPACE" scale deployment "$DEPLOYMENT" --replicas=0
|
|
echo "sleeping 20 sec"
|
|
sleep 20
|
|
kubectl -n "$NAMESPACE" scale deployment "$DEPLOYMENT" --replicas=1
|
|
}
|