26 lines
906 B
Bash
26 lines
906 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
# this is not necessary, usually. there is a proxy in docker/haproxy which is
|
||
|
# the new reverse proxy on the synology. it has an update-tls.sh script which
|
||
|
# does the below but also loads it properly into the container.
|
||
|
# this is for debugging!
|
||
|
|
||
|
set -e
|
||
|
set -x
|
||
|
|
||
|
kubectl -n syno-tls replace --force -f synology-tls.yaml
|
||
|
kubectl -n syno-tls wait cert/syno-tls --for=condition=Ready
|
||
|
|
||
|
SECRET="$(kubectl -n syno-tls get secret syno-tls -o json)"
|
||
|
|
||
|
CRT="$(echo "$SECRET" | jq -r '.data["tls.crt"] | @base64d "\(.)"')"
|
||
|
KEY="$(echo "$SECRET" | jq -r '.data["tls.key"] | @base64d "\(.)"')"
|
||
|
CA="$( echo "$SECRET" | jq -r '.data["ca.crt"] | @base64d "\(.)"')"
|
||
|
|
||
|
echo "$KEY" > tls.key
|
||
|
echo "$CRT" | awk '/-----BEGIN/ {seg+=1;blk=1} seg==1&&blk {print} /------END/ {blk=0}' > tls.crt
|
||
|
echo "$CRT" | awk '/-----BEGIN/ {seg+=1;blk=1} seg>1&&blk {print} /------END/ {blk=0}' > int.crt
|
||
|
echo "$CA" > ca.crt
|
||
|
|
||
|
wait
|