OPENSHIFT-ADD-CA-BUNDLE: Difference between revisions
Jump to navigation
Jump to search
(Created page with "#CHATGPT4 The following script automates the process of fetching the CA bundle, creating a ConfigMap, and updating the cluster-wide proxy configuration in OpenShift. It assume...") |
No edit summary |
||
| Line 1: | Line 1: | ||
#CHATGPT4 | #ynotopec + CHATGPT4 | ||
The following script automates the process of fetching the CA bundle, creating a ConfigMap, and updating the cluster-wide proxy configuration in OpenShift. It assumes that you have already logged in to the OpenShift cluster with the oc CLI tool and have the necessary permissions. | The following script automates the process of fetching the CA bundle, creating a ConfigMap, and updating the cluster-wide proxy configuration in OpenShift. It assumes that you have already logged in to the OpenShift cluster with the oc CLI tool and have the necessary permissions. | ||
| Line 13: | Line 13: | ||
# Extract the domain from the URL | # Extract the domain from the URL | ||
domain=$(echo $1 | awk -F[/:] '{print $4}') | domain=$(echo $1 | awk -F[/:] '{print $4}') | ||
domainVariableName=$(echo ${domainName} |tr '.' '-' ) | |||
# Get the certificate chain | # Get the certificate chain | ||
| Line 18: | Line 19: | ||
# Create the CA bundle file and empty it | # Create the CA bundle file and empty it | ||
ca_bundle_file="ca-bundle.crt" | ca_bundle_file="${domainVariableName}-ca-bundle.crt" | ||
> $ca_bundle_file | > $ca_bundle_file | ||
# Extract and append each certificate to the CA bundle | # Extract and append each certificate to the CA bundle | ||
echo "$cert_chain" | awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/{print > "tmp.crt"; print "Appended certificate to ca-bundle.crt"}' | echo "$cert_chain" | awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/{print > "tmp.crt"; print "Appended certificate to ${domainVariableName}-ca-bundle.crt"}' | ||
# Append each certificate to the CA bundle | # Append each certificate to the CA bundle | ||
| Line 33: | Line 34: | ||
# Create a ConfigMap containing the CA bundle in the openshift-config namespace | # Create a ConfigMap containing the CA bundle in the openshift-config namespace | ||
oc create configmap | oc create configmap ${domainVariableName}-ca-bundle -n openshift-config --from-file=ca-bundle.crt=./${domainVariableName}-ca-bundle.crt | ||
# Update the cluster-wide proxy configuration to include the custom CA bundle | # Update the cluster-wide proxy configuration to include the custom CA bundle | ||
oc patch proxy/cluster --type=merge -p '{"spec":{"trustedCA":{"name":" | oc patch proxy/cluster --type=merge -p '{"spec":{"trustedCA":{"name":"${domainVariableName}-ca-bundle"}}}' | ||
echo "CA bundle added to the OpenShift cluster and trusted cluster-wide." | echo "CA bundle added to the OpenShift cluster and trusted cluster-wide." | ||
Revision as of 08:41, 18 April 2023
- ynotopec + CHATGPT4
The following script automates the process of fetching the CA bundle, creating a ConfigMap, and updating the cluster-wide proxy configuration in OpenShift. It assumes that you have already logged in to the OpenShift cluster with the oc CLI tool and have the necessary permissions.
#!/bin/bash
# Check if URL is provided
if [ -z "$1" ]; then
echo "Usage: $0 <URL>"
exit 1
fi
# Extract the domain from the URL
domain=$(echo $1 | awk -F[/:] '{print $4}')
domainVariableName=$(echo ${domainName} |tr '.' '-' )
# Get the certificate chain
cert_chain=$(echo | openssl s_client -connect ${domain}:443 -servername ${domain} -showcerts 2>/dev/null)
# Create the CA bundle file and empty it
ca_bundle_file="${domainVariableName}-ca-bundle.crt"
> $ca_bundle_file
# Extract and append each certificate to the CA bundle
echo "$cert_chain" | awk '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/{print > "tmp.crt"; print "Appended certificate to ${domainVariableName}-ca-bundle.crt"}'
# Append each certificate to the CA bundle
while read cert; do
cat "tmp.crt" >> $ca_bundle_file
done < "tmp.crt"
# Remove temporary file
rm "tmp.crt"
# Create a ConfigMap containing the CA bundle in the openshift-config namespace
oc create configmap ${domainVariableName}-ca-bundle -n openshift-config --from-file=ca-bundle.crt=./${domainVariableName}-ca-bundle.crt
# Update the cluster-wide proxy configuration to include the custom CA bundle
oc patch proxy/cluster --type=merge -p '{"spec":{"trustedCA":{"name":"${domainVariableName}-ca-bundle"}}}'
echo "CA bundle added to the OpenShift cluster and trusted cluster-wide."
Save the script in a file (e.g., add_ca_bundle_to_openshift.sh) and make it executable using:
chmod +x add_ca_bundle_to_openshift.sh
Then you can run the script with the URL as an argument:
./add_ca_bundle_to_openshift.sh https://example.com
Make sure to replace https://example.com with the URL you want to retrieve the CA bundle from. The script will fetch the CA bundle, create a ConfigMap in the openshift-config namespace, and update the cluster-wide proxy configuration to include the new CA bundle.