Skip to content

Commit

Permalink
[ci] Automatically recreate expired root cert in dev and test namespa…
Browse files Browse the repository at this point in the history 
…ces (#13135)

Was getting tired of having to manually delete my root cert every so
often and redeploy. This will recreate the root cert in dev and test
namespaces if it is already expired. Deleting an expired root cert won't
break communication that isn't already now broken.
  • Loading branch information
@daniel-goldstein
daniel-goldstein authored Jun 10, 2023
1 parent 39bde98 commit 80334af
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,19 @@ steps:
image:
valueFrom: create_certs_image.image
script: |
{% if not deploy %}
kubectl get secret -n {{ default_ns.name }} ssl-config-hail-root \
--template={% raw %}'{{index .data "hail-root-cert.pem"}}'{% endraw %} \
| base64 --decode \
| openssl x509 -checkend 0 -noout -in -
if [ "$?" -ne 0 ]
then
kubectl delete secret -n {{ default_ns.name }} ssl-config-hail-root
fi
{% endif %}
openssl req -new -x509 -subj /CN=hail-root -nodes -newkey rsa:4096 -keyout hail-root-key.pem -out hail-root-cert.pem
until kubectl get secret -n {{ default_ns.name }} ssl-config-hail-root
do
Expand Down

0 comments on commit 80334af

Please sign in to comment.