apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pulsar-helm-chart/scripts/pulsar/clean_tls.sh
Peter Tinti f307cc32af
updates pulsar ca name generation to use suffix making cert swappable (#141) 
Updates CA name generation to be configurable allowing the swapping in of a CA.

### Motivation

We recently swapped out cert issuers and found that with the current helm chart we were unable to do a hot swap without downtime (via helm) because the CA cert name is not configurable. Being able to change the name of the CA allows us to create a new CA first -> Validate -> then swap over in follow up apply/release.

### Modifications

Adds the ability to specify the suffix used to generate the CA name (not the whole name in order to preserve back compatibility regardless of the release name.)
2021-08-25 23:14:03 -07:00

123 lines
3.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
set -e
CHART_HOME=$(unset CDPATH && cd $(dirname "${BASH_SOURCE[0]}")/../.. && pwd)
cd ${CHART_HOME}
namespace=${namespace:-pulsar}
release=${release:-pulsar-dev}
caSuffix=${caSuffix:-ca-tls}
clientComponents=${clientComponents:-"toolset"}
serverComponents=${serverComponents:-"bookie,broker,proxy,recovery,zookeeper"}
usage() {
cat <<EOF
This script is used to delete tls certs for a given pulsar helm deployment generated by "upload_tls.sh".
Options:
-h,--help prints the usage message
-n,--namespace the k8s namespace to install the pulsar helm chart. Defaut to ${namespace}.
-k,--release the pulsar helm release name. Default to ${release}.
-ca,--ca-suffix the suffix used to name the CA certificate. Default to ${caSuffix}.
-c,--client-components the client components of pulsar cluster. a comma separated list of components. Default to ${clientComponents}.
-s,--server-components the server components of pulsar cluster. a comma separated list of components. Default to ${serverComponents}.
Usage:
$0 --namespace pulsar --release pulsar-dev
EOF
}
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-n|--namespace)
namespace="$2"
shift
shift
;;
-k|--release)
release="$2"
shift
shift
;;
-ca|--ca-suffix)
caSuffix="$2"
shift
shift
;;
-c|--client-components)
clientComponents="$2"
shift
shift
;;
-s|--server-components)
serverComponents="$2"
shift
shift
;;
-h|--help)
usage
exit 0
;;
*)
echo "unknown option: $key"
usage
exit 1
;;
esac
done
function delete_ca() {
local tls_ca_secret="${release}-${caSuffix}"
kubectl delete secret ${tls_ca_secret} -n ${namespace}
}
function delete_server_cert() {
local component=$1
local server_cert_secret="${release}-tls-${component}"
kubectl delete secret ${server_cert_secret} \
-n ${namespace}
}
function delete_client_cert() {
local component=$1
local client_cert_secret="${release}-tls-${component}"
kubectl delete secret ${client_cert_secret} \
-n ${namespace}
}
delete_ca
IFS=', ' read -r -a server_components <<< "$serverComponents"
for component in "${server_components[@]}"
do
delete_server_cert ${component}
done
IFS=', ' read -r -a client_components <<< "$clientComponents"
for component in "${client_components[@]}"
do
delete_client_cert ${component}
done
Reference in New Issue View Git Blame Copy Permalink