-
Notifications
You must be signed in to change notification settings - Fork 42
/
proxy.sh
executable file
·61 lines (51 loc) · 2.1 KB
/
proxy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
# TMP solution until k8s fix file permission for secret volume
# https://github.com/kubernetes/kubernetes/issues/34982
if [ ! -f /tmp/robotkey.pem ] && [ -f /etc/secrets/robotkey.pem ]; then
sudo cp /etc/secrets/robotkey.pem /tmp
sudo chmod 0400 /tmp/robotkey.pem
sudo chown $USER /tmp/robotkey.pem
sudo chgrp $USER /tmp/robotkey.pem
fi
if [ ! -f /tmp/robotcert.pem ] && [ -f /etc/secrets/robotcert.pem ]; then
sudo cp /etc/secrets/robotcert.pem /tmp
sudo chown $USER /tmp/robotcert.pem
sudo chgrp $USER /tmp/robotcert.pem
fi
if [ ! -f /tmp/robotkey.pem ] && [ -f /etc/robots/robotkey.pem ]; then
sudo cp /etc/robots/robotkey.pem /tmp
sudo chmod 0400 /tmp/robotkey.pem
sudo chown $USER /tmp/robotkey.pem
sudo chgrp $USER /tmp/robotkey.pem
fi
if [ ! -f /tmp/robotcert.pem ] && [ -f /etc/robots/robotcert.pem ]; then
sudo cp /etc/robots/robotcert.pem /tmp
sudo chown $USER /tmp/robotcert.pem
sudo chgrp $USER /tmp/robotcert.pem
fi
if [ -f /tmp/robotkey.pem ] && [ -f /tmp/robotcert.pem ]; then
# keep proxy validity for 4 days (roll over long weekend)
voms-proxy-init -voms cms -rfc -valid 95:50 \
-key /tmp/robotkey.pem \
-cert /tmp/robotcert.pem \
-out /tmp/proxy
#### Use below section for proxy in ms-unmerged service
# voms-proxy-init -voms cms -rfc -valid 95:50 \
# -key /tmp/robotkey.pem \
# -cert /tmp/robotcert.pem \
# --voms cms:/cms/Role=production --valid 192:00 \
# -out /tmp/proxy
out=$?
if [ $out -eq 0 ]; then
kubectl create secret generic proxy-secrets \
--from-file=/tmp/proxy --dry-run=client -o yaml | \
kubectl apply --validate=false -f -
#### Use below section for proxy in ms-unmerged service
# kubectl create secret generic proxy-secrets-ms-unmerged \
# --from-file=/tmp/proxy --dry-run=client -o yaml | \
# kubectl apply --validate=false -f -
else
echo "Failed to obtain new proxy, voms-proxy-init error $out"
echo "Will not update proxy-secrets"
fi
fi