Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Patch inputs commaseparated domains, path to TLS secret file & the production Service struct
- // These should be sufficient to patch the annotations and create/update the secret in production
- func Patch(domains string, certSecretPath string, service utils.Service) bool {
- //////////////////////////
- // Create or Update Secret
- //////////////////////////
- secret := utils.GetLocalSecret(certSecretPath)
- log.Printf("Searching for existing secret Name:[%s] Namespace:[%s] in kubernetes...\n", secret.Metadata.Name, secret.Metadata.Namespace)
- secretExists := FindSecret(secret.Metadata.Name, secret.Metadata.Namespace)
- if secret.Kind == "Secret" {
- log.Printf("Local secret is of kind Secret\n")
- if !secretExists {
- log.Printf("Creating secret...\n")
- CreateSecret(certSecretPath)
- } else {
- log.Printf("Replacing existing secret...\n")
- ReplaceSecret(certSecretPath)
- }
- } else {
- panic("Certificate-secret not of Kind=Secret, Panicking.")
- }
- log.Printf("Secret successfully created/updated\n")
- ///////////////////////////////////////////
- // Create or Update Certificate Annotations
- ///////////////////////////////////////////
- // 1. The secrets holds the primary domain in the certificate name, strip "-cert" from it
- certificateReference := strings.Replace(secret.Metadata.Name, "-cert", "", -1)
- // 2. The certificateReference holds the primary domain, replace - with .
- primaryDomain := strings.Replace(certificateReference, "-", ".", -1)
- log.Printf("Certificate reference [%s]\n", certificateReference)
- log.Printf("Primary domain [%s]\n", primaryDomain)
- // 3. Concatenate the strings to build the reference
- domainCertificateReference := fmt.Sprintf("%s:%s", primaryDomain, certificateReference)
- // 4. Check if reference is present, if it is we EXIT
- certificateReferencePresent := strings.Contains(service.Metadata.Annotations.RouterDeisIoCertificates, domainCertificateReference)
- if certificateReferencePresent {
- return true
- }
- // 5. It's not present, is there any certificates present?
- if len(strings.TrimSpace(service.Metadata.Annotations.RouterDeisIoCertificates)) == 0 {
- // No, begin patching in Annotation Certificate without prefixing (,)
- PatchCertificateAnnotation(service, primaryDomain, domainCertificateReference, false)
- } else {
- // Yes begin patching in Annotation Certificate with prefixing (,)
- PatchCertificateAnnotation(service, primaryDomain, domainCertificateReference, true)
- }
- return false
- }
- // PatchCertificateAnnotation the *(/&-dangerous-&\)* function
- func PatchCertificateAnnotation(service utils.Service, primaryDomain string, domainCertificateReference string, prefix bool) {
- log.Printf("Kubectl starting patch for annotations...\n")
- finalAnnotationString := ""
- if prefix {
- finalAnnotationString = service.Metadata.Annotations.RouterDeisIoCertificates + "," + domainCertificateReference
- } else {
- finalAnnotationString = domainCertificateReference
- }
- log.Printf("Annotation string: [%s]", finalAnnotationString)
- // kubectl annotate --overwrite services service.Metadata.Name -n service.Metadata.Namespace router.deis.io/certificates=finalAnnotationString
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement