Open
Description
TODO
Find a way to grab the new certificate generated by Lets'encrypt to update our cluster (or a cluster)
Current procedure is:
- Identify the VM running the certmanager and lets'encrypt for domain:
snowdrop.dev - ssh to the VM and get the tls and key files
passstore-vm-ssh.sh openstack snowdrop-k8s
alias k=kubectl
k get secret/qshift-snowdrop-dev-tls -n snowdrop-site -ojson | jq -r '.data."tls.crt"' | base64 -d > tls.crt
k get secret/qshift-snowdrop-dev-tls -n snowdrop-site -ojson | jq -r '.data."tls.key"' | base64 -d > tls.key- Identify the ocp4 cluster where the console's certificate should be updated within the password store
- scp the files to the target cluster
- Recreate the secret used by ingress to access the ingress URL
Commands to be used
$ alias k=kubectl
$ mkdir cert-renew
$ pass openstack/ocp-qshift-wlg4j/kubeconfig > cert-renew/kubeconfig
$ cp <path_to_file>/tls.crt cert-renew/
$ cp <path_to_file>/tls.key cert-renew/
$ export KUBECONFIG=./kubeconfig
$ k -n openshift-ingress delete secret/qshift-console
$ k -n openshift-ingress create secret tls qshift-console --cert=cert-renew/tls.crt --key=cert-renew/tls.key # --dry-run="client" -oyaml