@@ -21,6 +21,10 @@ while [[ $# -gt 0 ]]; do
21
21
kubectl=" $2 "
22
22
shift
23
23
;;
24
+ --output-dir)
25
+ output_dir=" $2 "
26
+ shift
27
+ ;;
24
28
esac
25
29
shift
26
30
done
29
33
[ -z ${secret} ] && secret=" webhook-certs"
30
34
[ -z ${namespace} ] && namespace=" default"
31
35
[ -z ${kubectl} ] && kubectl=" kubectl"
36
+ [ -z ${output_dir} ] && output_dir=" "
32
37
33
38
which ${kubectl} > /dev/null 2>&1 || { echo " ERROR: ${kubectl} not found" ; exit 1; }
34
39
@@ -105,12 +110,25 @@ echo ${serverCert} | base64 --decode > ${tmpdir}/server-cert.pem
105
110
# clean-up any previously created secret for our service. Ignore errors if not present.
106
111
${kubectl} delete secret ${secret} 2> /dev/null || true
107
112
108
- # create the secret with CA cert and server cert/key
109
- ${kubectl} create secret generic ${secret} \
110
- --from-file=key.pem=${tmpdir} /server-key.pem \
111
- --from-file=cert.pem=${tmpdir} /server-cert.pem \
112
- --dry-run -o yaml |
113
- ${kubectl} -n ${namespace} apply -f -
113
+ if [ -z " ${output_dir} " ]; then
114
+ # create the secret with CA cert and server cert/key
115
+ ${kubectl} create secret generic ${secret} \
116
+ --from-file=key.pem=${tmpdir} /server-key.pem \
117
+ --from-file=cert.pem=${tmpdir} /server-cert.pem \
118
+ --dry-run -o yaml |
119
+ ${kubectl} -n ${namespace} apply -f -
120
+ else
121
+ # save CA cert and server cert/key to output_dir
122
+ ( cp ${tmpdir} /server-key.pem ${output_dir} /key.pem &&
123
+ cp ${tmpdir} /server-cert.pem ${output_dir} /cert.pem ) || {
124
+ echo " ERROR: failed to copy ${tmpdir} /server-{key,cert}.pem to output_dir \" ${output_dir} \" "
125
+ exit 1
126
+ }
127
+ ${kubectl} get configmap -n kube-system extension-apiserver-authentication -o=jsonpath=' {.data.client-ca-file}' > " ${output_dir} /client-ca-file" || {
128
+ echo " ERROR: failed to save extension-apiserver-authentication.client-ca-file to output_dir \" ${output_dir} \" "
129
+ exit 1
130
+ }
131
+ fi
114
132
115
133
echo " Removing ${tmpdir} "
116
134
rm -rf ${tmpdir}
0 commit comments