cert-manager and external-dns

Author: iankouls-aws

.env

@@ -59,7 +59,7 @@ export MOD=""
 export MOD_TAG=$(if [ "$MOD" == "" ]; then echo ""; else echo "-${MOD}"; fi)
 ## VERSION: [optional] - Version tag for this Docker image. Example: v20180302
 #export VERSION=v$(date +%Y%m%d)
-export VERSION=v20250514
+export VERSION=v20250516
 export TAG=$(if [ -z "${VERSION}" ]; then echo ":latest${MOD_TAG}"; else echo ":${VERSION}${MOD_TAG}"; fi) 
 ## BUILD_OPTS: [optional] - arguments for the docker image build command
 export BUILD_OPTS="--progress plain --build-arg http_proxy=${http_proxy} --build-arg https_proxy=${https_proxy} --build-arg no_proxy=${no_proxy} --build-arg MOD=${MOD}"

Container-Root/hyperpod/deployment/.gitkeep

@@ -1,2 +1,5 @@
 clusterissuer.yaml
-letsencrypt.yaml
+letsencrypt-app.yaml
+certificate.yaml
+*.crt
+*.key

Container-Root/hyperpod/deployment/eks/cert-manager/letsencrypt/.gitignore

@@ -18,13 +18,17 @@ else
 	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
 	export SECRET_NAME=$(eval "$CMD")
 
-	CMD="kubectl get secret ${SECRET_NAME} -o json -o=jsonpath='{.data.tls\.crt}' | base64 -d | tee ${CERTIFICATE_NAME}.crt"
+	CMD="kubectl get secret ${SECRET_NAME} -o json -o=jsonpath='{.data.tls\.crt}' | base64 -d | tee ${CERTIFICATE_NAME}-chain.crt"
 	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
         eval "$CMD"
 
 	CMD="kubectl get secret ${SECRET_NAME} -o json -o=jsonpath='{.data.tls\.key}' | base64 -d | tee ${CERTIFICATE_NAME}.key"
 	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
         eval "$CMD"
+
+	CMD="cat ${CERTIFICATE_NAME}-chain.crt | sed '/BEGIN/,/END/!d;/END/q' | tee ${CERTIFICATE_NAME}.crt"
+	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
+        eval "$CMD"
 fi
 
 echo ""

Container-Root/hyperpod/deployment/eks/cert-manager/letsencrypt/cert-export.sh

@@ -2,9 +2,27 @@
 
 # List certificates
 
-CMD="kubectl get certificate"
-if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
-eval "$CMD"
+usage() {
+	echo ""
+	echo "Usage: $0 [DNS_NAME]"
+	echo ""
+	echo "DNS_NAME   - optional, list certificates for the specified DNS name only"
+	echo ""
+}
+
+if [ "$1" == "--help" ]; then
+	usage
+else
+
+	if [ "$1" == "" ]; then
+		CMD="kubectl get certificate"
+	else
+		CERT_NAME=$(echo $1 | sed -e 's/\./-/g')
+		CMD="kubectl get certificate | grep ${CERT_NAME}"
+	fi
+	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
+	eval "$CMD"
+fi
 
 echo ""
 

Container-Root/hyperpod/deployment/eks/cert-manager/letsencrypt/cert-list.sh

@@ -1,3 +1,4 @@
 certificate.yaml
 selfsigned-app.yaml
-
+*.crt
+*.key

Container-Root/hyperpod/deployment/eks/cert-manager/selfsigned/.gitignore

@@ -2,9 +2,27 @@
 
 # List certificates
 
-CMD="kubectl get certificate"
-if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
-eval "$CMD"
+usage() {
+	echo ""
+	echo "Usage: $0 [DNS_NAME]"
+	echo ""
+	echo "DNS_NAME   - optional, list certificates for the specified DNS name only"
+	echo ""
+}
+
+if [ "$1" == "--help" ]; then
+	usage
+else
+
+	if [ "$1" == "" ]; then
+		CMD="kubectl get certificate"
+	else
+		CERT_NAME=$(echo $1 | sed -e 's/\./-/g')
+		CMD="kubectl get certificate | grep ${CERT_NAME}"
+	fi
+	if [ ! "$verbose" == "false" ]; then echo -e "\n${CMD}\n"; fi
+	eval "$CMD"
+fi
 
 echo ""
 

Container-Root/hyperpod/deployment/eks/cert-manager/selfsigned/cert-list.sh

@@ -1,8 +1,6 @@
 #!/bin/bash
 
-pushd ../../..
-EKS_CLUSTER_NAME=$(./hyperpod-describe.sh | tail -n +6 | jq -r .Orchestrator.Eks.ClusterArn | cut -d '/' -f 2)
-popd
+EKS_CLUSTER_NAME=$(kubectl config current-context | cut -d '/' -f 2)
 
 CMD="aws eks create-addon --addon-name amazon-cloudwatch-observability --cluster-name $EKS_CLUSTER_NAME"
 

Container-Root/hyperpod/deployment/eks/cloudwatch-observability/deploy.sh

@@ -1,8 +1,6 @@
 #!/bin/bash
 
-pushd ../../..
-EKS_CLUSTER_NAME=$(./hyperpod-describe.sh | tail -n +6 | jq -r .Orchestrator.Eks.ClusterArn | cut -d '/' -f 2)
-popd
+EKS_CLUSTER_NAME=$(kubectl config current-context | cut -d '/' -f 2)
 
 CMD="aws eks delete-addon --addon-name amazon-cloudwatch-observability --cluster-name $EKS_CLUSTER_NAME"