heimdall-admission/deploy.sh at master · kryanbeane/heimdall-admission · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/usr/bin/env bash

set -euo pipefail

basedir="$(dirname "$0")/deployment"
keydir="$(mktemp -d)"

# Generate keys into a temporary directory.
echo "Generating TLS keys ..."
"${basedir}/generate-keys.sh" "$keydir"

# Create the TLS secret for the generated keys.
kubectl -n heimdall create secret tls heimdall-admission-controller-tls \
    --cert "${keydir}/heimdall-admission-controller-tls.crt" \
    --key "${keydir}/heimdall-admission-controller-tls.key"

# Read the PEM-encoded CA certificate, base64 encode it, and replace the `${CA_PEM_B64}` placeholder in the YAML
# template with it. Then, create the Kubernetes resources.
ca_pem_b64="$(openssl base64 -A <"${keydir}/ca.crt")"
sed -e 's@${CA_PEM_B64}@'"$ca_pem_b64"'@g' <"${basedir}/deployment.yaml" \
    | kubectl create -f -

rm -rf "$keydir"

kubectl create -f "${basedir}/rbac.yaml"

echo "The webhook server has been deployed and configured!"