| garciadeblas | 8d8cd99 | 2024-05-21 16:04:14 +0200 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | ####################################################################################### |
| 3 | # Copyright ETSI Contributors and Others. |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| 14 | # implied. |
| 15 | # See the License for the specific language governing permissions and |
| 16 | # limitations under the License. |
| 17 | ####################################################################################### |
| 18 | |
| 19 | set -e |
| 20 | |
| 21 | export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")") |
| 22 | source "${HERE}/library/functions.sh" |
| 23 | source "${HERE}/library/trap.sh" |
| 24 | |
| 25 | ############################################ |
| 26 | # Main script starts here |
| 27 | ############################################ |
| 28 | |
| 29 | # If there is no Ingress Controller, returns |
| 30 | if [[ -z $(kubectl get svc/ingress-nginx-controller -n ingress-nginx 2> /dev/null) ]] |
| 31 | then |
| 32 | echo "No Ingress controller installed. Exiting" |
| 33 | exit 1 |
| 34 | fi |
| 35 | |
| 36 | # Retrieve ports |
| 37 | export MINIO_CONSOLE_HTTP_PORT=$(kubectl get svc/console -n minio-operator -o jsonpath='{.spec.ports[?(.name=="http")].port}') |
| 38 | export MINIO_CONSOLE_HTTPS_PORT=$(kubectl get svc/console -n minio-operator -o jsonpath='{.spec.ports[?(.name=="https")].port}') |
| 39 | export MINIO_TENANT_HTTPS_PORT=$(kubectl get svc/minio -n ${MINIO_TENANT_NAME} -o jsonpath='{.spec.ports[?(.name=="https-minio")].port}') |
| 40 | |
| 41 | # Determine Ingress host names |
| 42 | INGRESS_IP=$(kubectl get svc/ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}') |
| 43 | export MINIO_INGRESS_CONSOLE_HOST="console.s3.${INGRESS_IP}.nip.io" |
| 44 | export MINIO_INGRESS_TENANT_HOST="${MINIO_TENANT_NAME}.s3.${INGRESS_IP}.nip.io" |
| 45 | |
| 46 | # Determine locations of TLS certificates for tenant's endpoint, if applicable |
| 47 | export MINIO_TENANT_TLS_KEY="${CREDENTIALS_DIR}/tls.${MINIO_TENANT_NAME}.key" |
| 48 | export MINIO_TENANT_TLS_CERT="${CREDENTIALS_DIR}/tls.${MINIO_TENANT_NAME}.cert" |
| 49 | |
| 50 | # If applicable, deploy Ingress to access Minio Console from outside |
| 51 | if [[ "${MINIO_EXPOSE_CONSOLE}" == "true" ]] |
| 52 | then |
| 53 | m "\nDeploying Ingress for Console..." |
| 54 | envsubst < ingress-manifests/console/ingress-console.yaml | \ |
| 55 | kubectl apply -f - |
| 56 | fi |
| 57 | |
| 58 | # If applicable, deploy Ingress to access the Minio Tenant from outside |
| 59 | if [[ "${MINIO_EXPOSE_TENANT}" == "true" ]] |
| 60 | then |
| 61 | m "\nDeploying Ingress for ${MINIO_TENANT_NAME} tenant..." |
| 62 | |
| 63 | # Create self-signed certificate (comment if using pre-created certificate) |
| 64 | openssl req -x509 \ |
| 65 | -nodes \ |
| 66 | -days 365 \ |
| 67 | -newkey rsa:2048 \ |
| 68 | -keyout "${MINIO_TENANT_TLS_KEY}" \ |
| 69 | -out "${MINIO_TENANT_TLS_CERT}" \ |
| 70 | -subj "/CN=${MINIO_INGRESS_TENANT_HOST}/O=${MINIO_INGRESS_TENANT_HOST}" \ |
| 71 | -addext "subjectAltName = DNS:${MINIO_INGRESS_TENANT_HOST}" |
| 72 | |
| 73 | kubectl create secret tls nginx-tls \ |
| 74 | --key "${MINIO_TENANT_TLS_KEY}" \ |
| 75 | --cert "${MINIO_TENANT_TLS_CERT}" \ |
| 76 | -n ${MINIO_TENANT_NAME} |
| 77 | |
| 78 | envsubst < ingress-manifests/tenant/ingress-tenant.yaml | \ |
| 79 | kubectl apply -f - |
| 80 | |
| 81 | echo "${MINIO_TENANT_NAME} tenant exposed at https://${MINIO_INGRESS_TENANT_HOST}" |
| 82 | fi |