[cert-rotatation] Also check initContainers for mounted certs

rotate-certs.sh script currently only checks if a certificate is mounted in containers. This updates it to also consider initContainers when restarting resources. Change-Id: I5d48c5bbd671c9f74b72ef4ecca36777c735c398
2022-04-14 23:43:50 -06:00 · 2022-04-14 23:43:50 -06:00 · 92977da6b8
commit 92977da6b8
parent f900462c33
3 changed files with 7 additions and 5 deletions
--- a/cert-rotation/Chart.yaml
+++ b/cert-rotation/Chart.yaml
@ -16,5 +16,5 @@ appVersion: "1.0"
 description: Rotate the certificates generated by cert-manager
 home: https://cert-manager.io/
 name: cert-rotation
-version: 0.1.3
+version: 0.1.4
 ...
--- a/cert-rotation/templates/bin/_rotate-certs.sh.tpl
+++ b/cert-rotation/templates/bin/_rotate-certs.sh.tpl
@ -136,9 +136,10 @@ function restart_the_pods(){
        # - get the name of the kind (which will index 1 = idx=0 of the output)
        # - get the names of the secrets mounted on this kind (which will be index 2 = idx+1)
        # - find if tls.crt was mounted to the container: get the subpaths of volumeMount in
-        #   the container and grep for tls.crt. (This will be index 2 = idx+2)
+        #   the container and grep for tls.crt. (This will be index 3 = idx+2)
+        # - or, find if tls.crt was mounted to the initContainer (This will be index 4 = idx+3)

-        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt || true))
+        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS-CONTAINER:.spec.template.spec.containers[*].volumeMounts[*].subPath,TLS-INIT:.spec.template.spec.initContainers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt || true))

        idx=0
        while [[ $idx -lt ${#resource[@]} ]]
@ -161,9 +162,9 @@ function restart_the_pods(){
                fi
            done

-            # Since we have 3 custom colums in the output, every 4th index will be start of new tuple.
+            # Since we have 4 custom columns in the output, every 5th index will be start of new tuple.
            # Jump to the next tuple.
-            idx=$((idx+3))
+            idx=$((idx+4))
        done
    done
 }
--- a/releasenotes/notes/cert-rotation.yaml
+++ b/releasenotes/notes/cert-rotation.yaml
@ -4,4 +4,5 @@ cert-rotation:
  - 0.1.1 Return true if grep finds no match
  - 0.1.2 Correct and enhance the rotation script
  - 0.1.3 Update htk requirements
+  - 0.1.4 Consider initContainers when restarting resources
 ...