infra/kubernetes/misc/CronJob-router-cert.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: router-cert
  namespace: default
spec:
  jobTemplate:
    spec:
      template:
        spec:
          volumes:
          - secret:
              secretName: router-gmem-ca
            name: cert
          containers:
            - command:
                - /bin/bash
                - -c
                - >
                  curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}/start"

                  export LOGIN=$(echo -n "${LOGIN_USERNAME}:${LOGIN_PASSWORD}" | base64 -w0)

                  curl "https://${BASE_URL}/login.cgi"
                  -H "Content-Type: application/x-www-form-urlencoded"
                  -H "Referer: https://${BASE_URL}/Main_Login.asp"
                  --data-urlencode "login_authorization=${LOGIN}"
                  -c /tmp/cookie.txt -k

                  curl "https://${BASE_URL}/upload_cert_key.cgi"
                  -H "Referer: https://${BASE_URL}/Advanced_ASUSDDNS_Content.asp"
                  -F "file_key=@/data/tls.key"
                  -F "file_cert=@/data/tls.crt"
                  -F "le_enable=2"
                  -b /tmp/cookie.txt -k

                  curl "https://${BASE_URL}/Logout.asp"
                  -H "Referer: https://${BASE_URL}/index.asp"
                  -b /tmp/cookie.txt -k

                  curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}"
              envFrom:
                - configMapRef:
                    name: router-cert
                - secretRef:
                    name: router-cert
              image: git.gmem.ca/arch/kutils
              name: upload-certificate
              volumeMounts:
              - mountPath: /data
                name: cert
          restartPolicy: Never
  schedule: "0 0 1 * *"
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: router-gmem-ca
  namespace: default
spec:
  # Secret names are always required.
  secretName: router-gmem-ca

  duration: 2160h # 90d
  renewBefore: 360h # 15d

  dnsNames:
    - router.gmem.ca
  issuerRef:
    name: le-issuer
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: ClusterIssuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
    group: cert-manager.io
---
apiVersion: v1
data:
  BASE_URL: router.gmem.ca
kind: ConfigMap
metadata:
  name: router-cert
  namespace: default
---
apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: router-cert
  namespace: default
spec:
  destination:
    create: true
    name: router-cert
  mount: kv
  path: default/router-cert
  refreshAfter: 30s
  type: kv-v2
  vaultAuthRef: vault
A ton of tweaks to fully spin up cluster from zero 2024-07-09 11:41:10 +01:00			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: router-cert`
			`namespace: default`
			`spec:`
			`jobTemplate:`
			`spec:`
			`template:`
			`spec:`
			`volumes:`
			`- secret:`
			`secretName: router-gmem-ca`
			`name: cert`
			`containers:`
			`- command:`
			`- /bin/bash`
			`- -c`
			`- >`
			`curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}/start"`

			`export LOGIN=$(echo -n "${LOGIN_USERNAME}:${LOGIN_PASSWORD}" \| base64 -w0)`

			`curl "https://${BASE_URL}/login.cgi"`
			`-H "Content-Type: application/x-www-form-urlencoded"`
			`-H "Referer: https://${BASE_URL}/Main_Login.asp"`
			`--data-urlencode "login_authorization=${LOGIN}"`
			`-c /tmp/cookie.txt -k`

			`curl "https://${BASE_URL}/upload_cert_key.cgi"`
			`-H "Referer: https://${BASE_URL}/Advanced_ASUSDDNS_Content.asp"`
			`-F "file_key=@/data/tls.key"`
			`-F "file_cert=@/data/tls.crt"`
			`-F "le_enable=2"`
			`-b /tmp/cookie.txt -k`

			`curl "https://${BASE_URL}/Logout.asp"`
			`-H "Referer: https://${BASE_URL}/index.asp"`
			`-b /tmp/cookie.txt -k`

			`curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}"`
			`envFrom:`
			`- configMapRef:`
			`name: router-cert`
			`- secretRef:`
			`name: router-cert`
Swap cronjob image 2024-07-20 12:48:46 +01:00			`image: git.gmem.ca/arch/kutils`
A ton of tweaks to fully spin up cluster from zero 2024-07-09 11:41:10 +01:00			`name: upload-certificate`
			`volumeMounts:`
			`- mountPath: /data`
			`name: cert`
			`restartPolicy: Never`
			`schedule: "0 0 1 * *"`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: router-gmem-ca`
			`namespace: default`
			`spec:`
			`# Secret names are always required.`
			`secretName: router-gmem-ca`

			`duration: 2160h # 90d`
			`renewBefore: 360h # 15d`

			`dnsNames:`
			`- router.gmem.ca`
			`issuerRef:`
			`name: le-issuer`
			`# We can reference ClusterIssuers by changing the kind here.`
			`# The default value is Issuer (i.e. a locally namespaced Issuer)`
			`kind: ClusterIssuer`
			`# This is optional since cert-manager will default to this value however`
			`# if you are using an external issuer, change this to that issuer group.`
			`group: cert-manager.io`
			`---`
			`apiVersion: v1`
			`data:`
			`BASE_URL: router.gmem.ca`
			`kind: ConfigMap`
			`metadata:`
			`name: router-cert`
			`namespace: default`
			`---`
			`apiVersion: secrets.hashicorp.com/v1beta1`
			`kind: VaultStaticSecret`
			`metadata:`
			`name: router-cert`
			`namespace: default`
			`spec:`
			`destination:`
			`create: true`
			`name: router-cert`
			`mount: kv`
			`path: default/router-cert`
			`refreshAfter: 30s`
			`type: kv-v2`
			`vaultAuthRef: vault`