2024-07-09 11:41:10 +01:00
|
|
|
apiVersion: batch/v1
|
|
|
|
kind: CronJob
|
|
|
|
metadata:
|
|
|
|
name: router-cert
|
|
|
|
namespace: default
|
|
|
|
spec:
|
|
|
|
jobTemplate:
|
|
|
|
spec:
|
|
|
|
template:
|
|
|
|
spec:
|
|
|
|
volumes:
|
|
|
|
- secret:
|
|
|
|
secretName: router-gmem-ca
|
|
|
|
name: cert
|
|
|
|
containers:
|
|
|
|
- command:
|
|
|
|
- /bin/bash
|
|
|
|
- -c
|
|
|
|
- >
|
|
|
|
curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}/start"
|
|
|
|
|
|
|
|
export LOGIN=$(echo -n "${LOGIN_USERNAME}:${LOGIN_PASSWORD}" | base64 -w0)
|
|
|
|
|
|
|
|
curl "https://${BASE_URL}/login.cgi"
|
|
|
|
-H "Content-Type: application/x-www-form-urlencoded"
|
|
|
|
-H "Referer: https://${BASE_URL}/Main_Login.asp"
|
|
|
|
--data-urlencode "login_authorization=${LOGIN}"
|
|
|
|
-c /tmp/cookie.txt -k
|
|
|
|
|
|
|
|
curl "https://${BASE_URL}/upload_cert_key.cgi"
|
|
|
|
-H "Referer: https://${BASE_URL}/Advanced_ASUSDDNS_Content.asp"
|
|
|
|
-F "file_key=@/data/tls.key"
|
|
|
|
-F "file_cert=@/data/tls.crt"
|
|
|
|
-F "le_enable=2"
|
|
|
|
-b /tmp/cookie.txt -k
|
|
|
|
|
|
|
|
curl "https://${BASE_URL}/Logout.asp"
|
|
|
|
-H "Referer: https://${BASE_URL}/index.asp"
|
|
|
|
-b /tmp/cookie.txt -k
|
|
|
|
|
|
|
|
curl "https://healthchecks.gmem.ca/ping/${HEALTHCHECKS_UUID}"
|
|
|
|
envFrom:
|
|
|
|
- configMapRef:
|
|
|
|
name: router-cert
|
|
|
|
- secretRef:
|
|
|
|
name: router-cert
|
2024-07-20 12:48:46 +01:00
|
|
|
image: git.gmem.ca/arch/kutils
|
2024-07-09 11:41:10 +01:00
|
|
|
name: upload-certificate
|
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /data
|
|
|
|
name: cert
|
|
|
|
restartPolicy: Never
|
|
|
|
schedule: "0 0 1 * *"
|
|
|
|
---
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
|
|
kind: Certificate
|
|
|
|
metadata:
|
|
|
|
name: router-gmem-ca
|
|
|
|
namespace: default
|
|
|
|
spec:
|
|
|
|
# Secret names are always required.
|
|
|
|
secretName: router-gmem-ca
|
|
|
|
|
|
|
|
duration: 2160h # 90d
|
|
|
|
renewBefore: 360h # 15d
|
|
|
|
|
|
|
|
dnsNames:
|
|
|
|
- router.gmem.ca
|
|
|
|
issuerRef:
|
|
|
|
name: le-issuer
|
|
|
|
# We can reference ClusterIssuers by changing the kind here.
|
|
|
|
# The default value is Issuer (i.e. a locally namespaced Issuer)
|
|
|
|
kind: ClusterIssuer
|
|
|
|
# This is optional since cert-manager will default to this value however
|
|
|
|
# if you are using an external issuer, change this to that issuer group.
|
|
|
|
group: cert-manager.io
|
|
|
|
---
|
|
|
|
apiVersion: v1
|
|
|
|
data:
|
|
|
|
BASE_URL: router.gmem.ca
|
|
|
|
kind: ConfigMap
|
|
|
|
metadata:
|
|
|
|
name: router-cert
|
|
|
|
namespace: default
|
|
|
|
---
|
|
|
|
apiVersion: secrets.hashicorp.com/v1beta1
|
|
|
|
kind: VaultStaticSecret
|
|
|
|
metadata:
|
|
|
|
name: router-cert
|
|
|
|
namespace: default
|
|
|
|
spec:
|
|
|
|
destination:
|
|
|
|
create: true
|
|
|
|
name: router-cert
|
|
|
|
mount: kv
|
|
|
|
path: default/router-cert
|
|
|
|
refreshAfter: 30s
|
|
|
|
type: kv-v2
|
|
|
|
vaultAuthRef: vault
|