Script File to Update SSL Certificate for Load Balancer

You must create a script file, update_lb_ssl_cert.sh to update the OCI load balancer SSL certificate, in the administration instance.

#!/bin/bash
 
# Copyright (c) 2022, Oracle and/or its affiliates.  All rights reserved.
# This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
 
# This script provides a way to update the OCI load balancer ssl certificate.
#
# The script will:
#       * Create a TLS secret in kubernetes
#       * Run Helm upgrade for ingress controller charts with new certificate
#       * Runs a check on the svc. Please check the annotations for the new secret name.
#
#   Please refer to https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingloadbalancer.htm for more information
 
 
usage()
{
cat <<EOF
Usage: $0 [OPTION]
[Mandatory]
  -d WebLogic Domain Name
  -s Kubernetes secret name
  -k SSL Certificate Key file (e.g. tls.key)
  -c SSL Certificate file (e.g. tls.cert)
EOF
}
 
if [ "$#" -eq 0 ]; then
  usage
  exit 1
fi
 
 
while getopts ":d:s:k:c:h" opt; do
  case $opt in
    d) DOMAIN_NAME=$OPTARG >&2 ;;
    s) SSL_CERT_SECRET=$OPTARG >&2 ;;
    k) SSL_KEY_FILE=$OPTARG >&2 ;;
    c) SSL_CERT_FILE=$OPTARG >&2 ;;
    h) usage; exit 0 ;;
    \?) echo "Invalid option: -$OPTARG" >&2; usage; exit 1 ;;
    :)  echo "Option -$OPTARG requires an argument." >&2; usage; exit 1 ;;
  esac
done
 
echo $DOMAIN_NAME $SSL_CERT_SECRET $SSL_KEY_FILE $SSL_CERT_FILE
 
if [[ $DOMAIN_NAME == "" || $SSL_CERT_SECRET == "" || $SSL_KEY_FILE == "" || $SSL_CERT_FILE == "" ]];then
    usage; exit 0;
fi
 
[[ ! -f $SSL_KEY_FILE ]] && echo "Error:Cannot find $SSL_KEY_FILE." && exit 1
 
[[ ! -f $SSL_CERT_FILE ]] && echo "Error:Cannot find  $SSL_CERT_FILE." && exit 1
 
PROPERTIES_FILE="/u01/shared/provisioning_metadata.properties"
RELEASE_NAME="ingress-controller"
INGRESS_CHARTS=/u01/shared/scripts/pipeline/create_domain/ingress-controller
DEFAULT_VALUES=/u01/shared/weblogic-domains/$DOMAIN_NAME/ingress-controller-inputs.yaml
 
[[ ! -f $PROPERTIES_FILE ]] && echo "Error:Missing $PROPERTIES_FILE file." && exit 1;
 
[[ ! -f $DEFAULT_VALUES ]] &&  echo "Error:Missing helm chart values file [$DEFAULT_VALUES]" && exit 1;
 
INGRESS_NAMESPACE=$(cat $PROPERTIES_FILE| grep ingress_namespace | cut -d'=' -f2)
OCIR_INGRESS_CONTROLLER_REPO=$(cat $PROPERTIES_FILE| grep ocir_ingress_controller_repo | cut -d'=' -f2)
 
 
#1. Use the following command to create a TLS secret in Kubernetes, whose key and certificate values are set by --key and --cert, respectively.
kubectl create secret tls $SSL_CERT_SECRET --key $SSL_KEY_FILE --cert $SSL_CERT_FILE -n $INGRESS_NAMESPACE
kubectl create secret tls $SSL_CERT_SECRET --key $SSL_KEY_FILE --cert $SSL_CERT_FILE -n $DOMAIN_NAME-ns
 
#2. Update helm charts with new SSL secret value
cmd_output=$(helm upgrade --install $RELEASE_NAME $INGRESS_CHARTS --values $DEFAULT_VALUES --set cert_secret_name=$SSL_CERT_SECRET --set ocir_ingress_image_tag=$OCIR_INGRESS_CONTROLLER_REPO --wait 2>&1)
exit_code=$?
echo "${cmd_output}"
 
#3. Verify lb service is updated
kubectl describe svc "${DOMAIN_NAME}-lb-external" -n "${INGRESS_NAMESPACE}"