Kubernetes Sertifika Kontrolü ve Yenileme scripti
#!/bin/bash
set -e
renewed=0
configfiles=(
/etc/kubernetes/kubelet.conf
/etc/kubernetes/admin.conf
/etc/kubernetes/scheduler.conf
/etc/kubernetes/controller-manager.conf
)
certfiles=(
/etc/kubernetes/pki/apiserver.crt
/etc/kubernetes/pki/apiserver-etcd-client.crt
/etc/kubernetes/pki/apiserver-kubelet-client.crt
/etc/kubernetes/pki/ca.crt
/etc/kubernetes/pki/front-proxy-ca.crt
/etc/kubernetes/pki/front-proxy-client.crt
/etc/kubernetes/pki/etcd/ca.crt
/etc/kubernetes/pki/etcd/client.crt
/etc/kubernetes/pki/etcd/peer.crt
/etc/kubernetes/pki/etcd/server.crt
)
get_expire_time() {
date=$(echo "$1" | openssl x509 -enddate -noout | sed "s/.*=\(.*\)/\1/")
date_s=$(date -d "${date}" +%s)
now_s=$(date -d now +%s)
date_diff=$(( (date_s - now_s) / 86400 ))
if [ $date_diff -eq 0 ]; then
expires="$(( (date_s - now_s) / 3600 )) hours"
else
expires="$date_diff days"
fi
echo "$expires"
}
renew_certificate() {
sudo kubeadm alpha certs renew all
renewed=1
}
for configfile in ${configfiles[@]}; do
if [ ! -f $configfile ]; then
continue
fi
echo -n "Config file $configfile: "
CERT_DATA=$(cat $configfile | grep client-certificate-data | sed 's/ client-certificate-data: //')
CERT_FILE=$(cat $configfile | grep client-certificate | sed 's/ client-certificate: //')
if [ "$CERT_DATA" ]; then
expires=$(get_expire_time "$(echo $CERT_DATA | base64 -d)")
elif [ "$CERT_FILE" ]; then
expires=$(get_expire_time "$(cat $CERT_FILE)")
else
echo "no client certificate found"
continue
fi
echo "certificate expires in $expires"
# Sertifika süresi 30 günden az kalmışsa yenileme işlemi gerçekleştirilir
if [ ${expires%% *} -lt 30 ]; then
renew_certificate "$CERT_FILE"
fi
done
for certfile in ${certfiles[@]}; do
if [ ! -f $certfile ]; then
continue
fi
echo -n "Certificate $certfile: "
expires=$(get_expire_time "$(cat $certfile)")
echo "certificate expires in $expires"
# Sertifika süresi 30 günden az kalmışsa yenileme işlemi gerçekleştirilir
if [ ${expires%% *} -lt 30 ]; then
renew_certificate "$certfile"
fi
done
echo
if [ $renewed -eq 1 ]; then
echo -e "\e[32mSertifikalar başarıyla yenilendi.\e[0m"
echo "Kodu tekrar çalıştırarak yeni sertifika sürelerinizi görebilirsiniz."
else
echo -e "\e[31mSertifika süreniz hala geçerli.\e[0m"
fi
CODE