diff --git a/Dockerfile.controller b/Dockerfile.controller index 4c59f7a..cfe8eab 100644 --- a/Dockerfile.controller +++ b/Dockerfile.controller @@ -13,7 +13,7 @@ RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a / && chmod +x /usr/local/bin/brother_ql_web COPY config.json *.png /root/ -COPY cert-card print-your-cert-controller kubectl-curl /usr/local/bin/ +COPY cert-card print-your-cert-controller /usr/local/bin/ EXPOSE 8013 diff --git a/kubectl-curl b/kubectl-curl deleted file mode 100755 index a556611..0000000 --- a/kubectl-curl +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/bash - -set -e -b # The flag '-b' silences bash's job control messages. - -SOCKET=/tmp/kubectl-curl-$$.sock - -kubectl proxy --unix-socket "$SOCKET" >/dev/null & - -# The variables $! and $SOCKET are immediately expanded so that we know -# which process to kill in the trap. -# shellcheck disable=SC2064 -trap "trap - SIGTERM && kill $! && rm -f $SOCKET" SIGINT SIGTERM EXIT - -while ! curl --unix-socket "$SOCKET" --fail http://localhost -o /dev/null >/dev/null 2>&1; do - sleep 0.01 -done - -curl --unix-socket "$SOCKET" "$@" - -# read -r MIN MAX <(awk '{print $1, $2}' /proc/sys/net/ipv4/ip_local_port_range) -# while :; do -# PORT="$(shuf -i "$MIN-$MAX" -n 1)" -# ss -lpn | grep -q ":$PORT " || break -# done -# SERVER=$(kubectl config view --minify -ojson | jq '.clusters[].cluster.server' -r) -# kubectl config view --minify -ojson | jq '.clusters[].cluster.certificate-authority-data' -r | base64 -d >/tmp/kubectl-curl-ca.crt -# kubectl config view --minify -ojson | jq '.users[].user.client-certificate-data' -r | base64 -d >/tmp/kubectl-curl-client.crt -# kubectl config view --minify -ojson | jq '.users[].user.client-key-data' -r | base64 -d >/tmp/kubectl-curl-client.key -# curl --cacert /tmp/kubectl-curl-ca.crt --cert <(cat /tmp/kubectl-curl-client.crt /tmp/kubectl-curl-client.key) "$@" diff --git a/print-your-cert-controller b/print-your-cert-controller index bac07f4..034cd2f 100755 --- a/print-your-cert-controller +++ b/print-your-cert-controller @@ -32,14 +32,17 @@ kubectl get cert -ojson --watch | jq -c --unbuffered | while read -r cert; do ;; true,*,) printf "%s: certificate has the annotation, let's set the 'Printed' condition to 'False' until it is printed.\n" "$(jq -r .metadata.name <<<"$cert")" - if ! out=$(kubectl curl --fail -sS -k -H "Content-Type: application/json-patch+json" \ - -X PATCH http://localhost/apis/cert-manager.io/v1/namespaces/default/certificates/"$(jq -r .metadata.name <<<"$cert")"/status \ - -d '[{"op": "add", "path": "/status/conditions", "value":[{ - "type": "Printed", - "status": "False", - "reason": "Pending", - "message": "The print-your-cert-controller has acknowledged this certificate, and will print it shortly." - }]}]' 2>&1); then + if ! out=$( + kubectl patch cert "$(jq -r .metadata.name <<<"$cert")" --subresource status --type=json -p ' + [{ + "op": "add", "path": "/status/conditions", "value":[{ + "type": "Printed", + "status": "False", + "reason": "Pending", + "message": "The print-your-cert-controller has acknowledged this certificate, and will print it shortly." + }] + }]' 2>&1 + ); then printf "%s: failed to set the 'Printed' condition to 'False': %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tr $'\n' ' ' <<<"$out")" fi continue @@ -56,58 +59,60 @@ kubectl get cert -ojson --watch | jq -c --unbuffered | while read -r cert; do printf "%s: printing.\n" "$(jq -r .metadata.name <<<"$cert")" - if ! out=$(cert-card $certname $annotation_value_fetchkey <<<"$pem" 2>&1); then + if ! out=$(cert-card "$certname" "$annotation_value_fetchkey" <<<"$pem" 2>&1); then printf "%s: failed to generate front-....png and back-....png.\n" "$(jq -r .metadata.name <<<"$cert")" "$(tr $'\n' ' ' <<<"$out")" continue fi - out= - brother_rc= + out= + brother_rc= - if [[ -n $mock ]]; then - out="mocked output for front print" - brother_rc=0 - else - out=$(brother_ql --model QL-820NWB --printer usb://0x04f9:0x209d print --label 62 front-$certname.png 2>&1) - brother_rc=$? - fi + if [[ -n $mock ]]; then + out="mocked output for front print" + brother_rc=0 + else + out=$(brother_ql --model QL-820NWB --printer usb://0x04f9:0x209d print --label 62 "front-$certname.png" 2>&1) + brother_rc=$? + fi - if [[ $brother_rc != 0 ]] ; then + if [[ $brother_rc != 0 ]]; then printf "%s: failed to print front-$certname.png: %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tail -1 <<<"$out")" - if ! out=$(kubectl curl --fail -sS -k -H "Content-Type: application/json-patch+json" \ - -X PATCH http://localhost/apis/cert-manager.io/v1/namespaces/default/certificates/"$(jq -r .metadata.name <<<"$cert")"/status \ - -d '[{"op": "add", "path": "/status/conditions", "value":[{ - "type": "Printed", - "status": "False", - "reason": "Error", - "message": "brother_ql: '"$(tail -1 <<<"$out")"'" - }]}]' 2>&1); then + if ! out=$(kubectl patch cert "$(jq -r .metadata.name <<<"$cert")" --subresource status --type=json -p ' + [{ + "op": "add", "path": "/status/conditions", "value":[{ + "type": "Printed", + "status": "False", + "reason": "Error", + "message": "brother_ql: '"$(tail -1 <<<"$out")"'" + }] + }]' 2>&1); then printf "%s: failed to set the 'Printed' condition to 'False': %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tr $'\n' ' ' <<<"$out")" fi continue fi - out= - brother_rc= + out= + brother_rc= - if [[ -n $mock ]]; then - out="mocked output for front print" - brother_rc=0 - else - out=out=$(brother_ql --model QL-820NWB --printer usb://0x04f9:0x209d print --label 62 back-$certname.png 2>&1) - brother_rc=$? - fi + if [[ -n $mock ]]; then + out="mocked output for front print" + brother_rc=0 + else + out=out=$(brother_ql --model QL-820NWB --printer usb://0x04f9:0x209d print --label 62 back-$certname.png 2>&1) + brother_rc=$? + fi - if [[ $brother_rc != 0 ]] ; then + if [[ $brother_rc != 0 ]]; then printf "%s: failed to print back-$certname.png: %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tail -1 <<<"$out")" - if ! out=$(kubectl curl --fail -sS -k -H "Content-Type: application/json-patch+json" \ - -X PATCH http://localhost/apis/cert-manager.io/v1/namespaces/default/certificates/"$(jq -r .metadata.name <<<"$cert")"/status \ - -d '[{"op": "add", "path": "/status/conditions", "value":[{ - "type": "Printed", - "status": "False", - "reason": "Error", - "message": "brother_ql: '"$(tail -1 <<<"$out")"'" - }]}]' 2>&1); then + if ! out=$(kubectl patch cert "$(jq -r .metadata.name <<<"$cert")" --subresource status --type=json -p ' + [{ + "op": "add", "path": "/status/conditions", "value":[{ + "type": "Printed", + "status": "False", + "reason": "Error", + "message": "brother_ql: '"$(tail -1 <<<"$out")"'" + }] + }]' 2>&1); then printf "%s: failed to set the 'Printed' condition to 'False': %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tr $'\n' ' ' <<<"$out")" fi continue @@ -115,9 +120,11 @@ kubectl get cert -ojson --watch | jq -c --unbuffered | while read -r cert; do # Now that the certificate is printed, we can update the status of # the certificate. - if ! out=$(kubectl curl --fail -sS -k -H "Content-Type: application/json-patch+json" \ - -X PATCH http://localhost/apis/cert-manager.io/v1/namespaces/default/certificates/"$(jq -r .metadata.name <<<"$cert")"/status \ - -d '[{"op": "add", "path": "/status/conditions", "value":[{"type": "Printed", "status": "True"}]}]' 2>&1); then + if ! out=$(kubectl patch cert "$(jq -r .metadata.name <<<"$cert")" --subresource status --type=json -p ' + [{ + "op": "add", "path": "/status/conditions", + "value":[{"type": "Printed", "status": "True"}] + }]' 2>&1); then printf "%s: failed to generate front-....png and back-....png: %s\n" "$(jq -r .metadata.name <<<"$cert")" "$(tr $'\n' ' ' <<<"$out")" fi