configure-openshift

#!/bin/bash -e

source `dirname $? | xargs readlink -f`/config

echo "Stopping oc cluster"

oc cluster down

echo "Re-configure"

echo "Generating Keycloak client cert"
oc adm create-api-client-config \
  --certificate-authority=$OC_CONFIG/openshift-apiserver/ca.crt \
  --client-dir=$OC_CONFIG/keycloak-client \
  --signer-cert=$OC_CONFIG/openshift-apiserver/ca.crt \
  --signer-key=$OC_CONFIG/openshift-apiserver/ca.key \
  --signer-serial=$OC_CONFIG/openshift-apiserver/ca.serial.txt \
  --user=keycloak-client

for i in kube-apiserver openshift-apiserver openshift-controller-manager; do
    cp $OC_CONFIG/keycloak-client/keycloak-client.crt $OC_CONFIG/$i
    cp $OC_CONFIG/keycloak-client/keycloak-client.key $OC_CONFIG/$i
    cp webhook.yaml $OC_CONFIG/$i
    sed -i "s|KEYCLOAK_URL|$KEYCLOAK_URL|" $OC_CONFIG/$i/webhook.yaml
    cp metadata.json $OC_CONFIG/$i
    sed -i "s|KEYCLOAK_URL|$KEYCLOAK_URL|" $OC_CONFIG/$i/metadata.json
done

sed -i 's|"webhookTokenAuthenticators":null|"webhookTokenAuthenticators":[{"configFile": "webhook.yaml"}]|' $OC_CONFIG/kube-apiserver/master-config.yaml

for i in openshift-apiserver openshift-controller-manager; do
    sed -i 's|webhookTokenAuthenticators: null|webhookTokenAuthenticators:\n  - configFile: "webhook.yaml"|' $OC_CONFIG/$i/master-config.yaml
done

sed -i 's|"oauthMetadataFile":""|"oauthMetadataFile":"metadata.json"|' $OC_CONFIG/kube-apiserver/master-config.yaml
sed -i 's|"oauthConfig":.*,"dnsConfig"|"oauthConfig":null,"dnsConfig"|' $OC_CONFIG/kube-apiserver/master-config.yaml
for i in openshift-apiserver openshift-controller-manager; do
    sed -i 's|oauthMetadataFile: ""|oauthMetadataFile: "metadata.json"|' $OC_CONFIG/$i/master-config.yaml
    sed -i 's|oauthConfig:|oauthConfig: null|' $OC_CONFIG/$i/master-config.yaml
    sed -i '/oauthConfig:/,/policyConfig:/{//!d}' $OC_CONFIG/$i/master-config.yaml
done

echo "Starting oc cluster"

oc cluster up --base-dir=$OC_CONFIG --public-hostname $OC_PUBLIC_IP --server-loglevel=$OC_SERVER_LOG_LEVEL $OC_TAG