cert-rotation: Return true if grep finds no match

If grep does not find a match, it return 1 which fails the shell script. Hence made it return true if no match is found. Also, removed returning of error from the script becasue any failure will cause the job to re-run which may re-renew certificates and restart the pods again. And this can continue if the error persists. Chaange-Id: I2a38b59789fd522e8163ff9b12ff847eb1fe2f3a Change-Id: Ica456ef6c5bec2bd29f51aaeef7b5ce5e8681beb
2021-08-06 02:52:25 +00:00 · 2021-08-06 02:52:25 +00:00 · ba998fc142
parent a4f300e3da
commit ba998fc142
3 changed files with 6 additions and 10 deletions
--- a/cert-rotation/Chart.yaml
+++ b/cert-rotation/Chart.yaml
@ -16,5 +16,5 @@ appVersion: "1.0"
 description: Rotate the certificates generated by cert-manager
 home: https://cert-manager.io/
 name: cert-rotation
-version: 0.1.0
+version: 0.1.1
 ...
--- a/cert-rotation/templates/bin/_rotate-certs.sh.tpl
+++ b/cert-rotation/templates/bin/_rotate-certs.sh.tpl
@ -1,6 +1,6 @@
 #!/bin/bash

-set -e
+set -x

 {{/*
 Licensed under the Apache License, Version 2.0 (the "License");
@ -24,9 +24,6 @@ minDaysToExpiry={{ .Values.jobs.rotate.max_days_to_expiry }}

 rotateBefore=$(($(date +%s) + (86400*$minDaysToExpiry)))

-# Return Code, initialized to success
-rc=0
-
 function rotate_and_get_certs_list(){
    # Rotate the certificates if the expiry date of certificates is within the
    # max_days_to_expiry days
@ -64,9 +61,7 @@ function rotate_and_get_certs_list(){
                if [ ${counter} -ge 30 ]
                then
                    echo "ERROR: Rotated certificate  ${cert} in ${namespace} is not ready."
-                    # Set return code to error and continue so that the certificates that are
-                    # rotated successfully are deployed.
-                    rc=1
+                    # Continue so that the certificates that are rotated successfully are deployed.
                    break
                fi
                echo "Rotated certificate ${cert} in ${namespace} is not ready yet ... waiting"
@ -126,7 +121,7 @@ function restart_the_pods(){
        # - find if tls.crt was mounted to the container: get the subpaths of volumeMount in
        #   the container and grep for tls.crt. (This will be index 2 = idx+2)

-        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt))
+        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt || true))

        idx=0
        while [[ $idx -lt ${#resource[@]} ]]
@ -204,4 +199,4 @@ function rotate_job(){
 }

 $COMMAND
-exit ${rc}
+exit 0
--- a/releasenotes/notes/cert-rotation.yaml
+++ b/releasenotes/notes/cert-rotation.yaml
@ -1,4 +1,5 @@
 ---
 cert-rotation:
  - 0.1.0 Initial Chart
+  - 0.1.1 Return true if grep finds no match
 ...