Update DoD Approved External PKI Certificate Trust Chains to Version 9.5
Description
Update DoD Approved External PKI Certificate Trust Chains to Version 9.5
Modifications
Refine the secret creation to not contain any hardcoded folder/file data.
# Create a dictionary for storing previously accessed directories
{{- $processedDict := dict -}}
# Range over each directory underneath bigbang/DoD_CA_certs/
{{- range $path, $bytes := .Files.Glob "bigbang/DoD_CA_certs/**" }}
# Create a unique key for each lowest directory
{{- $name := trimPrefix "bigbang/DoD_CA_certs/" (dir $path) }}
# Check if it has previously been processed - skipping if so
{{- if not (hasKey $processedDict $name) -}}
# Set to processed and create secret
{{ $_ := set $processedDict $name "true" }}
apiVersion: v1
kind: Secret
metadata:
# name will reflect `ca-certs-` + the path to the lowest directory - ie `ca-certs-australian-defence-organisation-cross-cert-chain`
name: {{ (lower (printf "ca-certs-%s" (trimPrefix "_" $name))) | replace "_" "-" | replace "/" "-" | replace " " "-" }}
namespace: {{ $.Release.Namespace }}
data:
# for each file in the directory - create a key/value pair using the `AsSecrets` function
{{- range $filepath, $filebytes := $.Files.Glob (printf "%s/*" (dir $path)) }}
{{ ($.Files.Glob $filepath ).AsSecrets }}
{{- end }}
---
{{- end }}
{{- end }}
This will create an update workflow for all future iterations:
- Download and unzip contents to the
chart/bigbang/DoD_CA_certs/directory and modify files with spaces as documented inDEVELOPMENT_MAINTENANCE.md(Note: we already took care of spaces in the directory name in the template) - Run the documented shell command to template the file and produce the required values
- Paste contents of step 2 into the expected location