#!/bin/bash # Harbor + cert-manager cleanup and fix script # This removes the Harbor-generated certificate and lets cert-manager create a clean one set -e echo "=== Harbor cert-manager Fix ===" echo "" # Step 1: Delete the old Harbor-generated TLS secret echo "1. Deleting existing harbor-ingress secret (Harbor's self-signed cert)..." kubectl delete secret harbor-ingress -n dev-tools --ignore-not-found=true echo " ✓ Secret deleted" echo "" # Step 2: Delete any failed cert-manager Certificate resources echo "2. Cleaning up failed cert-manager resources..." kubectl delete certificate harbor-ingress -n dev-tools --ignore-not-found=true kubectl delete certificaterequest -n dev-tools -l cert-manager.io/certificate-name=harbor-ingress --ignore-not-found=true echo " ✓ Old certificates cleaned" echo "" # Step 3: Commit and push the fixed values.yaml echo "3. Committing fixed Harbor values to git..." cd "$(dirname "$0")" git add manifests/harbor/values.yaml git commit -m "fix: Configure Harbor to use cert-manager for TLS (secretName: harbor-ingress)" git push echo " ✓ Changes pushed to git" echo "" # Step 4: Wait for ArgoCD to sync (or trigger manually) echo "4. Waiting for ArgoCD to sync Harbor application..." sleep 5 kubectl patch app harbor -n argocd --type merge -p '{"operation":{"initiatedBy":{"username":"manual"},"sync":{"revision":"HEAD"}}}' echo " ✓ ArgoCD sync triggered" echo "" # Step 5: Monitor the certificate issuance echo "5. Monitoring certificate creation..." echo " (This may take 1-2 minutes for DNS-01 validation)" echo "" for i in {1..24}; do STATUS=$(kubectl get certificate harbor-ingress -n dev-tools -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}' 2>/dev/null || echo "NotFound") if [ "$STATUS" == "True" ]; then echo " ✓ Certificate issued successfully!" break elif [ "$STATUS" == "NotFound" ]; then echo " ⏳ Waiting for certificate to be created... ($i/24)" else echo " ⏳ Certificate status: $STATUS ($i/24)" fi sleep 5 done echo "" echo "=== Verification ===" kubectl get certificate harbor-ingress -n dev-tools echo "" kubectl get secret harbor-ingress -n dev-tools echo "" echo "=== Complete! ===" echo "Test Harbor at: https://harbor.dvirlabs.com"