mattmattox · October 14, 2023 04:10 · Oct 14, 2023 · Oct 14, 2023
diff --git a/gistfile1.txt → kick-cert-manager.yaml b/gistfile1.txt → kick-cert-manager.yaml
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,68 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: log-watcher-sa
+  namespace: cert-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: log-watcher-cluster-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch", "delete"]
+- apiGroups: [""]
+  resources: ["pods/log"]
+  verbs: ["get", "list", "watch"]  
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: log-watcher-cluster-role-binding
+subjects:
+- kind: ServiceAccount
+  name: log-watcher-sa
+  namespace: cert-manager
+roleRef:
+  kind: ClusterRole
+  name: log-watcher-cluster-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: log-watcher
+  labels:
+    app: log-watcher
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: log-watcher
+  template:
+    metadata:
+      labels:
+        app: log-watcher
+    spec:
+      serviceAccountName: log-watcher-sa
+      containers:
+      - name: log-watcher
+        image: supporttools/kube-builder
+        command: ["/bin/sh", "-c"]
+        args:
+        - >
+          while true;
+          do
+            pod_list=$(kubectl -n cert-manager get pods -l app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager -o name);
+            for pod in $pod_list;
+            do
+              if kubectl -n cert-manager logs $pod | grep -q "streamwatcher.go:111] Unexpected EOF during watch stream event decoding: unexpected EOF";
+              then
+                kubectl -n cert-manager delete $pod;
+              fi;
+            done;
+            sleep 60;
+          done;
+---