openstack/openstack-helm-infra
Code Issues Proposed changes

kubernetes-keystone-webhook base64 encoding

Browse Source 
Changing the chart to accept plain certificates rather than a base64
encoded string. The chart will handle the base64 encoding internally.

Change-Id: I3cd0710652b1b731fa4bcd9e92dd59ce2c436eb6
This commit is contained in:
Gupta, Sangeet (sg774j) 2018-08-10 13:47:24 -05:00
parent 8652e14acb
commit 61584fdb9d
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
kubernetes-keystone-webhook/templates/secret-certificates.yaml
View File

@ -23,6 +23,6 @@ metadata:
name: {{ $envAll.Values.secrets.certificates.api }}
type: kubernetes.io/tls
data:
tls.crt: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.crt }}
tls.key: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.key }}
tls.crt: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.crt | default "" | b64enc }}
tls.key: {{ $envAll.Values.endpoints.kubernetes.auth.api.tls.key | default "" | b64enc }}
{{- end }}

6
tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
View File

@ -50,17 +50,17 @@
- name: kubeadm | get certs
block:
- name: kubeadm | get kubeapi cert
shell: cat /etc/kubernetes/pki/apiserver.crt | base64 -w0
shell: cat /etc/kubernetes/pki/apiserver.crt
register: kubeadm_kubeapi_cert
- name: kubeadm | get kubeapi key
shell: cat /etc/kubernetes/pki/apiserver.key | base64 -w0
shell: cat /etc/kubernetes/pki/apiserver.key
register: kubeadm_kubeapi_key
- name: kubeadm | keystone auth
delegate_to: 127.0.0.1
block:
- name: kubeadm | keystone auth
command: "helm upgrade --install kubernetes-keystone-webhook /opt/charts/kubernetes-keystone-webhook --namespace=kube-system --set endpoints.identity.namespace=openstack --set endpoints.kubernetes.auth.api.tls.crt={{ kubeadm_kubeapi_cert.stdout }} --set endpoints.kubernetes.auth.api.tls.key={{ kubeadm_kubeapi_key.stdout }}"
command: "helm upgrade --install kubernetes-keystone-webhook /opt/charts/kubernetes-keystone-webhook --namespace=kube-system --set endpoints.identity.namespace=openstack --set endpoints.kubernetes.auth.api.tls.crt='{{ kubeadm_kubeapi_cert.stdout }}' --set endpoints.kubernetes.auth.api.tls.key='{{ kubeadm_kubeapi_key.stdout }}'"
environment:
HELM_HOST: 'localhost:44134'
- name: kubeadm | keystone auth