Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
rotate-certs.sh script currently only checks if a certificate is
mounted in containers. This updates it to also consider
initContainers when restarting resources.
Change-Id: I5d48c5bbd671c9f74b72ef4ecca36777c735c398
Corrected the counter increment and enhanced the script to handle
situation if the certificate is stuck in issuing state.
Change-Id: Ib8a84831a605bb3e5a1fc5b5a909c827ec864797
If grep does not find a match, it return 1 which fails the shell
script. Hence made it return true if no match is found.
Also, removed returning of error from the script becasue any failure
will cause the job to re-run which may re-renew certificates and
restart the pods again. And this can continue if the error persists.
Chaange-Id: I2a38b59789fd522e8163ff9b12ff847eb1fe2f3a
Change-Id: Ica456ef6c5bec2bd29f51aaeef7b5ce5e8681beb
This chart creates a cronjob which monitors the expiry of the
certificates created by jetstack cert-manager. It rotates the
certificates and restarts the pods that mounts the certificate
secrets so that the new certificate can take effect.
Change-Id: I492b5f319cf0f2e7ccbbcf516953e17aafc1c59f
