kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Copy external_openstack_cacert to control-planes from host

pull/11377/head
Nathanaël M 2024-07-12 18:05:21 +02:00 committed by Nathanaël M.
parent 8c3b2851f6
commit 5a8e0193fb
3 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
View File

@ -3,13 +3,14 @@
include_tasks: openstack-credential-check.yml include_tasks: openstack-credential-check.yml
tags: external-openstack tags: external-openstack
- name: External OpenStack Cloud Controller | Get base64 cacert - name: External OpenStack Cloud Controller | Write cacert file
slurp: copy:
src: "{{ external_openstack_cacert }}" src: "{{ external_openstack_cacert }}"
register: external_openstack_cacert_b64 dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
group: "{{ kube_cert_group }}"
mode: "0640"
when: when:
- inventory_hostname == groups['kube_control_plane'][0] - inventory_hostname == groups['kube_control_plane'][0]
- external_openstack_cacert is defined
- external_openstack_cacert | length > 0 - external_openstack_cacert | length > 0
tags: external-openstack tags: external-openstack

3
roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config-secret.yml.j2
View File

@ -8,6 +8,3 @@ metadata:
namespace: kube-system namespace: kube-system
data: data:
cloud.conf: {{ external_openstack_cloud_config_secret }} cloud.conf: {{ external_openstack_cloud_config_secret }}
{% if external_openstack_cacert_b64.content is defined %}
ca.cert: {{ external_openstack_cacert_b64.content }}
{% endif %}

13
roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
View File

@ -66,10 +66,11 @@ spec:
name: cloud-config-volume name: cloud-config-volume
readOnly: true readOnly: true
subPath: cloud.conf subPath: cloud.conf
- mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem {% if external_openstack_cacert != "" %}
name: cloud-config-volume - name: external-openstack-cacert
mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem
readOnly: true readOnly: true
subPath: ca.cert {% endif %}
{% if kubelet_flexvolumes_plugins_dir is defined %} {% if kubelet_flexvolumes_plugins_dir is defined %}
- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
name: flexvolume-dir name: flexvolume-dir
@ -110,3 +111,9 @@ spec:
- name: cloud-config-volume - name: cloud-config-volume
secret: secret:
secretName: external-openstack-cloud-config secretName: external-openstack-cloud-config
{% if external_openstack_cacert != "" %}
- name: external-openstack-cacert
hostPath:
path: {{ kube_config_dir }}/external-openstack-cacert.pem
type: FileOrCreate
{% endif %}