Merge pull request #581 from sanchezl/move_manifest_etcd_client_secret

add secret etcd-client.kube-system
openshift · Nov 2, 2018 · 20119ed · 20119ed
2 parents 8be24fa + 50d4627
commit 20119ed
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 0 deletions.
diff --git a/pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go b/pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go
@@ -0,0 +1,20 @@
+package bootkube
+
+import (
+	"text/template"
+)
+
+var (
+	// KubeSystemSecretEtcdClient is the constant to represent contents of kube-system-secret-etcd-client.yaml file
+	KubeSystemSecretEtcdClient = template.Must(template.New("kube-system-secret-etcd-client.yaml").Parse(`
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-client
+  namespace: kube-system
+type: SecretTypeTLS
+data:
+  tls.crt: {{ .EtcdClientCert }}
+  tls.key: {{ .EtcdClientKey }}
+`))
+)
diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go
@@ -50,6 +50,7 @@ func (m *Manifests) Dependencies() []asset.Asset {
 		&tls.IngressCertKey{},
 		&tls.KubeCA{},
 		&tls.ServiceServingCA{},
+		&tls.EtcdClientCertKey{},
 		&tls.MCSCertKey{},
 		&tls.KubeletCertKey{},
 	}
@@ -91,10 +92,12 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 	installConfig := &installconfig.InstallConfig{}
 	kubeCA := &tls.KubeCA{}
 	mcsCertKey := &tls.MCSCertKey{}
+	etcdClientCertKey := &tls.EtcdClientCertKey{}
 	rootCA := &tls.RootCA{}
 	serviceServingCA := &tls.ServiceServingCA{}
 	dependencies.Get(
 		installConfig,
+		etcdClientCertKey,
 		kubeCA,
 		mcsCertKey,
 		rootCA,
@@ -108,6 +111,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 
 	templateData := &bootkubeTemplateData{
 		Base64encodeCloudProviderConfig: "", // FIXME
+		EtcdClientCert:                  base64.StdEncoding.EncodeToString(etcdClientCertKey.Cert()),
+		EtcdClientKey:                   base64.StdEncoding.EncodeToString(etcdClientCertKey.Key()),
 		KubeCaCert:                      base64.StdEncoding.EncodeToString(kubeCA.Cert()),
 		KubeCaKey:                       base64.StdEncoding.EncodeToString(kubeCA.Key()),
 		McsTLSCert:                      base64.StdEncoding.EncodeToString(mcsCertKey.Cert()),
@@ -130,6 +135,7 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass
 		"tectonic-network-operator.yaml":        applyTemplateData(bootkube.TectonicNetworkOperator, templateData),
 		"cvo-overrides.yaml":                    applyTemplateData(bootkube.CVOOverrides, templateData),
 		"etcd-service-endpoints.yaml":           applyTemplateData(bootkube.EtcdServiceEndpointsKubeSystem, templateData),
+		"kube-system-secret-etcd-client.yaml":   applyTemplateData(bootkube.KubeSystemSecretEtcdClient, templateData),
 
 		"01-tectonic-namespace.yaml":                 []byte(bootkube.TectonicNamespace),
 		"03-openshift-web-console-namespace.yaml":    []byte(bootkube.OpenshiftWebConsoleNamespace),

diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go
@@ -18,6 +18,8 @@ type cloudCredsSecretData struct {
 
 type bootkubeTemplateData struct {
 	Base64encodeCloudProviderConfig string
+	EtcdClientCert                  string
+	EtcdClientKey                   string
 	KubeCaCert                      string
 	KubeCaKey                       string
 	McsTLSCert                      string