From 50d4627c8360cd2c0476673aaf927ced5d8b5751 Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 31 Oct 2018 08:56:12 -0400 Subject: [PATCH] manifests: new secret etcd-client.kube-system Manifest to create this resources belongs in installer. The renderer in cluster-kube-apiserver-operator will need to be also changed to stop creating the same manifest file. --- .../kube-system-secret-etcd-client.go | 20 +++++++++++++++++++ pkg/asset/manifests/operators.go | 6 ++++++ pkg/asset/manifests/template.go | 2 ++ 3 files changed, 28 insertions(+) create mode 100644 pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go diff --git a/pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go b/pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go new file mode 100644 index 00000000000..b7b91b2d621 --- /dev/null +++ b/pkg/asset/manifests/content/bootkube/kube-system-secret-etcd-client.go @@ -0,0 +1,20 @@ +package bootkube + +import ( + "text/template" +) + +var ( + // KubeSystemSecretEtcdClient is the constant to represent contents of kube-system-secret-etcd-client.yaml file + KubeSystemSecretEtcdClient = template.Must(template.New("kube-system-secret-etcd-client.yaml").Parse(` +apiVersion: v1 +kind: Secret +metadata: + name: etcd-client + namespace: kube-system +type: SecretTypeTLS +data: + tls.crt: {{ .EtcdClientCert }} + tls.key: {{ .EtcdClientKey }} +`)) +) diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 71b7ef123b6..b6eabac7999 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -50,6 +50,7 @@ func (m *Manifests) Dependencies() []asset.Asset { &tls.IngressCertKey{}, &tls.KubeCA{}, &tls.ServiceServingCA{}, + &tls.EtcdClientCertKey{}, &tls.MCSCertKey{}, &tls.KubeletCertKey{}, } @@ -91,10 +92,12 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass installConfig := &installconfig.InstallConfig{} kubeCA := &tls.KubeCA{} mcsCertKey := &tls.MCSCertKey{} + etcdClientCertKey := &tls.EtcdClientCertKey{} rootCA := &tls.RootCA{} serviceServingCA := &tls.ServiceServingCA{} dependencies.Get( installConfig, + etcdClientCertKey, kubeCA, mcsCertKey, rootCA, @@ -108,6 +111,8 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass templateData := &bootkubeTemplateData{ Base64encodeCloudProviderConfig: "", // FIXME + EtcdClientCert: base64.StdEncoding.EncodeToString(etcdClientCertKey.Cert()), + EtcdClientKey: base64.StdEncoding.EncodeToString(etcdClientCertKey.Key()), KubeCaCert: base64.StdEncoding.EncodeToString(kubeCA.Cert()), KubeCaKey: base64.StdEncoding.EncodeToString(kubeCA.Key()), McsTLSCert: base64.StdEncoding.EncodeToString(mcsCertKey.Cert()), @@ -130,6 +135,7 @@ func (m *Manifests) generateBootKubeManifests(dependencies asset.Parents) []*ass "tectonic-network-operator.yaml": applyTemplateData(bootkube.TectonicNetworkOperator, templateData), "cvo-overrides.yaml": applyTemplateData(bootkube.CVOOverrides, templateData), "etcd-service-endpoints.yaml": applyTemplateData(bootkube.EtcdServiceEndpointsKubeSystem, templateData), + "kube-system-secret-etcd-client.yaml": applyTemplateData(bootkube.KubeSystemSecretEtcdClient, templateData), "01-tectonic-namespace.yaml": []byte(bootkube.TectonicNamespace), "03-openshift-web-console-namespace.yaml": []byte(bootkube.OpenshiftWebConsoleNamespace), diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 8348ad3834f..b934547bfe1 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -18,6 +18,8 @@ type cloudCredsSecretData struct { type bootkubeTemplateData struct { Base64encodeCloudProviderConfig string + EtcdClientCert string + EtcdClientKey string KubeCaCert string KubeCaKey string McsTLSCert string