forked from openshift/installer
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data,asset/templates: create configmaps and secrets to store etcd CA …
…and certs in the cluster The CA are stored as configmap for the purpose of establishing trust. The CAs and client certs are stored as secrets for use inside the cluster.
- Loading branch information
1 parent
0137c54
commit 6c647f4
Showing
8 changed files
with
291 additions
and
0 deletions.
There are no files selected for viewing
8 changes: 8 additions & 0 deletions
8
data/data/manifests/bootkube/kube-system-configmap-etcd-ca-bundle.yaml.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: etcd-ca-bundle | ||
namespace: kube-system | ||
data: | ||
ca-bundle.crt: | | ||
{{.EtcdCaBundle | indent 4}} |
9 changes: 9 additions & 0 deletions
9
data/data/manifests/bootkube/kube-system-secret-etcd-client-ca-deprecated.yaml.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: etcd-client-ca-deprecated | ||
namespace: kube-system | ||
type: SecretTypeTLS | ||
data: | ||
tls.crt: {{ .EtcdClientCaCert }} | ||
tls.key: {{ .EtcdClientCaKey }} |
9 changes: 9 additions & 0 deletions
9
data/data/manifests/bootkube/kube-system-secret-etcd-signer-client.yaml.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: etcd-signer-client | ||
namespace: kube-system | ||
type: SecretTypeTLS | ||
data: | ||
tls.crt: {{ .EtcdSignerClientCert }} | ||
tls.key: {{ .EtcdSignerClientKey }} |
9 changes: 9 additions & 0 deletions
9
data/data/manifests/bootkube/kube-system-secret-etcd-signer.yaml.template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: etcd-signer | ||
namespace: kube-system | ||
type: SecretTypeTLS | ||
data: | ||
tls.crt: {{ .EtcdSignerCert }} | ||
tls.key: {{ .EtcdSignerKey }} |
64 changes: 64 additions & 0 deletions
64
pkg/asset/templates/content/bootkube/kube-system-configmap-etcd-ca-bundle.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package bootkube | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/openshift/installer/pkg/asset" | ||
"github.com/openshift/installer/pkg/asset/templates/content" | ||
) | ||
|
||
const ( | ||
kubeSystemConfigmapEtcdCAFileName = "kube-system-configmap-etcd-ca-bundle.yaml.template" | ||
) | ||
|
||
var _ asset.WritableAsset = (*KubeSystemConfigmapEtcdCA)(nil) | ||
|
||
// KubeSystemConfigmapEtcdCA is the constant to represent contents of kube-system-configmap-etcd-ca-bundle.yaml.template file. | ||
type KubeSystemConfigmapEtcdCA struct { | ||
FileList []*asset.File | ||
} | ||
|
||
// Dependencies returns all of the dependencies directly needed by the asset | ||
func (t *KubeSystemConfigmapEtcdCA) Dependencies() []asset.Asset { | ||
return []asset.Asset{} | ||
} | ||
|
||
// Name returns the human-friendly name of the asset. | ||
func (t *KubeSystemConfigmapEtcdCA) Name() string { | ||
return "KubeSystemConfigmapEtcdCA" | ||
} | ||
|
||
// Generate generates the actual files by this asset | ||
func (t *KubeSystemConfigmapEtcdCA) Generate(parents asset.Parents) error { | ||
fileName := kubeSystemConfigmapEtcdCAFileName | ||
data, err := content.GetBootkubeTemplate(fileName) | ||
if err != nil { | ||
return err | ||
} | ||
t.FileList = []*asset.File{ | ||
{ | ||
Filename: filepath.Join(content.TemplateDir, fileName), | ||
Data: []byte(data), | ||
}, | ||
} | ||
return nil | ||
} | ||
|
||
// Files returns the files generated by the asset. | ||
func (t *KubeSystemConfigmapEtcdCA) Files() []*asset.File { | ||
return t.FileList | ||
} | ||
|
||
// Load returns the asset from disk. | ||
func (t *KubeSystemConfigmapEtcdCA) Load(f asset.FileFetcher) (bool, error) { | ||
file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeSystemConfigmapEtcdCAFileName)) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return false, nil | ||
} | ||
return false, err | ||
} | ||
t.FileList = []*asset.File{file} | ||
return true, nil | ||
} |
64 changes: 64 additions & 0 deletions
64
pkg/asset/templates/content/bootkube/kube-system-secret-etcd-client-ca-deprecated.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package bootkube | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/openshift/installer/pkg/asset" | ||
"github.com/openshift/installer/pkg/asset/templates/content" | ||
) | ||
|
||
const ( | ||
kubeSystemSecretEtcdClientCADeprecatedFileName = "kube-system-secret-etcd-client-ca-deprecated.yaml.template" | ||
) | ||
|
||
var _ asset.WritableAsset = (*KubeSystemSecretEtcdClientCADeprecated)(nil) | ||
|
||
// KubeSystemSecretEtcdClientCADeprecated is the constant to represent contents of kube-system-secret-etcd-client-ca-deprecated.yaml.template file. | ||
type KubeSystemSecretEtcdClientCADeprecated struct { | ||
FileList []*asset.File | ||
} | ||
|
||
// Dependencies returns all of the dependencies directly needed by the asset | ||
func (t *KubeSystemSecretEtcdClientCADeprecated) Dependencies() []asset.Asset { | ||
return []asset.Asset{} | ||
} | ||
|
||
// Name returns the human-friendly name of the asset. | ||
func (t *KubeSystemSecretEtcdClientCADeprecated) Name() string { | ||
return "KubeSystemSecretEtcdClientCADeprecated" | ||
} | ||
|
||
// Generate generates the actual files by this asset | ||
func (t *KubeSystemSecretEtcdClientCADeprecated) Generate(parents asset.Parents) error { | ||
fileName := kubeSystemSecretEtcdClientCADeprecatedFileName | ||
data, err := content.GetBootkubeTemplate(fileName) | ||
if err != nil { | ||
return err | ||
} | ||
t.FileList = []*asset.File{ | ||
{ | ||
Filename: filepath.Join(content.TemplateDir, fileName), | ||
Data: []byte(data), | ||
}, | ||
} | ||
return nil | ||
} | ||
|
||
// Files returns the files generated by the asset. | ||
func (t *KubeSystemSecretEtcdClientCADeprecated) Files() []*asset.File { | ||
return t.FileList | ||
} | ||
|
||
// Load returns the asset from disk. | ||
func (t *KubeSystemSecretEtcdClientCADeprecated) Load(f asset.FileFetcher) (bool, error) { | ||
file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeSystemSecretEtcdClientCADeprecatedFileName)) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return false, nil | ||
} | ||
return false, err | ||
} | ||
t.FileList = []*asset.File{file} | ||
return true, nil | ||
} |
64 changes: 64 additions & 0 deletions
64
pkg/asset/templates/content/bootkube/kube-system-secret-etcd-signer-client.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package bootkube | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/openshift/installer/pkg/asset" | ||
"github.com/openshift/installer/pkg/asset/templates/content" | ||
) | ||
|
||
const ( | ||
kubeSystemSecretEtcdSignerClientFileName = "kube-system-secret-etcd-signer-client.yaml.template" | ||
) | ||
|
||
var _ asset.WritableAsset = (*KubeSystemSecretEtcdSignerClient)(nil) | ||
|
||
// KubeSystemSecretEtcdSignerClient is the constant to represent contents of kube-system-secret-etcd-signer-client.yaml.template file. | ||
type KubeSystemSecretEtcdSignerClient struct { | ||
FileList []*asset.File | ||
} | ||
|
||
// Dependencies returns all of the dependencies directly needed by the asset | ||
func (t *KubeSystemSecretEtcdSignerClient) Dependencies() []asset.Asset { | ||
return []asset.Asset{} | ||
} | ||
|
||
// Name returns the human-friendly name of the asset. | ||
func (t *KubeSystemSecretEtcdSignerClient) Name() string { | ||
return "KubeSystemSecretEtcdSignerClient" | ||
} | ||
|
||
// Generate generates the actual files by this asset | ||
func (t *KubeSystemSecretEtcdSignerClient) Generate(parents asset.Parents) error { | ||
fileName := kubeSystemSecretEtcdSignerClientFileName | ||
data, err := content.GetBootkubeTemplate(fileName) | ||
if err != nil { | ||
return err | ||
} | ||
t.FileList = []*asset.File{ | ||
{ | ||
Filename: filepath.Join(content.TemplateDir, fileName), | ||
Data: []byte(data), | ||
}, | ||
} | ||
return nil | ||
} | ||
|
||
// Files returns the files generated by the asset. | ||
func (t *KubeSystemSecretEtcdSignerClient) Files() []*asset.File { | ||
return t.FileList | ||
} | ||
|
||
// Load returns the asset from disk. | ||
func (t *KubeSystemSecretEtcdSignerClient) Load(f asset.FileFetcher) (bool, error) { | ||
file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeSystemSecretEtcdSignerClientFileName)) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return false, nil | ||
} | ||
return false, err | ||
} | ||
t.FileList = []*asset.File{file} | ||
return true, nil | ||
} |
64 changes: 64 additions & 0 deletions
64
pkg/asset/templates/content/bootkube/kube-system-secret-etcd-signer.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
package bootkube | ||
|
||
import ( | ||
"os" | ||
"path/filepath" | ||
|
||
"github.com/openshift/installer/pkg/asset" | ||
"github.com/openshift/installer/pkg/asset/templates/content" | ||
) | ||
|
||
const ( | ||
kubeSystemSecretEtcdSignerFileName = "kube-system-secret-etcd-signer.yaml.template" | ||
) | ||
|
||
var _ asset.WritableAsset = (*KubeSystemSecretEtcdSigner)(nil) | ||
|
||
// KubeSystemSecretEtcdSigner is the constant to represent contents of kube-system-secret-etcd-signer.yaml.template file. | ||
type KubeSystemSecretEtcdSigner struct { | ||
FileList []*asset.File | ||
} | ||
|
||
// Dependencies returns all of the dependencies directly needed by the asset | ||
func (t *KubeSystemSecretEtcdSigner) Dependencies() []asset.Asset { | ||
return []asset.Asset{} | ||
} | ||
|
||
// Name returns the human-friendly name of the asset. | ||
func (t *KubeSystemSecretEtcdSigner) Name() string { | ||
return "KubeSystemSecretEtcdSigner" | ||
} | ||
|
||
// Generate generates the actual files by this asset | ||
func (t *KubeSystemSecretEtcdSigner) Generate(parents asset.Parents) error { | ||
fileName := kubeSystemSecretEtcdSignerFileName | ||
data, err := content.GetBootkubeTemplate(fileName) | ||
if err != nil { | ||
return err | ||
} | ||
t.FileList = []*asset.File{ | ||
{ | ||
Filename: filepath.Join(content.TemplateDir, fileName), | ||
Data: []byte(data), | ||
}, | ||
} | ||
return nil | ||
} | ||
|
||
// Files returns the files generated by the asset. | ||
func (t *KubeSystemSecretEtcdSigner) Files() []*asset.File { | ||
return t.FileList | ||
} | ||
|
||
// Load returns the asset from disk. | ||
func (t *KubeSystemSecretEtcdSigner) Load(f asset.FileFetcher) (bool, error) { | ||
file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeSystemSecretEtcdSignerFileName)) | ||
if err != nil { | ||
if os.IsNotExist(err) { | ||
return false, nil | ||
} | ||
return false, err | ||
} | ||
t.FileList = []*asset.File{file} | ||
return true, nil | ||
} |