Copy external_openstack_cacert to control-planes from host

kubernetes-sigs · Oct 3, 2024 · ae70919 · ae70919
1 parent 8c3b285
commit ae70919
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 11 deletions.
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
@@ -3,14 +3,14 @@
   include_tasks: openstack-credential-check.yml
   tags: external-openstack
 
-- name: External OpenStack Cloud Controller | Get base64 cacert
-  slurp:
+- name: External OpenStack Cloud Controller | Write cacert file
+  copy:
     src: "{{ external_openstack_cacert }}"
-  register: external_openstack_cacert_b64
+    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: "0640"
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
-    - external_openstack_cacert is defined
-    - external_openstack_cacert | length > 0
   tags: external-openstack
 
 - name: External OpenStack Cloud Controller | Get base64 cloud-config

diff --git a/...ternal_cloud_controller/openstack/templates/external-openstack-cloud-config-secret.yml.j2 b/...ternal_cloud_controller/openstack/templates/external-openstack-cloud-config-secret.yml.j2
@@ -8,6 +8,3 @@ metadata:
   namespace: kube-system
 data:
   cloud.conf: {{ external_openstack_cloud_config_secret }}
-{% if external_openstack_cacert_b64.content is defined %}
-  ca.cert: {{ external_openstack_cacert_b64.content }}
-{% endif %}
diff --git a/...loud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2 b/...loud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
@@ -66,10 +66,9 @@ spec:
               name: cloud-config-volume
               readOnly: true
               subPath: cloud.conf
-            - mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem
-              name: cloud-config-volume
+            - name: external-openstack-cacert
+              mountPath: {{ kube_config_dir }}/external-openstack-cacert.pem
               readOnly: true
-              subPath: ca.cert
 {% if kubelet_flexvolumes_plugins_dir is defined %}
             - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
               name: flexvolume-dir
@@ -110,3 +109,9 @@ spec:
       - name: cloud-config-volume
         secret:
           secretName: external-openstack-cloud-config
+{% if external_openstack_cacert is defined and external_openstack_cacert != "" %}
+      - name: external-openstack-cacert
+        hostPath:
+          path: {{ kube_config_dir }}/external-openstack-cacert.pem
+          type: FileOrCreate
+{% endif %}