Merge "Do not exit in the enable-helm-tiller script"
This commit is contained in:
commit
6505aa360d
|
@ -2,49 +2,47 @@
|
||||||
|
|
||||||
. /etc/sysconfig/heat-params
|
. /etc/sysconfig/heat-params
|
||||||
|
|
||||||
set -x
|
step="enable-helm-tiller"
|
||||||
|
printf "Starting to run ${step}\n"
|
||||||
|
|
||||||
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" != "true" ]; then
|
if [ "$(echo ${TILLER_ENABLED} | tr '[:upper:]' '[:lower:]')" == "true" ]; then
|
||||||
exit 0
|
CERTS_DIR="/etc/kubernetes/helm/certs/"
|
||||||
fi
|
mkdir -p "${CERTS_DIR}"
|
||||||
|
|
||||||
CERTS_DIR="/etc/kubernetes/helm/certs/"
|
# Private CA key
|
||||||
mkdir -p "${CERTS_DIR}"
|
openssl genrsa -out "${CERTS_DIR}/ca.key.pem" 4096
|
||||||
|
|
||||||
# Private CA key
|
# CA public cert
|
||||||
openssl genrsa -out "${CERTS_DIR}/ca.key.pem" 4096
|
openssl req -key "${CERTS_DIR}/ca.key.pem" -new -x509 -days 7300 -sha256 -out "${CERTS_DIR}/ca.cert.pem" -extensions v3_ca -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller"
|
||||||
|
|
||||||
# CA public cert
|
# Private tiller-server key
|
||||||
openssl req -key "${CERTS_DIR}/ca.key.pem" -new -x509 -days 7300 -sha256 -out "${CERTS_DIR}/ca.cert.pem" -extensions v3_ca -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller"
|
openssl genrsa -out "${CERTS_DIR}/tiller.key.pem" 4096
|
||||||
|
|
||||||
# Private tiller-server key
|
# Private helm-client key
|
||||||
openssl genrsa -out "${CERTS_DIR}/tiller.key.pem" 4096
|
openssl genrsa -out "${CERTS_DIR}/helm.key.pem" 4096
|
||||||
|
|
||||||
# Private helm-client key
|
# Request for tiller-server cert
|
||||||
openssl genrsa -out "${CERTS_DIR}/helm.key.pem" 4096
|
openssl req -key "${CERTS_DIR}/tiller.key.pem" -new -sha256 -out "${CERTS_DIR}/tiller.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller-server"
|
||||||
|
|
||||||
# Request for tiller-server cert
|
# Request for helm-client cert
|
||||||
openssl req -key "${CERTS_DIR}/tiller.key.pem" -new -sha256 -out "${CERTS_DIR}/tiller.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=tiller-server"
|
openssl req -key "${CERTS_DIR}/helm.key.pem" -new -sha256 -out "${CERTS_DIR}/helm.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=helm-client"
|
||||||
|
|
||||||
# Request for helm-client cert
|
# Sign tiller-server cert
|
||||||
openssl req -key "${CERTS_DIR}/helm.key.pem" -new -sha256 -out "${CERTS_DIR}/helm.csr.pem" -subj "/C=US/ST=Texas/L=Austin/O=OpenStack/OU=Magnum/CN=helm-client"
|
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/tiller.csr.pem" -out "${CERTS_DIR}/tiller.cert.pem" -days 365
|
||||||
|
|
||||||
# Sign tiller-server cert
|
# Sign helm-client cert
|
||||||
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/tiller.csr.pem" -out "${CERTS_DIR}/tiller.cert.pem" -days 365
|
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/helm.csr.pem" -out "${CERTS_DIR}/helm.cert.pem" -days 365
|
||||||
|
|
||||||
# Sign helm-client cert
|
_tiller_prefix=${CONTAINER_INFRA_PREFIX:-gcr.io/kubernetes-helm/}
|
||||||
openssl x509 -req -CA "${CERTS_DIR}/ca.cert.pem" -CAkey "${CERTS_DIR}/ca.key.pem" -CAcreateserial -in "${CERTS_DIR}/helm.csr.pem" -out "${CERTS_DIR}/helm.cert.pem" -days 365
|
TILLER_RBAC=/srv/magnum/kubernetes/manifests/tiller-rbac.yaml
|
||||||
|
TILLER_DEPLOYER=/srv/magnum/kubernetes/manifests/deploy-tiller.yaml
|
||||||
|
|
||||||
_tiller_prefix=${CONTAINER_INFRA_PREFIX:-gcr.io/kubernetes-helm/}
|
TILLER_IMAGE="${_tiller_prefix}tiller:${TILLER_TAG}"
|
||||||
TILLER_RBAC=/srv/magnum/kubernetes/manifests/tiller-rbac.yaml
|
|
||||||
TILLER_DEPLOYER=/srv/magnum/kubernetes/manifests/deploy-tiller.yaml
|
|
||||||
|
|
||||||
TILLER_IMAGE="${_tiller_prefix}tiller:${TILLER_TAG}"
|
[ -f ${TILLER_RBAC} ] || {
|
||||||
|
echo "Writing File: $TILLER_RBAC"
|
||||||
[ -f ${TILLER_RBAC} ] || {
|
mkdir -p $(dirname ${TILLER_RBAC})
|
||||||
echo "Writing File: $TILLER_RBAC"
|
cat << EOF > ${TILLER_RBAC}
|
||||||
mkdir -p $(dirname ${TILLER_RBAC})
|
|
||||||
cat << EOF > ${TILLER_RBAC}
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
|
@ -71,12 +69,12 @@ subjects:
|
||||||
name: tiller
|
name: tiller
|
||||||
namespace: ${TILLER_NAMESPACE}
|
namespace: ${TILLER_NAMESPACE}
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
[ -f ${TILLER_DEPLOYER} ] || {
|
[ -f ${TILLER_DEPLOYER} ] || {
|
||||||
echo "Writing File: $TILLER_DEPLOYER"
|
echo "Writing File: $TILLER_DEPLOYER"
|
||||||
mkdir -p $(dirname ${TILLER_DEPLOYER})
|
mkdir -p $(dirname ${TILLER_DEPLOYER})
|
||||||
cat << EOF > ${TILLER_DEPLOYER}
|
cat << EOF > ${TILLER_DEPLOYER}
|
||||||
---
|
---
|
||||||
apiVersion: extensions/v1beta1
|
apiVersion: extensions/v1beta1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
|
@ -219,13 +217,16 @@ data:
|
||||||
cert.pem: $(cat "${CERTS_DIR}/helm.cert.pem" | base64 --wrap=0)
|
cert.pem: $(cat "${CERTS_DIR}/helm.cert.pem" | base64 --wrap=0)
|
||||||
key.pem: $(cat "${CERTS_DIR}/helm.key.pem" | base64 --wrap=0)
|
key.pem: $(cat "${CERTS_DIR}/helm.key.pem" | base64 --wrap=0)
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "Waiting for Kubernetes API..."
|
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
|
||||||
until [ "ok" = "$(curl --silent http://127.0.0.1:8080/healthz)" ]
|
do
|
||||||
do
|
echo "Waiting for Kubernetes API..."
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
|
||||||
kubectl apply -f ${TILLER_RBAC}
|
kubectl apply -f ${TILLER_RBAC}
|
||||||
kubectl apply -f ${TILLER_DEPLOYER}
|
kubectl apply -f ${TILLER_DEPLOYER}
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "Finished running ${step}\n"
|
||||||
|
|
Loading…
Reference in New Issue