Browse Source

[k8s] Add trustee as a secret in kube-system

Add a new secret in kube-system holding the trustee information. This is
useful for any service running within kubernetes needing to contact
OpenStack services.

Change-Id: I1939fb6a33c9eb6a45697d070f58c9510be774b3
changes/25/636725/4
Ricardo Rocha 3 years ago
parent
commit
ca442a7202
  1. 9
      magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh

9
magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh

@ -80,6 +80,15 @@ EOF
}
kubectl apply --validate=false -f ${ADMIN_RBAC}
# Add the openstack trustee as a secret under kube-system
kubectl -n kube-system create secret generic os-trustee \
--from-literal=os-authURL=${AUTH_URL} \
--from-literal=os-trustID=${TRUST_ID} \
--from-literal=os-trusteeID=${TRUSTEE_USER_ID} \
--from-literal=os-trusteePassword=${TRUSTEE_PASSWORD} \
--from-literal=os-region=${REGION_NAME} \
--from-file=os-certAuthority=/etc/kubernetes/ca-bundle.crt
#TODO: add heat variables for master count to determine leaderelect true/False ?
if [ -n "${TRUST_ID}" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
occm_image="${CONTAINER_INFRA_PREFIX:-docker.io/k8scloudprovider/}openstack-cloud-controller-manager:${CLOUD_PROVIDER_TAG}"

Loading…
Cancel
Save