From ca442a72021dc331612b40e2395fab6879355cf3 Mon Sep 17 00:00:00 2001 From: Ricardo Rocha Date: Wed, 13 Feb 2019 20:09:10 +0100 Subject: [PATCH] [k8s] Add trustee as a secret in kube-system Add a new secret in kube-system holding the trustee information. This is useful for any service running within kubernetes needing to contact OpenStack services. Change-Id: I1939fb6a33c9eb6a45697d070f58c9510be774b3 --- .../fragments/kube-apiserver-to-kubelet-role.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh b/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh index 363867e337..79eb7bab7c 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh @@ -80,6 +80,15 @@ EOF } kubectl apply --validate=false -f ${ADMIN_RBAC} +# Add the openstack trustee as a secret under kube-system +kubectl -n kube-system create secret generic os-trustee \ + --from-literal=os-authURL=${AUTH_URL} \ + --from-literal=os-trustID=${TRUST_ID} \ + --from-literal=os-trusteeID=${TRUSTEE_USER_ID} \ + --from-literal=os-trusteePassword=${TRUSTEE_PASSWORD} \ + --from-literal=os-region=${REGION_NAME} \ + --from-file=os-certAuthority=/etc/kubernetes/ca-bundle.crt + #TODO: add heat variables for master count to determine leaderelect true/False ? if [ -n "${TRUST_ID}" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then occm_image="${CONTAINER_INFRA_PREFIX:-docker.io/k8scloudprovider/}openstack-cloud-controller-manager:${CLOUD_PROVIDER_TAG}"