openstack
/
magnum
Code Issues Proposed changes

[k8s] Add trustee as a secret in kube-system 

Add a new secret in kube-system holding the trustee information. This is
useful for any service running within kubernetes needing to contact
OpenStack services.

Change-Id: I1939fb6a33c9eb6a45697d070f58c9510be774b3
This commit is contained in:
Ricardo Rocha 2019-02-13 20:09:10 +01:00
parent 61173ec6fb
commit ca442a7202
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
View File

@ -80,6 +80,15 @@ EOF
}
kubectl apply --validate=false -f ${ADMIN_RBAC}
# Add the openstack trustee as a secret under kube-system
kubectl -n kube-system create secret generic os-trustee \
--from-literal=os-authURL=${AUTH_URL} \
--from-literal=os-trustID=${TRUST_ID} \
--from-literal=os-trusteeID=${TRUSTEE_USER_ID} \
--from-literal=os-trusteePassword=${TRUSTEE_PASSWORD} \
--from-literal=os-region=${REGION_NAME} \
--from-file=os-certAuthority=/etc/kubernetes/ca-bundle.crt
#TODO: add heat variables for master count to determine leaderelect true/False ?
if [ -n "${TRUST_ID}" ] && [ "$(echo "${CLOUD_PROVIDER_ENABLED}" | tr '[:upper:]' '[:lower:]')" = "true" ]; then
occm_image="${CONTAINER_INFRA_PREFIX:-docker.io/k8scloudprovider/}openstack-cloud-controller-manager:${CLOUD_PROVIDER_TAG}"