feat(tls): add additional parameters to chart deployment

This patch set adds in two additional parameters to: a. establish ownership between certificate and secret so secrets can be cleaned up when the certificate is deleted as part of a helm release b. add the ability to always issue new tls.key as part of the key rotation when the secret gets regenerated for any reason. This also adds linebreaks for readability. Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb Signed-off-by: Tin Lam <tin@irrational.io>
2020-05-23 23:52:22 -05:00 · 2020-05-23 23:52:22 -05:00 · 19f79aba19
commit 19f79aba19
parent 3af196f578
1 changed files with 13 additions and 2 deletions
--- a/tools/scripts/tls/cert-manager.sh
+++ b/tools/scripts/tls/cert-manager.sh
@ -2,6 +2,8 @@

 set -eux

+: ${CERT_MANAGER_VERSION:="v0.15.0"}
+
 cert_path="/etc/openstack-helm"
 ca_cert_root="$cert_path/certs/ca"

@ -66,10 +68,19 @@ helm repo add jetstack https://charts.jetstack.io
 helm repo update

 # helm 2 command
-helm install --name cert-manager --namespace cert-manager --version v0.15.0 jetstack/cert-manager --set installCRDs=true
+helm install --name cert-manager --namespace cert-manager \
+  --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
+  --set installCRDs=true \
+  --set featureGates=ExperimentalCertificateControllers=true \
+  --set extraArgs[0]="--enable-certificate-owner-ref=true"

 # helm 3 command
-# helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.0 --set installCRDs=true
+# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
+#   --version ${CERT_MANAGER_VERSION} \
+#   --set installCRDs=true \
+#.  --set featureGates=ExperimentalCertificateControllers=true \
+#   --set extraArgs[0]="--enable-certificate-owner-ref=true"
+
 helm repo remove jetstack

 key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")