feat(tls): add additional parameters to chart deployment

This patch set adds in two additional parameters to:

a. establish ownership between certificate and secret so secrets can be
   cleaned up when the certificate is deleted as part of a helm release
b. add the ability to always issue new tls.key as part of the key
   rotation when the secret gets regenerated for any reason.

This also adds linebreaks for readability.

Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Tin Lam 2020-05-23 23:52:22 -05:00
parent 3af196f578
commit 19f79aba19

View File

@ -2,6 +2,8 @@
set -eux set -eux
: ${CERT_MANAGER_VERSION:="v0.15.0"}
cert_path="/etc/openstack-helm" cert_path="/etc/openstack-helm"
ca_cert_root="$cert_path/certs/ca" ca_cert_root="$cert_path/certs/ca"
@ -66,10 +68,19 @@ helm repo add jetstack https://charts.jetstack.io
helm repo update helm repo update
# helm 2 command # helm 2 command
helm install --name cert-manager --namespace cert-manager --version v0.15.0 jetstack/cert-manager --set installCRDs=true helm install --name cert-manager --namespace cert-manager \
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
--set installCRDs=true \
--set featureGates=ExperimentalCertificateControllers=true \
--set extraArgs[0]="--enable-certificate-owner-ref=true"
# helm 3 command # helm 3 command
# helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.0 --set installCRDs=true # helm install cert-manager jetstack/cert-manager --namespace cert-manager \
# --version ${CERT_MANAGER_VERSION} \
# --set installCRDs=true \
#. --set featureGates=ExperimentalCertificateControllers=true \
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
helm repo remove jetstack helm repo remove jetstack
key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n") key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")