feat(tls): add additional parameters to chart deployment
This patch set adds in two additional parameters to: a. establish ownership between certificate and secret so secrets can be cleaned up when the certificate is deleted as part of a helm release b. add the ability to always issue new tls.key as part of the key rotation when the secret gets regenerated for any reason. This also adds linebreaks for readability. Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
parent
3af196f578
commit
19f79aba19
@ -2,6 +2,8 @@
|
|||||||
|
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
|
: ${CERT_MANAGER_VERSION:="v0.15.0"}
|
||||||
|
|
||||||
cert_path="/etc/openstack-helm"
|
cert_path="/etc/openstack-helm"
|
||||||
ca_cert_root="$cert_path/certs/ca"
|
ca_cert_root="$cert_path/certs/ca"
|
||||||
|
|
||||||
@ -66,10 +68,19 @@ helm repo add jetstack https://charts.jetstack.io
|
|||||||
helm repo update
|
helm repo update
|
||||||
|
|
||||||
# helm 2 command
|
# helm 2 command
|
||||||
helm install --name cert-manager --namespace cert-manager --version v0.15.0 jetstack/cert-manager --set installCRDs=true
|
helm install --name cert-manager --namespace cert-manager \
|
||||||
|
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
|
||||||
|
--set installCRDs=true \
|
||||||
|
--set featureGates=ExperimentalCertificateControllers=true \
|
||||||
|
--set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||||
|
|
||||||
# helm 3 command
|
# helm 3 command
|
||||||
# helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.0 --set installCRDs=true
|
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
|
||||||
|
# --version ${CERT_MANAGER_VERSION} \
|
||||||
|
# --set installCRDs=true \
|
||||||
|
#. --set featureGates=ExperimentalCertificateControllers=true \
|
||||||
|
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||||
|
|
||||||
helm repo remove jetstack
|
helm repo remove jetstack
|
||||||
|
|
||||||
key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")
|
key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")
|
||||||
|
Loading…
Reference in New Issue
Block a user