From 19f79aba196768cb0b664d8c2ba39fa7f754b56f Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Sat, 23 May 2020 23:52:22 -0500 Subject: [PATCH] feat(tls): add additional parameters to chart deployment This patch set adds in two additional parameters to: a. establish ownership between certificate and secret so secrets can be cleaned up when the certificate is deleted as part of a helm release b. add the ability to always issue new tls.key as part of the key rotation when the secret gets regenerated for any reason. This also adds linebreaks for readability. Change-Id: Id40d504251bbd98c32a7d9baa3dbe9858ad495cb Signed-off-by: Tin Lam --- tools/scripts/tls/cert-manager.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tools/scripts/tls/cert-manager.sh b/tools/scripts/tls/cert-manager.sh index 5776f038cd..051ca92003 100755 --- a/tools/scripts/tls/cert-manager.sh +++ b/tools/scripts/tls/cert-manager.sh @@ -2,6 +2,8 @@ set -eux +: ${CERT_MANAGER_VERSION:="v0.15.0"} + cert_path="/etc/openstack-helm" ca_cert_root="$cert_path/certs/ca" @@ -66,10 +68,19 @@ helm repo add jetstack https://charts.jetstack.io helm repo update # helm 2 command -helm install --name cert-manager --namespace cert-manager --version v0.15.0 jetstack/cert-manager --set installCRDs=true +helm install --name cert-manager --namespace cert-manager \ + --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \ + --set installCRDs=true \ + --set featureGates=ExperimentalCertificateControllers=true \ + --set extraArgs[0]="--enable-certificate-owner-ref=true" # helm 3 command -# helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v0.15.0 --set installCRDs=true +# helm install cert-manager jetstack/cert-manager --namespace cert-manager \ +# --version ${CERT_MANAGER_VERSION} \ +# --set installCRDs=true \ +#. --set featureGates=ExperimentalCertificateControllers=true \ +# --set extraArgs[0]="--enable-certificate-owner-ref=true" + helm repo remove jetstack key=$(cat /etc/openstack-helm/certs/ca/ca-key.pem | base64 | tr -d "\n")