Secret observer does not handle IPv6
Secret observer cron job pods does not wrap ipv6 address in square brackets. This causes the curl command to fail. This commit wraps the address in square brackets if the address is an ipv6 address Testing: pass: apply oidc auth on ipv6 system, ensure cron pods finish pass: apply oidc auth on ipv4 system, ensure cron pods finish Change-Id: I0607bdcba4785d64639d21f3782a26ad5dcd77cf Closes-Bug: 1947462 Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
This commit is contained in:
parent
8bde8887a9
commit
e45ecb626a
|
@ -18,10 +18,14 @@ data:
|
|||
|
||||
KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||||
SECRET_SHA=$(sha256sum /home/$1 | awk '{print $1}')
|
||||
KUBERNETES_SERVICE_HOST_WITH_BRACKETS=$KUBERNETES_SERVICE_HOST
|
||||
if echo $KUBERNETES_SERVICE_HOST | grep ":"; then
|
||||
KUBERNETES_SERVICE_HOST_WITH_BRACKETS="[$KUBERNETES_SERVICE_HOST]"
|
||||
fi
|
||||
|
||||
curl -sS -H "Authorization: Bearer $KUBE_TOKEN" \
|
||||
curl -sSg -H "Authorization: Bearer $KUBE_TOKEN" \
|
||||
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
|
||||
--request PATCH -H "Accept: application/json" \
|
||||
-H "Content-Type: application/strategic-merge-patch+json" \
|
||||
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{{ .Values.namespace }}/deployments/$2 \
|
||||
https://$KUBERNETES_SERVICE_HOST_WITH_BRACKETS:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{{ .Values.namespace }}/deployments/$2 \
|
||||
--data '{"spec":{"template":{"metadata":{"annotations":{"'$3'": "'$SECRET_SHA'"}}}}}';
|
||||
|
|
Loading…
Reference in New Issue