Skip to content
This repository was archived by the owner on Aug 12, 2025. It is now read-only.

save CA as secret #12

Merged
merged 1 commit into from
Mar 19, 2020
Merged

save CA as secret #12

merged 1 commit into from
Mar 19, 2020

Conversation

@deitch
Copy link
Contributor

@deitch deitch commented Mar 17, 2020

Fixes #10

Instead of keeping the CA key/certificate as something statically stored in cluster.yaml, this does the following:

  • stores it as a kubernetes secret
  • makes the secret part of provider-components.yaml so that it is pivoted correctly to a new cluster (if using an ephemeral bootstrap cluster)
  • machine actuator consumes that secret
  • cluster actuator consumes that secret and, if blank, generates and stores a new one in that secret (to be used later by machine actuator)
  • lets the user set the path to the key and certificate files in generate-yaml.sh

@deitch deitch mentioned this pull request Mar 17, 2020
Closed
@deitch deitch force-pushed the ca-as-secret branch 5 times, most recently from 159d989 to ff612af Compare March 19, 2020 14:35
@deitch
Copy link
Contributor Author

deitch commented Mar 19, 2020

Note that this breaks clusterctl. We have to live with it until we switch to v1alpha3

@deitch deitch merged commit b6705a6 into master Mar 19, 2020
@deitch deitch deleted the ca-as-secret branch March 19, 2020 14:48
@matoszz
Copy link

matoszz commented Mar 19, 2020

@deitch sorry for the delay - LGTM

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Stash CAKeyPair in a Kube Secret

3 participants

@deitch @matoszz