Azure Stack: add CA support in bootstrap ign stub #5430
Conversation
|
|
||
| custom_data = base64encode(replace(var.azure_bootstrap_ignition_stub, | ||
| azurestack_storage_blob.ignition.url, | ||
| "${azurestack_storage_blob.ignition.url}${data.azurestack_storage_account_sas.ignition.sas}")) |
There was a problem hiding this comment.
This is a complicated line so I tried to make it more readable with formatting. I also considered handling this in a local. Not sure if there is any way to make this easier to read.
|
/cc @staebler |
patrickdillon
force-pushed
the
azurestack-ign-shim
branch
from
7630370 to
1cc7673
Compare
openshift-ci
bot
added
the
needs-rebase
On Azure Stack, this adds CAs from the additionalTrustBundle to the ignition stub. Azure Stack uses shared-access signatures (SAS) to manage access to the ignition storage account. Creating a SAS requires an existing storage account, so we cannot use a similar approach to AWS, which creates a pre-signed URL and passes it through the tfvars. Instead, this approach manipulates the ignition stub in the Terraform config to append the SAS to the storage account URL.
patrickdillon
force-pushed
the
azurestack-ign-shim
branch
from
1cc7673 to
9c3b658
Compare
openshift-ci
bot
removed
the
needs-rebase
|
/test e2e-azure |
openshift-ci
bot
added
the
approved
patrickdillon
force-pushed
the
azurestack-ign-shim
branch
from
9c3b658 to
ca5c1af
Compare
Fixing tf-fmt issues in azure variables.
patrickdillon
force-pushed
the
azurestack-ign-shim
branch
from
ca5c1af to
247d2b2
Compare
|
Ok tf-fmt is now passing and I have rebased and removed optional tf vars. I think this is ready for review /test e2e-azure |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: staebler The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@patrickdillon: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
On Azure Stack, this adds CAs from the additionalTrustBundle to the ignition stub. Azure Stack uses shared-access signatures (SAS) to manage access to the ignition storage account. Creating a SAS requires an existing storage account, so we cannot use a similar approach to AWS, which creates a pre-signed URL and passes it through the tfvars.
Instead, this approach manipulates the ignition stub in the Terraform config to append the SAS to the storage account URL.