github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fpga_plugin: add --output-dir to webhook-create-signed-cert

Browse Source 
Setting --output-dir DIR enables writing contents of the secret to DIR
instead of creating the secret in the cluster. This allows creating
the secret later, for instance during fpga_plugin kustomization.

Signed-off-by: Antti Kervinen <antti.kervinen@intel.com>
This commit is contained in:
Antti Kervinen 2020-02-19 14:24:25 +02:00
parent 0ec3abf5ee
commit 0ab12861d7
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
scripts/webhook-create-signed-cert.sh
View File

@ -21,6 +21,10 @@ while [[ $# -gt 0 ]]; do
kubectl="$2" kubectl="$2"
shift shift
;; ;;
--output-dir)
output_dir="$2"
shift
;;
esac esac
shift shift
done done
@ -29,6 +33,7 @@ done
[ -z ${secret} ] && secret="webhook-certs" [ -z ${secret} ] && secret="webhook-certs"
[ -z ${namespace} ] && namespace="default" [ -z ${namespace} ] && namespace="default"
[ -z ${kubectl} ] && kubectl="kubectl" [ -z ${kubectl} ] && kubectl="kubectl"
[ -z ${output_dir} ] && output_dir=""
which ${kubectl} > /dev/null 2>&1 || { echo "ERROR: ${kubectl} not found"; exit 1; } which ${kubectl} > /dev/null 2>&1 || { echo "ERROR: ${kubectl} not found"; exit 1; }
@ -105,12 +110,25 @@ echo ${serverCert} | base64 --decode > ${tmpdir}/server-cert.pem
# clean-up any previously created secret for our service. Ignore errors if not present. # clean-up any previously created secret for our service. Ignore errors if not present.
${kubectl} delete secret ${secret} 2>/dev/null || true ${kubectl} delete secret ${secret} 2>/dev/null || true
# create the secret with CA cert and server cert/key if [ -z "${output_dir}" ]; then
${kubectl} create secret generic ${secret} \ # create the secret with CA cert and server cert/key
--from-file=key.pem=${tmpdir}/server-key.pem \ ${kubectl} create secret generic ${secret} \
--from-file=cert.pem=${tmpdir}/server-cert.pem \ --from-file=key.pem=${tmpdir}/server-key.pem \
--dry-run -o yaml | --from-file=cert.pem=${tmpdir}/server-cert.pem \
${kubectl} -n ${namespace} apply -f - --dry-run -o yaml |
${kubectl} -n ${namespace} apply -f -
else
# save CA cert and server cert/key to output_dir
( cp ${tmpdir}/server-key.pem ${output_dir}/key.pem &&
cp ${tmpdir}/server-cert.pem ${output_dir}/cert.pem ) || {
echo "ERROR: failed to copy ${tmpdir}/server-{key,cert}.pem to output_dir \"${output_dir}\""
exit 1
}
${kubectl} get configmap -n kube-system extension-apiserver-authentication -o=jsonpath='{.data.client-ca-file}' > "${output_dir}/client-ca-file" || {
echo "ERROR: failed to save extension-apiserver-authentication.client-ca-file to output_dir \"${output_dir}\""
exit 1
}
fi
echo "Removing ${tmpdir}" echo "Removing ${tmpdir}"
rm -rf ${tmpdir} rm -rf ${tmpdir}