internet/awx-operator
3
0
Fork 0
mirror of https://github.com/ansible/awx-operator.git synced 2026-05-08 14:22:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1063 from TheRealHaoLiu/receptor-ca-secret-alternative

Browse Source
This commit is contained in:
Hao Liu
2022-09-29 02:04:50 -04:00
committed by GitHub
parent a1e289e189 0611f3efaa
commit 5b7589accd
3 changed files with 60 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
roles/installer/tasks/resources_configuration.yml
View File

@@ -35,6 +35,50 @@
register: _receptor_ca register: _receptor_ca
no_log: "{{ no_log }}" no_log: "{{ no_log }}"
- name: Migrate Receptor CA Secret
when:
- _receptor_ca['resources'] | default([]) | length
- _receptor_ca['resources'][0]['type'] != "kubernetes.io/tls"
block:
- name: Delete old Receptor CA Secret
k8s:
state: absent
kind: Secret
namespace: '{{ ansible_operator_meta.namespace }}'
name: '{{ ansible_operator_meta.name }}-receptor-ca'
- name: Create tempfile for receptor-ca.key
tempfile:
state: file
suffix: .key
register: _receptor_ca_key_file
- name: Copy Receptor CA key from old secret to tempfile
copy:
content: "{{ _receptor_ca['resources'][0]['data']['receptor-ca.key'] | b64decode }}"
dest: "{{ _receptor_ca_key_file.path }}"
no_log: "{{ no_log }}"
- name: Create tempfile for receptor-ca.crt
tempfile:
state: file
suffix: .crt
register: _receptor_ca_crt_file
- name: Copy Receptor CA cert from old secret to tempfile
copy:
content: "{{ _receptor_ca['resources'][0]['data']['receptor-ca.crt'] | b64decode }}"
dest: "{{ _receptor_ca_crt_file.path }}"
no_log: "{{ no_log }}"
- name: Create New Receptor CA secret
k8s:
apply: true
definition: "{{ lookup('template', 'secrets/receptor_ca_secret.yaml.j2') }}"
no_log: "{{ no_log }}"
- name: Remove tempfiles
file:
path: "{{ item }}"
state: absent
loop:
- "{{ _receptor_ca_key_file.path }}"
- "{{ _receptor_ca_crt_file.path }}"
- name: Create Receptor Mesh CA - name: Create Receptor Mesh CA
block: block:
- name: Create tempfile for receptor-ca.key - name: Create tempfile for receptor-ca.key

16
roles/installer/templates/deployments/deployment.yaml.j2
View File

@@ -67,7 +67,12 @@ spec:
fieldPath: metadata.name fieldPath: metadata.name
volumeMounts: volumeMounts:
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca" mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-tls" - name: "{{ ansible_operator_meta.name }}-receptor-tls"
mountPath: "/etc/receptor/tls/" mountPath: "/etc/receptor/tls/"
@@ -179,7 +184,12 @@ spec:
subPath: "work-public-key.pem" subPath: "work-public-key.pem"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca" mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "tls.crt"
readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.key"
subPath: "tls.key"
readOnly: true readOnly: true
{% if development_mode | bool %} {% if development_mode | bool %}
- name: awx-devel - name: awx-devel
@@ -324,7 +334,7 @@ spec:
mountPath: "/etc/receptor/" mountPath: "/etc/receptor/"
- name: "{{ ansible_operator_meta.name }}-receptor-ca" - name: "{{ ansible_operator_meta.name }}-receptor-ca"
mountPath: "/etc/receptor/tls/ca/receptor-ca.crt" mountPath: "/etc/receptor/tls/ca/receptor-ca.crt"
subPath: "receptor-ca.crt" subPath: "tls.crt"
readOnly: true readOnly: true
- name: "{{ ansible_operator_meta.name }}-receptor-work-signing" - name: "{{ ansible_operator_meta.name }}-receptor-work-signing"
mountPath: "/etc/receptor/signing/work-private-key.pem" mountPath: "/etc/receptor/signing/work-private-key.pem"

5
roles/installer/templates/secrets/receptor_ca_secret.yaml.j2
View File

@@ -10,6 +10,7 @@ metadata:
app.kubernetes.io/managed-by: '{{ deployment_type }}-operator' app.kubernetes.io/managed-by: '{{ deployment_type }}-operator'
app.kubernetes.io/component: '{{ deployment_type }}' app.kubernetes.io/component: '{{ deployment_type }}'
app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}' app.kubernetes.io/operator-version: '{{ lookup("env", "OPERATOR_VERSION") }}'
type: kubernetes.io/tls
data: data:
receptor-ca.crt: '{{ lookup('file', '{{ _receptor_ca_crt_file.path }}') | b64encode }}' tls.crt: '{{ lookup('file', '{{ _receptor_ca_crt_file.path }}') | b64encode }}'
receptor-ca.key: '{{ lookup('file', '{{ _receptor_ca_key_file.path }}') | b64encode }}' tls.key: '{{ lookup('file', '{{ _receptor_ca_key_file.path }}') | b64encode }}'