Mount secret for api server cert and key
This commit is contained in:
Rita Zhang
@@ -15,26 +15,38 @@ spec:
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
env:
|
||||
- name: AZURE_AUTH_LOCATION
|
||||
value: /etc/virtual-kubelet/credentials.json
|
||||
value: /etc/virtual-kubelet/auth/credentials.json
|
||||
- name: ACI_RESOURCE_GROUP
|
||||
value: {{ .Values.env.aciResourceGroup }}
|
||||
- name: ACI_REGION
|
||||
value: {{ default "westus" .Values.env.aciRegion }}
|
||||
- name: APISERVER_CERT
|
||||
value: {{ .Values.env.apiserverCert | quote }}
|
||||
- name: APISERVER_KEY
|
||||
value: {{ .Values.env.apiserverKey | quote }}
|
||||
- name: APISERVER_CERT_LOCATION
|
||||
value: /etc/virtual-kubelet/apiservercert/cert.pem
|
||||
- name: APISERVER_KEY_LOCATION
|
||||
value: /etc/virtual-kubelet/apiserverkey/key.pem
|
||||
- name: VKUBELET_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
volumeMounts:
|
||||
- name: credentials
|
||||
mountPath: "/etc/virtual-kubelet"
|
||||
mountPath: "/etc/virtual-kubelet/auth"
|
||||
readOnly: true
|
||||
- name: apiservercert
|
||||
mountPath: "/etc/virtual-kubelet/apiservercert"
|
||||
readOnly: true
|
||||
- name: apiserverkey
|
||||
mountPath: "/etc/virtual-kubelet/apiserverkey"
|
||||
readOnly: true
|
||||
command: ["virtual-kubelet"]
|
||||
args: ["--provider", "azure", "--namespace", "default", "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
|
||||
volumes:
|
||||
- name: credentials
|
||||
secret:
|
||||
secretName: {{ template "fullname" . }}
|
||||
secretName: {{ template "fullname" . }}
|
||||
- name: apiservercert
|
||||
secret:
|
||||
secretName: {{ template "fullname" . }}
|
||||
- name: apiserverkey
|
||||
secret:
|
||||
secretName: {{ template "fullname" . }}
|
||||
|
||||
@@ -4,4 +4,6 @@ metadata:
|
||||
name: {{ template "fullname" . }}
|
||||
type: Opaque
|
||||
data:
|
||||
credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
|
||||
credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
|
||||
cert.pem: {{ printf "%s" (default "MISSING" .Values.env.apiserverCert) | quote }}
|
||||
key.pem: {{ printf "%s" (default "MISSING" .Values.env.apiserverKey) | quote }}
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package vkubelet
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"log"
|
||||
"net/http"
|
||||
@@ -14,34 +12,13 @@ var p Provider
|
||||
func ApiserverStart(provider Provider) error {
|
||||
p = provider
|
||||
http.HandleFunc("/", ApiServerHandler)
|
||||
certValue64 := os.Getenv("APISERVER_CERT")
|
||||
keyValue64 := os.Getenv("APISERVER_KEY")
|
||||
certValue, err := base64.StdEncoding.DecodeString(certValue64)
|
||||
certFilePath := os.Getenv("APISERVER_CERT_LOCATION")
|
||||
keyFilePath := os.Getenv("APISERVER_KEY_LOCATION")
|
||||
err := http.ListenAndServeTLS(":10250", certFilePath, keyFilePath, nil)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
keyValue, err := base64.StdEncoding.DecodeString(keyValue64)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
cert := []byte(certValue)
|
||||
key := []byte(keyValue)
|
||||
certFilePath := "cert.pem"
|
||||
keyFilePath := "key.pem"
|
||||
err = ioutil.WriteFile(certFilePath, cert, 0644)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
err = ioutil.WriteFile(keyFilePath, key, 0644)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
err = http.ListenAndServeTLS(":10250", certFilePath, keyFilePath, nil)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
return nil
|
||||
return err
|
||||
}
|
||||
|
||||
func ApiServerHandler(w http.ResponseWriter, req *http.Request) {
|
||||
|
||||
Reference in New Issue
Block a user