Mount secret for api server cert and key

2017-12-15 18:35:49 -08:00
parent 105c9fdada
commit bcc5a33098
3 changed files with 26 additions and 35 deletions
--- a/charts/virtual-kubelet/templates/deployment.yaml
+++ b/charts/virtual-kubelet/templates/deployment.yaml
@@ -15,26 +15,38 @@ spec:
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        env:
        - name: AZURE_AUTH_LOCATION
-          value: /etc/virtual-kubelet/credentials.json
+          value: /etc/virtual-kubelet/auth/credentials.json
        - name: ACI_RESOURCE_GROUP
          value: {{ .Values.env.aciResourceGroup }}
        - name: ACI_REGION
          value: {{ default "westus" .Values.env.aciRegion }}
-        - name: APISERVER_CERT
-          value: {{ .Values.env.apiserverCert | quote }}
-        - name: APISERVER_KEY
-          value: {{ .Values.env.apiserverKey | quote }}
+        - name: APISERVER_CERT_LOCATION
+          value: /etc/virtual-kubelet/apiservercert/cert.pem
+        - name: APISERVER_KEY_LOCATION
+          value: /etc/virtual-kubelet/apiserverkey/key.pem
        - name: VKUBELET_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        volumeMounts:
        - name: credentials
-          mountPath: "/etc/virtual-kubelet"
+          mountPath: "/etc/virtual-kubelet/auth"
+          readOnly: true
+        - name: apiservercert
+          mountPath: "/etc/virtual-kubelet/apiservercert"
+          readOnly: true
+        - name: apiserverkey
+          mountPath: "/etc/virtual-kubelet/apiserverkey"
          readOnly: true
        command: ["virtual-kubelet"]
        args: ["--provider", "azure", "--namespace", "default", "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
      volumes:
      - name: credentials
        secret:
-          secretName: {{ template "fullname" . }}
+          secretName: {{ template "fullname" . }}
+      - name: apiservercert
+        secret:
+          secretName: {{ template "fullname" . }}
+      - name: apiserverkey
+        secret:
+          secretName: {{ template "fullname" . }}
--- a/charts/virtual-kubelet/templates/secrets.yaml
+++ b/charts/virtual-kubelet/templates/secrets.yaml
@@ -4,4 +4,6 @@ metadata:
  name: {{ template "fullname" . }}
 type: Opaque
 data:
-  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
+  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
+  cert.pem: {{ printf "%s" (default "MISSING" .Values.env.apiserverCert) | quote }}
+  key.pem: {{ printf "%s" (default "MISSING" .Values.env.apiserverKey) | quote }}