Browse Source

Enable openstack_cacert to be either file or base64 string (#5243)

pull/5238/head
Matthew Mosesohn 5 years ago
committed by Kubernetes Prow Robot
parent
commit
dea9304968
2 changed files with 16 additions and 3 deletions
  1. 3
      docs/openstack.md
  2. 16
      roles/kubernetes/node/tasks/main.yml

3
docs/openstack.md

@ -5,6 +5,9 @@ To deploy kubespray on [OpenStack](https://www.openstack.org/) uncomment the `cl
After that make sure to source in your OpenStack credentials like you would do when using `nova-client` or `neutron-client` by using `source path/to/your/openstack-rc` or `. path/to/your/openstack-rc`.
For those who prefer to pass the OpenStack CA certificate as a string, one can
base64 encode the cacert file and store it in the variable `openstack_cacert`.
The next step is to make sure the hostnames in your `inventory` file are identical to your instance names in OpenStack.
Otherwise [cinder](https://wiki.openstack.org/wiki/Cinder) won't work as expected.

16
roles/kubernetes/node/tasks/main.yml

@ -166,14 +166,24 @@
- cloud-provider
- facts
- name: Test if openstack_cacert is a base64 string
set_fact:
openstack_cacert_is_base64: "{% if openstack_cacert | b64decode %}true{% else %}false{% endif %}"
when:
- cloud_provider is defined
- cloud_provider == 'openstack'
- openstack_cacert is defined
- openstack_cacert | length > 0
- name: Write cacert file
copy:
src: "{{ openstack_cacert }}"
src: "{{ openstack_cacert if not openstack_cacert_is_base64 else omit }}"
content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
group: "{{ kube_cert_group }}"
mode: 0640
when:
- inventory_hostname in groups['k8s-cluster']
- cloud_provider is defined
- cloud_provider == 'openstack'
- openstack_cacert is defined
@ -197,4 +207,4 @@
- import_tasks: kubelet.yml
tags:
- kubelet
- kubeadm
- kubeadm
Loading…
Cancel
Save