Skip to content

Commit 92e1571

Browse files
notandynotandy
authored
Merge pull request #32 from cobaltcore-dev/certificates-for-ch
[certificates] install to ch directory
2 parents 2e963ae + 1c3f54c commit 92e1571

File tree

3 files changed

+25
-15
lines changed

3 files changed

+25
-15
lines changed

charts/kvm-node-agent/templates/daemonset.yaml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,6 @@ spec:
2727
operator: Exists
2828
containers:
2929
- args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }}
30-
command:
31-
- /manager
3230
env:
3331
- name: HOSTNAME
3432
valueFrom:
@@ -86,13 +84,17 @@ spec:
8684
name: pki-libvirt
8785
- mountPath: /pki/qemu
8886
name: pki-qemu
87+
- mountPath: /pki/ch
88+
name: pki-ch
8989
initContainers:
9090
- command:
9191
- sh
9292
- -c
93-
- cd /host/etc/pki && for i in CA libvirt qemu; do if [ -L ${i} ]; then rm ${i};
94-
fi; done && mkdir -p CA libvirt qemu && chown 42438:42438 CA libvirt qemu && chmod
95-
0755 CA libvirt qemu
93+
- cd /host && for i in etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki;
94+
do if [ -L ${i} ]; then rm ${i}; fi; done && mkdir -p etc/pki/CA etc/pki/libvirt
95+
etc/pki/qemu var/lib/libvirt/ch/pki && chown 42438:42438 etc/pki/CA etc/pki/libvirt
96+
etc/pki/qemu var/lib/libvirt/ch/pki && chmod 0755 etc/pki/CA etc/pki/libvirt etc/pki/qemu
97+
var/lib/libvirt/ch/pki
9698
env:
9799
- name: KUBERNETES_CLUSTER_DOMAIN
98100
value: {{ quote .Values.kubernetesClusterDomain }}
@@ -138,6 +140,10 @@ spec:
138140
path: /etc/pki/qemu
139141
type: DirectoryOrCreate
140142
name: pki-qemu
143+
- hostPath:
144+
path: /var/lib/libvirt/ch/pki
145+
type: DirectoryOrCreate
146+
name: pki-ch
141147
- hostPath:
142148
path: /
143149
name: host

config/manager/manager.yaml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -61,14 +61,12 @@ spec:
6161
securityContext:
6262
runAsUser: 0
6363
image: busybox:1.28
64-
command: ['sh', '-c', 'cd /host/etc/pki && for i in CA libvirt qemu; do if [ -L ${i} ]; then rm ${i}; fi; done && mkdir -p CA libvirt qemu && chown 42438:42438 CA libvirt qemu && chmod 0755 CA libvirt qemu']
64+
command: ['sh', '-c', 'cd /host && for i in etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki; do if [ -L ${i} ]; then rm ${i}; fi; done && mkdir -p etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chown 42438:42438 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chmod 0755 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki']
6565
volumeMounts:
6666
- mountPath: /host
6767
name: host
6868
containers:
69-
- command:
70-
- /manager
71-
args:
69+
- args:
7270
- --health-probe-bind-address=:8081
7371
env:
7472
- name: HOSTNAME
@@ -129,6 +127,8 @@ spec:
129127
name: pki-libvirt
130128
- mountPath: /pki/qemu
131129
name: pki-qemu
130+
- mountPath: /pki/ch
131+
name: pki-ch
132132
serviceAccountName: controller-manager
133133
terminationGracePeriodSeconds: 10
134134
volumes:
@@ -156,6 +156,10 @@ spec:
156156
hostPath:
157157
path: /etc/pki/qemu
158158
type: DirectoryOrCreate
159+
- name: pki-ch
160+
hostPath:
161+
path: /var/lib/libvirt/ch/pki
162+
type: DirectoryOrCreate
159163
- name: host
160164
hostPath:
161165
path: /

internal/certificates/manage_libvirt.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ import (
3737
)
3838

3939
func GetSecretAndCertName(host string) (secretName, certName string) {
40-
return "tls-" + certName, "libvirt-" + host
40+
return "tls-libvirt-" + host, "libvirt-" + host
4141
}
4242

4343
var (
@@ -125,16 +125,16 @@ func EnsureCertificate(ctx context.Context, c client.Client, host string) error
125125
}
126126

127127
var secretToFileMap = map[string][]string{
128-
"ca.crt": {"CA/cacert.pem", "qemu/ca-cert.pem"},
129-
"tls.crt": {"libvirt/servercert.pem", "qemu/server-cert.pem"},
130-
"tls.key": {"libvirt/private/serverkey.pem", "qemu/server-key.pem"},
128+
"ca.crt": {"CA/cacert.pem", "qemu/ca-cert.pem", "ch/ca-cert.pem"},
129+
"tls.crt": {"libvirt/servercert.pem", "qemu/server-cert.pem", "ch/server-cert.pem"},
130+
"tls.key": {"libvirt/private/serverkey.pem", "qemu/server-key.pem", "ch/server-key.pem"},
131131
}
132132

133133
var symLinkMap = map[string][]string{
134134
"servercert.pem": {"libvirt/clientcert.pem"},
135135
"serverkey.pem": {"libvirt/private/clientkey.pem"},
136-
"server-cert.pem": {"qemu/client-cert.pem"},
137-
"server-key.pem": {"qemu/client-key.pem"},
136+
"server-cert.pem": {"qemu/client-cert.pem", "ch/client-cert.pem"},
137+
"server-key.pem": {"qemu/client-key.pem", "ch/client-key.pem"},
138138
}
139139

140140
func UpdateTLSCertificate(ctx context.Context, data map[string][]byte) error {

0 commit comments

Comments
 (0)