summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorstaebler <staebler@redhat.com>2017-10-17 09:57:41 -0400
committerstaebler <staebler@redhat.com>2017-10-17 09:57:41 -0400
commit6e6004a73f5da7d43d57f900cf24cd2ee5082afc (patch)
treecdc3c996fc65c3156ad7d1dd0248b1e2c6d81886 /roles
parent6e7ccabeaf3e6929b7b561b8aa6a1bb11a4364ec (diff)
downloadopenshift-6e6004a73f5da7d43d57f900cf24cd2ee5082afc.tar.gz
openshift-6e6004a73f5da7d43d57f900cf24cd2ee5082afc.tar.bz2
openshift-6e6004a73f5da7d43d57f900cf24cd2ee5082afc.tar.xz
openshift-6e6004a73f5da7d43d57f900cf24cd2ee5082afc.zip
Add apiserver.crt to service-catalog controller-manager deployment.
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_service_catalog/tasks/generate_certs.yml9
-rw-r--r--roles/openshift_service_catalog/templates/controller_manager.j212
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml
index 5f17d2dbd..416bdac70 100644
--- a/roles/openshift_service_catalog/tasks/generate_certs.yml
+++ b/roles/openshift_service_catalog/tasks/generate_certs.yml
@@ -36,6 +36,15 @@
- name: tls.key
path: "{{ generated_certs_dir }}/apiserver.key"
+- name: Create service-catalog-ssl secret
+ oc_secret:
+ state: present
+ name: service-catalog-ssl
+ namespace: kube-service-catalog
+ files:
+ - name: tls.crt
+ path: "{{ generated_certs_dir }}/apiserver.crt"
+
- slurp:
src: "{{ generated_certs_dir }}/ca.crt"
register: apiserver_ca
diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2
index da52558f3..2272cbb44 100644
--- a/roles/openshift_service_catalog/templates/controller_manager.j2
+++ b/roles/openshift_service_catalog/templates/controller_manager.j2
@@ -46,7 +46,19 @@ spec:
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
+ volumeMounts:
+ - mountPath: /var/run/kubernetes-service-catalog
+ name: service-catalog-ssl
+ readOnly: true
dnsPolicy: ClusterFirst
restartPolicy: Always
securityContext: {}
terminationGracePeriodSeconds: 30
+ volumes:
+ - name: service-catalog-ssl
+ secret:
+ defaultMode: 420
+ items:
+ - key: tls.crt
+ path: apiserver.crt
+ secretName: apiserver-ssl