stsstack-bundles

Merge ~brettmilford/stsstack-bundles:master into stsstack-bundles:master

  1. Git
  2. lp:~brettmilford/stsstack-bundles
  3. master
  4. Merge into master
Proposed by Brett Milford
Status: Merged
Merged at revision: 06fe981373be30b8aa5cbf14eb8325aa2f7bf401
Proposed branch: ~brettmilford/stsstack-bundles:master
Merge into: stsstack-bundles:master
Diff against target: 43 lines (+19/-0)
3 files modified
kubernetes/pipeline/02configure (+12/-0)
kubernetes/ssl (+1/-0)
overlays/k8s-master-keystone-ssl.yaml (+6/-0)
Reviewer Review Type Date Requested Status
Jolly Bundlers Pending
Review via email: mp+400625@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Edward Hope-Morley (hopem) wrote :

Hi Brett, just want to check but I think you might need to also add keystone-ssl-ca for kubernetes-master [1]

[1] https://api.jujucharms.com/charmstore/v5/~containers/kubernetes-master-955/archive/config.yaml

Revision history for this message
Brett Milford (brettmilford) wrote :

Ah yes, you're right.
An additional overlay is there now.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/kubernetes/pipeline/02configure b/kubernetes/pipeline/02configure
2index 3ecc5f4..a2efb7a 100644
3--- a/kubernetes/pipeline/02configure
4+++ b/kubernetes/pipeline/02configure
5@@ -217,6 +217,18 @@ do
6 fi
7 MOD_MSGS[grafana.0]="need to manually relate telegraf to any services you want to monitor"
8 ;;
9+ --ssl)
10+ (cd ssl; . ./create_ca_cert.sh $MOD_SSL_STATE_DIR;)
11+ ssl_results="ssl/$MOD_SSL_STATE_DIR/results"
12+ MOD_PARAMS[__SSL_CA__]=`base64 ${ssl_results}/cacert.pem| tr -d '\n'`
13+ MOD_PARAMS[__SSL_CERT__]=`base64 ${ssl_results}/servercert.pem| tr -d '\n'`
14+ MOD_PARAMS[__SSL_KEY__]=`base64 ${ssl_results}/serverkey.pem| tr -d '\n'`
15+ MOD_OVERLAYS+=( "k8s-master-keystone-ssl.yaml" )
16+ # Make everything HA with 1 unit (unless --ha has already been set)
17+ if ! has_opt '--keystone-ha[:0-9]*$'; then
18+ set -- $@ --keystone-ha:1 && cache $@
19+ fi
20+ ;;
21 *)
22 echo "ERROR: invalid input '$1'"
23 _usage
24diff --git a/kubernetes/ssl b/kubernetes/ssl
25new file mode 120000
26index 0000000..99a5266
27--- /dev/null
28+++ b/kubernetes/ssl
29@@ -0,0 +1 @@
30+../ssl
31\ No newline at end of file
32diff --git a/overlays/k8s-master-keystone-ssl.yaml b/overlays/k8s-master-keystone-ssl.yaml
33new file mode 100644
34index 0000000..a42c526
35--- /dev/null
36+++ b/overlays/k8s-master-keystone-ssl.yaml
37@@ -0,0 +1,6 @@
38+ssl_ca: &ssl_ca __SSL_CA__
39+
40+applications:
41+ kubernetes-master:
42+ options:
43+ keystone-ssl-ca: *ssl_ca

Subscribers

People subscribed via source and target branches