Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix #9: use secret for private key certs during bootstrap #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix #9: use secret for private key certs during bootstrap #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions docker/step-ca-bootstrap/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,15 +112,15 @@ function kbreplace() {
# It allows to properly remove them on help delete
kbreplace -n $NAMESPACE create configmap $PREFIX-config --from-file $(step path)/config
kbreplace -n $NAMESPACE create configmap $PREFIX-certs --from-file $(step path)/certs
kbreplace -n $NAMESPACE create configmap $PREFIX-secrets --from-file $(step path)/secrets

kbreplace -n $NAMESPACE create secret generic $PREFIX-secrets --from-file $(step path)/secrets
kbreplace -n $NAMESPACE create secret generic $PREFIX-ca-password --from-literal "password=${CA_PASSWORD}"
kbreplace -n $NAMESPACE create secret generic $PREFIX-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}"

# Label all configmaps and secrets
kubectl -n $NAMESPACE label configmap $PREFIX-config $LABELS
kubectl -n $NAMESPACE label configmap $PREFIX-certs $LABELS
kubectl -n $NAMESPACE label configmap $PREFIX-secrets $LABELS
kubectl -n $NAMESPACE label secret $PREFIX-secrets $LABELS
kubectl -n $NAMESPACE label secret $PREFIX-ca-password $LABELS
kubectl -n $NAMESPACE label secret $PREFIX-provisioner-password $LABELS

Expand Down Expand Up @@ -160,4 +160,4 @@ echo -e "\e[1mStep Certificates installed!\e[0m"
echo
echo "CA URL: ${CA_URL}"
echo "CA Fingerprint: ${FINGERPRINT}"
echo
echo
4 changes: 2 additions & 2 deletions step-certificates/templates/ca.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,8 +95,8 @@ spec:
configMap:
name: {{ include "step-certificates.fullname" . }}-config
- name: secrets
configMap:
name: {{ include "step-certificates.fullname" . }}-secrets
secret:
secretName: {{ include "step-certificates.fullname" . }}-secrets
- name: ca-password
secret:
secretName: {{ include "step-certificates.fullname" . }}-ca-password
Expand Down
6 changes: 3 additions & 3 deletions step-certificates/templates/configmaps.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,15 +121,15 @@ data:
# It allows to properly remove them on helm delete
kbreplace -n {{ .Release.Namespace }} create configmap {{ include "step-certificates.fullname" . }}-config --from-file $(step path)/config
kbreplace -n {{ .Release.Namespace }} create configmap {{ include "step-certificates.fullname" . }}-certs --from-file $(step path)/certs
kbreplace -n {{ .Release.Namespace }} create configmap {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets

kbreplace -n {{ .Release.Namespace }} create secret generic {{ include "step-certificates.fullname" . }}-secrets --from-file $(step path)/secrets
kbreplace -n {{ .Release.Namespace }} create secret generic {{ include "step-certificates.fullname" . }}-ca-password --from-literal "password=${CA_PASSWORD}"
kbreplace -n {{ .Release.Namespace }} create secret generic {{ include "step-certificates.fullname" . }}-provisioner-password --from-literal "password=${CA_PROVISIONER_PASSWORD}"

# Label all configmaps and secrets
kubectl -n {{ .Release.Namespace }} label configmap {{ include "step-certificates.fullname" . }}-config {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}
kubectl -n {{ .Release.Namespace }} label configmap {{ include "step-certificates.fullname" . }}-certs {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}
kubectl -n {{ .Release.Namespace }} label configmap {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}
kubectl -n {{ .Release.Namespace }} label secret {{ include "step-certificates.fullname" . }}-secrets {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}
kubectl -n {{ .Release.Namespace }} label secret {{ include "step-certificates.fullname" . }}-ca-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}
kubectl -n {{ .Release.Namespace }} label secret {{ include "step-certificates.fullname" . }}-provisioner-password {{ include "step-certificates.labels" . | replace ": " "=" | replace "\n" " " }}

Expand All @@ -144,4 +144,4 @@ data:
echo
echo "CA URL: {{include "step-certificates.url" .}}"
echo "CA Fingerprint: $(step certificate fingerprint $(step path)/certs/root_ca.crt)"
echo
echo
6 changes: 6 additions & 0 deletions step-certificates/templates/secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,9 @@ kind: Secret
metadata:
name: {{ include "step-certificates.fullname" . }}-provisioner-password
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "step-certificates.fullname" . }}-secrets
namespace: {{ .Release.Namespace }}