diff --git a/Makefile b/Makefile index f419a713..6a35e4a8 100644 --- a/Makefile +++ b/Makefile @@ -140,7 +140,7 @@ docker-push: docker push ${IMG} PATH := $(PATH):$(shell pwd)/bin -SHELL := env PATH=$(PATH) /bin/sh +SHELL := env PATH="$(PATH)" /bin/sh OS = $(shell uname -s | tr '[:upper:]' '[:lower:]') ARCH = $(shell uname -m | sed 's/x86_64/amd64/') OSOPER = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/') diff --git a/helm-charts/konk/scripts/provision.sh b/helm-charts/konk/scripts/provision.sh index 1f39650e..1fec4465 100644 --- a/helm-charts/konk/scripts/provision.sh +++ b/helm-charts/konk/scripts/provision.sh @@ -40,6 +40,7 @@ rm -f /etc/kubernetes/pki/etcd/server* kubeadm init phase certs etcd-server --config=/tmp/kubeadmcfg.yaml kubeadm init phase kubeconfig admin --control-plane-endpoint $FULLNAME.$NAMESPACE.svc find /etc/kubernetes/pki + if secret_not_found $FULLNAME-etcd-cert then kubectl -n $NAMESPACE create secret generic $FULLNAME-etcd-cert \ @@ -47,7 +48,13 @@ then --from-file=/etc/kubernetes/pki/etcd/server.crt \ --from-file=/etc/kubernetes/pki/etcd/server.key kubectl -n $NAMESPACE label secret $FULLNAME-etcd-cert $LABELS +else + kubectl -n $NAMESPACE patch secret $FULLNAME-etcd-cert --type=json -p '[ + {"op":"replace","path":"/data/server.crt","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/etcd/server.crt)"'"}, + {"op":"replace","path":"/data/server.key","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/etcd/server.key)"'"} + ]' fi + if secret_not_found $FULLNAME-apiserver-cert then kubectl -n $NAMESPACE create secret generic $FULLNAME-apiserver-cert \ @@ -58,7 +65,15 @@ then --from-file=/etc/kubernetes/pki/apiserver-etcd-client.crt \ --from-file=/etc/kubernetes/pki/apiserver-etcd-client.key kubectl -n $NAMESPACE label secret $FULLNAME-apiserver-cert $LABELS +else + kubectl -n $NAMESPACE patch secret $FULLNAME-apiserver-cert --type=json -p '[ + {"op":"replace","path":"/data/apiserver.crt","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/apiserver.crt)"'"}, + {"op":"replace","path":"/data/apiserver.key","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/apiserver.key)"'"}, + {"op":"replace","path":"/data/apiserver-etcd-client.crt","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/apiserver-etcd-client.crt)"'"}, + {"op":"replace","path":"/data/apiserver-etcd-client.key","value":"'"$(base64 --wrap=0 < /etc/kubernetes/pki/apiserver-etcd-client.key)"'"} + ]' fi + if secret_not_found $FULLNAME-ca then kubectl -n $NAMESPACE create secret tls $FULLNAME-ca \ diff --git a/helm-charts/konk/templates/init.yaml b/helm-charts/konk/templates/init.yaml index aa696e52..84c27721 100644 --- a/helm-charts/konk/templates/init.yaml +++ b/helm-charts/konk/templates/init.yaml @@ -20,16 +20,25 @@ spec: app.kubernetes.io/component: init spec: serviceAccountName: {{ include "konk.serviceAccountName" . }} - initContainers: - - name: kind + containers: + - name: provision securityContext: {{- toYaml .Values.kind.securityContext | nindent 10 }} image: "{{ .Values.kind.image.repository }}:{{ .Values.kind.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.kind.image.pullPolicy }} command: - bash + - "-c" args: - - /scripts/provision.sh + - | + set -e + while true + do + date + /scripts/provision.sh + touch /tmp/ready + sleep 90d + done env: {{- with .Values.certManager.namespace }} - name: CERT_MANAGER_NAMESPACE @@ -47,21 +56,17 @@ spec: value: {{ .Release.Name }} - name: SCOPE value: {{ .Values.scope }} + readinessProbe: + exec: + command: + - cat + - /tmp/ready resources: {{- toYaml .Values.kind.resources | nindent 10 }} volumeMounts: - mountPath: /scripts/ name: scripts readOnly: true - containers: - - name: done - securityContext: - {{- toYaml .Values.kind.securityContext | nindent 10 }} - image: "{{ .Values.kind.image.repository }}:{{ .Values.kind.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.kind.image.pullPolicy }} - command: - - sleep - - infinity volumes: - name: scripts configMap: