Closed mike1808 closed 4 years ago
Also, in Kubernetes 1.14 it's possible to inject configs like secret via files, but currently we're using 1.13
Cool. The CA doesn’t need to be in the secret either, since it is a public cert. That could be extracted to.
Also: After we merge it’s worth informing downstream teams since they would need to update how they generate values.
@rosenhouse move CA configuration to ConfigMap. And here is the migration script, I do not know where to put it.
secret="$(kubectl -n cf-system get secrets cfroutesync -o yaml)" && \
kubectl -n cf-system create configmap cfroutesync \
--from-literal="ccBaseURL=$(echo "$secret" | yq -r ".data.ccBaseURL" | base64 --decode)" \
--from-literal="uaaBaseURL=$(echo "$secret" | yq -r ".data.uaaBaseURL" | base64 --decode)" \
--from-literal="clientName=$(echo "$secret" | yq -r ".data.clientName" | base64 --decode)" \
--from-literal="eiriniPodLabelPrefix=$(echo "$secret" | yq -r ".data.eiriniPodLabelPrefix" | base64 --decode)" \
--from-literal="ccCA=$(echo "$secret" | yq -r ".data.ccCA" | base64 --decode)" \
--from-literal="uaaCA=$(echo "$secret" | yq -r ".data.uaaCA" | base64 --decode)" && \
kubectl -n cf-system apply -f \
<(echo "$secret" | yq -r 'del(.data.ccBaseURL, .data.uaaBaseURL, .data.clientName, .data.eiriniPodLabelPrefix, .data.ccCA, .data.uaaCA)')
kubectl edit