diff --git a/data/data/manifests/openshift/cloud-creds-secret.yaml.template b/data/data/manifests/openshift/cloud-creds-secret.yaml.template index 4cd5984a473..d19bc3a2a87 100644 --- a/data/data/manifests/openshift/cloud-creds-secret.yaml.template +++ b/data/data/manifests/openshift/cloud-creds-secret.yaml.template @@ -16,8 +16,11 @@ data: {{- else if .CloudCreds.IBMCloud}} ibmcloud_api_key: {{.CloudCreds.IBMCloud.Base64encodeAPIKey}} {{- else if .CloudCreds.OpenStack}} - clouds.yaml: {{.CloudCreds.OpenStack.Base64encodeCloudCreds}} - clouds.conf: {{.CloudCreds.OpenStack.Base64encodeCloudCredsINI}} + clouds.yaml: {{.CloudCreds.OpenStack.Base64encodeCloudsYAML}} + clouds.conf: {{.CloudCreds.OpenStack.Base64encodeCloudsConf}} +{{- if .CloudCreds.OpenStack.Base64encodeCACert}} + cacert: {{.CloudCreds.OpenStack.Base64encodeCACert}} +{{- end}} {{- else if .CloudCreds.VSphere}} {{- range .CloudCreds.VSphere}} {{.VCenter}}.username: {{.Base64encodeUsername}} diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go index 9870e7c36ac..c6cd478d25f 100644 --- a/pkg/asset/manifests/openshift.go +++ b/pkg/asset/manifests/openshift.go @@ -158,8 +158,14 @@ func (o *Openshift) Generate(ctx context.Context, dependencies asset.Parents) er return err } - // We need to replace the local cacert path with one that is used in OpenShift + var caCert []byte if cloud.CACertFile != "" { + var err error + caCert, err = os.ReadFile(cloud.CACertFile) + if err != nil { + return err + } + // We need to replace the local cacert path with one that is used in OpenShift cloud.CACertFile = "/etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem" } @@ -189,11 +195,13 @@ func (o *Openshift) Generate(ctx context.Context, dependencies asset.Parents) er } credsEncoded := base64.StdEncoding.EncodeToString(marshalled) - credsINIEncoded := base64.StdEncoding.EncodeToString(cloudProviderConf) + cloudProviderConfEncoded := base64.StdEncoding.EncodeToString(cloudProviderConf) + caCertEncoded := base64.StdEncoding.EncodeToString(caCert) cloudCreds = cloudCredsSecretData{ OpenStack: &OpenStackCredsSecretData{ - Base64encodeCloudCreds: credsEncoded, - Base64encodeCloudCredsINI: credsINIEncoded, + Base64encodeCloudsYAML: credsEncoded, + Base64encodeCloudsConf: cloudProviderConfEncoded, + Base64encodeCACert: caCertEncoded, }, } case vspheretypes.Name: diff --git a/pkg/asset/manifests/openstack/cloudproviderconfig.go b/pkg/asset/manifests/openstack/cloudproviderconfig.go index 482dac70203..43c8a66391e 100644 --- a/pkg/asset/manifests/openstack/cloudproviderconfig.go +++ b/pkg/asset/manifests/openstack/cloudproviderconfig.go @@ -27,6 +27,7 @@ func (e Error) Unwrap() error { return e.err } // CloudProviderConfigSecret generates the cloud provider config for the OpenStack // platform, that will be stored in the system secret. +// TODO: I think this is crud for the legacy cloud-provider and is no longer needed. Burn it with fire? func CloudProviderConfigSecret(cloud *clientconfig.Cloud) ([]byte, error) { domainID := cloud.AuthInfo.DomainID if domainID == "" { diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 1a54ec0a92c..f405c9d2ef0 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -34,8 +34,9 @@ type IBMCloudCredsSecretData struct { // OpenStackCredsSecretData holds encoded credentials and is used to generate cloud-creds secret type OpenStackCredsSecretData struct { - Base64encodeCloudCreds string - Base64encodeCloudCredsINI string + Base64encodeCloudsYAML string + Base64encodeCloudsConf string + Base64encodeCACert string } // VSphereCredsSecretData holds encoded credentials and is used to generated cloud-creds secret