From 73bb33cf86d1301123dd8797a5e47e13424b8db2 Mon Sep 17 00:00:00 2001 From: Anjan Nath Date: Wed, 15 Jan 2025 13:13:55 +0530 Subject: [PATCH] Use systemd to add the root CA for API server access this removes the code patching the configmap admin-kubeconfig-client-ca to use the custom CA, instead it copies the generated CA to '/opt/crc/' which is then used by a systemd service to created the required secret and updates the configmap --- pkg/crc/cluster/cluster.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pkg/crc/cluster/cluster.go b/pkg/crc/cluster/cluster.go index a35aa77296..969e495771 100644 --- a/pkg/crc/cluster/cluster.go +++ b/pkg/crc/cluster/cluster.go @@ -197,13 +197,10 @@ func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc } logging.Info("Updating root CA cert to admin-kubeconfig-client-ca configmap...") - jsonPath := fmt.Sprintf(`'{"data": {"ca-bundle.crt": %q}}'`, selfSignedCAPem) - cmdArgs := []string{"patch", "configmap", "admin-kubeconfig-client-ca", - "-n", "openshift-config", "--patch", jsonPath} - _, stderr, err = ocConfig.RunOcCommand(cmdArgs...) - if err != nil { - return fmt.Errorf("Failed to patch admin-kubeconfig-client-ca config map with new CA` %v: %s", err, stderr) + if err := sshRunner.CopyData(selfSignedCAPem, "/opt/crc/custom-ca.crt", 0644); err != nil { + return fmt.Errorf("Failed to copy generated CA file to VM: %v", err) } + if err := sshRunner.CopyFile(constants.KubeconfigFilePath, ocConfig.KubeconfigPath, 0644); err != nil { return fmt.Errorf("Failed to copy generated kubeconfig file to VM: %v", err) }