@@ -2,7 +2,8 @@ load("ext://k8s_attach", "k8s_attach")
2
2
load ("ext://helm_resource" , "helm_resource" , "helm_repo" )
3
3
load ("ext://namespace" , "namespace_create" )
4
4
load ("ext://restart_process" , "docker_build_with_restart" )
5
- load ("ext://secret" , "secret_create_generic" )
5
+ load ("ext://secret" , "secret_from_dict" )
6
+ load ("ext://base64" , "decode_base64" )
6
7
update_settings (k8s_upsert_timeout_secs = 120 )
7
8
8
9
helm_repo (
@@ -193,22 +194,20 @@ for resource in manager_yaml:
193
194
if container ["name" ] == "manager" :
194
195
if os .getenv ("LINODE_URL" ):
195
196
container ["env" ].append ({"name" : "LINODE_URL" , "value" : os .getenv ("LINODE_URL" )})
196
- if os .getenv ("LINODE_CA " ):
197
+ if os .getenv ("LINODE_CA_BASE64 " ):
197
198
container ["env" ].append ({"name" : "SSL_CERT_DIR" , "value" : "/tmp/linode-ca" })
198
199
container ["volumeMounts" ].append ({"mountPath" : "/tmp/linode-ca" , "name" : "linode-ca" , "readOnly" : True })
199
- if os .getenv ("LINODE_CA " ):
200
+ if os .getenv ("LINODE_CA_BASE64 " ):
200
201
resource ["spec" ]["template" ]["spec" ]["volumes" ].append ({"name" : "linode-ca" , "secret" : {"defaultMode" : 420 , "secretName" : "linode-ca" }})
201
202
202
203
k8s_yaml (encode_yaml_stream (manager_yaml ))
203
204
204
- if os .getenv ("LINODE_CA" ):
205
- print (os .getenv ("LINODE_CA" ))
206
-
207
- ca_secret = secret_create_generic (
205
+ if os .getenv ("LINODE_CA_BASE64" ):
206
+ ca_secret = k8s_yaml (secret_from_dict (
208
207
"linode-ca" ,
209
208
namespace = "capl-system" ,
210
- from_file = "cacert.pem=" + os .getenv ("LINODE_CA" )
211
- )
209
+ inputs = { "cacert.pem" : decode_base64 ( os .getenv ("LINODE_CA_BASE64" ))}
210
+ ))
212
211
capl_resources .append ("linode-ca:secret" )
213
212
214
213
if os .getenv ("SKIP_DOCKER_BUILD" , "false" ) != "true" and debug != "true" :
0 commit comments