Skip to content

Commit 39b0522

Browse files
authored
[improvement] : remove LINODE_CA and use LINODE_CA_BASE64 only (#626)
* remove LINODE_CA and use LINODE_CA_BASE64 only * remove LINODE_CA reference from doc
1 parent 848827f commit 39b0522

File tree

3 files changed

+9
-11
lines changed

3 files changed

+9
-11
lines changed

Tiltfile

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@ load("ext://k8s_attach", "k8s_attach")
22
load("ext://helm_resource", "helm_resource", "helm_repo")
33
load("ext://namespace", "namespace_create")
44
load("ext://restart_process", "docker_build_with_restart")
5-
load("ext://secret", "secret_create_generic")
5+
load("ext://secret", "secret_from_dict")
6+
load("ext://base64", "decode_base64")
67
update_settings(k8s_upsert_timeout_secs=120)
78

89
helm_repo(
@@ -193,22 +194,20 @@ for resource in manager_yaml:
193194
if container["name"] == "manager":
194195
if os.getenv("LINODE_URL"):
195196
container["env"].append({"name": "LINODE_URL", "value": os.getenv("LINODE_URL")})
196-
if os.getenv("LINODE_CA"):
197+
if os.getenv("LINODE_CA_BASE64"):
197198
container["env"].append({"name": "SSL_CERT_DIR", "value": "/tmp/linode-ca"})
198199
container["volumeMounts"].append({"mountPath": "/tmp/linode-ca", "name": "linode-ca", "readOnly": True})
199-
if os.getenv("LINODE_CA"):
200+
if os.getenv("LINODE_CA_BASE64"):
200201
resource["spec"]["template"]["spec"]["volumes"].append({"name": "linode-ca", "secret": {"defaultMode": 420, "secretName": "linode-ca"}})
201202

202203
k8s_yaml(encode_yaml_stream(manager_yaml))
203204

204-
if os.getenv("LINODE_CA"):
205-
print(os.getenv("LINODE_CA"))
206-
207-
ca_secret = secret_create_generic(
205+
if os.getenv("LINODE_CA_BASE64"):
206+
ca_secret = k8s_yaml(secret_from_dict(
208207
"linode-ca",
209208
namespace = "capl-system",
210-
from_file="cacert.pem=" + os.getenv("LINODE_CA")
211-
)
209+
inputs={"cacert.pem": decode_base64(os.getenv("LINODE_CA_BASE64"))}
210+
))
212211
capl_resources.append("linode-ca:secret")
213212

214213
if os.getenv("SKIP_DOCKER_BUILD", "false") != "true" and debug != "true":

docs/src/developers/development.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ needed via the make targets, but a recommendation is to
4040
#### Optional Environment Variables
4141
```bash
4242
export LINODE_URL= # Default unset. Set this to talk to a specific linode api endpoint
43-
export LINODE_CA= # Default unset. Set this to use a specific CA when talking to the linode API
43+
export LINODE_CA_BASE64= # Default empty. Set this to base64 encoded content of specific CA when talking to custom linode API
4444
export CAPL_DEBUG=false # Default false. Set this to true to enable delve integration
4545
export INSTALL_K3S_PROVIDER=false # Default false. Set this to true to enable k3s capi provider installation
4646
export INSTALL_RKE2_PROVIDER=false # Default false. Set this to true to enable the RKE2 capi provider installation

docs/src/topics/linode-cloud-controller-manager.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@ Check the cert contents and if its a CA, use it.
2222
Additional vars which needs to be set for custom enviroments:
2323
```sh
2424
export LINODE_URL=<env specific API path>
25-
export LINODE_CA=<env specific CA file path on disk>
2625
export LINODE_EXTERNAL_SUBNET=<network to be marked as public network>
2726
export LINODE_CA_BASE64=<base64 encoded value of LINODE_CA cert content>
2827
```

0 commit comments

Comments
 (0)