[improvement] : remove LINODE_CA and use LINODE_CA_BASE64 only (#626)

rahulait · web-flow · commit 39b05223869e · 2025-01-15T11:42:03.000-05:00
* remove LINODE_CA and use LINODE_CA_BASE64 only

* remove LINODE_CA reference from doc
diff --git a/Tiltfile b/Tiltfile
@@ -2,7 +2,8 @@ load("ext://k8s_attach", "k8s_attach")
 load("ext://helm_resource", "helm_resource", "helm_repo")
 load("ext://namespace", "namespace_create")
 load("ext://restart_process", "docker_build_with_restart")
-load("ext://secret", "secret_create_generic")
+load("ext://secret", "secret_from_dict")
+load("ext://base64", "decode_base64")
 update_settings(k8s_upsert_timeout_secs=120)
 
 helm_repo(
@@ -193,22 +194,20 @@ for resource in manager_yaml:
             if container["name"] == "manager":
                 if os.getenv("LINODE_URL"):
                     container["env"].append({"name": "LINODE_URL", "value": os.getenv("LINODE_URL")})
-                if os.getenv("LINODE_CA"):
+                if os.getenv("LINODE_CA_BASE64"):
                     container["env"].append({"name": "SSL_CERT_DIR", "value": "/tmp/linode-ca"})
                     container["volumeMounts"].append({"mountPath": "/tmp/linode-ca", "name": "linode-ca", "readOnly": True})
-        if os.getenv("LINODE_CA"):
+        if os.getenv("LINODE_CA_BASE64"):
             resource["spec"]["template"]["spec"]["volumes"].append({"name": "linode-ca", "secret": {"defaultMode": 420, "secretName": "linode-ca"}})
 
 k8s_yaml(encode_yaml_stream(manager_yaml))
 
-if os.getenv("LINODE_CA"):
-    print(os.getenv("LINODE_CA"))
-
-    ca_secret = secret_create_generic(
+if os.getenv("LINODE_CA_BASE64"):
+    ca_secret = k8s_yaml(secret_from_dict(
         "linode-ca",
         namespace = "capl-system",
-        from_file="cacert.pem=" + os.getenv("LINODE_CA")
-    )
+        inputs={"cacert.pem": decode_base64(os.getenv("LINODE_CA_BASE64"))}
+    ))
     capl_resources.append("linode-ca:secret")
 
 if os.getenv("SKIP_DOCKER_BUILD", "false") != "true" and debug != "true":
diff --git a/docs/src/developers/development.md b/docs/src/developers/development.md
@@ -40,7 +40,7 @@ needed via the make targets, but a recommendation is to
 #### Optional Environment Variables
 ```bash
 export LINODE_URL= # Default unset. Set this to talk to a specific linode api endpoint
-export LINODE_CA= # Default unset. Set this to use a specific CA when talking to the linode API
+export LINODE_CA_BASE64= # Default empty. Set this to base64 encoded content of specific CA when talking to custom linode API
 export CAPL_DEBUG=false # Default false. Set this to true to enable delve integration
 export INSTALL_K3S_PROVIDER=false # Default false. Set this to true to enable k3s capi provider installation
 export INSTALL_RKE2_PROVIDER=false # Default false. Set this to true to enable the RKE2 capi provider installation
diff --git a/docs/src/topics/linode-cloud-controller-manager.md b/docs/src/topics/linode-cloud-controller-manager.md
@@ -22,7 +22,6 @@ Check the cert contents and if its a CA, use it.
 Additional vars which needs to be set for custom enviroments:
 ```sh
 export LINODE_URL=<env specific API path>
-export LINODE_CA=<env specific CA file path on disk>
 export LINODE_EXTERNAL_SUBNET=<network to be marked as public network>
 export LINODE_CA_BASE64=<base64 encoded value of LINODE_CA cert content>
 ```
