Switched Heapster to use certificates generated by OpenShift

author: Juraci Paixão Kröhling <juraci@kroehling.de> 2017-02-24 12:26:52 +0100
committer: Juraci Paixão Kröhling <juraci@kroehling.de> 2017-04-18 13:32:37 +0200
commit: 336a7964836a40ed6b07bc9aed255e8dd2f9fc5f (patch)
tree: f5c4076c0fba74d26d604eb76d15fa370f3d6f68 /roles/openshift_metrics/templates
parent: 233cb72777a5bdea68e5a7703bad53bb012c0bd0 (diff)
download: openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.gz
openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.bz2
openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.xz
openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.zip
2 files changed, 14 insertions, 3 deletions
diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2
index f01ccfd58..ab998c2fb 100644
--- a/roles/openshift_metrics/templates/heapster.j2
+++ b/roles/openshift_metrics/templates/heapster.j2
@@ -34,9 +34,9 @@ spec:
         - "heapster-wrapper.sh"
         - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users"
         - "--source=kubernetes.summary_api:${MASTER_URL}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250"
-        - "--tls_cert=/secrets/heapster.cert"
-        - "--tls_key=/secrets/heapster.key"
-        - "--tls_client_ca=/secrets/heapster.client-ca"
+        - "--tls_cert=/heapster-certs/tls.crt"
+        - "--tls_key=/heapster-certs/tls.key"
+        - "--tls_client_ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
         - "--allowed_users=%allowed_users%"
         - "--metric_resolution={{openshift_metrics_resolution}}"
 {% if not openshift_metrics_heapster_standalone %}
@@ -80,6 +80,8 @@ spec:
         volumeMounts:
         - name: heapster-secrets
           mountPath: "/secrets"
+        - name: heapster-certs
+          mountPath: "/heapster-certs"
 {% if not openshift_metrics_heapster_standalone %}
         - name: hawkular-metrics-certs
           mountPath: "/hawkular-metrics-certs"
@@ -94,6 +96,9 @@ spec:
         - name: heapster-secrets
           secret:
             secretName: heapster-secrets
+        - name: heapster-certs
+          secret:
+            secretName: heapster-certs
 {% if not openshift_metrics_heapster_standalone %}
         - name: hawkular-metrics-certs
           secret:
diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2
index 8df89127b..ce0bc2eec 100644
--- a/roles/openshift_metrics/templates/service.j2
+++ b/roles/openshift_metrics/templates/service.j2
@@ -2,6 +2,12 @@ apiVersion: "v1"
 kind: "Service"
 metadata:
   name: "{{obj_name}}"
+{% if annotations is defined%}
+  annotations:
+{% for key, value in annotations.iteritems() %}
+    {{key}}: {{value}}
+{% endfor %}
+{% endif %}
 {% if labels is defined%}
   labels:
 {% for key, value in labels.iteritems() %}
author	Juraci Paixão Kröhling <juraci@kroehling.de>	2017-02-24 12:26:52 +0100
committer	Juraci Paixão Kröhling <juraci@kroehling.de>	2017-04-18 13:32:37 +0200
commit	336a7964836a40ed6b07bc9aed255e8dd2f9fc5f (patch)
tree	f5c4076c0fba74d26d604eb76d15fa370f3d6f68 /roles/openshift_metrics/templates
parent	233cb72777a5bdea68e5a7703bad53bb012c0bd0 (diff)
download	openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.gz openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.bz2 openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.tar.xz openshift-336a7964836a40ed6b07bc9aed255e8dd2f9fc5f.zip