Feature 10947 Cert-manager installation for gRPC authentication
It includes:
- Cert-manager installation
- Custom CA bootstrap
- Mount CA in LCM pod
Change-Id: I8e6d73fb0c179df130f7f4a7f8829bd781713d51
Signed-off-by: Gabriel Cuba <gcuba@whitestack.com>
diff --git a/installers/install_kubeadm_cluster.sh b/installers/install_kubeadm_cluster.sh
index 9c0fa2f..648a1be 100755
--- a/installers/install_kubeadm_cluster.sh
+++ b/installers/install_kubeadm_cluster.sh
@@ -184,6 +184,20 @@
[ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
}
+#installs cert-manager
+function install_helm_certmanager() {
+ [ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
+ echo "Installing cert-manager"
+ CERTMANAGER_VERSION="v1.9.1"
+ helm repo add jetstack https://charts.jetstack.io
+ helm repo update
+ helm install cert-manager --create-namespace --namespace cert-manager jetstack/cert-manager \
+ --version ${CERTMANAGER_VERSION} --set installCRDs=true --set prometheus.enabled=false \
+ --set clusterResourceNamespace=osm \
+ --set extraArgs="{--enable-certificate-owner-ref=true}"
+ [ -z "${DEBUG_INSTALL}" ] || DEBUG end of function
+}
+
#checks openebs and metallb readiness
function check_for_readiness() {
[ -z "${DEBUG_INSTALL}" ] || DEBUG beginning of function
@@ -220,6 +234,13 @@
COUNT_METALLB_READY=$(echo "${METALLB_READY}" | grep -v -e '^$' | wc -l)
COUNT_METALLB_NOT_READY=$(echo "${METALLB_NOT_READY}" | grep -v -e '^$' | wc -l)
+ # State of CertManager
+ CERTMANAGER_STATE=$(kubectl get pod -n ${CERTMANAGER_NAMESPACE} --no-headers 2>&1)
+ CERTMANAGER_READY=$(echo "${CERTMANAGER_STATE}" | awk '$2=="1/1" || $2=="2/2" {printf ("%s\t%s\t\n", $1, $2)}')
+ CERTMANAGER_NOT_READY=$(echo "${CERTMANAGER_STATE}" | awk '$2!="1/1" && $2!="2/2" {printf ("%s\t%s\t\n", $1, $2)}')
+ COUNT_CERTMANAGER_READY=$(echo "${CERTMANAGER_READY}" | grep -v -e '^$' | wc -l)
+ COUNT_CERTMANAGER_NOT_READY=$(echo "${CERTMANAGER_NOT_READY}" | grep -v -e '^$' | wc -l)
+
# OK sample
if [[ $((${COUNT_OPENEBS_NOT_READY}+${COUNT_METALLB_NOT_READY})) -eq 0 ]]
then
@@ -241,13 +262,21 @@
echo
fi
- # Reports failed statefulsets
+ # Reports failed pods in MetalLB
if [[ "${COUNT_METALLB_NOT_READY}" -ne 0 ]]
then
echo "MetalLB: Waiting for ${COUNT_METALLB_NOT_READY} of $((${COUNT_METALLB_NOT_READY}+${COUNT_METALLB_READY})) pods to be ready:"
echo "${METALLB_NOT_READY}"
echo
fi
+
+ # Reports failed pods in CertManager
+ if [[ "${COUNT_CERTMANAGER_NOT_READY}" -ne 0 ]]
+ then
+ echo "CertManager: Waiting for ${COUNT_CERTMANAGER_NOT_READY} of $((${COUNT_CERTMANAGER_NOT_READY}+${COUNT_CERTMANAGER_READY})) pods to be ready:"
+ echo "${CERTMANAGER_NOT_READY}"
+ echo
+ fi
fi
#------------ NEXT SAMPLE
@@ -342,6 +371,8 @@
track k8scluster k8s_storageclass_ok
install_helm_metallb
track k8scluster k8s_metallb_ok
+install_helm_certmanager
+track k8scluster k8s_certmanager_ok
check_for_readiness
track k8scluster k8s_ready_ok