commit 8a28f6d506763adba3d29beb898f10cdb069becd
author garciadeblas <gerardo.garciadeblas@telefonica.com> Wed Jun 11 11:11:56 2025 +0200
committer garciadeblas <gerardo.garciadeblas@telefonica.com> Tue Aug 05 19:24:44 2025 +0200
tree 315f1a6578decc735ab3d17507f93147636386fc
parent b7c826789e40a09556aca0ae9422ba27cbfb408d

Feature 11057: Cluster management in Openshift-based infrastructures

Change-Id: I8bdb1efb3ad1e9c8da688f334b3dcf7f49ad047c
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>

installers/flux/scripts/create-new-cluster-folder-structure.sh

diff --git a/installers/flux/scripts/create-new-cluster-folder-structure.sh b/installers/flux/scripts/create-new-cluster-folder-structure.sh
index ef1b0cb..1ea1ded 100755
--- a/installers/flux/scripts/create-new-cluster-folder-structure.sh
+++ b/installers/flux/scripts/create-new-cluster-folder-structure.sh
@@ -111,17 +111,31 @@
 # Secrets to access both Git repos
 # (NOTE: these are the last secrets to be added imperatively)
 kubectl delete secret fleet-repo --namespace flux-system 2> /dev/null || true
-kubectl create secret generic fleet-repo \
-    --namespace flux-system \
-    --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
-    --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+    kubectl create secret generic fleet-repo \
+        --namespace flux-system \
+        --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+        --from-literal=password="${FLEET_REPO_GIT_USER_PASS}" \
+        --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+    kubectl create secret generic fleet-repo \
+        --namespace flux-system \
+        --from-literal=username="${FLEET_REPO_GIT_USERNAME}" \
+        --from-literal=password="${FLEET_REPO_GIT_USER_PASS}"
+fi
 kubectl delete secret sw-catalogs --namespace flux-system 2> /dev/null || true
-kubectl create secret generic sw-catalogs \
-    --namespace flux-system \
-    --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
-    --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
-
+if [ -n "${MGMT_CLUSTER_CA_FILE}" ]; then
+    kubectl create secret generic sw-catalogs \
+        --namespace flux-system \
+        --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+        --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}" \
+        --from-file=ca.crt="${MGMT_CLUSTER_CA_FILE}"
+else
+    kubectl create secret generic sw-catalogs \
+        --namespace flux-system \
+        --from-literal=username="${SW_CATALOGS_REPO_GIT_USERNAME}" \
+        --from-literal=password="${SW_CATALOGS_REPO_GIT_USER_PASS}"
+fi
 # Render Flux `Kustomizations` to sync with default profiles
 envsubst < "${TEMPLATES_DIR}/infra-controllers.yaml" > "${CLUSTER_DIR}/infra-controllers.yaml"
 envsubst < "${TEMPLATES_DIR}/infra-configs.yaml" > "${CLUSTER_DIR}/infra-configs.yaml"