starlingx
/
config
Code Issues Proposed changes

Merge "Add IPsec certificate to "system certificate-list""

This commit is contained in:
Zuul 2024-04-25 14:09:46 +00:00 committed by Gerrit Code Review
parent 16117a606f 62b74f93f5
commit 02c7893348
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sysinv/sysinv/sysinv/sysinv/conductor/manager.py
View File

@ -19231,6 +19231,15 @@ class ConductorManager(service.PeriodicService):
"/etc/kubernetes/pki/apiserver-kubelet-client.crt"),
("front-proxy-client", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-client.crt"),
("front-proxy-ca", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-ca.crt")]
# IPsec certificate
try:
hostname = socket.gethostname()
ipsec_path = f"/etc/swanctl/x509/system-ipsec-certificate-{hostname}.crt"
certs.append(("ipsec", constants.AUTOMATIC, ipsec_path))
except socket.error:
LOG.debug("Failed to get local hostname to retrieve IPsec certificate")
kube_operator = kubernetes.KubeOperator()
certificates = kube_operator.list_custom_resources("cert-manager.io", "v1", "certificates")
k8s_secrets_list = [cert["spec"]["secretName"] for cert in certificates]