Add a new label 'cert_manager_api' to kubernetes clusters controlling the
enable/disable of the kubernetes certificate manager api.
The same cluster cert/key pair is used by this api. The heat agent is used
to install the key in the master node(s), as this is required for kubernetes
to later sign new certificate requests.
The master template init order is changed so the heat agent is launched
previous to enabling the services - the controller manager requires the CA key
to be locally available before being launched.
Change-Id: Ibf85147316e3a194d8a3f92cbb4ae9ce8e16c98f
Partial-Bug: #1734318
(cherry picked from commit faa9e90402bcf78acdd166198fff9612fa8be81c)
Reviewed: https:/ /review. openstack. org/545772 /git.openstack. org/cgit/ openstack/ magnum/ commit/ ?id=6f762b3d52b bb522ed82982185 8428bbe6c9e4cc
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 6f762b3d52bbb52 2ed829821858428 bbe6c9e4cc
Author: Ricardo Rocha <email address hidden>
Date: Fri Dec 22 11:07:51 2017 +0000
[k8s] allow enabling kubernetes cert manager api
Add a new label 'cert_manager_api' to kubernetes clusters controlling the
enable/disable of the kubernetes certificate manager api.
The same cluster cert/key pair is used by this api. The heat agent is used
to install the key in the master node(s), as this is required for kubernetes
to later sign new certificate requests.
The master template init order is changed so the heat agent is launched
previous to enabling the services - the controller manager requires the CA key
to be locally available before being launched.
Change-Id: Ibf85147316e3a1 94d8a3f92cbb4ae 9ce8e16c98f acdd166198fff96 12fa8be81c)
Partial-Bug: #1734318
(cherry picked from commit faa9e90402bcf78