Fix secret creation for K8S
* switch using base64 function from shell to salt one;
* add missed defaults for secret_name parameter;
* fix typo in templates
Change-Id: I121855198dc61ec1a765d5aff1a06dd9e30d747a
Related-Prod: PROD-27542
diff --git a/kubernetes/control/secret.sls b/kubernetes/control/secret.sls
index 10fc58a..222aec9 100644
--- a/kubernetes/control/secret.sls
+++ b/kubernetes/control/secret.sls
@@ -17,6 +17,7 @@
- file: /srv/kubernetes
- defaults:
secret: {{ secret|yaml }}
+ secret_name: {{ secret_name }}
{%- if secret.get('create', false) %}
cmd.wait:
diff --git a/kubernetes/files/secret.yml b/kubernetes/files/secret.yml
index 0ce9505..f4cc42c 100644
--- a/kubernetes/files/secret.yml
+++ b/kubernetes/files/secret.yml
@@ -5,15 +5,18 @@
name: {{ secret_name }}
namespace: {{ secret.get('namespace', 'default') }}
type: Opaque
-{%- if secret.data is defined}
+{%- if secret.data is defined %}
data:
{%- if secret.data.type == 'ssl' %}
- {%- set ca_crt = salt['cmd.shell']('cat {0} | base64'.format(secret.data.ca_crt_file)) %}
- {%- set tls_crt = salt['cmd.shell']('cat {0} | base64'.format(secret.data.tls_crt_file)) %}
- {%- set tls_key = salt['cmd.shell']('cat {0} | base64'.format(secret.data.tls_key_file)) %}
- ca.crt: {{ ca_crt }}
- tls.crt: {{ tls_crt }}
- tls.key: {{ tls_key }}
+ {%- set ca_crt = salt['cmd.shell']('cat {0}'.format(secret.data.ca_crt_file)) %}
+ {%- set tls_crt = salt['cmd.shell']('cat {0}'.format(secret.data.tls_crt_file)) %}
+ {%- set tls_key = salt['cmd.shell']('cat {0}'.format(secret.data.tls_key_file)) %}
+ {%- set ca_crt_encoded = salt['hashutil.base64_b64encode'](ca_crt) %}
+ {%- set tls_crt_encoded = salt['hashutil.base64_b64encode'](tls_crt) %}
+ {%- set tls_key_encoded = salt['hashutil.base64_b64encode'](tls_key) %}
+ ca.crt: {{ ca_crt_encoded }}
+ tls.crt: {{ tls_crt_encoded }}
+ tls.key: {{ tls_key_encoded }}
{%- else %}
{%- for key, value in secret.data.secrets.items() %}
{{ key }}: {{ salt['hashutil.base64_b64encode'](value) }}