Skip to content
This repository has been archived by the owner on Oct 22, 2021. It is now read-only.

fix: multiple-cluster-mode add ca certs required by diego-cell #1570

Merged
merged 3 commits into from
Jan 11, 2021
Merged

fix: multiple-cluster-mode add ca certs required by diego-cell #1570

merged 3 commits into from
Jan 11, 2021

Conversation

aqan213
Copy link
Contributor

@aqan213 aqan213 commented Nov 9, 2020

Import CA certs of control plane to generate the certs required by diego-cell.

Description

Add the CA certs instead of the certs that imported in the credentials in values yaml file. Those certs can be removed and ca certs can generate those ones.

credentials_list=(
credhub_tls.ca
diego_bbs_client.ca
diego_bbs_client.certificate
diego_bbs_client.private_key
diego_instance_identity_ca.ca
diego_instance_identity_ca.certificate
diego_instance_identity_ca.private_key
diego_rep_agent_v2.ca
diego_rep_agent_v2.certificate
diego_rep_agent_v2.private_key
diego_rep_client.ca
diego_rep_client.certificate
diego_rep_client.private_key
forwarder_agent_metrics_tls.ca
forwarder_agent_metrics_tls.certificate
forwarder_agent_metrics_tls.private_key
gorouter_backend_tls.ca
loggr_udp_forwarder_tls.ca
loggr_udp_forwarder_tls.certificate
loggr_udp_forwarder_tls.private_key
loggregator_agent_metrics_tls.ca
loggregator_agent_metrics_tls.certificate
loggregator_agent_metrics_tls.private_key
loggregator_tls_agent.ca
loggregator_tls_agent.certificate
loggregator_tls_agent.private_key
ssh_proxy_backends_tls.ca
uaa_ssl.ca
cf_app_sd_client_tls.ca
cf_app_sd_client_tls.certificate
cf_app_sd_client_tls.private_key
nats_client_cert.ca
nats_client_cert.certificate
nats_client_cert.private_key
network_policy_client.ca
network_policy_client.certificate
network_policy_client.private_key
silk_daemon.ca
silk_daemon.certificate
silk_daemon.private_key
)

Motivation and Context

Add the CA certs can reduce the certs those we need to manage.

How Has This Been Tested?

Tested in IBM multi clusters with kubecf 2.6.1.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code has security implications.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@aqan213 aqan213 changed the title multiple-cluster-mode add ca certs required by diego-cell fix: multiple-cluster-mode add ca certs required by diego-cell Nov 9, 2020
@jandubois jandubois requested a review from viovanov January 4, 2021 22:47
viovanov
viovanov previously approved these changes Jan 5, 2021
View reviewed changes
@viovanov
Copy link
Member

viovanov commented Jan 5, 2021

Hi @aqan213 - this is failing linting - can you please take a look?
https://concourse.suse.dev/teams/main/pipelines/kubecf/jobs/lint-pr/builds/386

@aqan213 aqan213 force-pushed the multi-cluster-mode branch from cf91a3a to 0b1544c Compare January 10, 2021 03:38
@aqan213
Copy link
Contributor Author

aqan213 commented Jan 10, 2021

@viovanov The lint error was fixed. Thanks,

@viovanov viovanov merged commit 4f12ba0 into cloudfoundry-incubator:master Jan 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@viovanov viovanov viovanov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aqan213 @viovanov