Mount public key to dashboard as secret

Signed-off-by: Brandon Wilson <[email protected]>
openfaas · Dec 14, 2020 · c4da635 · c4da635
1 parent 5b51d3b
commit c4da635
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 16 deletions.
diff --git a/cmd/apply.go b/cmd/apply.go
@@ -362,29 +362,28 @@ func process(plan types.Plan, prefs InstallPreferences, additionalPaths []string
 		}
 	}
 
-	var pubCert string
+	fmt.Println("Creating stack.yml")
+
+	planErr := stack.Apply(plan)
+	if planErr != nil {
+		log.Println(planErr)
+	}
+
 	if !prefs.SkipSealedSecrets {
 		sealedSecretsErr := installSealedSecrets()
 		if sealedSecretsErr != nil {
 			log.Println(sealedSecretsErr)
 			return sealedSecretsErr
 		}
 
-		pubCert = exportSealedSecretPubCert()
+		pubCert := exportSealedSecretPubCert()
 		writeErr := ioutil.WriteFile("tmp/pubcert.pem", []byte(pubCert), 0700)
 		if writeErr != nil {
 			log.Println(writeErr)
 			return writeErr
 		}
 	}
 
-	fmt.Println("Creating stack.yml")
-
-	planErr := stack.Apply(plan, pubCert)
-	if planErr != nil {
-		log.Println(planErr)
-	}
-
 	cloneErr := cloneCloudComponents(plan.OpenFaaSCloudVersion, additionalPaths)
 	if cloneErr != nil {
 		return cloneErr

diff --git a/pkg/stack/stack.go b/pkg/stack/stack.go
@@ -5,7 +5,6 @@ import (
 	"html/template"
 	"io/ioutil"
 	"os"
-	"strings"
 
 	"github.com/openfaas/ofc-bootstrap/pkg/types"
 )
@@ -56,11 +55,10 @@ type dashboardConfig struct {
 	Scheme         string
 	GitHubAppUrl   string
 	GitLabInstance string
-	PublicKey      string
 }
 
 // Apply creates `templates/gateway_config.yml` to be referenced by stack.yml
-func Apply(plan types.Plan, pubCert string) error {
+func Apply(plan types.Plan) error {
 	scheme := "http"
 	if plan.TLS {
 		scheme += "s"
@@ -118,7 +116,6 @@ func Apply(plan types.Plan, pubCert string) error {
 		Scheme:         scheme,
 		GitHubAppUrl:   gitHubAppUrl,
 		GitLabInstance: gitLabInstance,
-		PublicKey:      strings.ReplaceAll(pubCert, "\n", "\n    "),
 	})
 	if dashboardConfigErr != nil {
 		return dashboardConfigErr

diff --git a/scripts/deploy-cloud-components.sh b/scripts/deploy-cloud-components.sh
@@ -80,6 +80,9 @@ if [ "$ENABLE_AWS_ECR" = "true" ] ; then
     faas-cli deploy -f ./aws.yml
 fi
 
+kubectl create secret generic sealedsecrets-public-key -n openfaas-fn --from-file=../pub-cert.pem \
+ --dry-run=client -o yaml | kubectl apply -f -
+
 TAG=0.14.4 faas-cli deploy -f ./dashboard/stack.yml
 
 sleep 2

diff --git a/scripts/export-sealed-secret-pubcert.sh b/scripts/export-sealed-secret-pubcert.sh
@@ -13,5 +13,6 @@ then
     chmod +x /tmp/kubeseal
 fi
 
+/tmp/kubeseal --version
 /tmp/kubeseal --fetch-cert --controller-name=ofc-sealedsecrets-sealed-secrets > tmp/pub-cert.pem && \
   cat tmp/pub-cert.pem
diff --git a/templates/dashboard_config.yml b/templates/dashboard_config.yml
@@ -17,6 +17,3 @@ environment:
   github_app_url: {{.GitHubAppUrl}}
   # Public URL for your GitLab instance
   gitlab_url: {{.GitLabInstance}}
-  # SealedSecrets public key
-  public_key: |
-    {{.PublicKey}}