chore(libvirt): start using certs

commit: f3bd28ec8f1637f1999e59854706c49cb4870e24 [log] [tgz]
author: Mohammed Naser <mnaser@vexxhost.com> Mon Jul 10 16:14:28 2023 -0400
committer: Mohammed Naser <mnaser@vexxhost.com> Mon Jul 10 22:01:23 2023 -0400
tree: a238f583a5a9248d452731368251dadfecfd32d5
parent: 76a12567c9ea1a634973afe43a6b4f844c9608ad [diff]
diff --git a/charts/libvirt/templates/bin/_cert-init.sh.tpl b/charts/libvirt/templates/bin/_cert-init.sh.tpl
index 6a8886e..96be379 100644
--- a/charts/libvirt/templates/bin/_cert-init.sh.tpl
+++ b/charts/libvirt/templates/bin/_cert-init.sh.tpl

@@ -43,6 +43,6 @@
 kubectl -n ${POD_NAMESPACE} wait --for=condition=Ready --timeout=300s \
   certificate/${POD_NAME}-${TYPE}
 
-kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${POD_NAME}-${TYPE}.crt
-kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${POD_NAME}-${TYPE}.key
-kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${POD_NAME}-${TYPE}.ca.crt
+kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.crt}' | base64 -d > /tmp/${TYPE}.crt
+kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.tls\.key}' | base64 -d > /tmp/${TYPE}.key
+kubectl -n ${POD_NAMESPACE} get secret ${POD_NAME}-${TYPE} -o jsonpath='{.data.ca\.crt}' | base64 -d > /tmp/${TYPE}-ca.crt

diff --git a/charts/libvirt/templates/bin/_libvirt.sh.tpl b/charts/libvirt/templates/bin/_libvirt.sh.tpl
index c419997..e2358b8 100644
--- a/charts/libvirt/templates/bin/_libvirt.sh.tpl
+++ b/charts/libvirt/templates/bin/_libvirt.sh.tpl

@@ -16,6 +16,22 @@
 
 set -ex
 
+# NOTE(mnaser): This will move the API certificates into the expected location.
+if [ -f /tmp/api.crt ]; then
+  mkdir -p /etc/pki/libvirt/private
+  mv /tmp/api.key {{ .Values.conf.libvirt.key_file }}
+  mv /tmp/api.crt {{ .Values.conf.libvirt.cert_file }}
+  mv /tmp/api-ca.crt {{ .Values.conf.libvirt.ca_file }}
+fi
+
+# TODO(mnaser): This will move the VNC certificates into the expected location.
+# if [ -f /tmp/vnc.crt ]; then
+#   mkdir -p /etc/pki/libvirt/private
+#   mv /tmp/vnc.key {{ .Values.conf.libvirt.vnc_key_file }}
+#   mv /tmp/vnc.crt {{ .Values.conf.libvirt.vnc_cert_file }}
+#   mv /tmp/vnc-ca.crt {{ .Values.conf.libvirt.vnc_ca_file }}
+# fi
+
 if [ -n "$(cat /proc/*/comm 2>/dev/null | grep -w libvirtd)" ]; then
   set +x
   for proc in $(ls /proc/*/comm 2>/dev/null); do
commit	f3bd28ec8f1637f1999e59854706c49cb4870e24	[log] [tgz]
author	Mohammed Naser <mnaser@vexxhost.com>	Mon Jul 10 16:14:28 2023 -0400
committer	Mohammed Naser <mnaser@vexxhost.com>	Mon Jul 10 22:01:23 2023 -0400
tree	a238f583a5a9248d452731368251dadfecfd32d5
parent	76a12567c9ea1a634973afe43a6b4f844c9608ad [diff]