Skip to content

Commit

Permalink
Merge pull request openshift#1621 from relyt0925/kms-unmanaged-auth-fix
Browse files Browse the repository at this point in the history 
ensure optional mount always added to ibmcloud kms pod for appropriate container build
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Jul 28, 2022
2 parents 1e29e78 + c1537b3 commit 8e82b88
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions control-plane-operator/controllers/hostedcontrolplane/kas/ibmcloud_kms.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,7 @@ func applyIBMCloudKMSConfig(podSpec *corev1.PodSpec, ibmCloud *hyperv1.IBMCloudK
if err != nil {
return fmt.Errorf("failed to generate kmsKPInfo env var: %w", err)
}
podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeKMSSocket(), buildVolumeKMSSocket))
podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeKMSSocket(), buildVolumeKMSSocket), util.BuildVolume(kasVolumeIBMCloudKMSKP(), buildVolumeIBMCloudKMSKP))
var customerAPIKeyReference *corev1.EnvVarSource
switch ibmCloud.Auth.Type {
case hyperv1.IBMCloudKMSUnmanagedAuth:
Expand All @@ -248,7 +248,6 @@ func applyIBMCloudKMSConfig(podSpec *corev1.PodSpec, ibmCloud *hyperv1.IBMCloudK
}
podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeIBMCloudKMSCustomerCredentials(), buildVolumeIBMCloudKMSCustomerCredentials(ibmCloud.Auth.Unmanaged.Credentials.Name)))
case hyperv1.IBMCloudKMSManagedAuth:
podSpec.Volumes = append(podSpec.Volumes, util.BuildVolume(kasVolumeIBMCloudKMSKP(), buildVolumeIBMCloudKMSKP))
default:
return fmt.Errorf("unrecognized ibmcloud kms auth type %s", ibmCloud.Auth.Type)
}
Expand Down

0 comments on commit 8e82b88

Please sign in to comment.