Use systemd to add the root CA for API server access

this removes the code patching the configmap admin-kubeconfig-client-ca to use the custom CA, instead it copies the generated CA to '/opt/crc/' which is then used by a systemd service to created the required secret and updates the configmap
crc-org · Jan 16, 2025 · a1f3dcc · a1f3dcc
1 parent df0995f
commit a1f3dcc
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/pkg/crc/cluster/cluster.go b/pkg/crc/cluster/cluster.go
@@ -197,13 +197,10 @@ func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc
 	}
 
 	logging.Info("Updating root CA cert to admin-kubeconfig-client-ca configmap...")
-	jsonPath := fmt.Sprintf(`'{"data": {"ca-bundle.crt": %q}}'`, selfSignedCAPem)
-	cmdArgs := []string{"patch", "configmap", "admin-kubeconfig-client-ca",
-		"-n", "openshift-config", "--patch", jsonPath}
-	_, stderr, err = ocConfig.RunOcCommand(cmdArgs...)
-	if err != nil {
-		return fmt.Errorf("Failed to patch admin-kubeconfig-client-ca config map with new CA` %v: %s", err, stderr)
+	if err := sshRunner.CopyDataPrivileged(selfSignedCAPem, "/opt/crc/custom-ca.crt", 0644); err != nil {
+		return fmt.Errorf("Failed to copy generated CA file to VM: %v", err)
 	}
+
 	if err := sshRunner.CopyFile(constants.KubeconfigFilePath, ocConfig.KubeconfigPath, 0644); err != nil {
 		return fmt.Errorf("Failed to copy generated kubeconfig file to VM: %v", err)
 	}