@@ -349,25 +349,14 @@ patch_proxy_trusted_ca() {
349349 log " Proxy trustedCA set on ${label} "
350350}
351351
352- bundle_to_single_line_b64 () {
353- local bundle=" $1 "
354- local out=" $2 "
355- if openssl base64 -A -in " $bundle " -out " $out " 2> /dev/null; then
356- return 0
357- fi
358- { base64 < " $bundle " 2> /dev/null || base64 " $bundle " ; } | tr -d ' \n' > " $out "
359- }
360-
361352# One ManifestWork per cluster so workload.manifests apply in list order: optional klusterlet RBAC,
362353# then ConfigMap, then Proxy (ConfigMap must exist before Proxy references it). Two separate
363354# ManifestWorks can reconcile out of order and leave spec.trustedCA unset or rejected on the spoke.
364355apply_manifestwork_spoke_rollout () {
365356 local cluster=" $1 "
366357 local bundle=" $2 "
367- local b64file=" $WORK_DIR /mw-${cluster} .b64"
368- bundle_to_single_line_b64 " $bundle " " $b64file "
369- local b64
370- b64=" $( cat " $b64file " ) "
358+ local bundle_block
359+ bundle_block=" $( sed ' s/^/ /' " $bundle " ) "
371360 local tmp=" $WORK_DIR /mw-${cluster} .yaml"
372361 local rbac_block=" "
373362 local log_suffix=" "
@@ -430,7 +419,8 @@ ${rbac_block}
430419 name: ${CONFIG_MAP_NAME}
431420 namespace: ${TARGET_NAMESPACE}
432421 data:
433- ca-bundle.crt: "${b64} "
422+ ca-bundle.crt: |
423+ ${bundle_block}
434424 - apiVersion: config.openshift.io/v1
435425 kind: Proxy
436426 metadata:
@@ -456,7 +446,8 @@ spec:
456446 name: ${CONFIG_MAP_NAME}
457447 namespace: ${TARGET_NAMESPACE}
458448 data:
459- ca-bundle.crt: "${b64} "
449+ ca-bundle.crt: |
450+ ${bundle_block}
460451EOF
461452 log " ManifestWork ${cluster} /${MANIFEST_WORK_NAME} apply (ConfigMap only)"
462453 fi
0 commit comments