Enable TLS for celery

This PS enable TLS connection from celery to rabbitmq when TLS connection is enabled Change-Id: I49ccf159ca73e0764703a6d3c686c108143f12e2 Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
2023-11-29 09:44:13 -05:00 · 2023-11-29 09:44:13 -05:00 · 2a6c028a41
commit 2a6c028a41
parent f571611f3c
4 changed files with 10 additions and 5 deletions
--- a/charts/shipyard/Chart.yaml
+++ b/charts/shipyard/Chart.yaml
@ -16,7 +16,7 @@
 apiVersion: v1
 description: A Helm chart for Shipyard and Airflow
 name: shipyard
-version: 0.2.2
+version: 0.2.3
 appVersion: 2.6.2
 keywords:
 - shipyard
--- a/charts/shipyard/templates/job-rabbit-init.yaml
+++ b/charts/shipyard/templates/job-rabbit-init.yaml
@ -16,7 +16,7 @@ limitations under the License.

 {{- if .Values.manifests.job_rabbit_init }}
 {{- $rmqJob := dict "envAll" . "serviceName" "airflow" -}}
-{{- if .Values.manifests.certificates -}}
+{{- if .Values.tls.oslo_messaging -}}
 {{- $_ := set $rmqJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
 {{- end -}}
 {{ $rmqJob | include "helm-toolkit.manifests.job_rabbit_init" }}
--- a/charts/shipyard/templates/statefulset-airflow-worker.yaml
+++ b/charts/shipyard/templates/statefulset-airflow-worker.yaml
@ -185,6 +185,7 @@ spec:
              readOnly: true
            - name: airflow-logs
              mountPath: {{ .Values.conf.airflow.logging.base_log_folder }}
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
        - name: airflow-logrotate
          image: {{ .Values.images.tags.airflow }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
@ -237,6 +238,7 @@ spec:
          configMap:
            name: airflow-bin
            defaultMode: 0555
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
  volumeClaimTemplates:
  - metadata:
      name: airflow-logs
--- a/charts/shipyard/values.yaml
+++ b/charts/shipyard/values.yaml
@ -813,9 +813,9 @@ conf:
      celery_config_options: airflow.config_templates.default_celery.DEFAULT_CELERY_CONFIG
      # TODO: Enable this for security
      ssl_active: "False"
-      ssl_key: ""
-      ssl_cert: ""
-      ssl_cacert: ""
+      ssl_key: /ect/rabbitmq/certs/tls.key
+      ssl_cert: /ect/rabbitmq/certs/tls.crt
+      ssl_cacert: /ect/rabbitmq/certs/ca.crt
    celery_broker_transport_options:
      visibility_timeout: 21600
    dask:
@ -1234,6 +1234,9 @@ network_policy:
    egress:
      - {}

+tls:
+  oslo_messaging: false
+
 manifests:
  configmap_shipyard_bin: true
  configmap_shipyard_etc: true