Enable TLS for celery
This PS enable TLS connection from celery to rabbitmq when TLS connection is enabled Change-Id: I49ccf159ca73e0764703a6d3c686c108143f12e2 Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This commit is contained in:
parent
f571611f3c
commit
2a6c028a41
@ -16,7 +16,7 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
description: A Helm chart for Shipyard and Airflow
|
description: A Helm chart for Shipyard and Airflow
|
||||||
name: shipyard
|
name: shipyard
|
||||||
version: 0.2.2
|
version: 0.2.3
|
||||||
appVersion: 2.6.2
|
appVersion: 2.6.2
|
||||||
keywords:
|
keywords:
|
||||||
- shipyard
|
- shipyard
|
||||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
|||||||
|
|
||||||
{{- if .Values.manifests.job_rabbit_init }}
|
{{- if .Values.manifests.job_rabbit_init }}
|
||||||
{{- $rmqJob := dict "envAll" . "serviceName" "airflow" -}}
|
{{- $rmqJob := dict "envAll" . "serviceName" "airflow" -}}
|
||||||
{{- if .Values.manifests.certificates -}}
|
{{- if .Values.tls.oslo_messaging -}}
|
||||||
{{- $_ := set $rmqJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
{{- $_ := set $rmqJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{ $rmqJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
{{ $rmqJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||||
|
@ -185,6 +185,7 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
- name: airflow-logs
|
- name: airflow-logs
|
||||||
mountPath: {{ .Values.conf.airflow.logging.base_log_folder }}
|
mountPath: {{ .Values.conf.airflow.logging.base_log_folder }}
|
||||||
|
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||||
- name: airflow-logrotate
|
- name: airflow-logrotate
|
||||||
image: {{ .Values.images.tags.airflow }}
|
image: {{ .Values.images.tags.airflow }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
@ -237,6 +238,7 @@ spec:
|
|||||||
configMap:
|
configMap:
|
||||||
name: airflow-bin
|
name: airflow-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
|
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
volumeClaimTemplates:
|
volumeClaimTemplates:
|
||||||
- metadata:
|
- metadata:
|
||||||
name: airflow-logs
|
name: airflow-logs
|
||||||
|
@ -813,9 +813,9 @@ conf:
|
|||||||
celery_config_options: airflow.config_templates.default_celery.DEFAULT_CELERY_CONFIG
|
celery_config_options: airflow.config_templates.default_celery.DEFAULT_CELERY_CONFIG
|
||||||
# TODO: Enable this for security
|
# TODO: Enable this for security
|
||||||
ssl_active: "False"
|
ssl_active: "False"
|
||||||
ssl_key: ""
|
ssl_key: /ect/rabbitmq/certs/tls.key
|
||||||
ssl_cert: ""
|
ssl_cert: /ect/rabbitmq/certs/tls.crt
|
||||||
ssl_cacert: ""
|
ssl_cacert: /ect/rabbitmq/certs/ca.crt
|
||||||
celery_broker_transport_options:
|
celery_broker_transport_options:
|
||||||
visibility_timeout: 21600
|
visibility_timeout: 21600
|
||||||
dask:
|
dask:
|
||||||
@ -1234,6 +1234,9 @@ network_policy:
|
|||||||
egress:
|
egress:
|
||||||
- {}
|
- {}
|
||||||
|
|
||||||
|
tls:
|
||||||
|
oslo_messaging: false
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
configmap_shipyard_bin: true
|
configmap_shipyard_bin: true
|
||||||
configmap_shipyard_etc: true
|
configmap_shipyard_etc: true
|
||||||
|
Loading…
Reference in New Issue
Block a user