diff --git a/prometheus-openstack-exporter/templates/deployment.yaml b/prometheus-openstack-exporter/templates/deployment.yaml
index 05e5db9d9..ac5db3699 100644
--- a/prometheus-openstack-exporter/templates/deployment.yaml
+++ b/prometheus-openstack-exporter/templates/deployment.yaml
@@ -83,7 +83,7 @@ spec:
- name: LISTEN_PORT
value: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.prometheus_openstack_exporter | indent 12 }}
-{{- with $env := dict "ksUserSecret" $ksUserSecret }}
+{{- with $env := dict "ksUserSecret" $ksUserSecret "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumeMounts:
@@ -93,6 +93,7 @@ spec:
mountPath: /tmp/prometheus-openstack-exporter.sh
subPath: prometheus-openstack-exporter.sh
readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -100,4 +101,5 @@ spec:
configMap:
name: prometheus-openstack-exporter-bin
defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml
index 7059cbcde..294cd35aa 100644
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@@ -51,8 +51,9 @@ spec:
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env:
-{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
@@ -69,4 +70,5 @@ spec:
configMap:
name: prometheus-openstack-exporter-bin
defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml
index 55a01bd25..611fc7b4e 100644
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@@ -134,6 +134,14 @@ secrets:
identity:
admin: prometheus-openstack-exporter-keystone-admin
user: prometheus-openstack-exporter-keystone-user
+ tls:
+ identity:
+ api:
+ # This name should be same as in keystone. Keystone
+ # secret will be used in these charts
+ #
+ internal: keystone-tls-api
+
endpoints:
cluster_domain_suffix: cluster.local
@@ -212,6 +220,7 @@ network_policy:
- {}
manifests:
+ certificates: false
configmap_bin: true
deployment: true
job_image_repo_sync: true
diff --git a/prometheus-openstack-exporter/values_overrides/tls.yaml b/prometheus-openstack-exporter/values_overrides/tls.yaml
new file mode 100644
index 000000000..99667ca85
--- /dev/null
+++ b/prometheus-openstack-exporter/values_overrides/tls.yaml
@@ -0,0 +1,4 @@
+---
+manifests:
+ certificates: true
+...