openstack/openstack-helm-infra
Code Issues Proposed changes

[helm-toolkit]: Allow tls for external ingress without specifying key and crt

Browse Source 
It will allow using letsencrypt for a specific endpoint.
For example:

  network:
    use_external_ingress_controller: true
    api:
      ingress:
        classes:
          namespace: "nginx"
          cluster: "nginx-cluster"
        annotations:
          nginx.ingress.kubernetes.io/rewrite-target: /
          cert-manager.io/cluster-issuer: "letsencrypt"
  endpoints:
    cluster_domain_suffix: cluster.local
    image:
      port:
        api:
          public: 443
      scheme:
        public: https
      hosts:
        default: glance
        public: glance-public
      host_fqdn_override:
        public:
          host: glance.example.com
          tls:
            dnsNames:
              - glance.example.com
          issuerRef:
            name: letsencrypt
            kind: ClusterIssuer

Signed-off-by: Cedric Hnyda <ced.hnyda@gmail.com>
Change-Id: I5065213bbc25464bef596003c9967258489db455
This commit is contained in:
Cedric Hnyda
2023-01-03 10:58:21 +01:00
parent 0aad6d05f0
commit 6c903f6092
3 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
helm-toolkit/Chart.yaml
View File

@@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit
version: 0.2.49
version: 0.2.50
home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources:

2
helm-toolkit/templates/manifests/_ingress.tpl
View File

@@ -706,7 +706,6 @@ spec:
{{- range $v := without (index $endpointHost.tls "dnsNames" | default list) $hostNameFull }}
{{- $vHosts = append $vHosts $v }}
{{- end }}
{{- if and ( not ( empty $endpointHost.tls.key ) ) ( not ( empty $endpointHost.tls.crt ) ) }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
{{- $_ := required "You need to specify a secret in your values for the endpoint" $secretName }}
tls:
@@ -717,7 +716,6 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range $vHost := $vHosts }}

1
releasenotes/notes/helm-toolkit.yaml
View File

@@ -56,4 +56,5 @@ helm-toolkit:
- 0.2.47 Adjusting of kibana ingress value parameters
- 0.2.48 Added verify_databases_backup_archives function call to backup process and added remote backup sha256 hash verification
- 0.2.49 Moved RabbitMQ Guest Admin removal to init
- 0.2.50 Allow tls for external ingress without specifying key and crt
...