Remove env variable from s3 bucket job

Remove the TLS_OPTION env from helm-toolkit s3-bucket job. There can be different option for tls connection, depending on whether the rgw server is local or remote. This change allows the create-s3-bucket script to customize its connection argument which can be pulled from values.yaml. Change-Id: I2a34c1698e02cd71905bc6ef66f4aefcd5e25e44
2021-05-07 10:06:33 -07:00 · 2021-05-07 10:06:33 -07:00 · f7fde88b6e
commit f7fde88b6e
parent 4eee89ccba
7 changed files with 10 additions and 7 deletions
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v7.6.2
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
-version: 0.2.6
+version: 0.2.7
 home: https://www.elastic.co/
 sources:
  - https://github.com/elastic/elasticsearch
--- a/elasticsearch/templates/bin/_create_s3_buckets.sh.tpl
+++ b/elasticsearch/templates/bin/_create_s3_buckets.sh.tpl
@ -38,6 +38,7 @@ ADMIN_AUTH_ARGS=" --access_key=$S3_ADMIN_ACCESS_KEY --secret_key=$S3_ADMIN_SECRE

 S3_BUCKET={{ $bucket.name }}
 S3_BUCKET_OPTS={{ $bucket.options | default nil | include "helm-toolkit.utils.joinListWithSpace" }}
+S3_SSL_OPT={{ $bucket.ssl_connection_option | default "" }}

 S3_USERNAME=${{ printf "%s_S3_USERNAME" ( $bucket.client | replace "-" "_" | upper) }}
 S3_ACCESS_KEY=${{ printf "%s_S3_ACCESS_KEY" ( $bucket.client | replace "-" "_" | upper) }}
@ -54,7 +55,7 @@ CONNECTION_ARGS="--host=$RGW_HOST --host-bucket=$RGW_HOST"
 if [ "$RGW_PROTO" = "http" ]; then
  CONNECTION_ARGS+=" --no-ssl"
 else
-  CONNECTION_ARGS+=" ${TLS_OPTION}"
+  CONNECTION_ARGS+=" $S3_SSL_OPT"
 fi

 USER_AUTH_ARGS=" --access_key=$S3_ACCESS_KEY --secret_key=$S3_SECRET_KEY"
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -928,10 +928,14 @@ storage:
    #     client: default
    #     options: # list of extra options for s3cmd
    #       - --region="default:osh-infra"
+    #     # SSL connection option for s3cmd
+    #     ssl_connecton_option: --ca-certs={path to mounted ca.crt}
    #   - name: backup-bucket
    #     client: backup
    #     options: # list of extra options for s3cmd
    #       - --region="default:backup"
+    #     # SSL connection option for s3cmd
+    #     ssl_connecton_option: --ca-certs={path to mounted ca.crt}

 manifests:
  certificates: false
--- a/helm-toolkit/Chart.yaml
+++ b/helm-toolkit/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
-version: 0.2.13
+version: 0.2.14
 home: https://docs.openstack.org/openstack-helm
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
 sources:
--- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
@ -75,10 +75,6 @@ spec:
            - -c
            - /tmp/create-s3-bucket.sh
          env:
-{{- if and ($tlsCertificatePath) ($tlsCertificateSecret) }}
-            - name: TLS_OPTION
-              value: {{ printf "--ca-certs=%s" $tlsCertificatePath | quote }}
-{{- end }}
 {{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw.admin }}
 {{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 12 }}
 {{- end }}
--- a/releasenotes/notes/elasticsearch.yaml
+++ b/releasenotes/notes/elasticsearch.yaml
@ -16,4 +16,5 @@ elasticsearch:
  - 0.2.4 Update helm-test script
  - 0.2.5 Enable TLS with Kibana
  - 0.2.6 Enable TLS path between nodes in cluster and TLS path between ceph-rgw
+  - 0.2.7 Get connection option from values.yaml
 ...
--- a/releasenotes/notes/helm-toolkit.yaml
+++ b/releasenotes/notes/helm-toolkit.yaml
@ -20,4 +20,5 @@ helm-toolkit:
  - 0.2.11 Revert S3 User & Bucket job scripts to v0.2.9
  - 0.2.12 Remove hook-delete-policy
  - 0.2.13 Modify connection args for s3 bucket creation when TLS is enabled
+  - 0.2.14 Remove TLS_OPTION argument from s3 bucket creation job
 ...