openstack/openstack-helm
Code Issues Proposed changes

feat-tls: Add certs to cinder scheduler and Volume.

Browse Source 
This ps mounts certs to scheduler and Volume.

Change-Id: Ibc013ffd4e8fe7500fcfdd285ad896b0e6b97acc
This commit is contained in:
Gupta, Sangeet (sg774j) 2020-08-19 21:52:11 +00:00
parent 6a8e6e9a35
commit 0a91dd5f30
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cinder/templates/deployment-scheduler.yaml
View File

@ -104,6 +104,7 @@ spec:
- name: cinder-coordination - name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
@ -123,6 +124,7 @@ spec:
- name: cinder-coordination - name: cinder-coordination
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }} {{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

1
cinder/templates/deployment-volume.yaml
View File

@ -211,6 +211,7 @@ spec:
mountPath: /usr/local/sbin/iscsiadm mountPath: /usr/local/sbin/iscsiadm
subPath: iscsiadm subPath: iscsiadm
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:

2
cinder/values_overrides/tls.yaml
View File

@ -59,6 +59,8 @@ conf:
SSLHonorCipherOrder on SSLHonorCipherOrder on
</VirtualHost> </VirtualHost>
cinder: cinder:
DEFAULT:
glance_ca_certificates_file: /etc/cinder/certs/ca.crt
keystone_authtoken: keystone_authtoken:
cafile: /etc/cinder/certs/ca.crt cafile: /etc/cinder/certs/ca.crt