Make barbican & keystone TLS configuration granular
Change-Id: Ibdcb202d8f813a248df3f0743b949e9befe18c7a Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This commit is contained in:
Anselme, Schubert (sa246v)
parent
b50501344f
commit
6ed9a4132e
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Barbican
|
||||
name: barbican
|
||||
version: 0.3.7
|
||||
version: 0.3.8
|
||||
home: https://docs.openstack.org/barbican/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
|
||||
sources:
|
||||
|
||||
@ -118,9 +118,9 @@ spec:
|
||||
mountPath: /tmp/barbican.sh
|
||||
subPath: barbican.sh
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
|
||||
{{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
@ -136,9 +136,9 @@ spec:
|
||||
configMap:
|
||||
name: barbican-bin
|
||||
defaultMode: 0555
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
{{ if $mounts_barbican_api.volumes }}{{ toYaml $mounts_barbican_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
||||
@ -21,7 +21,7 @@ helm.sh/hook-weight: "-4"
|
||||
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.pod.tolerations.barbican.enabled -}}
|
||||
|
||||
@ -1,4 +1,8 @@
|
||||
---
|
||||
manifests:
|
||||
certificates: true
|
||||
tls:
|
||||
identity: true
|
||||
oslo_messaging: true
|
||||
oslo_db: true
|
||||
...
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Keystone
|
||||
name: keystone
|
||||
version: 0.3.6
|
||||
version: 0.3.7
|
||||
home: https://docs.openstack.org/keystone/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
||||
sources:
|
||||
|
||||
@ -150,15 +150,10 @@ spec:
|
||||
{{- end }}
|
||||
- name: keystone-credential-keys
|
||||
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
|
||||
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- end }}
|
||||
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal "path" "/etc/keystone/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- end }}
|
||||
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.identity.api.internal "path" "/etc/keystone/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
|
||||
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -192,14 +187,9 @@ spec:
|
||||
- name: keystone-credential-keys
|
||||
secret:
|
||||
secretName: keystone-credential-keys
|
||||
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
||||
@ -19,7 +19,7 @@ helm.sh/hook-weight: "-4"
|
||||
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
||||
{{- if and .Values.manifests.certificates .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.pod.tolerations.keystone.enabled -}}
|
||||
|
||||
@ -87,4 +87,8 @@ endpoints:
|
||||
default: 15680
|
||||
manifests:
|
||||
certificates: true
|
||||
tls:
|
||||
identity: true
|
||||
oslo_messaging: true
|
||||
oslo_db: true
|
||||
...
|
||||
|
||||
@ -31,4 +31,5 @@ barbican:
|
||||
- 0.3.5 Add Ubuntu Jammy overrides
|
||||
- 0.3.6 Add 2023.2 Ubuntu Jammy overrides
|
||||
- 0.3.7 Fix TLS connection to rabbitmq, and generate barbican certificate
|
||||
- 0.3.8 Make barbican TLS configuration granular
|
||||
...
|
||||
|
||||
@ -53,4 +53,5 @@ keystone:
|
||||
- 0.3.4 Add Ubuntu Jammy overrides
|
||||
- 0.3.5 Add 2023.2 Ubuntu Jammy overrides
|
||||
- 0.3.6 Use region option in keystone endpoint-update.py
|
||||
- 0.3.7 Make keystone TLS configuration granular
|
||||
...
|
||||
|
||||
Loading…
Reference in New Issue
Block a user