feat: allow for overrides to octavia rbac policy

This commit allows for adding the policy.yaml file into the helm chart
allowing for percise policy overrides or customizations.

Change-Id: Ib6135abbe351af7e74f60889d21e469e13ae0e1d
Signed-off-by: Chris Breu <chris.breu@rackspace.com>

octavia/templates/configmap-etc.yaml

@@ -132,6 +132,7 @@ data:
   octavia.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.octavia | b64enc }}
   octavia-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.octavia_api_uwsgi | b64enc }}
   logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+  policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
 {{- end }}
 {{- end }}
 

octavia/templates/deployment-api.yaml

@@ -105,6 +105,10 @@ spec:
               mountPath: /etc/octavia/octavia-api-uwsgi.ini
               subPath: octavia-api-uwsgi.ini
               readOnly: true
+            - name: octavia-etc
+              mountPath: /etc/octavia/policy.yaml
+              subPath: policy.yaml
+              readOnly: true
             {{- if .Values.conf.octavia.DEFAULT.log_config_append }}
             - name: octavia-etc
               mountPath: {{ .Values.conf.octavia.DEFAULT.log_config_append }}

octavia/values.yaml

@@ -294,6 +294,8 @@ conf:
       rpc_thread_pool_size: 2
     oslo_messaging_notifications:
       driver: messagingv2
+    oslo_policy:
+      policy_file: /etc/octavia/policy.yaml
     house_keeping:
       load_balancer_expiry_age: 3600
       amphora_expiry_age: 3600
@@ -304,6 +306,7 @@ conf:
       memcache_security_strategy: ENCRYPT
     task_flow:
       jobboard_enabled: true
+  policy: {}
   logging:
     loggers:
       keys:

releasenotes/notes/octavia-c9f2b0ece7ba8406.yaml

@@ -0,0 +1,6 @@
+---
+octavia:
+  - |
+    Allow for rbac customization of octavia policy.yaml by including
+    a policy.yaml file.
+...