feat(tls): Make openstack services compatible with rabbitmq TLS
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/770678 Co-authored-by: Sangeet Gupta <sg774j@att.com> Change-Id: I11e9ad3f4079b0e12e498f9ed57e5b87ae9dc66a
This commit is contained in:
parent
da05d8d619
commit
c900712f30
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Cinder
|
||||
name: cinder
|
||||
version: 0.2.1
|
||||
version: 0.2.2
|
||||
home: https://docs.openstack.org/cinder/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
|
||||
sources:
|
||||
|
@ -154,6 +154,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -176,5 +177,6 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -268,6 +268,7 @@ spec:
|
||||
subPath: iscsiadm
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -333,5 +334,6 @@ spec:
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -106,6 +106,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -126,5 +127,6 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -268,6 +268,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -330,5 +331,6 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -14,5 +14,8 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "cinder" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -1422,6 +1422,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
cinder:
|
||||
username: cinder
|
||||
password: password
|
||||
|
@ -63,6 +63,11 @@ conf:
|
||||
glance_ca_certificates_file: /etc/cinder/certs/ca.crt
|
||||
keystone_authtoken:
|
||||
cafile: /etc/cinder/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
|
||||
endpoints:
|
||||
identity:
|
||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Glance
|
||||
name: glance
|
||||
version: 0.2.1
|
||||
version: 0.2.2
|
||||
home: https://docs.openstack.org/glance/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
||||
sources:
|
||||
|
@ -220,7 +220,8 @@ spec:
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.image.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -255,6 +256,7 @@ spec:
|
||||
secretName: {{ .Values.secrets.rbd | quote }}
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_glance_api.volumes }}{{ toYaml $mounts_glance_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -109,6 +109,7 @@ spec:
|
||||
subPath: policy.json
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image_registry.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_glance_registry.volumeMounts }}{{ toYaml $mounts_glance_registry.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -124,5 +125,6 @@ spec:
|
||||
secretName: glance-etc
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image_registry.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_glance_registry.volumes }}{{ toYaml $mounts_glance_registry.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -13,5 +13,8 @@ limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "glance" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -16,6 +16,7 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "glance" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
|
||||
{{- $connection := tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
@ -718,6 +718,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
glance:
|
||||
username: glance
|
||||
password: password
|
||||
|
@ -11,9 +11,19 @@ conf:
|
||||
glance_store:
|
||||
https_ca_certificates_file: /etc/glance/certs/ca.crt
|
||||
swift_store_cacert: /etc/glance/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
glance_registry:
|
||||
keystone_authtoken:
|
||||
cafile: /etc/glance/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
nginx: |
|
||||
worker_processes 1;
|
||||
daemon off;
|
||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Heat
|
||||
name: heat
|
||||
version: 0.2.0
|
||||
version: 0.2.1
|
||||
home: https://docs.openstack.org/heat/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
|
||||
sources:
|
||||
|
@ -122,6 +122,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_heat_api.volumeMounts }}{{ toYaml $mounts_heat_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -139,5 +140,6 @@ spec:
|
||||
secretName: heat-etc
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_heat_api.volumes }}{{ toYaml $mounts_heat_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -101,6 +101,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_heat_engine.volumeMounts }}{{ toYaml $mounts_heat_engine.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -117,5 +118,6 @@ spec:
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.orchestration.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_heat_engine.volumes }}{{ toYaml $mounts_heat_engine.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -13,5 +13,8 @@ limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "heat" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -973,6 +973,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
heat:
|
||||
username: heat
|
||||
password: password
|
||||
|
@ -93,6 +93,11 @@ conf:
|
||||
ca_file: /etc/heat/certs/ca.crt
|
||||
clients_keystone:
|
||||
ca_file: /etc/heat/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
|
||||
network:
|
||||
api:
|
||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Keystone
|
||||
name: keystone
|
||||
version: 0.2.2
|
||||
version: 0.2.3
|
||||
home: https://docs.openstack.org/keystone/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
||||
sources:
|
||||
|
@ -149,6 +149,7 @@ spec:
|
||||
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal "path" "/etc/keystone/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -184,5 +185,6 @@ spec:
|
||||
secretName: keystone-credential-keys
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -50,6 +50,7 @@ volumeMounts:
|
||||
mountPath: {{ $envAll.Values.conf.keystone.fernet_tokens.key_repository }}
|
||||
readOnly: true
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "keystone.templates._job_db_sync.pod_vols" -}}
|
||||
@ -59,6 +60,7 @@ volumes:
|
||||
secret:
|
||||
secretName: keystone-fernet-keys
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
|
@ -19,5 +19,8 @@ helm.sh/hook-weight: "-4"
|
||||
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -1153,6 +1153,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
keystone:
|
||||
username: keystone
|
||||
password: password
|
||||
|
@ -19,6 +19,12 @@ conf:
|
||||
apache2:
|
||||
a2enmod:
|
||||
- ssl
|
||||
keystone:
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
wsgi_keystone: |
|
||||
{{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||
{{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Neutron
|
||||
name: neutron
|
||||
version: 0.2.0
|
||||
version: 0.2.1
|
||||
home: https://docs.openstack.org/neutron/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
||||
sources:
|
||||
|
@ -239,6 +239,7 @@ spec:
|
||||
mountPath: /run/netns
|
||||
mountPropagation: Bidirectional
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -263,6 +264,7 @@ spec:
|
||||
hostPath:
|
||||
path: /run/netns
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_dhcp_agent.volumes }}{{ toYaml $mounts_neutron_dhcp_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -132,6 +132,7 @@ spec:
|
||||
mountPath: /etc/neutron/l2gw_agent.ini
|
||||
subPath: l2gw_agent.ini
|
||||
readOnly: true
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -146,6 +147,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ $configMapName }}
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -241,6 +241,7 @@ spec:
|
||||
mountPath: /run/netns
|
||||
mountPropagation: Bidirectional
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -271,6 +272,7 @@ spec:
|
||||
hostPath:
|
||||
path: /run/netns
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -195,6 +195,7 @@ spec:
|
||||
{{- end }}
|
||||
- name: run
|
||||
mountPath: /run
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -217,6 +218,7 @@ spec:
|
||||
- name: host-rootfs
|
||||
hostPath:
|
||||
path: /
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -190,6 +190,7 @@ spec:
|
||||
mountPropagation: Bidirectional
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -213,6 +214,7 @@ spec:
|
||||
path: /run/netns
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -262,6 +262,7 @@ spec:
|
||||
{{- end }}
|
||||
- name: run
|
||||
mountPath: /run
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -292,6 +293,7 @@ spec:
|
||||
path: /sys/bus/pci/devices
|
||||
type: Directory
|
||||
{{- end }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_ovs_agent.volumes }}{{ toYaml $mounts_neutron_ovs_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -209,6 +209,7 @@ spec:
|
||||
{{- end }}
|
||||
- name: run
|
||||
mountPath: /run
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: host-sys-class-net
|
||||
@ -234,6 +235,7 @@ spec:
|
||||
- name: run
|
||||
hostPath:
|
||||
path: /run
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_sriov_agent.volumes }}{{ toYaml $mounts_neutron_sriov_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -93,6 +93,7 @@ spec:
|
||||
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
|
||||
subPath: ml2_conf.ini
|
||||
readOnly: true
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_ironic_agent.volumeMounts }}{{ toYaml $mounts_neutron_ironic_agent.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -107,5 +108,6 @@ spec:
|
||||
secret:
|
||||
secretName: neutron-etc
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -239,6 +239,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -263,5 +264,6 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -19,5 +19,8 @@ helm.sh/hook-weight: "-4"
|
||||
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "neutron" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -2245,6 +2245,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
neutron:
|
||||
username: neutron
|
||||
password: password
|
||||
|
@ -77,6 +77,11 @@ conf:
|
||||
cafile: /etc/neutron/certs/ca.crt
|
||||
keystone_authtoken:
|
||||
cafile: /etc/neutron/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
metadata_agent:
|
||||
DEFAULT:
|
||||
auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
|
||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Nova
|
||||
name: nova
|
||||
version: 0.2.1
|
||||
version: 0.2.2
|
||||
home: https://docs.openstack.org/nova/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||
sources:
|
||||
|
@ -424,6 +424,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
|
||||
{{- if .Values.network.ssh.enabled }}
|
||||
- name: nova-compute-ssh
|
||||
@ -536,6 +537,7 @@ spec:
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -128,6 +128,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -148,5 +149,6 @@ spec:
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -121,6 +121,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" "certs" (tuple "ca.crt") | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -135,5 +136,6 @@ spec:
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -121,6 +121,7 @@ spec:
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
|
||||
volumes:
|
||||
- name: pod-tmp
|
||||
@ -135,5 +136,6 @@ spec:
|
||||
defaultMode: 0444
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{ if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -13,5 +13,8 @@ limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.job_rabbit_init }}
|
||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "nova" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||
{{- end -}}
|
||||
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
|
||||
{{- end }}
|
||||
|
@ -1948,6 +1948,9 @@ endpoints:
|
||||
admin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
secret:
|
||||
tls:
|
||||
internal: rabbitmq-tls-direct
|
||||
nova:
|
||||
username: nova
|
||||
password: password
|
||||
|
@ -140,6 +140,11 @@ conf:
|
||||
cafile: /etc/nova/certs/ca.crt
|
||||
keystone:
|
||||
cafile: /etc/nova/certs/ca.crt
|
||||
oslo_messaging_rabbit:
|
||||
ssl: true
|
||||
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||
endpoints:
|
||||
identity:
|
||||
auth:
|
||||
|
@ -18,3 +18,4 @@ cinder:
|
||||
- 0.1.15 Fix the problem in hostNetwork mode
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Fix the ceph pool creations for openstack services
|
||||
- 0.2.2 Adding rabbitmq TLS logic
|
||||
|
@ -11,3 +11,4 @@ glance:
|
||||
- 0.1.8 Update glance default policy values
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Fix the ceph pool creations for openstack services
|
||||
- 0.2.2 Adding rabbitmq TLS logic
|
||||
|
@ -7,3 +7,4 @@ heat:
|
||||
- 0.1.4 Revert - Change Issuer to ClusterIssuer
|
||||
- 0.1.5 Change Issuer to ClusterIssuer
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Adding rabbitmq TLS logic
|
||||
|
@ -18,4 +18,5 @@ keystone:
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Remove paste ini config settings
|
||||
- 0.2.2 Make python script PEP8 compliant
|
||||
- 0.2.3 Adding rabbitmq TLS logic
|
||||
...
|
||||
|
@ -14,3 +14,4 @@ neutron:
|
||||
- 0.1.11 Added the helm.sh/hook, helm.sh/hook-weight annotations
|
||||
- 0.1.12 Removed "name" parameter from Rally tests
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Adding rabbitmq TLS logic
|
||||
|
@ -22,4 +22,5 @@ nova:
|
||||
- 0.1.19 Host resource scale adjustment about ironic
|
||||
- 0.2.0 Remove support for releases before T
|
||||
- 0.2.1 Remove unnecessary +x permission on gotpl files
|
||||
- 0.2.2 Adding rabbitmq TLS logic
|
||||
...
|
||||
|
Loading…
Reference in New Issue
Block a user