Add TLS support for telemetry service public endpoints
This commit adds the capability for Aodh, Panko and Gnocchi charts to support TLS on overriden fqdn for public endpoints. Upstream(openstack-helm/openstack-helm-infra) reviews: https://review.opendev.org/#/c/670121/ https://review.opendev.org/#/c/670123/ Change-Id: I3011a9f0f07c9cf1b30694c97f3c02db6cdef56e Partial-Bug: 1826583 Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit is contained in:
parent
56a56693b5
commit
e03692c512
@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
|
||||
|
||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
|
||||
|
||||
TIS_PATCH_VER=11
|
||||
TIS_PATCH_VER=12
|
||||
|
@ -20,6 +20,7 @@ Patch02: 0002-Add-imagePullSecrets-in-service-account.patch
|
||||
Patch03: 0003-Set-Min-NGINX-handles.patch
|
||||
Patch04: 0004-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
|
||||
Patch05: 0005-Add-a-configmap-for-ingress-controller-config.patch
|
||||
Patch06: 0006-Add-TLS-support-for-Gnocchi-public-endpoint.patch
|
||||
|
||||
BuildRequires: helm
|
||||
|
||||
@ -33,6 +34,7 @@ Openstack Helm Infra charts
|
||||
%patch03 -p1
|
||||
%patch04 -p1
|
||||
%patch05 -p1
|
||||
%patch06 -p1
|
||||
|
||||
%build
|
||||
# initialize helm and build the toolkit
|
||||
|
@ -0,0 +1,77 @@
|
||||
From e2e9b3c707599b4074ebf504f6a2fa5c185481e2 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Tue, 9 Jul 2019 13:37:29 -0400
|
||||
Subject: [PATCH 1/1] Add TLS support for Gnocchi public endpoint
|
||||
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
---
|
||||
gnocchi/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
gnocchi/values.yaml | 12 ++++++++++++
|
||||
2 files changed, 31 insertions(+)
|
||||
create mode 100644 gnocchi/templates/secret-ingress-tls.yaml
|
||||
|
||||
diff --git a/gnocchi/templates/secret-ingress-tls.yaml b/gnocchi/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..fc279cd
|
||||
--- /dev/null
|
||||
+++ b/gnocchi/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "metric" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml
|
||||
index 2d5f48b..73e245f 100644
|
||||
--- a/gnocchi/values.yaml
|
||||
+++ b/gnocchi/values.yaml
|
||||
@@ -470,6 +470,10 @@ secrets:
|
||||
admin: gnocchi-db-indexer-admin
|
||||
gnocchi: gnocchi-db-indexer-user
|
||||
rbd: gnocchi-rbd-keyring
|
||||
+ tls:
|
||||
+ metric:
|
||||
+ api:
|
||||
+ public: gnocchi-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -536,6 +540,13 @@ endpoints:
|
||||
public: gnocchi
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -631,6 +642,7 @@ manifests:
|
||||
pod_gnocchi_test: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
service_statsd: true
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
|
||||
|
||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "
|
||||
|
||||
TIS_PATCH_VER=19
|
||||
TIS_PATCH_VER=20
|
||||
|
@ -37,6 +37,7 @@ Patch15: 0015-Add-Placement-Chart.patch
|
||||
Patch16: 0016-Cinder-rename-is_ceph_volume-configured.patch
|
||||
Patch17: 0017-Cinder-support-multiple-ceph-volume-backends.patch
|
||||
Patch18: 0018-Nova-add-service-token.patch
|
||||
Patch19: 0019-Add-TLS-support-for-Aodh-and-Panko-public-endpoints.patch
|
||||
|
||||
BuildRequires: helm
|
||||
BuildRequires: openstack-helm-infra
|
||||
@ -65,6 +66,7 @@ Openstack Helm charts
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%patch19 -p1
|
||||
|
||||
%build
|
||||
# initialize helm and build the toolkit
|
||||
|
@ -0,0 +1,141 @@
|
||||
From c92678ff20a3ab9b07861131966ea38b340dfff8 Mon Sep 17 00:00:00 2001
|
||||
From: Angie Wang <angie.wang@windriver.com>
|
||||
Date: Tue, 9 Jul 2019 14:22:02 -0400
|
||||
Subject: [PATCH 1/1] Add TLS support for Aodh and Panko public endpoints
|
||||
|
||||
Signed-off-by: Angie Wang <angie.wang@windriver.com>
|
||||
---
|
||||
aodh/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
aodh/values.yaml | 12 ++++++++++++
|
||||
panko/templates/secret-ingress-tls.yaml | 19 +++++++++++++++++++
|
||||
panko/values.yaml | 12 ++++++++++++
|
||||
4 files changed, 62 insertions(+)
|
||||
create mode 100644 aodh/templates/secret-ingress-tls.yaml
|
||||
create mode 100644 panko/templates/secret-ingress-tls.yaml
|
||||
|
||||
diff --git a/aodh/templates/secret-ingress-tls.yaml b/aodh/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..707b38c
|
||||
--- /dev/null
|
||||
+++ b/aodh/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/aodh/values.yaml b/aodh/values.yaml
|
||||
index 90c9fac..cf7c6d7 100644
|
||||
--- a/aodh/values.yaml
|
||||
+++ b/aodh/values.yaml
|
||||
@@ -536,6 +536,10 @@ secrets:
|
||||
oslo_messaging:
|
||||
admin: aodh-rabbitmq-admin
|
||||
aodh: aodh-rabbitmq-user
|
||||
+ tls:
|
||||
+ alarming:
|
||||
+ api:
|
||||
+ public: aodh-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -598,6 +602,13 @@ endpoints:
|
||||
public: aodh
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -696,5 +707,6 @@ manifests:
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
secret_rabbitmq: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
diff --git a/panko/templates/secret-ingress-tls.yaml b/panko/templates/secret-ingress-tls.yaml
|
||||
new file mode 100644
|
||||
index 0000000..9773f53
|
||||
--- /dev/null
|
||||
+++ b/panko/templates/secret-ingress-tls.yaml
|
||||
@@ -0,0 +1,19 @@
|
||||
+{{/*
|
||||
+Copyright 2019 Wind River Systems, Inc.
|
||||
+
|
||||
+Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+you may not use this file except in compliance with the License.
|
||||
+You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+Unless required by applicable law or agreed to in writing, software
|
||||
+distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+See the License for the specific language governing permissions and
|
||||
+limitations under the License.
|
||||
+*/}}
|
||||
+
|
||||
+{{- if .Values.manifests.secret_ingress_tls }}
|
||||
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
|
||||
+{{- end }}
|
||||
diff --git a/panko/values.yaml b/panko/values.yaml
|
||||
index 7adefd0..3acaf06 100644
|
||||
--- a/panko/values.yaml
|
||||
+++ b/panko/values.yaml
|
||||
@@ -159,6 +159,10 @@ secrets:
|
||||
oslo_db:
|
||||
admin: panko-db-admin
|
||||
panko: panko-db-user
|
||||
+ tls:
|
||||
+ event:
|
||||
+ api:
|
||||
+ public: panko-tls-public
|
||||
|
||||
bootstrap:
|
||||
enabled: false
|
||||
@@ -374,6 +378,13 @@ endpoints:
|
||||
public: panko
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
+ # NOTE: this chart supports TLS for fqdn over-ridden public
|
||||
+ # endpoints using the following format:
|
||||
+ # public:
|
||||
+ # host: null
|
||||
+ # tls:
|
||||
+ # crt: null
|
||||
+ # key: null
|
||||
path:
|
||||
default: null
|
||||
scheme:
|
||||
@@ -580,6 +591,7 @@ manifests:
|
||||
pod_rally_test: true
|
||||
secret_db: true
|
||||
secret_keystone: true
|
||||
+ secret_ingress_tls: true
|
||||
service_api: true
|
||||
service_ingress_api: true
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
Loading…
x
Reference in New Issue
Block a user