StarlingX OpenStack Armada App
27c4d562c8
Openstack-helm provides the option to terminate TLS at the services. However, at Starlingx TLS termination is done at the reverse proxy (ingress) and therefore is unecessary for the OpenStack itself be HTTPS and terminate tls a second time. Furthermore, it is not possible to have https enabled on openstack services with the current centos based containers that we have, openstack-helm only supports tls using debian based containers. Manually working arroud this creates a cumbersome override file, so to diminish this overrides this patch 0020 and 0013(osh-i) disables https at the backend, thus maitaining the same behaviour as stx 5.0 Mariadb and RabbitMQ tls does not seem to be working very well within Starlingx, so we also disable TLS for them. I am not confident that current openstack-helm and openstack-helm-infra supports production level openstack with mariadb in TLS mode. Furthermore, from the way everything is redirected in StarlingX I do see too many performance and stability issues using both of them with tls enabled. Disclaimer I did not test with either only mairiadb tls or rabbitmq activated, but with both of them on the system is not usable. Test Plan: PASS: Openstack is Applied. (https disabled) PASS: enable https. Opensatck is Applied (WITHOUT service.conf overrides) Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com> Change-Id: Ifb7946e9a289234047934b52d200b951a59c1a3f Partial-bug: 1960354 Related-to: https://review.opendev.org/c/starlingx/helm-charts/+/828815 |
||
|---|---|---|
| enhanced-policies | ||
| openstack-helm | ||
| openstack-helm-infra | ||
| python-k8sapp-openstack | ||
| stx-openstack-helm | ||
| .gitignore | ||
| .gitreview | ||
| .zuul.yaml | ||
| bindep.txt | ||
| centos_build_layer.cfg | ||
| centos_pkg_dirs | ||
| centos_pkg_dirs_containers | ||
| centos_tarball-dl.lst | ||
| debian_build_layer.cfg | ||
| debian_pkg_dirs | ||
| requirements.txt | ||
| test-requirements.txt | ||
| tox.ini | ||