starlingx/helm-charts
Code Issues Proposed changes

Add support for trust public ingress

Browse Source 
Adding a certificate and ca_certificate using:
`certificate-install -m {openstack | openstack_ca}` ends up breaking
openstack application. OS-STX forces public endpoint and when such
endpoint has TLS enabled everything breaks, therefore based on the
implementation of tls support for openstack-helm that enables tls
for the openstack services we picked the trust cert code without
actually enabling tls backends

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Partial-Bug: 1937260
Change-Id: Idd6b67253d2e0d9817635c108a2cd1e89a35e0c8
Depends-On: I2dfc7c12defcc948fcdc353251301980e65f3011
This commit is contained in:
Lucas Cavalcante 2021-07-27 20:48:12 -03:00
parent 573c5acfe8
commit 4e77c25a20
5 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml
View File

@ -55,6 +55,8 @@ spec:
- name: fm-etc-event
mountPath: /etc/fm/events.yaml
readOnly: true
#faultmanagement
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
command:
- /tmp/fm-rest-api.sh
image: "{{ .Values.images.tags.fm_rest_api }}"
@ -74,16 +76,17 @@ spec:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: fm-etc
secret:
secretName: fm-etc
defaultMode: 0644
- name: fm-bin
configMap:
name: fm-bin
defaultMode: 0755
- name: fm-etc-event
hostPath:
path: /etc/fm/events.yaml
type: File
- name: fm-etc
secret:
secretName: fm-etc
defaultMode: 0644
- name: fm-bin
configMap:
name: fm-bin
defaultMode: 0755
- name: fm-etc-event
hostPath:
path: /etc/fm/events.yaml
type: File
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml
View File

@ -6,5 +6,8 @@
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml
View File

@ -6,5 +6,8 @@
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml
View File

@ -6,5 +6,8 @@
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "fm" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

1
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/values.yaml
View File

@ -177,6 +177,7 @@ dependencies:
service: identity
manifests:
certificates: false
configmap_bin: true
configmap_etc: true
deployment_fm_rest_api: true