From 4e77c25a2089f14416b95d743982eb04afb2b59a Mon Sep 17 00:00:00 2001 From: Lucas Cavalcante Date: Tue, 27 Jul 2021 20:48:12 -0300 Subject: [PATCH] Add support for trust public ingress Adding a certificate and ca_certificate using: `certificate-install -m {openstack | openstack_ca}` ends up breaking openstack application. OS-STX forces public endpoint and when such endpoint has TLS enabled everything breaks, therefore based on the implementation of tls support for openstack-helm that enables tls for the openstack services we picked the trust cert code without actually enabling tls backends Signed-off-by: Lucas Cavalcante Partial-Bug: 1937260 Change-Id: Idd6b67253d2e0d9817635c108a2cd1e89a35e0c8 Depends-On: I2dfc7c12defcc948fcdc353251301980e65f3011 --- .../fm-rest-api/templates/deployment.yaml | 27 ++++++++++--------- .../templates/job-ks-endpoints.yaml | 3 +++ .../fm-rest-api/templates/job-ks-service.yaml | 3 +++ .../fm-rest-api/templates/job-ks-user.yaml | 3 +++ .../helm-charts/fm-rest-api/values.yaml | 1 + 5 files changed, 25 insertions(+), 12 deletions(-) diff --git a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml index 07db14d..bcb46cb 100755 --- a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml +++ b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml @@ -55,6 +55,8 @@ spec: - name: fm-etc-event mountPath: /etc/fm/events.yaml readOnly: true + #faultmanagement +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} command: - /tmp/fm-rest-api.sh image: "{{ .Values.images.tags.fm_rest_api }}" @@ -74,16 +76,17 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: - - name: fm-etc - secret: - secretName: fm-etc - defaultMode: 0644 - - name: fm-bin - configMap: - name: fm-bin - defaultMode: 0755 - - name: fm-etc-event - hostPath: - path: /etc/fm/events.yaml - type: File + - name: fm-etc + secret: + secretName: fm-etc + defaultMode: 0644 + - name: fm-bin + configMap: + name: fm-bin + defaultMode: 0755 + - name: fm-etc-event + hostPath: + path: /etc/fm/events.yaml + type: File +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- end }} diff --git a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml index f9b67a2..99a666a 100755 --- a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml +++ b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml @@ -6,5 +6,8 @@ {{- if .Values.manifests.job_ks_endpoints }} {{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}} +{{- end -}} {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} {{- end }} diff --git a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml index 74bbd39..a03e578 100755 --- a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml +++ b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml @@ -6,5 +6,8 @@ {{- if .Values.manifests.job_ks_service }} {{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}} +{{- end -}} {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} {{- end }} diff --git a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml index 4506e41..252cf59 100755 --- a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml +++ b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml @@ -6,5 +6,8 @@ {{- if .Values.manifests.job_ks_user }} {{- $ksUserJob := dict "envAll" . "serviceName" "fm" -}} +{{- if .Values.manifests.certificates -}} +{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}} +{{- end -}} {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/values.yaml b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/values.yaml index 89dc71b..83031a6 100644 --- a/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/values.yaml +++ b/fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/values.yaml @@ -177,6 +177,7 @@ dependencies: service: identity manifests: + certificates: false configmap_bin: true configmap_etc: true deployment_fm_rest_api: true