Merge "Ingress: Configure ingress dhparam secret"

ingress/templates/secret-dhparam.yaml

@@ -0,0 +1,25 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_dhparam }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-dhparam
+type: Opaque
+data:
+  dhparam.pem: {{ .Values.secrets.dhparam.secret_dhparam | b64enc }}
+{{- end }}

ingress/values.yaml

@@ -266,7 +266,8 @@ secrets:
         # .secrets.tls.ingress.api.public="name of the TLS secret to create for the default cert"
         # NOTE: The contents of the secret are from .endpoints.ingress.host_fqdn_override.public.tls
         public: default-tls-public
-
+  dhparam:
+    secret_dhparam: |
 conf:
   controller:
     # NOTE(portdirect): if left blank this is populated from
@@ -282,6 +283,7 @@ conf:
     bind-address: null
     enable-vts-status: "true"
     server-tokens: "false"
+    ssl-dh-param: openstack/secret-dhparam
   # This block sets the --default-ssl-certificate option
   # https://kubernetes.github.io/ingress-nginx/user-guide/tls/#default-ssl-certificate
   default_ssl_certificate:
@@ -313,6 +315,7 @@ manifests:
   endpoints_ingress: true
   ingress: true
   secret_ingress_tls: false
+  secret_dhparam: false
   service_error: true
   service_ingress: true
   job_image_repo_sync: true