feat(tls): add tls to swift user and service of ceph-rgw
This patch adds certs needed for swift user and ceph service to communicate with keystone. Change-Id: I4de035f6fe2138c1d1022140c7571fac91ed1a84
This commit is contained in:
parent
d5aff1df64
commit
8633b93548
@ -98,7 +98,7 @@ spec:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.name
|
||||
{{ if .Values.conf.rgw_ks.enabled }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw "useCA" .Values.manifests.certificates }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: KEYSTONE_URL
|
||||
@ -123,6 +123,9 @@ spec:
|
||||
mountPath: /etc/ceph/ceph.conf.template
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
{{ if .Values.conf.rgw_ks.enabled }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.object_store.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ceph-rgw
|
||||
{{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
@ -191,4 +194,7 @@ spec:
|
||||
- name: ceph-bootstrap-rgw-keyring
|
||||
secret:
|
||||
secretName: {{ .Values.secrets.keyrings.rgw }}
|
||||
{{ if .Values.conf.rgw_ks.enabled }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.object_store.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -14,5 +14,8 @@ limitations under the License.
|
||||
|
||||
{{- if and .Values.manifests.job_ks_endpoints .Values.conf.rgw_ks.enabled }}
|
||||
{{- $ksServiceJob := dict "envAll" . "configMapBin" "ceph-rgw-bin-ks" "serviceName" "ceph" "serviceTypes" ( tuple "object-store" ) -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.object_store.api.internal -}}
|
||||
{{- end -}}
|
||||
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
|
||||
{{- end }}
|
||||
|
@ -14,5 +14,8 @@ limitations under the License.
|
||||
|
||||
{{- if and .Values.manifests.job_ks_service .Values.conf.rgw_ks.enabled }}
|
||||
{{- $ksServiceJob := dict "envAll" . "configMapBin" "ceph-rgw-bin-ks" "serviceName" "ceph" "serviceTypes" ( tuple "object-store" ) -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.object_store.api.internal -}}
|
||||
{{- end -}}
|
||||
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
|
||||
{{- end }}
|
||||
|
@ -14,5 +14,8 @@ limitations under the License.
|
||||
|
||||
{{- if and .Values.manifests.job_ks_user .Values.conf.rgw_ks.enabled }}
|
||||
{{- $ksUserJob := dict "envAll" . "configMapBin" "ceph-rgw-bin-ks" "serviceName" "ceph" "serviceUser" "swift" -}}
|
||||
{{- if .Values.manifests.certificates -}}
|
||||
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.object_store.api.internal -}}
|
||||
{{- end -}}
|
||||
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
|
||||
{{- end }}
|
||||
|
@ -39,7 +39,7 @@ spec:
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
||||
{{ dict "envAll" $envAll "application" "rgw_test" "container" "ceph_rgw_ks_validation" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user_rgw "useCA" .Values.manifests.certificates }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
- name: OS_AUTH_TYPE
|
||||
valueFrom:
|
||||
@ -73,6 +73,7 @@ spec:
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.object_store.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
|
||||
{{- end }}
|
||||
{{ if .Values.conf.rgw_s3.enabled }}
|
||||
- name: ceph-rgw-s3-validation
|
||||
@ -115,4 +116,7 @@ spec:
|
||||
configMap:
|
||||
name: ceph-rgw-etc
|
||||
defaultMode: 0444
|
||||
{{- if .Values.conf.rgw_ks.enabled }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.object_store.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -244,6 +244,7 @@ secrets:
|
||||
object_store:
|
||||
api:
|
||||
public: ceph-tls-public
|
||||
internal: keystone-tls-api
|
||||
|
||||
network:
|
||||
api:
|
||||
@ -623,6 +624,7 @@ endpoints:
|
||||
protocol: UDP
|
||||
|
||||
manifests:
|
||||
certificates: false
|
||||
configmap_ceph_templates: true
|
||||
configmap_bin: true
|
||||
configmap_bin_ks: true
|
||||
|
Loading…
Reference in New Issue
Block a user