Add barbican certificate generation
This PS adds generation of certificate for barbican, when tls connection is enabled (manifest.certificate=true), using values from endpoints.key_manager.host_fqdn_override.default.tls This PS also fixes tls connection to rabbitmq. Change-Id: I6397ce934e33975b1d91795aaade498f3a71468a Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
This commit is contained in:
parent
41d046c1b5
commit
11eb3b2384
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Barbican
|
description: OpenStack-Helm Barbican
|
||||||
name: barbican
|
name: barbican
|
||||||
version: 0.3.6
|
version: 0.3.7
|
||||||
home: https://docs.openstack.org/barbican/latest/
|
home: https://docs.openstack.org/barbican/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
17
barbican/templates/certificates.yaml
Normal file
17
barbican/templates/certificates.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- if .Values.manifests.certificates -}}
|
||||||
|
{{ dict "envAll" . "service" "key_manager" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
|
||||||
|
{{- end -}}
|
@ -21,6 +21,9 @@ helm.sh/hook-weight: "-4"
|
|||||||
|
|
||||||
{{- if .Values.manifests.job_rabbit_init }}
|
{{- if .Values.manifests.job_rabbit_init }}
|
||||||
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
|
||||||
|
{{- if .Values.manifests.certificates -}}
|
||||||
|
{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
|
||||||
|
{{- end -}}
|
||||||
{{- if .Values.pod.tolerations.barbican.enabled -}}
|
{{- if .Values.pod.tolerations.barbican.enabled -}}
|
||||||
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
|
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -570,7 +570,12 @@ endpoints:
|
|||||||
default: barbican-api
|
default: barbican-api
|
||||||
public: barbican
|
public: barbican
|
||||||
host_fqdn_override:
|
host_fqdn_override:
|
||||||
default: null
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: barbican-tls-internal
|
||||||
|
issuerRef:
|
||||||
|
kind: ClusterIssuer
|
||||||
|
name: ca-clusterissuer
|
||||||
path:
|
path:
|
||||||
default: /
|
default: /
|
||||||
scheme:
|
scheme:
|
||||||
|
@ -30,4 +30,5 @@ barbican:
|
|||||||
- 0.3.4 Add 2023.1 overrides
|
- 0.3.4 Add 2023.1 overrides
|
||||||
- 0.3.5 Add Ubuntu Jammy overrides
|
- 0.3.5 Add Ubuntu Jammy overrides
|
||||||
- 0.3.6 Add 2023.2 Ubuntu Jammy overrides
|
- 0.3.6 Add 2023.2 Ubuntu Jammy overrides
|
||||||
|
- 0.3.7 Fix TLS connection to rabbitmq, and generate barbican certificate
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user