Merge "Revert "feat(tls): Change Issuer to ClusterIssuer""

This commit is contained in:
Zuul 2021-01-28 19:55:35 +00:00 committed by Gerrit Code Review
commit 2a9e91589d
17 changed files with 17 additions and 29 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Cinder description: OpenStack-Helm Cinder
name: cinder name: cinder
version: 0.1.7 version: 0.1.8
home: https://docs.openstack.org/cinder/latest/ home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources: sources:

View File

@ -97,7 +97,6 @@ endpoints:
secretName: cinder-tls-api secretName: cinder-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
internal: https internal: https
@ -111,7 +110,6 @@ endpoints:
secretName: cinder-tls-api secretName: cinder-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
internal: https internal: https
@ -125,7 +123,6 @@ endpoints:
secretName: cinder-tls-api secretName: cinder-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
internal: https internal: https

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Glance description: OpenStack-Helm Glance
name: glance name: glance
version: 0.1.2 version: 0.1.3
home: https://docs.openstack.org/glance/latest/ home: https://docs.openstack.org/glance/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
sources: sources:

View File

@ -92,7 +92,6 @@ endpoints:
secretName: glance-tls-api secretName: glance-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
public: https public: https
@ -106,7 +105,6 @@ endpoints:
secretName: glance-tls-reg secretName: glance-tls-reg
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
public: https public: https

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Heat description: OpenStack-Helm Heat
name: heat name: heat
version: 0.1.3 version: 0.1.4
home: https://docs.openstack.org/heat/latest/ home: https://docs.openstack.org/heat/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
sources: sources:

View File

@ -144,7 +144,6 @@ endpoints:
secretName: heat-tls-api secretName: heat-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:
@ -157,7 +156,6 @@ endpoints:
secretName: heat-tls-cfn secretName: heat-tls-cfn
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:
@ -171,7 +169,7 @@ endpoints:
secretName: heat-tls-cloudwatch secretName: heat-tls-cloudwatch
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer kind: Issuer
ingress: ingress:
port: port:
ingress: ingress:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Horizon description: OpenStack-Helm Horizon
name: horizon name: horizon
version: 0.1.4 version: 0.1.5
home: https://docs.openstack.org/horizon/latest/ home: https://docs.openstack.org/horizon/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
sources: sources:

View File

@ -93,7 +93,6 @@ endpoints:
secretName: horizon-tls-web secretName: horizon-tls-web
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
public: https public: https

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Keystone description: OpenStack-Helm Keystone
name: keystone name: keystone
version: 0.1.4 version: 0.1.5
home: https://docs.openstack.org/keystone/latest/ home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources: sources:

View File

@ -68,7 +68,7 @@ endpoints:
secretName: keystone-tls-api secretName: keystone-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer kind: Issuer
scheme: scheme:
default: https default: https
public: https public: https

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Neutron description: OpenStack-Helm Neutron
name: neutron name: neutron
version: 0.1.7 version: 0.1.8
home: https://docs.openstack.org/neutron/latest/ home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources: sources:

View File

@ -117,7 +117,6 @@ endpoints:
secretName: neutron-tls-server secretName: neutron-tls-server
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nova description: OpenStack-Helm Nova
name: nova name: nova
version: 0.1.8 version: 0.1.9
home: https://docs.openstack.org/nova/latest/ home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources: sources:

View File

@ -171,7 +171,6 @@ endpoints:
secretName: nova-tls-api secretName: nova-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: 'https' default: 'https'
port: port:
@ -184,7 +183,6 @@ endpoints:
secretName: metadata-tls-metadata secretName: metadata-tls-metadata
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:
@ -197,7 +195,6 @@ endpoints:
secretName: nova-novncproxy-tls-proxy secretName: nova-novncproxy-tls-proxy
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:
@ -210,7 +207,6 @@ endpoints:
secretName: nova-tls-spiceproxy secretName: nova-tls-spiceproxy
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
placement: placement:
@ -220,7 +216,6 @@ endpoints:
secretName: placement-tls-api secretName: placement-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:

View File

@ -16,7 +16,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Placement description: OpenStack-Helm Placement
name: placement name: placement
version: 0.1.5 version: 0.1.6
home: https://docs.openstack.org/placement/latest/ home: https://docs.openstack.org/placement/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
sources: sources:

View File

@ -68,7 +68,6 @@ endpoints:
secretName: placement-tls-api secretName: placement-tls-api
issuerRef: issuerRef:
name: ca-issuer name: ca-issuer
kind: ClusterIssuer
scheme: scheme:
default: https default: https
port: port:

View File

@ -2,7 +2,7 @@
set -eux set -eux
: ${CERT_MANAGER_VERSION:="v1.1.0"} : ${CERT_MANAGER_VERSION:="v0.15.0"}
cert_path="/etc/openstack-helm" cert_path="/etc/openstack-helm"
ca_cert_root="$cert_path/certs/ca" ca_cert_root="$cert_path/certs/ca"
@ -126,12 +126,14 @@ helm repo update
helm install --name cert-manager --namespace cert-manager \ helm install --name cert-manager --namespace cert-manager \
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \ --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
--set installCRDs=true \ --set installCRDs=true \
--set featureGates=ExperimentalCertificateControllers=true \
--set extraArgs[0]="--enable-certificate-owner-ref=true" --set extraArgs[0]="--enable-certificate-owner-ref=true"
# helm 3 command # helm 3 command
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \ # helm install cert-manager jetstack/cert-manager --namespace cert-manager \
# --version ${CERT_MANAGER_VERSION} \ # --version ${CERT_MANAGER_VERSION} \
# --set installCRDs=true \ # --set installCRDs=true \
#. --set featureGates=ExperimentalCertificateControllers=true \
# --set extraArgs[0]="--enable-certificate-owner-ref=true" # --set extraArgs[0]="--enable-certificate-owner-ref=true"
helm repo remove jetstack helm repo remove jetstack
@ -145,15 +147,16 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: ca-key-pair name: ca-key-pair
namespace: cert-manager namespace: openstack
data: data:
tls.crt: $crt tls.crt: $crt
tls.key: $key tls.key: $key
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1alpha3
kind: ClusterIssuer kind: Issuer
metadata: metadata:
name: ca-issuer name: ca-issuer
namespace: openstack
spec: spec:
ca: ca:
secretName: ca-key-pair secretName: ca-key-pair