Merge "Revert "feat(tls): Change Issuer to ClusterIssuer""
This commit is contained in:
commit
2a9e91589d
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Cinder
|
description: OpenStack-Helm Cinder
|
||||||
name: cinder
|
name: cinder
|
||||||
version: 0.1.7
|
version: 0.1.8
|
||||||
home: https://docs.openstack.org/cinder/latest/
|
home: https://docs.openstack.org/cinder/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -97,7 +97,6 @@ endpoints:
|
|||||||
secretName: cinder-tls-api
|
secretName: cinder-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
internal: https
|
internal: https
|
||||||
@ -111,7 +110,6 @@ endpoints:
|
|||||||
secretName: cinder-tls-api
|
secretName: cinder-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
internal: https
|
internal: https
|
||||||
@ -125,7 +123,6 @@ endpoints:
|
|||||||
secretName: cinder-tls-api
|
secretName: cinder-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
internal: https
|
internal: https
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Glance
|
description: OpenStack-Helm Glance
|
||||||
name: glance
|
name: glance
|
||||||
version: 0.1.2
|
version: 0.1.3
|
||||||
home: https://docs.openstack.org/glance/latest/
|
home: https://docs.openstack.org/glance/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -92,7 +92,6 @@ endpoints:
|
|||||||
secretName: glance-tls-api
|
secretName: glance-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
public: https
|
public: https
|
||||||
@ -106,7 +105,6 @@ endpoints:
|
|||||||
secretName: glance-tls-reg
|
secretName: glance-tls-reg
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
public: https
|
public: https
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Heat
|
description: OpenStack-Helm Heat
|
||||||
name: heat
|
name: heat
|
||||||
version: 0.1.3
|
version: 0.1.4
|
||||||
home: https://docs.openstack.org/heat/latest/
|
home: https://docs.openstack.org/heat/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -144,7 +144,6 @@ endpoints:
|
|||||||
secretName: heat-tls-api
|
secretName: heat-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
@ -157,7 +156,6 @@ endpoints:
|
|||||||
secretName: heat-tls-cfn
|
secretName: heat-tls-cfn
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
@ -171,7 +169,7 @@ endpoints:
|
|||||||
secretName: heat-tls-cloudwatch
|
secretName: heat-tls-cloudwatch
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
kind: Issuer
|
||||||
ingress:
|
ingress:
|
||||||
port:
|
port:
|
||||||
ingress:
|
ingress:
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Horizon
|
description: OpenStack-Helm Horizon
|
||||||
name: horizon
|
name: horizon
|
||||||
version: 0.1.4
|
version: 0.1.5
|
||||||
home: https://docs.openstack.org/horizon/latest/
|
home: https://docs.openstack.org/horizon/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -93,7 +93,6 @@ endpoints:
|
|||||||
secretName: horizon-tls-web
|
secretName: horizon-tls-web
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
public: https
|
public: https
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Keystone
|
description: OpenStack-Helm Keystone
|
||||||
name: keystone
|
name: keystone
|
||||||
version: 0.1.4
|
version: 0.1.5
|
||||||
home: https://docs.openstack.org/keystone/latest/
|
home: https://docs.openstack.org/keystone/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -68,7 +68,7 @@ endpoints:
|
|||||||
secretName: keystone-tls-api
|
secretName: keystone-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
kind: Issuer
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
public: https
|
public: https
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Neutron
|
description: OpenStack-Helm Neutron
|
||||||
name: neutron
|
name: neutron
|
||||||
version: 0.1.7
|
version: 0.1.8
|
||||||
home: https://docs.openstack.org/neutron/latest/
|
home: https://docs.openstack.org/neutron/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -117,7 +117,6 @@ endpoints:
|
|||||||
secretName: neutron-tls-server
|
secretName: neutron-tls-server
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Nova
|
description: OpenStack-Helm Nova
|
||||||
name: nova
|
name: nova
|
||||||
version: 0.1.8
|
version: 0.1.9
|
||||||
home: https://docs.openstack.org/nova/latest/
|
home: https://docs.openstack.org/nova/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -171,7 +171,6 @@ endpoints:
|
|||||||
secretName: nova-tls-api
|
secretName: nova-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: 'https'
|
default: 'https'
|
||||||
port:
|
port:
|
||||||
@ -184,7 +183,6 @@ endpoints:
|
|||||||
secretName: metadata-tls-metadata
|
secretName: metadata-tls-metadata
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
@ -197,7 +195,6 @@ endpoints:
|
|||||||
secretName: nova-novncproxy-tls-proxy
|
secretName: nova-novncproxy-tls-proxy
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
@ -210,7 +207,6 @@ endpoints:
|
|||||||
secretName: nova-tls-spiceproxy
|
secretName: nova-tls-spiceproxy
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
placement:
|
placement:
|
||||||
@ -220,7 +216,6 @@ endpoints:
|
|||||||
secretName: placement-tls-api
|
secretName: placement-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
|
@ -16,7 +16,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Placement
|
description: OpenStack-Helm Placement
|
||||||
name: placement
|
name: placement
|
||||||
version: 0.1.5
|
version: 0.1.6
|
||||||
home: https://docs.openstack.org/placement/latest/
|
home: https://docs.openstack.org/placement/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -68,7 +68,6 @@ endpoints:
|
|||||||
secretName: placement-tls-api
|
secretName: placement-tls-api
|
||||||
issuerRef:
|
issuerRef:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
kind: ClusterIssuer
|
|
||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
port:
|
port:
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
set -eux
|
set -eux
|
||||||
|
|
||||||
: ${CERT_MANAGER_VERSION:="v1.1.0"}
|
: ${CERT_MANAGER_VERSION:="v0.15.0"}
|
||||||
|
|
||||||
cert_path="/etc/openstack-helm"
|
cert_path="/etc/openstack-helm"
|
||||||
ca_cert_root="$cert_path/certs/ca"
|
ca_cert_root="$cert_path/certs/ca"
|
||||||
@ -126,12 +126,14 @@ helm repo update
|
|||||||
helm install --name cert-manager --namespace cert-manager \
|
helm install --name cert-manager --namespace cert-manager \
|
||||||
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
|
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
|
||||||
--set installCRDs=true \
|
--set installCRDs=true \
|
||||||
|
--set featureGates=ExperimentalCertificateControllers=true \
|
||||||
--set extraArgs[0]="--enable-certificate-owner-ref=true"
|
--set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||||
|
|
||||||
# helm 3 command
|
# helm 3 command
|
||||||
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
|
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
|
||||||
# --version ${CERT_MANAGER_VERSION} \
|
# --version ${CERT_MANAGER_VERSION} \
|
||||||
# --set installCRDs=true \
|
# --set installCRDs=true \
|
||||||
|
#. --set featureGates=ExperimentalCertificateControllers=true \
|
||||||
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
|
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||||
|
|
||||||
helm repo remove jetstack
|
helm repo remove jetstack
|
||||||
@ -145,15 +147,16 @@ apiVersion: v1
|
|||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: ca-key-pair
|
name: ca-key-pair
|
||||||
namespace: cert-manager
|
namespace: openstack
|
||||||
data:
|
data:
|
||||||
tls.crt: $crt
|
tls.crt: $crt
|
||||||
tls.key: $key
|
tls.key: $key
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1alpha3
|
||||||
kind: ClusterIssuer
|
kind: Issuer
|
||||||
metadata:
|
metadata:
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
|
namespace: openstack
|
||||||
spec:
|
spec:
|
||||||
ca:
|
ca:
|
||||||
secretName: ca-key-pair
|
secretName: ca-key-pair
|
||||||
|
Loading…
Reference in New Issue
Block a user