Mount rabbitmq TLS secret

Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed 
rabbitmq support should be added.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188

Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
This commit is contained in:
Gupta, Sangeet (sg774j) 2021-06-08 12:47:31 +00:00 committed by Sangeet Gupta
parent 92dfcbb7c1
commit 5028aa8de1
24 changed files with 67 additions and 14 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Cinder
name: cinder
version: 0.2.2
version: 0.2.3
home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources:

View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -141,6 +141,10 @@ endpoints:
port:
ingress:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Glance
name: glance
version: 0.2.3
version: 0.2.4
home: https://docs.openstack.org/glance/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
sources:

View File

@ -14,9 +14,12 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
{{- $connection := tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -24,6 +27,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -131,6 +131,10 @@ endpoints:
web:
default: 80
public: 443
oslo_messaging:
port:
https:
default: 15680
pod:
security_context:
glance:

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Heat
name: heat
version: 0.2.2
version: 0.2.3
home: https://docs.openstack.org/heat/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
sources:

View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -181,7 +181,10 @@ endpoints:
port:
ingress:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Keystone
name: keystone
version: 0.2.4
version: 0.2.5
home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources:

View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -81,6 +81,10 @@ endpoints:
port:
api:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Neutron
name: neutron
version: 0.2.2
version: 0.2.3
home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:

View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -132,6 +132,10 @@ endpoints:
port:
ingress:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
version: 0.2.3
version: 0.2.4
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:

View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
@ -23,7 +27,7 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
TRANSPORT_URL: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | b64enc }}
{{- end }}
{{- end }}

View File

@ -237,6 +237,10 @@ endpoints:
port:
api:
public: 443
oslo_messaging:
port:
https:
default: 15680
pod:
security_context:
nova:

View File

@ -19,3 +19,4 @@ cinder:
- 0.2.0 Remove support for releases before T
- 0.2.1 Fix the ceph pool creations for openstack services
- 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Mount rabbitmq TLS secret

View File

@ -13,3 +13,4 @@ glance:
- 0.2.1 Fix the ceph pool creations for openstack services
- 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Use policies in yaml format
- 0.2.4 Mount rabbitmq TLS secret

View File

@ -9,3 +9,4 @@ heat:
- 0.2.0 Remove support for releases before T
- 0.2.1 Adding rabbitmq TLS logic
- 0.2.2 Use policies in yaml format
- 0.2.3 Mount rabbitmq TLS secret

View File

@ -20,4 +20,5 @@ keystone:
- 0.2.2 Make python script PEP8 compliant
- 0.2.3 Adding rabbitmq TLS logic
- 0.2.4 Use policies in yaml format
- 0.2.5 Mount rabbitmq TLS secret
...

View File

@ -16,3 +16,5 @@ neutron:
- 0.2.0 Remove support for releases before T
- 0.2.1 Adding rabbitmq TLS logic
- 0.2.2 Use policies in yaml format
- 0.2.3 Mount rabbitmq TLS secret
...

View File

@ -24,4 +24,5 @@ nova:
- 0.2.1 Remove unnecessary +x permission on gotpl files
- 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Replace deprecated configuration ``[vnc]/vncserver_proxyclient_address``
- 0.2.4 Mount rabbitmq TLS secret
...