openstack/openstack-helm
Code Issues Proposed changes

Mount rabbitmq TLS secret

Browse Source 
Mount rabbitmq TLS secret to openstack services which support internal
TLS. Once internal TLS support is added to other service, the TLSed 
rabbitmq support should be added.

Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188

Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
This commit is contained in:
Gupta, Sangeet (sg774j) 2021-06-08 12:47:31 +00:00 committed by Sangeet Gupta
parent 92dfcbb7c1
commit 5028aa8de1
24 changed files with 67 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cinder/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Cinder description: OpenStack-Helm Cinder
name: cinder name: cinder
version: 0.2.2 version: 0.2.3
home: https://docs.openstack.org/cinder/latest/ home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources: sources:

6
cinder/templates/secret_rabbitmq.yaml
View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "cinder" }} {{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
--- ---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
cinder/values_overrides/tls.yaml
View File

@ -141,6 +141,10 @@ endpoints:
port: port:
ingress: ingress:
default: 443 default: 443
oslo_messaging:
port:
https:
default: 15680
manifests: manifests:
certificates: true certificates: true
... ...

2
glance/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Glance description: OpenStack-Helm Glance
name: glance name: glance
version: 0.2.3 version: 0.2.4
home: https://docs.openstack.org/glance/latest/ home: https://docs.openstack.org/glance/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
sources: sources:

7
glance/templates/secret-rabbitmq.yaml
View File

@ -14,9 +14,12 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "glance" }} {{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
{{- $connection := tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
@ -24,6 +27,6 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
glance/values_overrides/tls.yaml
View File

@ -131,6 +131,10 @@ endpoints:
web: web:
default: 80 default: 80
public: 443 public: 443
oslo_messaging:
port:
https:
default: 15680
pod: pod:
security_context: security_context:
glance: glance:

2
heat/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Heat description: OpenStack-Helm Heat
name: heat name: heat
version: 0.2.2 version: 0.2.3
home: https://docs.openstack.org/heat/latest/ home: https://docs.openstack.org/heat/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
sources: sources:

6
heat/templates/secret-rabbitmq.yaml
View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "heat" }} {{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
--- ---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

5
heat/values_overrides/tls.yaml
View File

@ -181,7 +181,10 @@ endpoints:
port: port:
ingress: ingress:
default: 443 default: 443
oslo_messaging:
port:
https:
default: 15680
manifests: manifests:
certificates: true certificates: true
... ...

2
keystone/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Keystone description: OpenStack-Helm Keystone
name: keystone name: keystone
version: 0.2.4 version: 0.2.5
home: https://docs.openstack.org/keystone/latest/ home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources: sources:

6
keystone/templates/secret-rabbitmq.yaml
View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "keystone" }} {{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
--- ---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
keystone/values_overrides/tls.yaml
View File

@ -81,6 +81,10 @@ endpoints:
port: port:
api: api:
default: 443 default: 443
oslo_messaging:
port:
https:
default: 15680
manifests: manifests:
certificates: true certificates: true
... ...

2
neutron/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Neutron description: OpenStack-Helm Neutron
name: neutron name: neutron
version: 0.2.2 version: 0.2.3
home: https://docs.openstack.org/neutron/latest/ home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources: sources:

6
neutron/templates/secret_rabbitmq.yaml
View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "neutron" }} {{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
--- ---
@ -23,6 +27,6 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
neutron/values_overrides/tls.yaml
View File

@ -132,6 +132,10 @@ endpoints:
port: port:
ingress: ingress:
default: 443 default: 443
oslo_messaging:
port:
https:
default: 15680
manifests: manifests:
certificates: true certificates: true
... ...

2
nova/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nova description: OpenStack-Helm Nova
name: nova name: nova
version: 0.2.3 version: 0.2.4
home: https://docs.openstack.org/nova/latest/ home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources: sources:

6
nova/templates/secret_rabbitmq.yaml
View File

@ -14,6 +14,10 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }} {{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
{{- if $envAll.Values.manifests.certificates }}
{{- $rabbitmqProtocol = "https" }}
{{- end }}
{{- range $key1, $userClass := tuple "admin" "nova" }} {{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
--- ---
@ -23,7 +27,7 @@ metadata:
name: {{ $secretName }} name: {{ $secretName }}
type: Opaque type: Opaque
data: data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }} RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
TRANSPORT_URL: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | b64enc }} TRANSPORT_URL: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
nova/values_overrides/tls.yaml
View File

@ -237,6 +237,10 @@ endpoints:
port: port:
api: api:
public: 443 public: 443
oslo_messaging:
port:
https:
default: 15680
pod: pod:
security_context: security_context:
nova: nova:

1
releasenotes/notes/cinder.yaml
View File

@ -19,3 +19,4 @@ cinder:
- 0.2.0 Remove support for releases before T - 0.2.0 Remove support for releases before T
- 0.2.1 Fix the ceph pool creations for openstack services - 0.2.1 Fix the ceph pool creations for openstack services
- 0.2.2 Adding rabbitmq TLS logic - 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Mount rabbitmq TLS secret

1
releasenotes/notes/glance.yaml
View File

@ -13,3 +13,4 @@ glance:
- 0.2.1 Fix the ceph pool creations for openstack services - 0.2.1 Fix the ceph pool creations for openstack services
- 0.2.2 Adding rabbitmq TLS logic - 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Use policies in yaml format - 0.2.3 Use policies in yaml format
- 0.2.4 Mount rabbitmq TLS secret

1
releasenotes/notes/heat.yaml
View File

@ -9,3 +9,4 @@ heat:
- 0.2.0 Remove support for releases before T - 0.2.0 Remove support for releases before T
- 0.2.1 Adding rabbitmq TLS logic - 0.2.1 Adding rabbitmq TLS logic
- 0.2.2 Use policies in yaml format - 0.2.2 Use policies in yaml format
- 0.2.3 Mount rabbitmq TLS secret

1
releasenotes/notes/keystone.yaml
View File

@ -20,4 +20,5 @@ keystone:
- 0.2.2 Make python script PEP8 compliant - 0.2.2 Make python script PEP8 compliant
- 0.2.3 Adding rabbitmq TLS logic - 0.2.3 Adding rabbitmq TLS logic
- 0.2.4 Use policies in yaml format - 0.2.4 Use policies in yaml format
- 0.2.5 Mount rabbitmq TLS secret
... ...

2
releasenotes/notes/neutron.yaml
View File

@ -16,3 +16,5 @@ neutron:
- 0.2.0 Remove support for releases before T - 0.2.0 Remove support for releases before T
- 0.2.1 Adding rabbitmq TLS logic - 0.2.1 Adding rabbitmq TLS logic
- 0.2.2 Use policies in yaml format - 0.2.2 Use policies in yaml format
- 0.2.3 Mount rabbitmq TLS secret
...

1
releasenotes/notes/nova.yaml
View File

@ -24,4 +24,5 @@ nova:
- 0.2.1 Remove unnecessary +x permission on gotpl files - 0.2.1 Remove unnecessary +x permission on gotpl files
- 0.2.2 Adding rabbitmq TLS logic - 0.2.2 Adding rabbitmq TLS logic
- 0.2.3 Replace deprecated configuration ``[vnc]/vncserver_proxyclient_address`` - 0.2.3 Replace deprecated configuration ``[vnc]/vncserver_proxyclient_address``
- 0.2.4 Mount rabbitmq TLS secret
... ...