Mount rabbitmq TLS secret

Mount rabbitmq TLS secret to openstack services which support internal TLS. Once internal TLS support is added to other service, the TLSed rabbitmq support should be added. Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/795188 Change-Id: I9aa272e365f846746f2e06aa7b7010db730e17df
2021-06-08 12:47:31 +00:00 · 2021-06-08 12:47:31 +00:00 · 5028aa8de1
commit 5028aa8de1
parent 92dfcbb7c1
24 changed files with 67 additions and 14 deletions
--- a/cinder/Chart.yaml
+++ b/cinder/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.2.2
+version: 0.2.3
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:
--- a/cinder/templates/secret_rabbitmq.yaml
+++ b/cinder/templates/secret_rabbitmq.yaml
@ -14,6 +14,10 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "cinder" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
 ---
@ -23,6 +27,6 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/cinder/values_overrides/tls.yaml
+++ b/cinder/values_overrides/tls.yaml
@ -141,6 +141,10 @@ endpoints:
    port:
      ingress:
        default: 443
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 manifests:
  certificates: true
 ...
--- a/glance/Chart.yaml
+++ b/glance/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.2.3
+version: 0.2.4
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:
--- a/glance/templates/secret-rabbitmq.yaml
+++ b/glance/templates/secret-rabbitmq.yaml
@ -14,9 +14,12 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "glance" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
-{{- $connection := tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
 ---
 apiVersion: v1
 kind: Secret
@ -24,6 +27,6 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/glance/values_overrides/tls.yaml
+++ b/glance/values_overrides/tls.yaml
@ -131,6 +131,10 @@ endpoints:
      web:
        default: 80
        public: 443
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 pod:
  security_context:
    glance:
--- a/heat/Chart.yaml
+++ b/heat/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.2.2
+version: 0.2.3
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:
--- a/heat/templates/secret-rabbitmq.yaml
+++ b/heat/templates/secret-rabbitmq.yaml
@ -14,6 +14,10 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "heat" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
 ---
@ -23,6 +27,6 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/heat/values_overrides/tls.yaml
+++ b/heat/values_overrides/tls.yaml
@ -181,7 +181,10 @@ endpoints:
    port:
      ingress:
        default: 443
-
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 manifests:
  certificates: true
 ...
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.4
+version: 0.2.5
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
--- a/keystone/templates/secret-rabbitmq.yaml
+++ b/keystone/templates/secret-rabbitmq.yaml
@ -14,6 +14,10 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "keystone" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
 ---
@ -23,6 +27,6 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/keystone/values_overrides/tls.yaml
+++ b/keystone/values_overrides/tls.yaml
@ -81,6 +81,10 @@ endpoints:
    port:
      api:
        default: 443
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 manifests:
  certificates: true
 ...
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.2.2
+version: 0.2.3
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/templates/secret_rabbitmq.yaml
+++ b/neutron/templates/secret_rabbitmq.yaml
@ -14,6 +14,10 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "neutron" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
 ---
@ -23,6 +27,6 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/neutron/values_overrides/tls.yaml
+++ b/neutron/values_overrides/tls.yaml
@ -132,6 +132,10 @@ endpoints:
    port:
      ingress:
        default: 443
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 manifests:
  certificates: true
 ...
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.2.3
+version: 0.2.4
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:
--- a/nova/templates/secret_rabbitmq.yaml
+++ b/nova/templates/secret_rabbitmq.yaml
@ -14,6 +14,10 @@ limitations under the License.

 {{- if .Values.manifests.secret_rabbitmq }}
 {{- $envAll := . }}
+{{- $rabbitmqProtocol := "http" }}
+{{- if $envAll.Values.manifests.certificates }}
+{{- $rabbitmqProtocol = "https" }}
+{{- end }}
 {{- range $key1, $userClass := tuple "admin" "nova" }}
 {{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
 ---
@ -23,7 +27,7 @@ metadata:
  name: {{ $secretName }}
 type: Opaque
 data:
-  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+  RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
  TRANSPORT_URL: {{ tuple "oslo_messaging" "internal" $userClass "amqp" $envAll | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | b64enc }}
 {{- end }}
 {{- end }}
--- a/nova/values_overrides/tls.yaml
+++ b/nova/values_overrides/tls.yaml
@ -237,6 +237,10 @@ endpoints:
    port:
      api:
        public: 443
+  oslo_messaging:
+    port:
+      https:
+        default: 15680
 pod:
  security_context:
    nova:
--- a/releasenotes/notes/cinder.yaml
+++ b/releasenotes/notes/cinder.yaml
@ -19,3 +19,4 @@ cinder:
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Fix the ceph pool creations for openstack services
  - 0.2.2 Adding rabbitmq TLS logic
+  - 0.2.3 Mount rabbitmq TLS secret
--- a/releasenotes/notes/glance.yaml
+++ b/releasenotes/notes/glance.yaml
@ -13,3 +13,4 @@ glance:
  - 0.2.1 Fix the ceph pool creations for openstack services
  - 0.2.2 Adding rabbitmq TLS logic
  - 0.2.3 Use policies in yaml format
+  - 0.2.4 Mount rabbitmq TLS secret
--- a/releasenotes/notes/heat.yaml
+++ b/releasenotes/notes/heat.yaml
@ -9,3 +9,4 @@ heat:
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Adding rabbitmq TLS logic
  - 0.2.2 Use policies in yaml format
+  - 0.2.3 Mount rabbitmq TLS secret
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@ -20,4 +20,5 @@ keystone:
  - 0.2.2 Make python script PEP8 compliant
  - 0.2.3 Adding rabbitmq TLS logic
  - 0.2.4 Use policies in yaml format
+  - 0.2.5 Mount rabbitmq TLS secret
 ...
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -16,3 +16,5 @@ neutron:
  - 0.2.0 Remove support for releases before T
  - 0.2.1 Adding rabbitmq TLS logic
  - 0.2.2 Use policies in yaml format
+  - 0.2.3 Mount rabbitmq TLS secret
+...
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@ -24,4 +24,5 @@ nova:
  - 0.2.1 Remove unnecessary +x permission on gotpl files
  - 0.2.2 Adding rabbitmq TLS logic
  - 0.2.3 Replace deprecated configuration ``[vnc]/vncserver_proxyclient_address``
+  - 0.2.4 Mount rabbitmq TLS secret
 ...