From 51b6cf466443411ffe25a371990b157ffe0cf7df Mon Sep 17 00:00:00 2001 From: josebb Date: Thu, 10 Mar 2022 17:33:21 +0200 Subject: [PATCH] Support SSL identity endpoint in horizon Change-Id: I14c99d6966f3610425c5430d40f28d7bce7d2750 --- horizon/Chart.yaml | 2 +- horizon/templates/deployment.yaml | 8 ++++++-- horizon/values.yaml | 3 +++ releasenotes/notes/horizon.yaml | 1 + 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml index 39ea283033..01964b7031 100644 --- a/horizon/Chart.yaml +++ b/horizon/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Horizon name: horizon -version: 0.2.25 +version: 0.2.26 home: https://docs.openstack.org/horizon/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png sources: diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index e3978c588c..a23b56df17 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -70,6 +70,10 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP +{{- if or .Values.manifests.certificates .Values.tls.identity }} + - name: REQUESTS_CA_BUNDLE + value: "/etc/openstack-dashboard/certs/ca.crt" +{{- end }} lifecycle: preStop: exec: @@ -157,7 +161,7 @@ spec: mountPath: /tmp/favicon.ico subPath: favicon.ico {{- end }} -{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal "path" "/etc/openstack-dashboard/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal "path" "/etc/openstack-dashboard/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }} volumes: @@ -181,6 +185,6 @@ spec: name: horizon-logo {{- end }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} -{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{ if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index 1f58555371..68b75afc75 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -1236,6 +1236,9 @@ secrets: oci_image_registry: horizon: horizon-oci-image-registry +tls: + identity: false + # typically overridden by environmental # values, but should include all endpoints # required by this chart diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml index 534b5db944..b9a79ef43b 100644 --- a/releasenotes/notes/horizon.yaml +++ b/releasenotes/notes/horizon.yaml @@ -35,4 +35,5 @@ horizon: - 0.2.23 Add Xena and Yoga value overrides - 0.2.24 Remove blank lines in logo configmap - 0.2.25 Added OCI registry authentication + - 0.2.26 Support SSL identity endpoint ...