openstack/openstack-helm
Code Issues Proposed changes

Support TLS endpoints in keystone

Browse Source 
This allows ks-bootstrap job to consume TLS endpoint.

Change-Id: I02c07878376934b27888dc643e42ebf1a4caf0ce
This commit is contained in:
josebb 2021-12-01 18:42:05 +02:00
parent ced30abead
commit 5e1e535dd8
5 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
keystone/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Keystone description: OpenStack-Helm Keystone
name: keystone name: keystone
version: 0.2.28 version: 0.2.29
home: https://docs.openstack.org/keystone/latest/ home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources: sources:

2
keystone/templates/job-bootstrap.yaml
View File

@ -19,7 +19,7 @@ helm.sh/hook-weight: "5"
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} {{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "keystone" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.keystone.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}} {{- $bootstrapJob := dict "envAll" . "serviceName" "keystone" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.keystone.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
{{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal -}} {{- if and ( or .Values.manifests.certificates .Values.tls.identity) .Values.secrets.tls.identity.api.internal -}}
{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}} {{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
{{- end -}} {{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}} {{- if .Values.pod.tolerations.keystone.enabled -}}

5
keystone/values.yaml
View File

@ -1087,6 +1087,11 @@ endpoints:
ingress: ingress:
default: 80 default: 80
tls:
identity: false
oslo_messaging: false
oslo_db: false
manifests: manifests:
certificates: false certificates: false
configmap_bin: true configmap_bin: true

19
keystone/values_overrides/tls-custom.yaml Normal file
View File

@ -0,0 +1,19 @@
---
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
secrets:
tls:
identity:
api:
# manually created
internal: keystone-tls-api
tls:
identity: true
...

1
releasenotes/notes/keystone.yaml
View File

@ -44,4 +44,5 @@ keystone:
- 0.2.26 Add Xena and Yoga values overrides - 0.2.26 Add Xena and Yoga values overrides
- 0.2.27 Use LOG.warning instead of deprecated LOG.warn - 0.2.27 Use LOG.warning instead of deprecated LOG.warn
- 0.2.28 Added OCI registry authentication - 0.2.28 Added OCI registry authentication
- 0.2.29 Support TLS endpoints
... ...