Support TLS endpoints in keystone

This allows ks-bootstrap job to consume TLS endpoint.

Change-Id: I02c07878376934b27888dc643e42ebf1a4caf0ce
This commit is contained in:
josebb 2021-12-01 18:42:05 +02:00
parent ced30abead
commit 5e1e535dd8
5 changed files with 27 additions and 2 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Keystone
name: keystone
version: 0.2.28
version: 0.2.29
home: https://docs.openstack.org/keystone/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
sources:

View File

@ -19,7 +19,7 @@ helm.sh/hook-weight: "5"
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "keystone" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.keystone.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
{{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal -}}
{{- if and ( or .Values.manifests.certificates .Values.tls.identity) .Values.secrets.tls.identity.api.internal -}}
{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}}

View File

@ -1087,6 +1087,11 @@ endpoints:
ingress:
default: 80
tls:
identity: false
oslo_messaging: false
oslo_db: false
manifests:
certificates: false
configmap_bin: true

View File

@ -0,0 +1,19 @@
---
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
secrets:
tls:
identity:
api:
# manually created
internal: keystone-tls-api
tls:
identity: true
...

View File

@ -44,4 +44,5 @@ keystone:
- 0.2.26 Add Xena and Yoga values overrides
- 0.2.27 Use LOG.warning instead of deprecated LOG.warn
- 0.2.28 Added OCI registry authentication
- 0.2.29 Support TLS endpoints
...