openstack/openstack-helm
Code Issues Proposed changes

feat(tls): Make openstack services compatible with mariadb with TLS

Browse Source 
Change database scerets.

Change-Id: I068dfcb23d596d4b9bcde1944fb4def010490452
This commit is contained in:
Gupta, Sangeet (sg774j) 2020-07-24 23:02:09 +00:00
parent d277386769
commit 7b720184e3
5 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cinder/templates/secret-db.yaml
View File

@ -16,6 +16,7 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -23,6 +24,10 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}

7
glance/templates/secret-db.yaml
View File

@ -16,6 +16,7 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -23,6 +24,10 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}

7
heat/templates/secret-db.yaml
View File

@ -16,6 +16,7 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -23,6 +24,10 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}

7
keystone/templates/secret-db.yaml
View File

@ -16,6 +16,7 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -23,6 +24,10 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}

7
neutron/templates/secret-db.yaml
View File

@ -16,6 +16,7 @@ limitations under the License.
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
---
apiVersion: v1
kind: Secret
@ -23,6 +24,10 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
{{- end }}