Aodh and Panko: Add TLS support for public endpoints

This commit adds the capability for Aodh, Panko charts to support TLS on overriden fqdn for public endpoints. Change-Id: Ia1350f65872b0eddda8ecc83ffea1dd215b3b6db Signed-off-by: Angie Wang <angie.wang@windriver.com>
2019-07-10 12:03:57 -04:00 · 2019-07-10 12:03:57 -04:00 · 9c2f6fadb4
commit 9c2f6fadb4
parent 4e8f25b115
4 changed files with 62 additions and 0 deletions
--- a/aodh/templates/secret-ingress-tls.yaml
+++ b/aodh/templates/secret-ingress-tls.yaml
@ -0,0 +1,19 @@
+{{/*
+Copyright 2019 Wind River Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alarming" ) }}
+{{- end }}
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@ -542,6 +542,10 @@ secrets:
  oslo_messaging:
    admin: aodh-rabbitmq-admin
    aodh: aodh-rabbitmq-user
+  tls:
+    alarming:
+      api:
+        public: aodh-tls-public

 bootstrap:
  enabled: false
@ -604,6 +608,13 @@ endpoints:
      public: aodh
    host_fqdn_override:
      default: null
+      # NOTE: this chart supports TLS for fqdn over-ridden public
+      # endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
    path:
      default: null
    scheme:
@ -705,5 +716,6 @@ manifests:
  secret_db: true
  secret_keystone: true
  secret_rabbitmq: true
+  secret_ingress_tls: true
  service_api: true
  service_ingress_api: true
--- a/panko/templates/secret-ingress-tls.yaml
+++ b/panko/templates/secret-ingress-tls.yaml
@ -0,0 +1,19 @@
+{{/*
+Copyright 2019 Wind River Systems, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "event" ) }}
+{{- end }}
--- a/panko/values.yaml
+++ b/panko/values.yaml
@ -159,6 +159,10 @@ secrets:
  oslo_db:
    admin: panko-db-admin
    panko: panko-db-user
+  tls:
+    event:
+      api:
+        public: panko-tls-public

 bootstrap:
  enabled: false
@ -387,6 +391,13 @@ endpoints:
      public: panko
    host_fqdn_override:
      default: null
+      # NOTE: this chart supports TLS for fqdn over-ridden public
+      # endpoints using the following format:
+      # public:
+      #   host: null
+      #   tls:
+      #     crt: null
+      #     key: null
    path:
      default: null
    scheme:
@ -599,6 +610,7 @@ manifests:
  pod_rally_test: true
  secret_db: true
  secret_keystone: true
+  secret_ingress_tls: true
  service_api: true
  service_ingress_api: true