Support TLS endpoints in nova metadata-api
This allows nova metadata-api to consume TLS openstack endpoints, typically identity endpoints. Same idea with https://review.opendev.org/c/openstack/openstack-helm/+/820212 Change-Id: I80e580badc96908f382fe8c6ddb2fae7caa957ed
This commit is contained in:
parent
d1a7abeb0c
commit
b356cbe21f
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Nova
|
description: OpenStack-Helm Nova
|
||||||
name: nova
|
name: nova
|
||||||
version: 0.2.44
|
version: 0.2.45
|
||||||
home: https://docs.openstack.org/nova/latest/
|
home: https://docs.openstack.org/nova/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -91,6 +91,11 @@ spec:
|
|||||||
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||||
|
{{- if or .Values.manifests.certificates .Values.tls.identity }}
|
||||||
|
env:
|
||||||
|
- name: REQUESTS_CA_BUNDLE
|
||||||
|
value: "/etc/nova/certs/ca.crt"
|
||||||
|
{{- end }}
|
||||||
command:
|
command:
|
||||||
- /tmp/nova-api-metadata.sh
|
- /tmp/nova-api-metadata.sh
|
||||||
- start
|
- start
|
||||||
@ -182,7 +187,7 @@ spec:
|
|||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||||
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
@ -202,6 +207,6 @@ spec:
|
|||||||
- name: pod-shared
|
- name: pod-shared
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
|
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -65,4 +65,5 @@ nova:
|
|||||||
- 0.2.42 Add missing configuration ``[vnc]/novncproxy_host``
|
- 0.2.42 Add missing configuration ``[vnc]/novncproxy_host``
|
||||||
- 0.2.43 Added OCI registry authentication
|
- 0.2.43 Added OCI registry authentication
|
||||||
- 0.2.44 Distinguish between port number of internal endpoint and binding port number
|
- 0.2.44 Distinguish between port number of internal endpoint and binding port number
|
||||||
|
- 0.2.45 Support TLS endpoints for metadata-api
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user