Support TLS endpoints in nova metadata-api

This allows nova metadata-api to consume TLS openstack endpoints,
typically identity endpoints.

Same idea with
https://review.opendev.org/c/openstack/openstack-helm/+/820212

Change-Id: I80e580badc96908f382fe8c6ddb2fae7caa957ed
This commit is contained in:
josebb 2022-05-11 10:40:04 +03:00
parent d1a7abeb0c
commit b356cbe21f
3 changed files with 9 additions and 3 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
version: 0.2.44
version: 0.2.45
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:

View File

@ -91,6 +91,11 @@ spec:
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- if or .Values.manifests.certificates .Values.tls.identity }}
env:
- name: REQUESTS_CA_BUNDLE
value: "/etc/nova/certs/ca.crt"
{{- end }}
command:
- /tmp/nova-api-metadata.sh
- start
@ -182,7 +187,7 @@ spec:
readOnly: true
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@ -202,6 +207,6 @@ spec:
- name: pod-shared
emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
{{- end }}

View File

@ -65,4 +65,5 @@ nova:
- 0.2.42 Add missing configuration ``[vnc]/novncproxy_host``
- 0.2.43 Added OCI registry authentication
- 0.2.44 Distinguish between port number of internal endpoint and binding port number
- 0.2.45 Support TLS endpoints for metadata-api
...