Re-enable "feat(tls): Change Issuer to ClusterIssuer""
This reverts commit 2ec17153c6.
Reason for revert: resolved bug with cluster issuer versioning
Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814
Co-authored-by: Sangeet Gupta <sg774j@att.com>
Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21
This commit is contained in:
Nafiz Haider
parent
352b43acca
commit
ca47e3c974
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Cinder
|
||||
name: cinder
|
||||
version: 0.1.9
|
||||
version: 0.1.10
|
||||
home: https://docs.openstack.org/cinder/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
|
||||
sources:
|
||||
|
||||
@ -97,6 +97,7 @@ endpoints:
|
||||
secretName: cinder-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
internal: https
|
||||
@ -110,6 +111,7 @@ endpoints:
|
||||
secretName: cinder-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
internal: https
|
||||
@ -123,6 +125,7 @@ endpoints:
|
||||
secretName: cinder-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
internal: https
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Glance
|
||||
name: glance
|
||||
version: 0.1.4
|
||||
version: 0.1.5
|
||||
home: https://docs.openstack.org/glance/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
|
||||
sources:
|
||||
|
||||
@ -92,6 +92,7 @@ endpoints:
|
||||
secretName: glance-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
public: https
|
||||
@ -105,6 +106,7 @@ endpoints:
|
||||
secretName: glance-tls-reg
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
public: https
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Heat
|
||||
name: heat
|
||||
version: 0.1.4
|
||||
version: 0.1.5
|
||||
home: https://docs.openstack.org/heat/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
|
||||
sources:
|
||||
|
||||
@ -144,6 +144,7 @@ endpoints:
|
||||
secretName: heat-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
@ -156,6 +157,7 @@ endpoints:
|
||||
secretName: heat-tls-cfn
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
@ -169,7 +171,7 @@ endpoints:
|
||||
secretName: heat-tls-cloudwatch
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: Issuer
|
||||
kind: ClusterIssuer
|
||||
ingress:
|
||||
port:
|
||||
ingress:
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Horizon
|
||||
name: horizon
|
||||
version: 0.1.5
|
||||
version: 0.1.6
|
||||
home: https://docs.openstack.org/horizon/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
|
||||
sources:
|
||||
|
||||
@ -93,6 +93,7 @@ endpoints:
|
||||
secretName: horizon-tls-web
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
public: https
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Keystone
|
||||
name: keystone
|
||||
version: 0.1.7
|
||||
version: 0.1.8
|
||||
home: https://docs.openstack.org/keystone/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
||||
sources:
|
||||
|
||||
@ -68,7 +68,7 @@ endpoints:
|
||||
secretName: keystone-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: Issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
public: https
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Neutron
|
||||
name: neutron
|
||||
version: 0.1.9
|
||||
version: 0.1.10
|
||||
home: https://docs.openstack.org/neutron/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
||||
sources:
|
||||
|
||||
@ -117,6 +117,7 @@ endpoints:
|
||||
secretName: neutron-tls-server
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
|
||||
@ -14,7 +14,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Nova
|
||||
name: nova
|
||||
version: 0.1.12
|
||||
version: 0.1.13
|
||||
home: https://docs.openstack.org/nova/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||
sources:
|
||||
|
||||
@ -171,6 +171,7 @@ endpoints:
|
||||
secretName: nova-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: 'https'
|
||||
port:
|
||||
@ -183,6 +184,7 @@ endpoints:
|
||||
secretName: metadata-tls-metadata
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
@ -195,6 +197,7 @@ endpoints:
|
||||
secretName: nova-novncproxy-tls-proxy
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
@ -207,6 +210,7 @@ endpoints:
|
||||
secretName: nova-tls-spiceproxy
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
placement:
|
||||
@ -216,6 +220,7 @@ endpoints:
|
||||
secretName: placement-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
|
||||
@ -16,7 +16,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Placement
|
||||
name: placement
|
||||
version: 0.1.6
|
||||
version: 0.1.7
|
||||
home: https://docs.openstack.org/placement/latest/
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
|
||||
sources:
|
||||
|
||||
@ -68,6 +68,7 @@ endpoints:
|
||||
secretName: placement-tls-api
|
||||
issuerRef:
|
||||
name: ca-issuer
|
||||
kind: ClusterIssuer
|
||||
scheme:
|
||||
default: https
|
||||
port:
|
||||
|
||||
@ -10,3 +10,4 @@ cinder:
|
||||
- 0.1.7 Change Issuer to ClusterIssuer
|
||||
- 0.1.8 Revert - Change Issuer to ClusterIssuer
|
||||
- 0.1.9 Use HostToContainer mount propagation
|
||||
- 0.1.10 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -5,3 +5,4 @@ glance:
|
||||
- 0.1.2 Change issuer to clusterissuer
|
||||
- 0.1.3 Revert - Change issuer to clusterissuer
|
||||
- 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1
|
||||
- 0.1.5 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -5,3 +5,4 @@ heat:
|
||||
- 0.1.2 Remove tls values override for clients_heat
|
||||
- 0.1.3 Change Issuer to ClusterIssuer
|
||||
- 0.1.4 Revert - Change Issuer to ClusterIssuer
|
||||
- 0.1.5 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
horizon:
|
||||
- 0.1.0 Initial Chart
|
||||
- 0.1.6 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -8,3 +8,4 @@ keystone:
|
||||
- 0.1.5 Revert clusterissuer change
|
||||
- 0.1.6 Fix typo in subPath entry
|
||||
- 0.1.7 Move rabbit-init to dynamic dependency
|
||||
- 0.1.8 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -10,3 +10,4 @@ neutron:
|
||||
- 0.1.7 Change Issuer to ClusterIssuer
|
||||
- 0.1.8 Revert Change Issuer to ClusterIssuer
|
||||
- 0.1.9 Update ovs agent to support host/label overrides
|
||||
- 0.1.10 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -13,3 +13,4 @@ nova:
|
||||
- 0.1.10 Use HostToContainer mount propagation
|
||||
- 0.1.11 Secure libvirt connection from using 127.0.0.1 to use unix socket
|
||||
- 0.1.12 Update RBAC apiVersion from /v1beta1 to /v1
|
||||
- 0.1.13 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -7,3 +7,4 @@ placement:
|
||||
- 0.1.4 Add null check condition in placement deployment manifest
|
||||
- 0.1.5 Change Issuer to ClusterIssuer
|
||||
- 0.1.6 Revert - Change Issuer to ClusterIssuer
|
||||
- 0.1.7 Change Issuer to ClusterIssuer
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
set -eux
|
||||
|
||||
: ${CERT_MANAGER_VERSION:="v0.15.0"}
|
||||
: ${CERT_MANAGER_VERSION:="v1.2.0"}
|
||||
|
||||
cert_path="/etc/openstack-helm"
|
||||
ca_cert_root="$cert_path/certs/ca"
|
||||
@ -126,14 +126,12 @@ helm repo update
|
||||
helm install --name cert-manager --namespace cert-manager \
|
||||
--version ${CERT_MANAGER_VERSION} jetstack/cert-manager \
|
||||
--set installCRDs=true \
|
||||
--set featureGates=ExperimentalCertificateControllers=true \
|
||||
--set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||
|
||||
# helm 3 command
|
||||
# helm install cert-manager jetstack/cert-manager --namespace cert-manager \
|
||||
# --version ${CERT_MANAGER_VERSION} \
|
||||
# --set installCRDs=true \
|
||||
#. --set featureGates=ExperimentalCertificateControllers=true \
|
||||
# --set extraArgs[0]="--enable-certificate-owner-ref=true"
|
||||
|
||||
helm repo remove jetstack
|
||||
@ -147,16 +145,15 @@ apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ca-key-pair
|
||||
namespace: openstack
|
||||
namespace: cert-manager
|
||||
data:
|
||||
tls.crt: $crt
|
||||
tls.key: $key
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha3
|
||||
kind: Issuer
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: ca-issuer
|
||||
namespace: openstack
|
||||
spec:
|
||||
ca:
|
||||
secretName: ca-key-pair
|
||||
|
||||
Loading…
Reference in New Issue
Block a user