From ca47e3c97481c8c2bdf1f3b69cabcf8bef867871 Mon Sep 17 00:00:00 2001 From: Nafiz Haider Date: Thu, 28 Jan 2021 20:08:43 +0000 Subject: [PATCH] Re-enable "feat(tls): Change Issuer to ClusterIssuer"" This reverts commit 2ec17153c6cb918dd357f71824ec59dd0d74dfba. Reason for revert: resolved bug with cluster issuer versioning Depends-on: https://review.opendev.org/c/openstack/openstack-helm-infra/+/772814 Co-authored-by: Sangeet Gupta Change-Id: If7ebef1cebbe5b1d97ac530dd7136e3fc9232b21 --- cinder/Chart.yaml | 2 +- cinder/values_overrides/tls.yaml | 3 +++ glance/Chart.yaml | 2 +- glance/values_overrides/tls.yaml | 2 ++ heat/Chart.yaml | 2 +- heat/values_overrides/tls.yaml | 4 +++- horizon/Chart.yaml | 2 +- horizon/values_overrides/tls.yaml | 1 + keystone/Chart.yaml | 2 +- keystone/values_overrides/tls.yaml | 2 +- neutron/Chart.yaml | 2 +- neutron/values_overrides/tls.yaml | 1 + nova/Chart.yaml | 2 +- nova/values_overrides/tls.yaml | 5 +++++ placement/Chart.yaml | 2 +- placement/values_overrides/tls.yaml | 1 + releasenotes/notes/cinder.yaml | 1 + releasenotes/notes/glance.yaml | 1 + releasenotes/notes/heat.yaml | 1 + releasenotes/notes/horizon.yaml | 1 + releasenotes/notes/keystone.yaml | 1 + releasenotes/notes/neutron.yaml | 1 + releasenotes/notes/nova.yaml | 1 + releasenotes/notes/placement.yaml | 1 + tools/scripts/tls/cert-manager.sh | 11 ++++------- 25 files changed, 37 insertions(+), 17 deletions(-) diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml index 4577d8a496..2eed59f66d 100644 --- a/cinder/Chart.yaml +++ b/cinder/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Cinder name: cinder -version: 0.1.9 +version: 0.1.10 home: https://docs.openstack.org/cinder/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png sources: diff --git a/cinder/values_overrides/tls.yaml b/cinder/values_overrides/tls.yaml index 3849cde9ca..9b97c7c3b3 100644 --- a/cinder/values_overrides/tls.yaml +++ b/cinder/values_overrides/tls.yaml @@ -97,6 +97,7 @@ endpoints: secretName: cinder-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https internal: https @@ -110,6 +111,7 @@ endpoints: secretName: cinder-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https internal: https @@ -123,6 +125,7 @@ endpoints: secretName: cinder-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https internal: https diff --git a/glance/Chart.yaml b/glance/Chart.yaml index 2a1ebadd1d..7e9aa3dd8f 100644 --- a/glance/Chart.yaml +++ b/glance/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Glance name: glance -version: 0.1.4 +version: 0.1.5 home: https://docs.openstack.org/glance/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png sources: diff --git a/glance/values_overrides/tls.yaml b/glance/values_overrides/tls.yaml index 20d8ff4b0b..b96d1e7ee0 100644 --- a/glance/values_overrides/tls.yaml +++ b/glance/values_overrides/tls.yaml @@ -92,6 +92,7 @@ endpoints: secretName: glance-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https public: https @@ -105,6 +106,7 @@ endpoints: secretName: glance-tls-reg issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https public: https diff --git a/heat/Chart.yaml b/heat/Chart.yaml index b9007ab19c..a5c970a5d3 100644 --- a/heat/Chart.yaml +++ b/heat/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Heat name: heat -version: 0.1.4 +version: 0.1.5 home: https://docs.openstack.org/heat/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png sources: diff --git a/heat/values_overrides/tls.yaml b/heat/values_overrides/tls.yaml index f7f36e4384..ddeb59dfaf 100644 --- a/heat/values_overrides/tls.yaml +++ b/heat/values_overrides/tls.yaml @@ -144,6 +144,7 @@ endpoints: secretName: heat-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: @@ -156,6 +157,7 @@ endpoints: secretName: heat-tls-cfn issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: @@ -169,7 +171,7 @@ endpoints: secretName: heat-tls-cloudwatch issuerRef: name: ca-issuer - kind: Issuer + kind: ClusterIssuer ingress: port: ingress: diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml index 733092ee19..9845ecf640 100644 --- a/horizon/Chart.yaml +++ b/horizon/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Horizon name: horizon -version: 0.1.5 +version: 0.1.6 home: https://docs.openstack.org/horizon/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png sources: diff --git a/horizon/values_overrides/tls.yaml b/horizon/values_overrides/tls.yaml index 82e25d0259..562962d20a 100644 --- a/horizon/values_overrides/tls.yaml +++ b/horizon/values_overrides/tls.yaml @@ -93,6 +93,7 @@ endpoints: secretName: horizon-tls-web issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https public: https diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml index 72c0d936e1..ced1df005d 100644 --- a/keystone/Chart.yaml +++ b/keystone/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Keystone name: keystone -version: 0.1.7 +version: 0.1.8 home: https://docs.openstack.org/keystone/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png sources: diff --git a/keystone/values_overrides/tls.yaml b/keystone/values_overrides/tls.yaml index 5aaa7cf3dc..7b19d4fad9 100644 --- a/keystone/values_overrides/tls.yaml +++ b/keystone/values_overrides/tls.yaml @@ -68,7 +68,7 @@ endpoints: secretName: keystone-tls-api issuerRef: name: ca-issuer - kind: Issuer + kind: ClusterIssuer scheme: default: https public: https diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index d4cece9643..33ce880fa9 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.1.9 +version: 0.1.10 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/values_overrides/tls.yaml b/neutron/values_overrides/tls.yaml index e8aa3fe762..b55a16092c 100644 --- a/neutron/values_overrides/tls.yaml +++ b/neutron/values_overrides/tls.yaml @@ -117,6 +117,7 @@ endpoints: secretName: neutron-tls-server issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: diff --git a/nova/Chart.yaml b/nova/Chart.yaml index 96b51eee54..a1c970ebce 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.1.12 +version: 0.1.13 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/values_overrides/tls.yaml b/nova/values_overrides/tls.yaml index 7df4dd82e9..59a8e7a63c 100644 --- a/nova/values_overrides/tls.yaml +++ b/nova/values_overrides/tls.yaml @@ -171,6 +171,7 @@ endpoints: secretName: nova-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: 'https' port: @@ -183,6 +184,7 @@ endpoints: secretName: metadata-tls-metadata issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: @@ -195,6 +197,7 @@ endpoints: secretName: nova-novncproxy-tls-proxy issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: @@ -207,6 +210,7 @@ endpoints: secretName: nova-tls-spiceproxy issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https placement: @@ -216,6 +220,7 @@ endpoints: secretName: placement-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: diff --git a/placement/Chart.yaml b/placement/Chart.yaml index d7d909aa9a..b9d542bf6f 100644 --- a/placement/Chart.yaml +++ b/placement/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Placement name: placement -version: 0.1.6 +version: 0.1.7 home: https://docs.openstack.org/placement/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png sources: diff --git a/placement/values_overrides/tls.yaml b/placement/values_overrides/tls.yaml index b2906032e4..adfd3594c0 100644 --- a/placement/values_overrides/tls.yaml +++ b/placement/values_overrides/tls.yaml @@ -68,6 +68,7 @@ endpoints: secretName: placement-tls-api issuerRef: name: ca-issuer + kind: ClusterIssuer scheme: default: https port: diff --git a/releasenotes/notes/cinder.yaml b/releasenotes/notes/cinder.yaml index 10187163e7..0fd10595ec 100644 --- a/releasenotes/notes/cinder.yaml +++ b/releasenotes/notes/cinder.yaml @@ -10,3 +10,4 @@ cinder: - 0.1.7 Change Issuer to ClusterIssuer - 0.1.8 Revert - Change Issuer to ClusterIssuer - 0.1.9 Use HostToContainer mount propagation + - 0.1.10 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml index 6660eb1a5e..c469468914 100644 --- a/releasenotes/notes/glance.yaml +++ b/releasenotes/notes/glance.yaml @@ -5,3 +5,4 @@ glance: - 0.1.2 Change issuer to clusterissuer - 0.1.3 Revert - Change issuer to clusterissuer - 0.1.4 Update RBAC apiVersion from /v1beta1 to /v1 + - 0.1.5 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/heat.yaml b/releasenotes/notes/heat.yaml index 7bc0a5c74a..ea713df27c 100644 --- a/releasenotes/notes/heat.yaml +++ b/releasenotes/notes/heat.yaml @@ -5,3 +5,4 @@ heat: - 0.1.2 Remove tls values override for clients_heat - 0.1.3 Change Issuer to ClusterIssuer - 0.1.4 Revert - Change Issuer to ClusterIssuer + - 0.1.5 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml index 4a479c4616..6467007180 100644 --- a/releasenotes/notes/horizon.yaml +++ b/releasenotes/notes/horizon.yaml @@ -1,3 +1,4 @@ --- horizon: - 0.1.0 Initial Chart + - 0.1.6 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml index 17c4332c17..33befd93eb 100644 --- a/releasenotes/notes/keystone.yaml +++ b/releasenotes/notes/keystone.yaml @@ -8,3 +8,4 @@ keystone: - 0.1.5 Revert clusterissuer change - 0.1.6 Fix typo in subPath entry - 0.1.7 Move rabbit-init to dynamic dependency + - 0.1.8 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index 63a2f2bc0b..9e7ae7d294 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -10,3 +10,4 @@ neutron: - 0.1.7 Change Issuer to ClusterIssuer - 0.1.8 Revert Change Issuer to ClusterIssuer - 0.1.9 Update ovs agent to support host/label overrides + - 0.1.10 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index cea0da4aea..3cc921c24c 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -13,3 +13,4 @@ nova: - 0.1.10 Use HostToContainer mount propagation - 0.1.11 Secure libvirt connection from using 127.0.0.1 to use unix socket - 0.1.12 Update RBAC apiVersion from /v1beta1 to /v1 + - 0.1.13 Change Issuer to ClusterIssuer diff --git a/releasenotes/notes/placement.yaml b/releasenotes/notes/placement.yaml index 5d59087fed..58c7624d33 100644 --- a/releasenotes/notes/placement.yaml +++ b/releasenotes/notes/placement.yaml @@ -7,3 +7,4 @@ placement: - 0.1.4 Add null check condition in placement deployment manifest - 0.1.5 Change Issuer to ClusterIssuer - 0.1.6 Revert - Change Issuer to ClusterIssuer + - 0.1.7 Change Issuer to ClusterIssuer diff --git a/tools/scripts/tls/cert-manager.sh b/tools/scripts/tls/cert-manager.sh index a3ab4a1cb4..7b8b4da959 100755 --- a/tools/scripts/tls/cert-manager.sh +++ b/tools/scripts/tls/cert-manager.sh @@ -2,7 +2,7 @@ set -eux -: ${CERT_MANAGER_VERSION:="v0.15.0"} +: ${CERT_MANAGER_VERSION:="v1.2.0"} cert_path="/etc/openstack-helm" ca_cert_root="$cert_path/certs/ca" @@ -126,14 +126,12 @@ helm repo update helm install --name cert-manager --namespace cert-manager \ --version ${CERT_MANAGER_VERSION} jetstack/cert-manager \ --set installCRDs=true \ - --set featureGates=ExperimentalCertificateControllers=true \ --set extraArgs[0]="--enable-certificate-owner-ref=true" # helm 3 command # helm install cert-manager jetstack/cert-manager --namespace cert-manager \ # --version ${CERT_MANAGER_VERSION} \ # --set installCRDs=true \ -#. --set featureGates=ExperimentalCertificateControllers=true \ # --set extraArgs[0]="--enable-certificate-owner-ref=true" helm repo remove jetstack @@ -147,16 +145,15 @@ apiVersion: v1 kind: Secret metadata: name: ca-key-pair - namespace: openstack + namespace: cert-manager data: tls.crt: $crt tls.key: $key --- -apiVersion: cert-manager.io/v1alpha3 -kind: Issuer +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer metadata: name: ca-issuer - namespace: openstack spec: ca: secretName: ca-key-pair