starlingx/helm-charts
Code Issues Proposed changes

Improve stability with https enabled

Browse Source 
Uses public ingress secrets and disables mariadb and rabbit tls
that were causing connection problems with services

PASS: Openstack is Applied. (https disabled)
PASS: enable https. Opensatck is Applied (WITHOUT service.conf
overrides)

Depends-on: https://review.opendev.org/c/starlingx/openstack-armada-app/+/822833
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Closes-bug: 1960354
Change-Id: Id41385eea097bdf874290620d2a0be58f9d21e2b
This commit is contained in:
Lucas Cavalcante 2022-02-11 01:14:45 -03:00
parent cfaae68018
commit 40dc19f1a2
9 changed files with 6 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/configmap-etc.yaml
View File

@ -6,13 +6,8 @@
{{- if empty .Values.conf.fm.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "fm" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.fm.database "connection" -}}
{{- else -}}
{{- $_ := set .Values.conf.fm.database "connection" $connection -}}
{{- end -}}
{{- end -}}
{{- if empty .Values.conf.fm.DEFAULT.sql_connection -}}
{{- $_ := tuple "oslo_db" "internal" "fm" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.fm.DEFAULT "sql_connection" -}}
{{- end -}}

10
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/deployment.yaml
View File

@ -64,10 +64,7 @@ spec:
mountPath: /etc/fm/events.yaml
readOnly: true
#faultmanagement
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ dict "envAll" . "component" "fm_rest_api" "container" "default" "type" "liveness" "probeTemplate" (include "fmRestApiLivenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/fm-rest-api.sh
@ -101,8 +98,5 @@ spec:
hostPath:
path: /etc/fm/events.yaml
type: File
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.faultmanagement.fm_api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-db-drop.yaml
View File

@ -6,9 +6,6 @@
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "fm" -}}
{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.fm.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-db-init.yaml
View File

@ -6,9 +6,6 @@
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "fm" -}}
{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.fm.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}

3
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-db-sync.yaml
View File

@ -6,9 +6,6 @@
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "fm" -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.fm.enabled -}}
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}

2
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-endpoints.yaml
View File

@ -7,7 +7,7 @@
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.internal -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.fm.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}

2
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-service.yaml
View File

@ -7,7 +7,7 @@
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "fm" "serviceTypes" ( tuple "faultmanagement" ) -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.internal -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{- if .Values.pod.tolerations.fm.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}

2
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/job-ks-user.yaml
View File

@ -10,7 +10,7 @@
{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
{{- end -}}
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.internal -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.faultmanagement.fm_api.public -}}
{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

6
fm-rest-api/fm-rest-api/helm-charts/fm-rest-api/templates/secret-db.yaml
View File

@ -16,10 +16,6 @@ metadata:
name: {{ $secretName }}
type: Opaque
data:
{{- if $envAll.Values.manifests.certificates }}
DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
{{- else }}
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}