openstack/openstack-helm-infra
Code Issues Proposed changes

feat(tls): add tls to prometheus-openstack-exporter

Browse Source 
This patchset enables passing of tls certificate to
openstack.

Change-Id: I370d69d8747ce894684dbff87b3580b6d1e82647
This commit is contained in:
Gupta, Sangeet (sg774j) 2020-08-03 22:02:27 +00:00 committed by Sangeet Gupta
parent 9ed951aa32
commit 4d512f6eff
4 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
prometheus-openstack-exporter/templates/deployment.yaml
View File

@ -83,7 +83,7 @@ spec:
- name: LISTEN_PORT
value: {{ tuple "prometheus_openstack_exporter" "internal" "exporter" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
{{ include "helm-toolkit.utils.to_k8s_env_vars" .Values.conf.prometheus_openstack_exporter | indent 12 }}
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
{{- with $env := dict "ksUserSecret" $ksUserSecret "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumeMounts:
@ -93,6 +93,7 @@ spec:
mountPath: /tmp/prometheus-openstack-exporter.sh
subPath: prometheus-openstack-exporter.sh
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@ -100,4 +101,5 @@ spec:
configMap:
name: prometheus-openstack-exporter-bin
defaultMode: 0555
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

4
prometheus-openstack-exporter/templates/job-ks-user.yaml
View File

@ -51,8 +51,9 @@ spec:
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
@ -69,4 +70,5 @@ spec:
configMap:
name: prometheus-openstack-exporter-bin
defaultMode: 0555
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}

9
prometheus-openstack-exporter/values.yaml
View File

@ -134,6 +134,14 @@ secrets:
identity:
admin: prometheus-openstack-exporter-keystone-admin
user: prometheus-openstack-exporter-keystone-user
tls:
identity:
api:
# This name should be same as in keystone. Keystone
# secret will be used in these charts
#
internal: keystone-tls-api
endpoints:
cluster_domain_suffix: cluster.local
@ -212,6 +220,7 @@ network_policy:
- {}
manifests:
certificates: false
configmap_bin: true
deployment: true
job_image_repo_sync: true

4
prometheus-openstack-exporter/values_overrides/tls.yaml Normal file
View File

@ -0,0 +1,4 @@
---
manifests:
certificates: true
...