Nagios: Mount internal TLS CA certificate

Mounted internal TLS CA certificate to be able to communicate with prometheus and elasticsearch. Change-Id: I1fc5e1e7c46a95f50487eea5924a13bdcad51b51
2021-06-28 16:38:32 +00:00 · 2021-06-28 16:38:32 +00:00 · 7057def52b
commit 7057def52b
parent d067a0bb7a
5 changed files with 29 additions and 1 deletions
--- a/nagios/Chart.yaml
+++ b/nagios/Chart.yaml
@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nagios
 name: nagios
-version: 0.1.2
+version: 0.1.3
 home: https://www.nagios.org
 sources:
  - https://opendev.org/openstack/openstack-helm-addons
--- a/nagios/templates/deployment.yaml
+++ b/nagios/templates/deployment.yaml
@ -200,6 +200,10 @@ spec:
                secretKeyRef:
                  name: {{ $nagiosUserSecret }}
                  key: NAGIOSADMIN_PASS
+{{- if .Values.manifests.certificates }}
+            - name: CA_CERT_PATH
+              value: "/etc/ssl/certs/ca.crt"
+{{- end }}
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
@ -232,6 +236,7 @@ spec:
 {{- end }}
            - name: pod-var-log
              mountPath: /opt/nagios/var/log
+{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal "path" "/etc/ssl/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
      volumes:
        - name: pod-tmp
          emptyDir: {}
@ -247,4 +252,5 @@ spec:
          configMap:
            name: nagios-bin
            defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
 {{- end }}
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@ -88,6 +88,9 @@ endpoints:
      admin:
        username: admin
        password: changeme
+        secret:
+          tls:
+            internal: prometheus-tls-api
    hosts:
      default: prom-metrics
      public: prometheus
@ -282,6 +285,7 @@ pod:
          cpu: "100m"

 manifests:
+  certificates: false
  configmap_bin: true
  configmap_etc: true
  deployment: true
--- a/nagios/values_overrides/tls.yaml
+++ b/nagios/values_overrides/tls.yaml
@ -0,0 +1,17 @@
+---
+endpoints:
+  monitoring:
+    scheme:
+      default: "https"
+    port:
+      http:
+        default: 443
+  elasticsearch:
+    scheme:
+      default: "https"
+    port:
+      http:
+        default: 443
+manifests:
+  certificates: true
+...
--- a/releasenotes/notes/nagios.yaml
+++ b/releasenotes/notes/nagios.yaml
@ -3,4 +3,5 @@ nagios:
  - 0.1.0 Initial Chart
  - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
  - 0.1.2 Use full image ref for docker official images
+  - 0.1.3 Mount internal TLS CA certificate
 ...