From 7057def52b3c163858af563ddf5e8cfbb1476062 Mon Sep 17 00:00:00 2001
From: "Gupta, Sangeet (sg774j)" <sg774j@att.com>
Date: Mon, 28 Jun 2021 16:38:32 +0000
Subject: [PATCH] Nagios: Mount internal TLS CA certificate

Mounted internal TLS CA certificate to be able to communicate with
prometheus and elasticsearch.

Change-Id: I1fc5e1e7c46a95f50487eea5924a13bdcad51b51
---
 nagios/Chart.yaml                |  2 +-
 nagios/templates/deployment.yaml |  6 ++++++
 nagios/values.yaml               |  4 ++++
 nagios/values_overrides/tls.yaml | 17 +++++++++++++++++
 releasenotes/notes/nagios.yaml   |  1 +
 5 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 nagios/values_overrides/tls.yaml

diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml
index be6ca66fe..8dbd33937 100644
--- a/nagios/Chart.yaml
+++ b/nagios/Chart.yaml
@@ -15,7 +15,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nagios
 name: nagios
-version: 0.1.2
+version: 0.1.3
 home: https://www.nagios.org
 sources:
   - https://opendev.org/openstack/openstack-helm-addons
diff --git a/nagios/templates/deployment.yaml b/nagios/templates/deployment.yaml
index 75776c981..02fb93475 100644
--- a/nagios/templates/deployment.yaml
+++ b/nagios/templates/deployment.yaml
@@ -200,6 +200,10 @@ spec:
                 secretKeyRef:
                   name: {{ $nagiosUserSecret }}
                   key: NAGIOSADMIN_PASS
+{{- if .Values.manifests.certificates }}
+            - name: CA_CERT_PATH
+              value: "/etc/ssl/certs/ca.crt"
+{{- end }}
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
@@ -232,6 +236,7 @@ spec:
 {{- end }}
             - name: pod-var-log
               mountPath: /opt/nagios/var/log
+{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal "path" "/etc/ssl/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
       volumes:
         - name: pod-tmp
           emptyDir: {}
@@ -247,4 +252,5 @@ spec:
           configMap:
             name: nagios-bin
             defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
 {{- end }}
diff --git a/nagios/values.yaml b/nagios/values.yaml
index e8d262e59..cff49a635 100644
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@@ -88,6 +88,9 @@ endpoints:
       admin:
         username: admin
         password: changeme
+        secret:
+          tls:
+            internal: prometheus-tls-api
     hosts:
       default: prom-metrics
       public: prometheus
@@ -282,6 +285,7 @@ pod:
           cpu: "100m"
 
 manifests:
+  certificates: false
   configmap_bin: true
   configmap_etc: true
   deployment: true
diff --git a/nagios/values_overrides/tls.yaml b/nagios/values_overrides/tls.yaml
new file mode 100644
index 000000000..ac964e0c3
--- /dev/null
+++ b/nagios/values_overrides/tls.yaml
@@ -0,0 +1,17 @@
+---
+endpoints:
+  monitoring:
+    scheme:
+      default: "https"
+    port:
+      http:
+        default: 443
+  elasticsearch:
+    scheme:
+      default: "https"
+    port:
+      http:
+        default: 443
+manifests:
+  certificates: true
+...
diff --git a/releasenotes/notes/nagios.yaml b/releasenotes/notes/nagios.yaml
index a72430ab7..72e444330 100644
--- a/releasenotes/notes/nagios.yaml
+++ b/releasenotes/notes/nagios.yaml
@@ -3,4 +3,5 @@ nagios:
   - 0.1.0 Initial Chart
   - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
   - 0.1.2 Use full image ref for docker official images
+  - 0.1.3 Mount internal TLS CA certificate
 ...