Nagios: Mount internal TLS CA certificate
Mounted internal TLS CA certificate to be able to communicate with prometheus and elasticsearch. Change-Id: I1fc5e1e7c46a95f50487eea5924a13bdcad51b51
This commit is contained in:
parent
d067a0bb7a
commit
7057def52b
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Nagios
|
description: OpenStack-Helm Nagios
|
||||||
name: nagios
|
name: nagios
|
||||||
version: 0.1.2
|
version: 0.1.3
|
||||||
home: https://www.nagios.org
|
home: https://www.nagios.org
|
||||||
sources:
|
sources:
|
||||||
- https://opendev.org/openstack/openstack-helm-addons
|
- https://opendev.org/openstack/openstack-helm-addons
|
||||||
|
@ -200,6 +200,10 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ $nagiosUserSecret }}
|
name: {{ $nagiosUserSecret }}
|
||||||
key: NAGIOSADMIN_PASS
|
key: NAGIOSADMIN_PASS
|
||||||
|
{{- if .Values.manifests.certificates }}
|
||||||
|
- name: CA_CERT_PATH
|
||||||
|
value: "/etc/ssl/certs/ca.crt"
|
||||||
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
mountPath: /tmp
|
mountPath: /tmp
|
||||||
@ -232,6 +236,7 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
- name: pod-var-log
|
- name: pod-var-log
|
||||||
mountPath: /opt/nagios/var/log
|
mountPath: /opt/nagios/var/log
|
||||||
|
{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal "path" "/etc/ssl/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: pod-tmp
|
- name: pod-tmp
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
@ -247,4 +252,5 @@ spec:
|
|||||||
configMap:
|
configMap:
|
||||||
name: nagios-bin
|
name: nagios-bin
|
||||||
defaultMode: 0555
|
defaultMode: 0555
|
||||||
|
{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -88,6 +88,9 @@ endpoints:
|
|||||||
admin:
|
admin:
|
||||||
username: admin
|
username: admin
|
||||||
password: changeme
|
password: changeme
|
||||||
|
secret:
|
||||||
|
tls:
|
||||||
|
internal: prometheus-tls-api
|
||||||
hosts:
|
hosts:
|
||||||
default: prom-metrics
|
default: prom-metrics
|
||||||
public: prometheus
|
public: prometheus
|
||||||
@ -282,6 +285,7 @@ pod:
|
|||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
|
|
||||||
manifests:
|
manifests:
|
||||||
|
certificates: false
|
||||||
configmap_bin: true
|
configmap_bin: true
|
||||||
configmap_etc: true
|
configmap_etc: true
|
||||||
deployment: true
|
deployment: true
|
||||||
|
17
nagios/values_overrides/tls.yaml
Normal file
17
nagios/values_overrides/tls.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
endpoints:
|
||||||
|
monitoring:
|
||||||
|
scheme:
|
||||||
|
default: "https"
|
||||||
|
port:
|
||||||
|
http:
|
||||||
|
default: 443
|
||||||
|
elasticsearch:
|
||||||
|
scheme:
|
||||||
|
default: "https"
|
||||||
|
port:
|
||||||
|
http:
|
||||||
|
default: 443
|
||||||
|
manifests:
|
||||||
|
certificates: true
|
||||||
|
...
|
@ -3,4 +3,5 @@ nagios:
|
|||||||
- 0.1.0 Initial Chart
|
- 0.1.0 Initial Chart
|
||||||
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
|
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
|
||||||
- 0.1.2 Use full image ref for docker official images
|
- 0.1.2 Use full image ref for docker official images
|
||||||
|
- 0.1.3 Mount internal TLS CA certificate
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user