Nagios: Mount internal TLS CA certificate

Mounted internal TLS CA certificate to be able to communicate with
prometheus and elasticsearch.

Change-Id: I1fc5e1e7c46a95f50487eea5924a13bdcad51b51
This commit is contained in:
Gupta, Sangeet (sg774j) 2021-06-28 16:38:32 +00:00 committed by Sangeet Gupta
parent d067a0bb7a
commit 7057def52b
5 changed files with 29 additions and 1 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nagios description: OpenStack-Helm Nagios
name: nagios name: nagios
version: 0.1.2 version: 0.1.3
home: https://www.nagios.org home: https://www.nagios.org
sources: sources:
- https://opendev.org/openstack/openstack-helm-addons - https://opendev.org/openstack/openstack-helm-addons

View File

@ -200,6 +200,10 @@ spec:
secretKeyRef: secretKeyRef:
name: {{ $nagiosUserSecret }} name: {{ $nagiosUserSecret }}
key: NAGIOSADMIN_PASS key: NAGIOSADMIN_PASS
{{- if .Values.manifests.certificates }}
- name: CA_CERT_PATH
value: "/etc/ssl/certs/ca.crt"
{{- end }}
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp
@ -232,6 +236,7 @@ spec:
{{- end }} {{- end }}
- name: pod-var-log - name: pod-var-log
mountPath: /opt/nagios/var/log mountPath: /opt/nagios/var/log
{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal "path" "/etc/ssl/certs" "certs" tuple "ca.crt" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
emptyDir: {} emptyDir: {}
@ -247,4 +252,5 @@ spec:
configMap: configMap:
name: nagios-bin name: nagios-bin
defaultMode: 0555 defaultMode: 0555
{{- dict "enabled" .Values.manifests.certificates "name" $envAll.Values.endpoints.monitoring.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }} {{- end }}

View File

@ -88,6 +88,9 @@ endpoints:
admin: admin:
username: admin username: admin
password: changeme password: changeme
secret:
tls:
internal: prometheus-tls-api
hosts: hosts:
default: prom-metrics default: prom-metrics
public: prometheus public: prometheus
@ -282,6 +285,7 @@ pod:
cpu: "100m" cpu: "100m"
manifests: manifests:
certificates: false
configmap_bin: true configmap_bin: true
configmap_etc: true configmap_etc: true
deployment: true deployment: true

View File

@ -0,0 +1,17 @@
---
endpoints:
monitoring:
scheme:
default: "https"
port:
http:
default: 443
elasticsearch:
scheme:
default: "https"
port:
http:
default: 443
manifests:
certificates: true
...

View File

@ -3,4 +3,5 @@ nagios:
- 0.1.0 Initial Chart - 0.1.0 Initial Chart
- 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0" - 0.1.1 Change helm-toolkit dependency version to ">= 0.1.0"
- 0.1.2 Use full image ref for docker official images - 0.1.2 Use full image ref for docker official images
- 0.1.3 Mount internal TLS CA certificate
... ...