openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Ingress: Add initial TLS Support for osh-infra public endpoints"

Browse Source
This commit is contained in:
Zuul 2018-06-26 23:07:28 +00:00 committed by Gerrit Code Review
commit 714bc3e6da
10 changed files with 159 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
grafana/templates/secret-ingress-tls.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "grafana" ) }}
{{- end }}

12
grafana/values.yaml
View File

@ -178,6 +178,13 @@ endpoints:
public: grafana public: grafana
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -279,6 +286,10 @@ secrets:
oslo_db_session: oslo_db_session:
admin: grafana-session-db-admin admin: grafana-session-db-admin
user: grafana-session-db-user user: grafana-session-db-user
tls:
grafana:
grafana:
public: grafana-tls-public
manifests: manifests:
configmap_bin: true configmap_bin: true
@ -294,6 +305,7 @@ manifests:
secret_db: true secret_db: true
secret_db_session: true secret_db_session: true
secret_admin_creds: true secret_admin_creds: true
secret_ingress_tls: true
service: true service: true
service_ingress: true service_ingress: true

19
kibana/templates/secret-ingress-tls.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "kibana" ) }}
{{- end }}

12
kibana/values.yaml
View File

@ -78,6 +78,10 @@ pod:
secrets: secrets:
elasticsearch: elasticsearch:
user: kibana-elasticsearch-user user: kibana-elasticsearch-user
tls:
kibana:
kibana:
public: kibana-tls-public
dependencies: dependencies:
dynamic: dynamic:
@ -166,6 +170,13 @@ endpoints:
public: kibana public: kibana
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -213,5 +224,6 @@ manifests:
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
secret_elasticsearch: true secret_elasticsearch: true
secret_ingress_tls: true
service: true service: true
service_ingress: true service_ingress: true

19
nagios/templates/secret-ingress-tls.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "nagios" ) }}
{{- end }}

12
nagios/values.yaml
View File

@ -56,6 +56,10 @@ dependencies:
secrets: secrets:
nagios: nagios:
admin: nagios-admin-creds admin: nagios-admin-creds
tls:
nagios:
nagios:
public: nagios-tls-public
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
@ -98,6 +102,13 @@ endpoints:
public: nagios public: nagios
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -182,6 +193,7 @@ manifests:
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
secret_nagios: true secret_nagios: true
secret_ingress_tls: true
service: true service: true
service_ingress: true service_ingress: true

19
prometheus-alertmanager/templates/secret-ingress-tls.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "alerts" ) }}
{{- end }}

14
prometheus-alertmanager/values.yaml
View File

@ -101,6 +101,13 @@ endpoints:
discovery: alertmanager-discovery discovery: alertmanager-discovery
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -142,6 +149,12 @@ network:
enabled: false enabled: false
port: 30903 port: 30903
secrets:
tls:
alerts:
alertmanager:
public: alerts-tls-public
storage: storage:
enabled: true enabled: true
pvc: pvc:
@ -156,6 +169,7 @@ manifests:
configmap_etc: true configmap_etc: true
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
secret_ingress_tls: true
service: true service: true
service_discovery: true service_discovery: true
service_ingress: true service_ingress: true

19
prometheus/templates/secret-ingress-tls.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "monitoring" ) }}
{{- end }}

14
prometheus/values.yaml
View File

@ -108,6 +108,13 @@ endpoints:
public: prometheus public: prometheus
host_fqdn_override: host_fqdn_override:
default: null default: null
# NOTE(srwilkers): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path: path:
default: null default: null
scheme: scheme:
@ -172,6 +179,12 @@ network:
enabled: false enabled: false
port: 30900 port: 30900
secrets:
tls:
monitoring:
prometheus:
public: prometheus-tls-public
storage: storage:
enabled: true enabled: true
pvc: pvc:
@ -187,6 +200,7 @@ manifests:
ingress: true ingress: true
helm_tests: true helm_tests: true
job_image_repo_sync: true job_image_repo_sync: true
secret_ingress_tls: true
service_ingress: true service_ingress: true
service: true service: true
statefulset_prometheus: true statefulset_prometheus: true