starlingx/openstack-armada-app
Code Issues Proposed changes
Files
870907225315b978b6573d974b6ae13f35ee29a6
openstack-armada-app/openstack-helm/debian/deb_folder/patches/0008-Remove-mariadb-and-rabbit-tls.patch
Daniel Caires 8709072253 Fix neutron deployment with https configured 
After the OSH upversion to caracal, a new pod was being deployed
in the controller for Neutron. The rpc server was added as part
of the Neutron Helm chart deployment.

The problem was that the patches 0007 and 0008 from OSH, was
removing some information related to TLS and, because this is a
new template, the rpc-server was not included in this cleanup.

This review adds the rpc-server to the list of templates that
are being cleaned by patches 0007 and 0008.

Test Plan:
PASS - Build OSH and STX-O tarball
PASS - Deploy STX-O in a system with https enabled
PASS - Neutron rpc-server pod is running
PASS - Create Networks and launch a VM

Closes-Bug: #2103801

Change-Id: I84140bbd957ca07a0a53cde2bf58e0ededdb914d
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
2025-03-21 13:48:13 +00:00

1718 lines
104 KiB
Diff
Raw Blame History

From e1e48ee0565e06dabeaa5273cd9905d165f73671 Mon Sep 17 00:00:00 2001
From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Date: Thu, 10 Feb 2022 16:37:22 -0300
Subject: [PATCH] Remove mariadb and rabbit tls
Cinder, Glance and other services stopped communicating properly
after the rebase brought tls to mariadb and rabbit, this removes
such connections
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
[ upversioned openstack-helm base commit ]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Upversioned openstack-helm base commit to Caracal ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
[ Add changes to rpc-server deployment ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
---
cinder/templates/configmap-etc.yaml | 4 ----
.../cron-job-cinder-volume-usage-audit.yaml | 4 ----
cinder/templates/deployment-api.yaml | 4 ----
cinder/templates/deployment-backup.yaml | 4 ----
cinder/templates/deployment-scheduler.yaml | 4 ----
cinder/templates/deployment-volume.yaml | 4 ----
cinder/templates/job-db-drop.yaml | 3 ---
cinder/templates/job-db-init.yaml | 3 ---
cinder/templates/job-db-sync.yaml | 3 ---
cinder/templates/job-rabbit-init.yaml | 3 ---
cinder/templates/secret-db.yaml | 4 ----
cinder/templates/secret-rabbitmq.yaml | 3 ---
glance/templates/configmap-etc.yaml | 4 ----
glance/templates/deployment-api.yaml | 4 ----
glance/templates/job-db-drop.yaml | 3 ---
glance/templates/job-db-init.yaml | 3 ---
glance/templates/job-db-sync.yaml | 3 ---
glance/templates/job-metadefs-load.yaml | 2 --
glance/templates/job-rabbit-init.yaml | 3 ---
glance/templates/secret-db.yaml | 4 ----
glance/templates/secret-rabbitmq.yaml | 3 ---
heat/templates/configmap-etc.yaml | 4 ----
heat/templates/cron-job-engine-cleaner.yaml | 2 --
heat/templates/cron-job-purge-deleted.yaml | 2 --
heat/templates/deployment-api.yaml | 1 -
heat/templates/deployment-engine.yaml | 4 ----
heat/templates/job-db-drop.yaml | 3 ---
heat/templates/job-db-init.yaml | 3 ---
heat/templates/job-db-sync.yaml | 3 ---
heat/templates/job-rabbit-init.yaml | 3 ---
heat/templates/secret-db.yaml | 4 ----
heat/templates/secret-rabbitmq.yaml | 3 ---
horizon/templates/deployment.yaml | 2 --
horizon/templates/job-db-drop.yaml | 3 ---
horizon/templates/job-db-init.yaml | 3 ---
horizon/templates/job-db-sync.yaml | 2 --
horizon/templates/secret-db.yaml | 4 ----
horizon/values.yaml | 9 ---------
keystone/templates/bin/_cred-clean.py.tpl | 11 ++---------
keystone/templates/configmap-etc.yaml | 4 ----
keystone/templates/deployment-api.yaml | 4 ----
keystone/templates/job-credential-cleanup.yaml | 10 ----------
keystone/templates/job-db-drop.yaml | 3 ---
keystone/templates/job-db-init.yaml | 3 ---
keystone/templates/job-db-sync.yaml | 12 ------------
keystone/templates/job-rabbit-init.yaml | 3 ---
keystone/templates/secret-db.yaml | 4 ----
keystone/templates/secret-rabbitmq.yaml | 3 ---
neutron/templates/configmap-etc.yaml | 4 ----
neutron/templates/daemonset-dhcp-agent.yaml | 2 --
neutron/templates/daemonset-l2gw-agent.yaml | 2 --
neutron/templates/daemonset-l3-agent.yaml | 2 --
neutron/templates/daemonset-lb-agent.yaml | 2 --
neutron/templates/daemonset-metadata-agent.yaml | 2 --
neutron/templates/daemonset-ovs-agent.yaml | 2 --
neutron/templates/daemonset-sriov-agent.yaml | 2 --
neutron/templates/deployment-ironic-agent.yaml | 2 --
neutron/templates/deployment-rpc_server.yaml | 4 ----
neutron/templates/deployment-server.yaml | 4 ----
neutron/templates/job-db-drop.yaml | 3 ---
neutron/templates/job-db-init.yaml | 3 ---
neutron/templates/job-db-sync.yaml | 3 ---
neutron/templates/job-rabbit-init.yaml | 3 ---
neutron/templates/secret-db.yaml | 4 ----
neutron/templates/secret-rabbitmq.yaml | 3 ---
nova/templates/configmap-etc.yaml | 17 -----------------
.../cron-job-archive-deleted-rows.yaml | 2 --
nova/templates/cron-job-cell-setup.yaml | 2 --
nova/templates/daemonset-compute.yaml | 2 --
nova/templates/deployment-api-metadata.yaml | 2 --
nova/templates/deployment-api-osapi.yaml | 4 ----
nova/templates/deployment-conductor.yaml | 4 ----
nova/templates/deployment-novncproxy.yaml | 4 ----
nova/templates/deployment-scheduler.yaml | 4 ----
nova/templates/job-cell-setup.yaml | 2 --
nova/templates/job-db-drop.yaml | 3 ---
nova/templates/job-db-init.yaml | 3 ---
nova/templates/job-db-sync.yaml | 3 ---
nova/templates/job-rabbit-init.yaml | 3 ---
nova/templates/secret-db-api.yaml | 4 ----
nova/templates/secret-db-cell0.yaml | 4 ----
nova/templates/secret-db.yaml | 4 ----
nova/templates/secret-rabbitmq.yaml | 3 ---
placement/templates/configmap-etc.yaml | 4 ----
placement/templates/deployment.yaml | 2 --
placement/templates/job-db-drop.yaml | 3 ---
placement/templates/job-db-init.yaml | 3 ---
placement/templates/job-db-sync.yaml | 5 +----
placement/templates/secret-db.yaml | 4 ----
89 files changed, 3 insertions(+), 319 deletions(-)
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
index 1a26cc4f..2e83f374 100644
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@@ -74,12 +74,8 @@ limitations under the License.
{{- if empty .Values.conf.cinder.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.cinder.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.cinder.database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "cinder" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" -}}
diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
index 0c2c6bac..89ac96c7 100644
--- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
+++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
@@ -91,8 +91,6 @@ spec:
subPath: volume-usage-audit.sh
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.public "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }}
volumes:
- name: pod-tmp
@@ -108,7 +106,5 @@ spec:
name: cinder-bin
defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index ea31f7e7..ef203335 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -156,9 +156,7 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -177,8 +175,6 @@ spec:
- name: cinder-coordination
emptyDir: {}
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index 36574466..ae1d21fc 100644
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -283,8 +283,6 @@ spec:
mountPath: /usr/local/sbin/iscsiadm
subPath: iscsiadm
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -361,7 +359,5 @@ spec:
- name: usrlocalsbin
emptyDir: {}
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index 68c6cb6d..008561c2 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -109,8 +109,6 @@ spec:
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -130,7 +128,5 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index 65f7677f..fe0b3321 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -283,8 +283,6 @@ spec:
{{- end }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -351,8 +349,6 @@ spec:
hostPath:
path: /sys
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/job-db-drop.yaml b/cinder/templates/job-db-drop.yaml
index 1115af50..86c7e710 100644
--- a/cinder/templates/job-db-drop.yaml
+++ b/cinder/templates/job-db-drop.yaml
@@ -14,9 +14,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "cinder" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.cinder.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml
index c7e450ad..46071c9b 100644
--- a/cinder/templates/job-db-init.yaml
+++ b/cinder/templates/job-db-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "cinder" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml
index 1bab87b0..69ee540d 100644
--- a/cinder/templates/job-db-sync.yaml
+++ b/cinder/templates/job-db-sync.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "cinder" "podVolMounts" .Values.pod.mounts.cinder_db_sync.cinder_db_sync.volumeMounts "podVols" .Values.pod.mounts.cinder_db_sync.cinder_db_sync.volumes -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
diff --git a/cinder/templates/job-rabbit-init.yaml b/cinder/templates/job-rabbit-init.yaml
index 43d23922..85b49514 100644
--- a/cinder/templates/job-rabbit-init.yaml
+++ b/cinder/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "cinder" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/cinder/templates/secret-db.yaml b/cinder/templates/secret-db.yaml
index ce8cfbc8..1291f34a 100644
--- a/cinder/templates/secret-db.yaml
+++ b/cinder/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/cinder/templates/secret-rabbitmq.yaml b/cinder/templates/secret-rabbitmq.yaml
index 776e0193..73063493 100644
--- a/cinder/templates/secret-rabbitmq.yaml
+++ b/cinder/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
index a7fa0452..63c530c7 100644
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@@ -57,12 +57,8 @@ limitations under the License.
{{- if empty .Values.conf.glance.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.glance.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.glance.database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" -}}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index e41e5a2e..3b285b16 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -264,9 +264,7 @@ spec:
subPath: key
readOnly: true
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -324,8 +322,6 @@ spec:
hostPath:
path: /sys
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_glance_api.volumes }}{{ toYaml $mounts_glance_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/glance/templates/job-db-drop.yaml b/glance/templates/job-db-drop.yaml
index 66f3a189..1f24b0c6 100644
--- a/glance/templates/job-db-drop.yaml
+++ b/glance/templates/job-db-drop.yaml
@@ -16,9 +16,6 @@ limitations under the License.
{{- $serviceName := "glance" -}}
{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName "glance-api" ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.glance.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml
index 6f797814..4a947ef5 100644
--- a/glance/templates/job-db-init.yaml
+++ b/glance/templates/job-db-init.yaml
@@ -21,9 +21,6 @@ helm.sh/hook-weight: "-5"
{{- $serviceName := "glance" -}}
{{- $dbToInit := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName "glance-api" ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbToInit" $dbToInit -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml
index 1434edd1..529199b7 100644
--- a/glance/templates/job-db-sync.yaml
+++ b/glance/templates/job-db-sync.yaml
@@ -20,9 +20,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_db_sync }}
{{- $dbToSync := index . "dbToSync" | default ( dict "configFile" (printf "/etc/%s/%s.conf" "glance" "glance-api" ) "logConfigFile" (printf "/etc/%s/logging.conf" "glance" ) "image" ( index .Values.images.tags ( printf "%s_db_sync" "glance" )) ) -}}
{{- $dbSyncJob := dict "envAll" . "serviceName" "glance" "podVolMounts" .Values.pod.mounts.glance_db_sync.glance_db_sync.volumeMounts "podVols" .Values.pod.mounts.glance_db_sync.glance_db_sync.volumes "dbToSync" $dbToSync -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
diff --git a/glance/templates/job-metadefs-load.yaml b/glance/templates/job-metadefs-load.yaml
index ca6081fb..0f2cff69 100644
--- a/glance/templates/job-metadefs-load.yaml
+++ b/glance/templates/job-metadefs-load.yaml
@@ -85,7 +85,6 @@ spec:
subPath: {{ base .Values.conf.glance.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -99,5 +98,4 @@ spec:
secret:
secretName: glance-etc
defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
diff --git a/glance/templates/job-rabbit-init.yaml b/glance/templates/job-rabbit-init.yaml
index 6bd14d6e..5e1d0e57 100644
--- a/glance/templates/job-rabbit-init.yaml
+++ b/glance/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "glance" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/glance/templates/secret-db.yaml b/glance/templates/secret-db.yaml
index f8962ea9..e7ebda47 100644
--- a/glance/templates/secret-db.yaml
+++ b/glance/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/glance/templates/secret-rabbitmq.yaml b/glance/templates/secret-rabbitmq.yaml
index ae34930a..1120f512 100644
--- a/glance/templates/secret-rabbitmq.yaml
+++ b/glance/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml
index a14d087a..b90bba6e 100644
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@@ -80,12 +80,8 @@ limitations under the License.
{{- if empty .Values.conf.heat.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.heat.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.heat.database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" -}}
diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml
index 51b5b281..5e425167 100644
--- a/heat/templates/cron-job-engine-cleaner.yaml
+++ b/heat/templates/cron-job-engine-cleaner.yaml
@@ -94,7 +94,6 @@ spec:
readOnly: true
{{ end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
{{ if $mounts_heat_engine_cleaner.volumeMounts }}{{ toYaml $mounts_heat_engine_cleaner.volumeMounts | indent 14 }}{{ end }}
volumes:
- name: pod-tmp
@@ -106,7 +105,6 @@ spec:
secretName: heat-etc
defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
- name: heat-bin
configMap:
name: heat-bin
diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml
index 1c6226b3..9e3be164 100644
--- a/heat/templates/cron-job-purge-deleted.yaml
+++ b/heat/templates/cron-job-purge-deleted.yaml
@@ -88,7 +88,6 @@ spec:
readOnly: true
{{ end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
{{ if $mounts_heat_purge_deleted.volumeMounts }}{{ toYaml $mounts_heat_purge_deleted.volumeMounts | indent 14 }}{{ end }}
volumes:
- name: pod-tmp
@@ -100,7 +99,6 @@ spec:
secretName: heat-etc
defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
- name: heat-bin
configMap:
name: heat-bin
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index cf1876d0..e4c6b1de 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -130,7 +130,6 @@ spec:
subPath: api_audit_map.conf
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_heat_api.volumeMounts }}{{ toYaml $mounts_heat_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml
index ec705374..cee5d4f7 100644
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@@ -108,9 +108,7 @@ spec:
mountPath: /etc/heat/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_heat_engine.volumeMounts }}{{ toYaml $mounts_heat_engine.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -125,8 +123,6 @@ spec:
secret:
secretName: heat-etc
defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_heat_engine.volumes }}{{ toYaml $mounts_heat_engine.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/heat/templates/job-db-drop.yaml b/heat/templates/job-db-drop.yaml
index 7caa9619..c3a7c35d 100644
--- a/heat/templates/job-db-drop.yaml
+++ b/heat/templates/job-db-drop.yaml
@@ -14,9 +14,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "heat" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.heat.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml
index 442a2fa4..0a6cbb33 100644
--- a/heat/templates/job-db-init.yaml
+++ b/heat/templates/job-db-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "heat" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml
index a25faf84..668f8a0d 100644
--- a/heat/templates/job-db-sync.yaml
+++ b/heat/templates/job-db-sync.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "heat" "podVolMounts" .Values.pod.mounts.heat_db_sync.heat_db_sync.volumeMounts "podVols" .Values.pod.mounts.heat_db_sync.heat_db_sync.volumes -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
diff --git a/heat/templates/job-rabbit-init.yaml b/heat/templates/job-rabbit-init.yaml
index bd6b228c..161a5aaa 100644
--- a/heat/templates/job-rabbit-init.yaml
+++ b/heat/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "heat" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/heat/templates/secret-db.yaml b/heat/templates/secret-db.yaml
index 2a89ab8c..fbf368af 100644
--- a/heat/templates/secret-db.yaml
+++ b/heat/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/heat/templates/secret-rabbitmq.yaml b/heat/templates/secret-rabbitmq.yaml
index 7aa12371..91627ac9 100644
--- a/heat/templates/secret-rabbitmq.yaml
+++ b/heat/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index 32013af7..bd6db03b 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -174,7 +174,6 @@ spec:
subPath: favicon.ico
{{- end }}
{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -196,7 +195,6 @@ spec:
configMap:
name: horizon-logo
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_horizon.volumes }}{{ toYaml $mounts_horizon.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/horizon/templates/job-db-drop.yaml b/horizon/templates/job-db-drop.yaml
index 6f761d7c..858abc1f 100644
--- a/horizon/templates/job-db-drop.yaml
+++ b/horizon/templates/job-db-drop.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $dbToDrop := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -}}
{{- $dbDropJob := dict "envAll" . "serviceName" "horizon" "dbToDrop" $dbToDrop -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.horizon.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/horizon/templates/job-db-init.yaml b/horizon/templates/job-db-init.yaml
index 67169b53..3374984b 100644
--- a/horizon/templates/job-db-init.yaml
+++ b/horizon/templates/job-db-init.yaml
@@ -20,9 +20,6 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.job_db_init }}
{{- $dbToInit := dict "inputType" "secret" "adminSecret" .Values.secrets.oslo_db.admin "userSecret" .Values.secrets.oslo_db.horizon -}}
{{- $dbInitJob := dict "envAll" . "serviceName" "horizon" "dbToInit" $dbToInit -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/horizon/templates/job-db-sync.yaml b/horizon/templates/job-db-sync.yaml
index c2229cdd..6805bfa9 100644
--- a/horizon/templates/job-db-sync.yaml
+++ b/horizon/templates/job-db-sync.yaml
@@ -71,7 +71,6 @@ spec:
mountPath: /tmp/manage.py
subPath: manage.py
readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 10 }}
{{ if $mounts_horizon_db_sync.volumeMounts }}{{ toYaml $mounts_horizon_db_sync.volumeMounts | indent 10 }}{{ end }}
volumes:
- name: horizon-etc
@@ -82,6 +81,5 @@ spec:
configMap:
name: horizon-bin
defaultMode: 0555
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 6 }}
{{ if $mounts_horizon_db_sync.volumes }}{{ toYaml $mounts_horizon_db_sync.volumes | indent 6 }}{{ end }}
{{- end }}
diff --git a/horizon/templates/secret-db.yaml b/horizon/templates/secret-db.yaml
index cd4d3107..7f99c555 100644
--- a/horizon/templates/secret-db.yaml
+++ b/horizon/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index a4033a5c..cc45777b 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -407,15 +407,6 @@ conf:
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
'default-character-set': 'utf8',
- {{- if .Values.manifests.certificates }}
- 'OPTIONS':{
- 'ssl': {
- 'ca': '/etc/mysql/certs/ca.crt',
- 'cert': '/etc/mysql/certs/tls.crt',
- 'key': '/etc/mysql/certs/tls.key'
- }
- },
- {{- end }}
'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'
}
}
diff --git a/keystone/templates/bin/_cred-clean.py.tpl b/keystone/templates/bin/_cred-clean.py.tpl
index e01c3fc3..8dd1e008 100644
--- a/keystone/templates/bin/_cred-clean.py.tpl
+++ b/keystone/templates/bin/_cred-clean.py.tpl
@@ -52,13 +52,6 @@ else:
logger.critical('environment variable ROOT_DB_CONNECTION not set')
sys.exit(1)
-mysql_x509 = os.getenv('MARIADB_X509', "")
-ssl_args = {}
-if mysql_x509:
- ssl_args = {'ssl': {'ca': '/etc/mysql/certs/ca.crt',
- 'key': '/etc/mysql/certs/tls.key',
- 'cert': '/etc/mysql/certs/tls.crt'}}
-
# Get the connection string for the service db
if "OPENSTACK_CONFIG_FILE" in os.environ:
os_conf = os.environ['OPENSTACK_CONFIG_FILE']
@@ -103,7 +96,7 @@ try:
port = root_engine_full.url.port
root_engine_url = ''.join([drivername, '://', root_user, ':',
root_password, '@', host, ':', str(port)])
- root_engine = create_engine(root_engine_url, connect_args=ssl_args)
+ root_engine = create_engine(root_engine_url)
connection = root_engine.connect()
connection.close()
logger.info("Tested connection to DB @ {0}:{1} as {2}".format(
@@ -114,7 +107,7 @@ except:
# User DB engine
try:
- user_engine = create_engine(user_db_conn, connect_args=ssl_args)
+ user_engine = create_engine(user_db_conn)
# Get our user data out of the user_engine
database = user_engine.url.database
user = user_engine.url.username
diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml
index cde64386..0c2e9e38 100644
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@@ -23,12 +23,8 @@ limitations under the License.
{{- if empty .Values.conf.keystone.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "keystone" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.keystone.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.keystone.database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" -}}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 7130ecaf..86eb0dce 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -151,11 +151,9 @@ spec:
{{- end }}
- name: keystone-credential-keys
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
-{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
-{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -190,11 +188,9 @@ spec:
- name: keystone-credential-keys
secret:
secretName: keystone-credential-keys
-{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
-{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml
index 9f268027..37a161ef 100644
--- a/keystone/templates/job-credential-cleanup.yaml
+++ b/keystone/templates/job-credential-cleanup.yaml
@@ -73,10 +73,6 @@ spec:
value: {{ $dbToClean.configDbSection | quote }}
- name: OPENSTACK_CONFIG_DB_KEY
value: {{ $dbToClean.configDbKey | quote }}
-{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
- - name: MARIADB_X509
- value: "REQUIRE X509"
{{- end }}
command:
- python
@@ -99,9 +95,6 @@ spec:
mountPath: {{ $dbToClean.logConfigFile | quote }}
subPath: {{ base $dbToClean.logConfigFile | quote }}
readOnly: true
-{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
volumes:
- name: pod-tmp
@@ -110,9 +103,6 @@ spec:
configMap:
name: "keystone-bin"
defaultMode: 0555
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- end }}
{{- $local := dict "configMapBinFirst" true -}}
{{- $dbToCleanType := default "oslo" $dbToClean.inputType }}
{{- if and (eq $dbToCleanType "oslo") $local.configMapBinFirst }}
diff --git a/keystone/templates/job-db-drop.yaml b/keystone/templates/job-db-drop.yaml
index df270ff6..59802548 100644
--- a/keystone/templates/job-db-drop.yaml
+++ b/keystone/templates/job-db-drop.yaml
@@ -14,9 +14,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "keystone" -}}
-{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml
index 757b705e..42f25c6f 100644
--- a/keystone/templates/job-db-init.yaml
+++ b/keystone/templates/job-db-init.yaml
@@ -21,9 +21,6 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}}
-{{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}}
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
index 37db4464..a813e299 100644
--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@@ -57,12 +57,6 @@ volumeMounts:
- name: keystone-fernet-keys
mountPath: {{ $envAll.Values.conf.keystone.fernet_tokens.key_repository }}
readOnly: true
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }}
-{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }}
-{{- end }}
{{- end }}
{{- define "keystone.templates._job_db_sync.pod_vols" -}}
@@ -71,12 +65,6 @@ volumes:
- name: keystone-fernet-keys
secret:
secretName: keystone-fernet-keys
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }}
-{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }}
-{{- end }}
{{- end }}
{{- if .Values.manifests.job_db_sync }}
diff --git a/keystone/templates/job-rabbit-init.yaml b/keystone/templates/job-rabbit-init.yaml
index e07bd1e4..64234cc0 100644
--- a/keystone/templates/job-rabbit-init.yaml
+++ b/keystone/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
-{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}}
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/keystone/templates/secret-db.yaml b/keystone/templates/secret-db.yaml
index 3a11383a..be035966 100644
--- a/keystone/templates/secret-db.yaml
+++ b/keystone/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/keystone/templates/secret-rabbitmq.yaml b/keystone/templates/secret-rabbitmq.yaml
index fe5cad4b..162ae4d4 100644
--- a/keystone/templates/secret-rabbitmq.yaml
+++ b/keystone/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml
index 0fd7aa3a..cdd97729 100644
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@@ -59,11 +59,7 @@ limitations under the License.
{{- if empty $envAll.Values.conf.neutron.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.neutron.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.neutron.database "connection" $connection -}}
-{{- end -}}
{{- end }}
{{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}}
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 17e15f8e..4a586673 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -245,7 +245,6 @@ spec:
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -274,7 +273,6 @@ spec:
hostPath:
path: /run/netns
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_dhcp_agent.volumes }}{{ toYaml $mounts_neutron_dhcp_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml
index e9481981..95447074 100644
--- a/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/neutron/templates/daemonset-l2gw-agent.yaml
@@ -136,7 +136,6 @@ spec:
mountPath: /etc/neutron/l2gw_agent.ini
subPath: l2gw_agent.ini
readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -151,7 +150,6 @@ spec:
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index b4bbd096..5bddd62b 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -245,7 +245,6 @@ spec:
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -277,7 +276,6 @@ spec:
hostPath:
path: /run/netns
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index 35ff8fe0..a7437b37 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -199,7 +199,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -222,7 +221,6 @@ spec:
- name: host-rootfs
hostPath:
path: /
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 4625765a..4319886c 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -194,7 +194,6 @@ spec:
mountPropagation: Bidirectional
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -218,7 +217,6 @@ spec:
path: /run/netns
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 0ea60f58..a5ed5345 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -279,7 +279,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -310,7 +309,6 @@ spec:
path: /sys/bus/pci/devices
type: Directory
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_ovs_agent.volumes }}{{ toYaml $mounts_neutron_ovs_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index 5b96cd7c..07f5931c 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -213,7 +213,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: host-sys-class-net
@@ -239,7 +238,6 @@ spec:
- name: run
hostPath:
path: /run
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_sriov_agent.volumes }}{{ toYaml $mounts_neutron_sriov_agent.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
index 014c9adf..90d95d19 100644
--- a/neutron/templates/deployment-ironic-agent.yaml
+++ b/neutron/templates/deployment-ironic-agent.yaml
@@ -97,7 +97,6 @@ spec:
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_ironic_agent.volumeMounts }}{{ toYaml $mounts_neutron_ironic_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -112,6 +111,5 @@ spec:
secret:
secretName: neutron-etc
defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/neutron/templates/deployment-rpc_server.yaml b/neutron/templates/deployment-rpc_server.yaml
index a8a111d7..ca0cab62 100644
--- a/neutron/templates/deployment-rpc_server.yaml
+++ b/neutron/templates/deployment-rpc_server.yaml
@@ -193,9 +193,7 @@ spec:
mountPath: /etc/neutron/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_rpc_server.volumeMounts }}{{ toYaml $mounts_neutron_rpc_server.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -220,8 +218,6 @@ spec:
- name: neutron-plugin-shared
emptyDir: {}
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_rpc_server.volumes }}{{ toYaml $mounts_neutron_rpc_server.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 6b236a33..f8a2492b 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -209,9 +209,7 @@ spec:
mountPath: /etc/neutron/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -232,8 +230,6 @@ spec:
- name: neutron-plugin-shared
emptyDir: {}
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/neutron/templates/job-db-drop.yaml b/neutron/templates/job-db-drop.yaml
index 67d4174d..5acedf1d 100644
--- a/neutron/templates/job-db-drop.yaml
+++ b/neutron/templates/job-db-drop.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "neutron" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.neutron.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/neutron/templates/job-db-init.yaml b/neutron/templates/job-db-init.yaml
index 184ec97d..caf8b359 100644
--- a/neutron/templates/job-db-init.yaml
+++ b/neutron/templates/job-db-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "neutron" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml
index 1d224079..f3e3320e 100644
--- a/neutron/templates/job-db-sync.yaml
+++ b/neutron/templates/job-db-sync.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "neutron" "podVolMounts" .Values.pod.mounts.neutron_db_sync.neutron_db_sync.volumeMounts "podVols" .Values.pod.mounts.neutron_db_sync.neutron_db_sync.volumes -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
diff --git a/neutron/templates/job-rabbit-init.yaml b/neutron/templates/job-rabbit-init.yaml
index 0d08170d..685ee774 100644
--- a/neutron/templates/job-rabbit-init.yaml
+++ b/neutron/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "neutron" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/neutron/templates/secret-db.yaml b/neutron/templates/secret-db.yaml
index 59d6d9c5..5e42748c 100644
--- a/neutron/templates/secret-db.yaml
+++ b/neutron/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/neutron/templates/secret-rabbitmq.yaml b/neutron/templates/secret-rabbitmq.yaml
index fd3e24fb..aa7266a1 100644
--- a/neutron/templates/secret-rabbitmq.yaml
+++ b/neutron/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 6f00a1ce..f1bba9c3 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -83,30 +83,18 @@ limitations under the License.
{{- if empty .Values.conf.nova.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.nova.database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.nova.database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.nova.api_database.connection -}}
{{- $connection := tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.nova.api_database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.nova.api_database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.nova.cell0_database.connection -}}
{{- $connection := tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.nova.cell0_database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.nova.cell0_database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" -}}
@@ -344,11 +332,6 @@ data:
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
nova-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_api_uwsgi | b64enc }}
nova-metadata-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_metadata_uwsgi | b64enc }}
-{{- if .Values.manifests.certificates }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_nova_api "key" "wsgi-api.conf" "format" "Secret" ) | indent 2 }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_nova_metadata "key" "wsgi-metadata.conf" "format" "Secret" ) | indent 2 }}
-{{- end }}
{{- if .Values.conf.security }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.security "key" "security.conf" "format" "Secret" ) | indent 2 }}
{{- end }}
diff --git a/nova/templates/cron-job-archive-deleted-rows.yaml b/nova/templates/cron-job-archive-deleted-rows.yaml
index 7316b3ac..9e62bbdb 100644
--- a/nova/templates/cron-job-archive-deleted-rows.yaml
+++ b/nova/templates/cron-job-archive-deleted-rows.yaml
@@ -80,7 +80,6 @@ spec:
readOnly: true
subPath: archive-deleted-rows.sh
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -92,5 +91,4 @@ spec:
secret:
secretName: nova-etc
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }}
diff --git a/nova/templates/cron-job-cell-setup.yaml b/nova/templates/cron-job-cell-setup.yaml
index b90b84e8..cb4e58c2 100644
--- a/nova/templates/cron-job-cell-setup.yaml
+++ b/nova/templates/cron-job-cell-setup.yaml
@@ -88,7 +88,6 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
volumes:
- name: pod-tmp
@@ -104,6 +103,5 @@ spec:
name: nova-bin
defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index 5b52745f..e4a6a506 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -449,7 +449,6 @@ spec:
readOnly: true
{{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.network.ssh.enabled }}
- name: nova-compute-ssh
@@ -564,7 +563,6 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
{{- end }}
{{- end }}
diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
index ee5e38ea..066ef7ba 100644
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@@ -183,7 +183,6 @@ spec:
- name: pod-shared
mountPath: /tmp/pod-shared
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -203,7 +202,6 @@ spec:
defaultMode: 0444
- name: pod-shared
emptyDir: {}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
index 04d70533..7aceeca1 100644
--- a/nova/templates/deployment-api-osapi.yaml
+++ b/nova/templates/deployment-api-osapi.yaml
@@ -131,9 +131,7 @@ spec:
mountPath: /etc/nova/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -152,8 +150,6 @@ spec:
secret:
secretName: nova-etc
defaultMode: 0444
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 44ed2858..7cffbcc2 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -124,8 +124,6 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -139,7 +137,5 @@ spec:
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index aa547263..1491bffe 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -151,9 +151,7 @@ spec:
readOnly: true
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -176,8 +174,6 @@ spec:
secretName: {{ .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal }}
defaultMode: 0444
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index d3f4095c..ebc627af 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -123,9 +123,7 @@ spec:
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -138,8 +136,6 @@ spec:
secret:
secretName: nova-etc
defaultMode: 0444
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml
index 6ad23f63..301a2974 100644
--- a/nova/templates/job-cell-setup.yaml
+++ b/nova/templates/job-cell-setup.yaml
@@ -112,7 +112,6 @@ spec:
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
@@ -127,7 +126,6 @@ spec:
configMap:
name: nova-bin
defaultMode: 0555
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
---
kind: ClusterRole
diff --git a/nova/templates/job-db-drop.yaml b/nova/templates/job-db-drop.yaml
index b0471ef2..9acd5487 100644
--- a/nova/templates/job-db-drop.yaml
+++ b/nova/templates/job-db-drop.yaml
@@ -19,9 +19,6 @@ limitations under the License.
{{- $dbCell := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "cell0_database" "configDbKey" "connection" -}}
{{- $dbsToDrop := list $dbSvc $dbApi $dbCell }}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbsToDrop" $dbsToDrop -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.nova.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/nova/templates/job-db-init.yaml b/nova/templates/job-db-init.yaml
index 72b0a808..ba3ff300 100644
--- a/nova/templates/job-db-init.yaml
+++ b/nova/templates/job-db-init.yaml
@@ -24,9 +24,6 @@ helm.sh/hook-weight: "-5"
{{- $dbCell := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "cell0_database" "configDbKey" "connection" -}}
{{- $dbsToInit := list $dbSvc $dbApi $dbCell }}
{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml
index 061e18f1..c21a8312 100644
--- a/nova/templates/job-db-sync.yaml
+++ b/nova/templates/job-db-sync.yaml
@@ -40,9 +40,6 @@ env:
{{- if .Values.manifests.job_db_sync }}
{{- $podEnvVars := include "nova.templates._job_db_sync.env_vars" (tuple .) | toString | fromYaml }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "nova" "podVolMounts" .Values.pod.mounts.nova_db_sync.nova_db_sync.volumeMounts "podVols" .Values.pod.mounts.nova_db_sync.nova_db_sync.volumes "podEnvVars" $podEnvVars.env -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
diff --git a/nova/templates/job-rabbit-init.yaml b/nova/templates/job-rabbit-init.yaml
index b5133d30..021801f8 100644
--- a/nova/templates/job-rabbit-init.yaml
+++ b/nova/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "nova" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/nova/templates/secret-db-api.yaml b/nova/templates/secret-db-api.yaml
index de537031..6eba7f5b 100644
--- a/nova/templates/secret-db-api.yaml
+++ b/nova/templates/secret-db-api.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db_api" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret-db-cell0.yaml b/nova/templates/secret-db-cell0.yaml
index ac74bf94..ce97fedc 100644
--- a/nova/templates/secret-db-cell0.yaml
+++ b/nova/templates/secret-db-cell0.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db_cell0" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret-db.yaml b/nova/templates/secret-db.yaml
index 885cae19..2bc0471c 100644
--- a/nova/templates/secret-db.yaml
+++ b/nova/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret-rabbitmq.yaml b/nova/templates/secret-rabbitmq.yaml
index 32f21690..87f0072c 100644
--- a/nova/templates/secret-rabbitmq.yaml
+++ b/nova/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
{{- $rabbitmqProtocol := "http" }}
-{{- if $envAll.Values.manifests.certificates }}
-{{- $rabbitmqProtocol = "https" }}
-{{- end }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/placement/templates/configmap-etc.yaml b/placement/templates/configmap-etc.yaml
index c5880af2..e0053dde 100644
--- a/placement/templates/configmap-etc.yaml
+++ b/placement/templates/configmap-etc.yaml
@@ -19,12 +19,8 @@ limitations under the License.
{{- if empty .Values.conf.placement.placement_database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "placement" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | set .Values.conf.placement.placement_database "connection" -}}
-{{- else -}}
{{- $_ := set .Values.conf.placement.placement_database "connection" $connection -}}
{{- end -}}
-{{- end -}}
{{- if empty .Values.conf.placement.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_uri" -}}
diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
index 72800a05..de666892 100644
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@@ -140,7 +140,6 @@ spec:
- name: log
mountPath: {{ .Values.conf.placement.DEFAULT.log_dir }}
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_placement.volumeMounts }}{{ toYaml $mounts_placement.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -162,7 +161,6 @@ spec:
path: {{ .Values.conf.placement.DEFAULT.log_dir }}
type: DirectoryOrCreate
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_placement.volumes }}{{ toYaml $mounts_placement.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/placement/templates/job-db-drop.yaml b/placement/templates/job-db-drop.yaml
index f6e26e73..5f2001ce 100644
--- a/placement/templates/job-db-drop.yaml
+++ b/placement/templates/job-db-drop.yaml
@@ -17,9 +17,6 @@ limitations under the License.
{{- if .Values.manifests.job_db_drop }}
{{- $serviceName := "placement" -}}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.placement.enabled -}}
{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/placement/templates/job-db-init.yaml b/placement/templates/job-db-init.yaml
index 6edd4175..60667953 100644
--- a/placement/templates/job-db-init.yaml
+++ b/placement/templates/job-db-init.yaml
@@ -24,9 +24,6 @@ helm.sh/hook-weight: "-5"
{{- $dbApi := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "placement_database" "configDbKey" "connection" -}}
{{- $dbsToInit := list $dbApi }}
{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}}
{{- end }}
diff --git a/placement/templates/job-db-sync.yaml b/placement/templates/job-db-sync.yaml
index fea53d97..53807502 100644
--- a/placement/templates/job-db-sync.yaml
+++ b/placement/templates/job-db-sync.yaml
@@ -21,9 +21,6 @@ helm.sh/hook-weight: "-3"
{{- if .Values.manifests.job_db_sync }}
{{- $dbSyncJob := dict "envAll" . "serviceName" "placement" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
@@ -31,4 +28,4 @@ helm.sh/hook-weight: "-3"
{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/placement/templates/secret-db.yaml b/placement/templates/secret-db.yaml
index 0e9214c4..44797b85 100644
--- a/placement/templates/secret-db.yaml
+++ b/placement/templates/secret-db.yaml
@@ -28,10 +28,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
- DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
-{{- else }}
DB_CONNECTION: {{ $connection | b64enc -}}
{{- end }}
{{- end }}
-{{- end }}
--
2.34.1
View Git Blame Copy Permalink