[tls] Add functionality to create service certs if internal tls enabled #620
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
stuggi
requested review from
olliewalsh
and removed request for
lewisdenny and
abays
olliewalsh
reviewed
Jan 11, 2024
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/20c38024ebbb470f8347634f31a50062 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 28m 29s |
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For services which at this point don't support TLS, cert validation
could be disabled using customService config like e.g.:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
~~~
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/keystone-operator#348
Jira: OSPRH-2183
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/neutron-operator#263
Jira: OSPRH-2197
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/glance-operator#391
Jira: OSPRH-1233
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/cinder-operator#306
Jira: OSPRH-1592
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/placement-operator#92
Jira: OSPRH-2368
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/636b29fa3ba0402b940405967cae9a2e ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 21m 37s |
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates TLS certs via cert-manager for NovaAPI, NovaMetadata and NovaNoVNCProxy when spec.tls.endpoint.internal.enabled: true Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: openstack-k8s-operators#620 Depends-On: https://github.com/openstack-k8s-operators/nova-operator/pull/TODO Jira: TODO
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Jan 11, 2024
Creates TLS certs via cert-manager for NovaAPI, NovaMetadata and NovaNoVNCProxy when spec.tls.endpoint.internal.enabled: true Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: openstack-k8s-operators#620 Depends-On: openstack-k8s-operators/nova-operator#646 Jira: OSPRH-3294
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/0a3dc6d897074b09ba0e13ae7a7b41e9 ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 34m 24s |
- creates internal CA when internal TLS enabled - adds functionality to create the certificates via CertManager for the k8s services used for the API endpoints. In follow ups when the service components allow to pass in the service certificate secrets those will be set on the component cr. Depends-On: openstack-k8s-operators/lib-common#428 Jira: OSPRH-3268
Jira: OSPRH-3268
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Feb 12, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/manila-operator#212
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Feb 12, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/manila-operator#212
Signed-off-by: Veronika Fisarova <[email protected]>
d34dh0r53
added a commit
to d34dh0r53/openstack-operator
that referenced
this pull request
Feb 12, 2024
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/barbican-operator#55
Jira: OSPRH-2349
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For services which at this point don't support TLS, cert validation
could be disabled using customService config like e.g.:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
~~~
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/keystone-operator#348
Jira: OSPRH-2183
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/neutron-operator#263
Jira: OSPRH-2197
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/glance-operator#391
Jira: OSPRH-1233
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/placement-operator#92
Jira: OSPRH-2368
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/heat-operator#300
Jira: OSPRH3851
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates TLS certs via cert-manager for NovaAPI, NovaMetadata and NovaNoVNCProxy when spec.tls.endpoint.internal.enabled: true Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: openstack-k8s-operators#620 Depends-On: openstack-k8s-operators/nova-operator#646 Jira: OSPRH-3294
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/ironic-operator#380
Depends-On: openstack-k8s-operators/tcib#126
Jira: OSPRH-4220
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/swift-operator#109
Jira: OSPRH-4371
stuggi
added a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/cinder-operator#306
Jira: OSPRH-1592
stuggi
pushed a commit
to stuggi/openstack-operator
that referenced
this pull request
Feb 13, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/manila-operator#212
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 7, 2024
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 7, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 11, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 11, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 11, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 12, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 12, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 13, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 14, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 14, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 20, 2024
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/octavia-operator#265
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 27, 2024
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/octavia-operator#265
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
added a commit
to Deydra71/openstack-operator
that referenced
this pull request
Mar 27, 2024
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/octavia-operator#265
Co-authored-by: [email protected]
Signed-off-by: Veronika Fisarova <[email protected]>
stuggi
pushed a commit
to stuggi/openstack-operator
that referenced
this pull request
Apr 9, 2024
Creates the telemetry aodh route and svc overrides.
Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:
~~~
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
~~~
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330
Signed-off-by: Veronika Fisarova <[email protected]>
stuggi
pushed a commit
to stuggi/openstack-operator
that referenced
this pull request
Apr 9, 2024
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/octavia-operator#265
Co-authored-by: [email protected]
Signed-off-by: Veronika Fisarova <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds information on created CAs for the endpoints and their expire information to the osctlplane CR:
Also refactors the nova pkg in preparation for better/easier tls cert create for metadata/vncproxy as they are not typical api endpoints.
Depends-On: openstack-k8s-operators/lib-common#428
Jira: OSPRH-3268