[tlse] internal TLS support for octavia #715
Conversation
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/dd0c3cb22b604b7c97f422df58d55513 ❌ openstack-k8s-operators-content-provider FAILURE in 8m 14s |
pkg/openstack/octavia.go
Outdated
| @@ -104,6 +110,10 @@ func ReconcileOctavia(ctx context.Context, instance *corev1beta1.OpenStackContro | |||
| instance.Spec.Octavia.Template.OctaviaAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides() | |||
| } | |||
|
|
|||
| // update TLS settings with cert secret | |||
| instance.Spec.Octavia.Template.OctaviaAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic) | |||
There was a problem hiding this comment.
endpointDetails is not defined in this scope
There was a problem hiding this comment.
hope you don't mind - I've pushed a fix (guessing that's should have been in the if block) and updated octavia-operator as the PR has now merged
There was a problem hiding this comment.
Cool, thanks! I stashed them and put you as a co-author.
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/bcc43881ec944947b582b35c530c314a ✔️ openstack-k8s-operators-content-provider SUCCESS in 19m 12s |
Deydra71
force-pushed
the
tls-support-octavia
branch
from
63d2635 to
0ecee7e
Compare
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/octavia-operator#265
Co-authored-by: [email protected]
Signed-off-by: Veronika Fisarova <[email protected]>
Deydra71
force-pushed
the
tls-support-octavia
branch
from
0ecee7e to
9738341
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/eee5b7f0d126403ca60526180d6f13b6 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 29m 11s |
|
recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/10d9775eca6d4806ad3346c8f34edc6c ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 36m 56s |
|
recheck |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Deydra71, olliewalsh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/fe3b2ca064aa4d3f9db1c419acddfbc1 ✔️ openstack-k8s-operators-content-provider SUCCESS in 4h 24m 45s |
|
recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/607392401d4b4ad6ae3d1c20f5879881 ❌ openstack-k8s-operators-content-provider FAILURE in 12m 24s |
|
recheck |
openshift-merge-bot
bot
merged commit 9af21c8
into
openstack-k8s-operators:main
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true
For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:
customServiceConfig: |
[keystone_authtoken]
insecure = true
[placement]
insecure = true
[neutron]
insecure = true
[glance]
insecure = true
[cinder]
insecure = true
Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: #620
Depends-On: openstack-k8s-operators/octavia-operator#265