Skip to content

Commit

Permalink
start
Browse files Browse the repository at this point in the history
  • Loading branch information
@lmiccini
lmiccini committed Dec 6, 2024
1 parent 4dd3ceb commit c69333c
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 0 deletions.
12 changes: 12 additions & 0 deletions apis/core/v1beta1/openstackcontrolplane_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ const (
OvnDbCaName = tls.DefaultCAPrefix + "ovn"
// LibvirtCaName -
LibvirtCaName = tls.DefaultCAPrefix + "libvirt"
// MemcachedCaName -
MemcachedCaName = tls.DefaultCAPrefix + "memcached"

// GlanceName - Default Glance name
GlanceName = "glance"
Expand Down Expand Up @@ -976,6 +978,16 @@ func (instance OpenStackControlPlane) GetLibvirtIssuer() string {
return LibvirtCaName
}

// GetMemcachedIssuer - returns the memcached CA issuer name or custom if configured
func (instance OpenStackControlPlane) GetMemcachedIssuer() string {
// use custom issuer if set
if instance.Spec.TLS.PodLevel.Memcached.Ca.IsCustomIssuer() {
return *instance.Spec.TLS.PodLevel.Memcached.Ca.CustomIssuer
}

return MemcachedCaName
}

// GetDurationHours - returns the duration in hours
func (c CertConfig) GetDurationHours() string {
if c.Duration != nil {
Expand Down
77 changes: 77 additions & 0 deletions pkg/openstack/ca.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,83 @@ func ReconcileCAs(ctx context.Context, instance *corev1.OpenStackControlPlane, h
}
}

// create CA for memcached
issuerLabels = map[string]string{certmanager.RootCAIssuerMemcachedLabel: ""}
issuerAnnotations = getIssuerAnnotations(&instance.Spec.TLS.PodLevel.Memcached.Cert)
if !instance.Spec.TLS.PodLevel.Memcached.Ca.IsCustomIssuer() {
// remove issuerLabels from any custom issuer in the namespace.
err := removeIssuerLabel(
ctx,
helper,
corev1.MemcachedCaName,
instance.Namespace,
issuerLabels,
)
if err != nil {
return ctrl.Result{}, err
}

ctrlResult, err = ensureRootCA(
ctx,
instance,
helper,
issuerReq,
corev1.MemcachedCaName,
issuerLabels,
issuerAnnotations,
bundle,
caOnlyBundle,
instance.Spec.TLS.PodLevel.Memcached.Ca,
)
if err != nil {
return ctrlResult, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}
} else {
customIssuer := *instance.Spec.TLS.PodLevel.Memcached.Ca.CustomIssuer
// add CA labelselector to issuer
caCertSecretName, err := addIssuerLabelAnnotation(ctx, helper, customIssuer, instance.Namespace, issuerLabels, issuerAnnotations)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
corev1.OpenStackControlPlaneCAReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
corev1.OpenStackControlPlaneCAReadyErrorMessage,
"issuer",
customIssuer,
err.Error()))
if k8s_errors.IsNotFound(err) {
timeout := time.Second * 10
Log.Info(fmt.Sprintf("Custom Issuer %s not found, reconcile in %s", customIssuer, timeout.String()))

return ctrl.Result{RequeueAfter: timeout}, nil
}

return ctrlResult, err
}

caCert, ctrlResult, err := getCAFromSecret(ctx, instance, helper, caCertSecretName)
if err != nil {
return ctrl.Result{}, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}

ctrlResult, err = ensureCaBundles(
instance,
customIssuer,
caCert,
bundle,
caOnlyBundle,
)
if err != nil {
return ctrl.Result{}, err
} else if (ctrlResult != ctrl.Result{}) {
return ctrlResult, nil
}
}

instance.Status.Conditions.MarkTrue(corev1.OpenStackControlPlaneCAReadyCondition, corev1.OpenStackControlPlaneCAReadyMessage)

// create/update combined CA secret
Expand Down

0 comments on commit c69333c

Please sign in to comment.