Skip to content

Commit

Permalink
Revert "Cert management"
Browse files Browse the repository at this point in the history
  • Loading branch information
@beagles
beagles authored Nov 30, 2023
1 parent f7663b9 commit ef275b8
Show file tree
Hide file tree
Showing 11 changed files with 24 additions and 384 deletions.
10 changes: 2 additions & 8 deletions api/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,9 @@ spec:
description: OctaviaAmphoraControllerSpec defines common state for all
Octavia Amphora Controllers
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing certs
for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image URL
Expand Down
30 changes: 6 additions & 24 deletions api/bases/octavia.openstack.org_octavias.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,15 +456,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -638,15 +632,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -820,15 +808,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down
10 changes: 2 additions & 8 deletions api/v1beta1/amphoracontroller_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,16 +77,10 @@ type OctaviaAmphoraControllerSpec struct {
// Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword
Secret string `json:"secret"`

// +kubebuilder:validation:Required
// +kubebuilder:default=octavia-certs-secret
// LoadBalancerCerts - Secret containing certs for securing communication with amphora based Load Balancers
// *kubebuilder:validation:Required
// Secret containing certs for securing communication with amphora based Load Balancers
LoadBalancerCerts string `json:"certssecret"`

// +kubebuilder:validation:Optional
// +kubebuilder:default=octavia-ca-passphrase
// Name of secret containing passphrase for the CA private keys
CAKeyPassphraseSecret string `json:"certspassphrasesecret"`

// +kubebuilder:validation:Optional
// +kubebuilder:default={database: OctaviaDatabasePassword, service: OctaviaPassword}
// PasswordSelectors - Selectors to identify the DB and AdminUser password from the Secret
Expand Down
10 changes: 2 additions & 8 deletions config/crd/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,9 @@ spec:
description: OctaviaAmphoraControllerSpec defines common state for all
Octavia Amphora Controllers
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing certs
for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image URL
Expand Down
30 changes: 6 additions & 24 deletions config/crd/bases/octavia.openstack.org_octavias.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,15 +456,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -638,15 +632,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -820,15 +808,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down
6 changes: 3 additions & 3 deletions config/samples/octavia_v1beta1_octavia.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: housekeeping
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand All @@ -33,7 +33,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: healthmanager
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand All @@ -45,7 +45,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: worker
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand Down
29 changes: 2 additions & 27 deletions controllers/amphoracontroller_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/labels"
nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"

keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
Expand Down Expand Up @@ -254,17 +253,6 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context
return ctrl.Result{}, err
}

err = amphoracontrollers.EnsureAmphoraCerts(ctx, instance, helper, &Log)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.ServiceConfigReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}

instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)

//
Expand Down Expand Up @@ -429,25 +417,12 @@ func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps(
if err != nil {
return err
}
caPassSecret, _, err := secret.GetSecret(
ctx, helper, instance.Spec.CAKeyPassphraseSecret, instance.Namespace)
if err != nil {
return err
}
spec := instance.Spec
templateParameters["ServiceUser"] = spec.ServiceUser
templateParameters["ServiceUser"] = instance.Spec.ServiceUser
templateParameters["KeystoneInternalURL"] = keystoneInternalURL
templateParameters["KeystonePublicURL"] = keystonePublicURL
templateParameters["ServiceRoleName"] = spec.Role
templateParameters["ServiceRoleName"] = instance.Spec.Role
templateParameters["LbMgmtNetworkId"] = templateVars.LbMgmtNetworkID
templateParameters["AmpFlavorId"] = templateVars.AmphoraDefaultFlavorID
serverCAPassphrase := caPassSecret.Data["server-ca-passphrase"]
if serverCAPassphrase != nil {
templateParameters["ServerCAKeyPassphrase"] = string(serverCAPassphrase)
} else {
// Can't do string(nil)
templateParameters["ServerCAKeyPassphrase"] = ""
}

// TODO(beagles): populate the template parameters
cms := []util.Template{
Expand Down
Loading

0 comments on commit ef275b8

Please sign in to comment.