[tlse] internal TLS support for barbican

[d34dh0r53]

Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true

For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like:

  customServiceConfig: |
    [keystone_authtoken]
    insecure = true
    [placement]
    insecure = true
    [neutron]
    insecure = true
    [glance]
    insecure = true
    [cinder]
    insecure = true

Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: #620
Depends-On: openstack-k8s-operators/barbican-operator#55

Jira: OSPRH-2349

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/bbee7da0d5a04531ab65556c15849ca3

❌ openstack-k8s-operators-content-provider FAILURE in 11m 47s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-data-plane-adoption-osp-17-to-extracted-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ openstack-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/1af1d5a5d948449abaa9bb2919f1df5b

❌ openstack-k8s-operators-content-provider FAILURE in 12m 06s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-data-plane-adoption-osp-17-to-extracted-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ openstack-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

[d34dh0r53]

recheck

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/129d543f0a4e482a96d0128bb683d89e

❌ openstack-k8s-operators-content-provider FAILURE in 6m 42s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-data-plane-adoption-osp-17-to-extracted-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ openstack-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/5b4433c45635430eb8fc5e1ff6b91a62

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 22m 26s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 51m 59s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 52m 18s
❌ cifmw-data-plane-adoption-osp-17-to-extracted-crc RETRY_LIMIT in 43m 52s
❌ openstack-operator-tempest-multinode FAILURE in 1h 08m 49s

[d34dh0r53]

recheck - tempest timeouts

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/70ebfd9ca5724019983d7a0aae56c45b

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 51m 53s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 53m 13s
❌ cifmw-crc-podified-edpm-baremetal FAILURE in 19m 13s
❌ cifmw-data-plane-adoption-osp-17-to-extracted-crc RETRY_LIMIT in 45m 03s
❌ openstack-operator-tempest-multinode FAILURE in 1h 05m 23s

[vakwetu]

recheck

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/6f94e8cf885449dca82ac8a1ddea04b6

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 51m 39s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 05m 10s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 11m 02s
❌ cifmw-data-plane-adoption-osp-17-to-extracted-crc NODE_FAILURE Node request 099-0006914198 failed in 0s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 35m 51s

[vakwetu]

recheck

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/f0eacb52acd64dd9bb0517d9078a6bb5

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 40m 55s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 06m 22s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 10m 10s
❌ cifmw-data-plane-adoption-osp-17-to-extracted-crc NODE_FAILURE Node request 099-0006915337 failed in 0s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 24m 22s

[d34dh0r53]

recheck

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/46b1b94601524f1d87e85126eeaba486

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 40m 17s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 07m 30s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 08m 10s
❌ cifmw-data-plane-adoption-osp-17-to-extracted-crc NODE_FAILURE Node request 099-0006922747 failed in 0s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 23m 35s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/3b33c5c475a34f4f83e014054460df33

❌ openstack-k8s-operators-content-provider FAILURE in 8m 14s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ openstack-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

[d34dh0r53]

recheck

[bshephar]

There's a Nova failure here which is preventing Kuttl from passing:

curl -s https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openstack-k8s-operators_openstack-operator/632/pull-ci-openstack-k8s-operators-openstack-operator-main-openstack-operator-build-deploy-kuttl/1758163578071814144/artifacts/openstack-operator-build-deploy-kuttl/openstack-k8s-operators-gather/artifacts/must-gather/quay-io-openstack-k8s-operators-openstack-must-gather-sha256-f745587ef185f9023b8c83c4d40a4e1c7478de462a91dc6280e5277545650bbe/namespaces/openstack-kuttl-tests/crs/nova.nova.openstack.org/nova.yaml | yq '.status.conditions[0]'
lastTransitionTime: "2024-02-15T16:58:54Z"
message: 'DB creation failed for cell1(Error create or update DB object nova-cell1 *v1beta1.MariaDBDatabase openstack-kuttl-tests/nova-cell1: MariaDBDatabase.mariadb.openstack.org "nova-cell1" is invalid: metadata.finalizers: Forbidden: no new finalizers can be added if the object is being deleted, found new finalizers []string{"Nova"})'
reason: Error
severity: Error
status: "False"
type: Ready

[bshephar]

/test openstack-operator-build-deploy-kuttl

[olliewalsh]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: d34dh0r53, olliewalsh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [olliewalsh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vakwetu]

/test openstack-operator-build-deploy-kuttl