t

Signed-off-by: Martin Schuppert <[email protected]>
stuggi · Jan 8, 2025 · 6a6951d · 6a6951d
1 parent 16c3ed8
commit 6a6951d
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 2 deletions.
diff --git a/api/bases/keystone.openstack.org_keystoneapis.yaml b/api/bases/keystone.openstack.org_keystoneapis.yaml
@@ -110,6 +110,14 @@ spec:
               httpdCustomization:
                 description: HttpdCustomization - customize the httpd service
                 properties:
+                  overrideSecret:
+                    description: |-
+                      OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
+                      All files get mounted into conf.d/override/ and included at the top of the vhost using
+                      `Include conf.d/override/*.conf`
+                      For information on how sections in httpd configuration get merged, check section
+                      "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                    type: string
                   processNumber:
                     default: 3
                     description: ProcessNumber - Number of processes running in keystone

diff --git a/api/v1beta1/keystoneapi_types.go b/api/v1beta1/keystoneapi_types.go
@@ -208,6 +208,14 @@ type HttpdCustomization struct {
 	// +kubebuilder:validation:Minimum=1
 	// ProcessNumber - Number of processes running in keystone API
 	ProcessNumber *int32 `json:"processNumber"`
+
+	// +kubebuilder:validation:Optional
+	// OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
+	// All files get mounted into conf.d/override/ and included at the top of the vhost using
+	// `Include conf.d/override/*.conf`
+	// For information on how sections in httpd configuration get merged, check section
+	// "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+	OverrideSecret *string `json:"overrideSecret,omitempty"`
 }
 
 // KeystoneAPIStatus defines the observed state of KeystoneAPI

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/keystone.openstack.org_keystoneapis.yaml b/config/crd/bases/keystone.openstack.org_keystoneapis.yaml
@@ -110,6 +110,14 @@ spec:
               httpdCustomization:
                 description: HttpdCustomization - customize the httpd service
                 properties:
+                  overrideSecret:
+                    description: |-
+                      OverrideSecret - secret holding httpd conf to override/extend the vhost endpoint config.
+                      All files get mounted into conf.d/override/ and included at the top of the vhost using
+                      `Include conf.d/override/*.conf`
+                      For information on how sections in httpd configuration get merged, check section
+                      "How the sections are merged" in https://httpd.apache.org/docs/current/sections.html#merging
+                    type: string
                   processNumber:
                     default: 3
                     description: ProcessNumber - Number of processes running in keystone

diff --git a/controllers/keystoneapi_controller.go b/controllers/keystoneapi_controller.go
@@ -1216,6 +1216,17 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(
 	}
 	templateParameters["VHosts"] = httpdVhostConfig
 
+	if instance.Spec.HttpdCustomization.OverrideSecret != nil && *instance.Spec.HttpdCustomization.OverrideSecret != "" {
+		httpdOverrideSecret, _, err := oko_secret.GetSecret(ctx, h, *instance.Spec.HttpdCustomization.OverrideSecret, instance.Namespace)
+		if err != nil {
+			return err
+		}
+
+		for key, data := range httpdOverrideSecret.Data {
+			customData["httpdOverride_"+key] = string(data)
+		}
+	}
+
 	tmpl := []util.Template{
 		// Scripts
 		{

diff --git a/templates/keystoneapi/config/httpd.conf b/templates/keystoneapi/config/httpd.conf
@@ -25,6 +25,8 @@ CustomLog /dev/stdout proxy env=forwarded
 {{ range $endpt, $vhost := .VHosts }}
 # {{ $endpt }} vhost {{ $vhost.ServerName }} configuration
 <VirtualHost *:5000>
+  Include conf.d/override/*.conf
+
   ServerName {{ $vhost.ServerName }}
 
   ## Vhost docroot

diff --git a/templates/keystoneapi/config/keystone-api-config.json b/templates/keystoneapi/config/keystone-api-config.json
@@ -16,13 +16,13 @@
         {
             "source": "/var/lib/config-data/default/httpd.conf",
             "dest": "/etc/httpd/conf/httpd.conf",
-            "owner": "root",
+            "owner": "apache",
             "perm": "0644"
         },
         {
             "source": "/var/lib/config-data/default/ssl.conf",
             "dest": "/etc/httpd/conf.d/ssl.conf",
-            "owner": "root",
+            "owner": "apache",
             "perm": "0644"
         },
         {
@@ -58,6 +58,13 @@
             "dest": "/etc/my.cnf",
             "owner": "keystone",
             "perm": "0644"
+        },
+        {
+            "source": "/var/lib/config-data/default/httpdOverride_*",
+            "dest": "/etc/httpd/conf.d/override/",
+            "owner": "apache",
+            "perm": "0444",
+            "optional": true
         }
     ]
 }