Skip to content

Commit

Permalink
[TLS] Create full CA bundle from operator base image
Browse files Browse the repository at this point in the history
Instead of adding additional CAs (public, internal, 3rd party) to
the deployments, this will create a full tls-ca-bundle.pem using
the operator image ca-bundle as base and adds the public, internal
and user provided CAs to it. This allows to mount a full tls-ca-bundle.pem
into the deployment pod and don't have to rely on kolla to run
update-ca-trust which requires container to run as root.

Jira: OSP-26299
  • Loading branch information
stuggi committed Oct 10, 2023
1 parent e5d20e8 commit 13c2e93
Show file tree
Hide file tree
Showing 7 changed files with 200 additions and 46 deletions.
3 changes: 0 additions & 3 deletions config/samples/core_v1beta1_openstackcontrolplane.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ spec:
enabled: false
publicEndpoints:
enabled: true
openstackclient:
template:
containerImage: quay.io/mschuppe/openstack-openstackclient:current-podified
keystone:
template:
databaseInstance: openstack
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ spec:
enabled: false
publicEndpoints:
enabled: true
openstackclient:
template:
containerImage: quay.io/mschuppe/openstack-openstackclient:current-podified
dns:
template:
override:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ spec:
enabled: false
publicEndpoints:
enabled: true
openstackclient:
template:
containerImage: quay.io/mschuppe/openstack-openstackclient:current-podified
dns:
template:
override:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,6 @@ spec:
enabled: false
publicEndpoints:
enabled: true
openstackclient:
template:
containerImage: quay.io/mschuppe/openstack-openstackclient:current-podified
dns:
template:
override:
Expand Down
2 changes: 2 additions & 0 deletions controllers/core/openstackcontrolplane_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
corev1 "k8s.io/api/core/v1"

manilav1 "github.com/openstack-k8s-operators/manila-operator/api/v1beta1"
mariadbv1 "github.com/openstack-k8s-operators/mariadb-operator/api/v1beta1"
Expand Down Expand Up @@ -328,6 +329,7 @@ func (r *OpenStackControlPlaneReconciler) reconcileNormal(ctx context.Context, i
func (r *OpenStackControlPlaneReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
For(&corev1beta1.OpenStackControlPlane{}).
Owns(&corev1.Secret{}).
Owns(&mariadbv1.MariaDB{}).
Owns(&mariadbv1.Galera{}).
Owns(&memcachedv1.Memcached{}).
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ require (
github.com/operator-framework/api v0.17.6
github.com/rabbitmq/cluster-operator/v2 v2.5.0
go.uber.org/zap v1.26.0
golang.org/x/exp v0.0.0-20230905200255-921286631fa9
k8s.io/api v0.27.2
k8s.io/apimachinery v0.27.4
k8s.io/client-go v0.27.2
Expand All @@ -46,7 +47,6 @@ require (
github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3 // indirect
github.com/metal3-io/baremetal-operator/apis v0.3.1 // indirect
github.com/metal3-io/baremetal-operator/pkg/hardwareutils v0.2.0 // indirect
golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
golang.org/x/tools v0.14.0 // indirect
sigs.k8s.io/gateway-api v0.6.0 // indirect
)
Expand Down
Loading

0 comments on commit 13c2e93

Please sign in to comment.