Skip to content

Commit

Permalink
[tlse] internal TLS support for telemetry aodh service
Browse files Browse the repository at this point in the history
Creates the telemetry aodh route and svc overrides.

Creates certs for k8s service of the service operator when
spec.tls.endpoint.internal.enabled: true

For a service like nova which talks to multiple service internal
endpoints, this has to be set for each of them for, like:

~~~
  customServiceConfig: |
    [keystone_authtoken]
    insecure = true
    [placement]
    insecure = true
    [neutron]
    insecure = true
    [glance]
    insecure = true
    [cinder]
    insecure = true
~~~

Depends-On: openstack-k8s-operators/lib-common#428
Depends-On: openstack-k8s-operators#620
Depends-On: openstack-k8s-operators/telemetry-operator#310
Depends-On: openstack-k8s-operators/telemetry-operator#327
Depends-On: openstack-k8s-operators/telemetry-operator#330

Signed-off-by: Veronika Fisarova <[email protected]>
  • Loading branch information
Deydra71 committed Mar 12, 2024
1 parent 81a98c7 commit 50ce85b
Show file tree
Hide file tree
Showing 10 changed files with 367 additions and 88 deletions.
190 changes: 149 additions & 41 deletions apis/bases/core.openstack.org_openstackcontrolplanes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15324,6 +15324,112 @@ spec:
type: object
telemetry:
properties:
apiOverride:
properties:
route:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
alternateBackends:
items:
properties:
kind:
enum:
- Service
- ""
type: string
name:
type: string
weight:
format: int32
maximum: 256
minimum: 0
type: integer
type: object
maxItems: 3
type: array
host:
maxLength: 253
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
type: string
path:
pattern: ^/
type: string
port:
properties:
targetPort:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
required:
- targetPort
type: object
subdomain:
maxLength: 253
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
type: string
tls:
properties:
caCertificate:
type: string
certificate:
type: string
destinationCACertificate:
type: string
insecureEdgeTerminationPolicy:
type: string
key:
type: string
termination:
enum:
- edge
- reencrypt
- passthrough
type: string
required:
- termination
type: object
to:
properties:
kind:
enum:
- Service
- ""
type: string
name:
type: string
weight:
format: int32
maximum: 256
minimum: 0
type: integer
type: object
wildcardPolicy:
enum:
- None
- Subdomain
- ""
type: string
type: object
type: object
tls:
properties:
secretName:
type: string
type: object
type: object
enabled:
default: true
type: boolean
Expand Down Expand Up @@ -15363,50 +15469,52 @@ spec:
override:
properties:
service:
properties:
endpointURL:
type: string
metadata:
properties:
annotations:
additionalProperties:
additionalProperties:
properties:
endpointURL:
type: string
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
properties:
externalName:
type: string
type: object
labels:
additionalProperties:
externalTrafficPolicy:
type: string
type: object
type: object
spec:
properties:
externalName:
type: string
externalTrafficPolicy:
type: string
internalTrafficPolicy:
type: string
ipFamilyPolicy:
type: string
loadBalancerClass:
type: string
loadBalancerSourceRanges:
items:
internalTrafficPolicy:
type: string
type: array
sessionAffinity:
type: string
sessionAffinityConfig:
properties:
clientIP:
properties:
timeoutSeconds:
format: int32
type: integer
type: object
type: object
type:
type: string
type: object
ipFamilyPolicy:
type: string
loadBalancerClass:
type: string
loadBalancerSourceRanges:
items:
type: string
type: array
sessionAffinity:
type: string
sessionAffinityConfig:
properties:
clientIP:
properties:
timeoutSeconds:
format: int32
type: integer
type: object
type: object
type:
type: string
type: object
type: object
type: object
type: object
passwordSelector:
Expand Down
3 changes: 3 additions & 0 deletions apis/core/v1beta1/conditions.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ const (
// OpenStackControlPlaneTelemetryReadyCondition Status=True condition which indicates if OpenStack Telemetry service is configured and operational
OpenStackControlPlaneTelemetryReadyCondition condition.Type = "OpenStackControlPlaneTelemetryReady"

// OpenStackControlPlaneExposeTelemetryReadyCondition Status=True condition which indicates if Telemetry is exposed via a route
OpenStackControlPlaneExposeTelemetryReadyCondition condition.Type = "OpenStackControlPlaneExposeTelemetryReady"

// OpenStackControlPlaneServiceOverrideReadyCondition Status=True condition which indicates if OpenStack service override has created ok
OpenStackControlPlaneServiceOverrideReadyCondition condition.Type = "OpenStackControlPlaneServiceOverrideReady"

Expand Down
5 changes: 5 additions & 0 deletions apis/core/v1beta1/openstackcontrolplane_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -605,6 +605,11 @@ type TelemetrySection struct {
//+operator-sdk:csv:customresourcedefinitions:type=spec
// Template - Overrides to use when creating the OpenStack Telemetry services
Template telemetryv1.TelemetrySpec `json:"template,omitempty"`

// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
// APIOverride, provides the ability to override the generated manifest of several child resources.
APIOverride Override `json:"apiOverride,omitempty"`
}

// SwiftSection defines the desired state of Swift service
Expand Down
1 change: 1 addition & 0 deletions apis/core/v1beta1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion apis/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ require (
github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240307150054-826f3260f9aa
github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240307105529-ab602118fd5d
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240311060559-4ecd4f5c3961
github.com/rabbitmq/cluster-operator/v2 v2.6.0
k8s.io/api v0.28.7
k8s.io/apimachinery v0.28.7
Expand Down
4 changes: 2 additions & 2 deletions apis/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.2024030710552
github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240307105529-ab602118fd5d/go.mod h1:PmT8kZ4JmtjHLAcsr9BNqD3gSSM9QrMLqokapSxaPJs=
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890 h1:jW8UefyCC49Xj/BCMy0LrKPD9CvNivWNwaIHCzPuWis=
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890/go.mod h1:GaoEq+SBg1xlafynZQEyK7wU0YMkajHEbig6J1CQjUo=
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd h1:4du2HsmcEZRc06Ams3FI9kQZDkcYg3FxeDXsfkx9jSg=
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd/go.mod h1:QUHaxzPPQ1OzWvG8BJIE+D1LSpm+bdv2yfrXHXiYQ+4=
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240311060559-4ecd4f5c3961 h1:YYeHx9q2/ohmCwezfdw+qDJywpSZVgo9Ud24Oyie2J4=
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240311060559-4ecd4f5c3961/go.mod h1:QUHaxzPPQ1OzWvG8BJIE+D1LSpm+bdv2yfrXHXiYQ+4=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
Expand Down
Loading

0 comments on commit 50ce85b

Please sign in to comment.