diff --git a/api/bases/designate.openstack.org_designateapis.yaml b/api/bases/designate.openstack.org_designateapis.yaml index 03471b94..8bcec9fe 100644 --- a/api/bases/designate.openstack.org_designateapis.yaml +++ b/api/bases/designate.openstack.org_designateapis.yaml @@ -368,6 +368,36 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/bases/designate.openstack.org_designatecentrals.yaml b/api/bases/designate.openstack.org_designatecentrals.yaml index 66fae3a8..c47a85a0 100644 --- a/api/bases/designate.openstack.org_designatecentrals.yaml +++ b/api/bases/designate.openstack.org_designatecentrals.yaml @@ -195,6 +195,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/bases/designate.openstack.org_designatemdnses.yaml b/api/bases/designate.openstack.org_designatemdnses.yaml index c5b39f0a..b731be6e 100644 --- a/api/bases/designate.openstack.org_designatemdnses.yaml +++ b/api/bases/designate.openstack.org_designatemdnses.yaml @@ -195,6 +195,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/bases/designate.openstack.org_designateproducers.yaml b/api/bases/designate.openstack.org_designateproducers.yaml index fab6f0da..d4c8f56d 100644 --- a/api/bases/designate.openstack.org_designateproducers.yaml +++ b/api/bases/designate.openstack.org_designateproducers.yaml @@ -194,6 +194,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/bases/designate.openstack.org_designates.yaml b/api/bases/designate.openstack.org_designates.yaml index 6344b9bc..68357b76 100644 --- a/api/bases/designate.openstack.org_designates.yaml +++ b/api/bases/designate.openstack.org_designates.yaml @@ -421,6 +421,36 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -737,6 +767,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -895,6 +933,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -1053,6 +1099,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -1320,6 +1374,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/bases/designate.openstack.org_designateworkers.yaml b/api/bases/designate.openstack.org_designateworkers.yaml index e0cc97e6..0f189470 100644 --- a/api/bases/designate.openstack.org_designateworkers.yaml +++ b/api/bases/designate.openstack.org_designateworkers.yaml @@ -190,6 +190,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/api/v1beta1/designateapi_types.go b/api/v1beta1/designateapi_types.go index cb20183a..a489953b 100644 --- a/api/v1beta1/designateapi_types.go +++ b/api/v1beta1/designateapi_types.go @@ -19,6 +19,7 @@ package v1beta1 import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" "github.com/openstack-k8s-operators/lib-common/modules/common/service" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -72,6 +73,11 @@ type DesignateAPISpecBase struct { // Override, provides the ability to override the generated manifest of several child resources. Override APIOverrideSpec `json:"override,omitempty"` + + // +kubebuilder:validation:Optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // TLS - Parameters related to the TLS + TLS tls.API `json:"tls,omitempty"` } // APIOverrideSpec to override the generated manifest of several child resources. diff --git a/api/v1beta1/designatecentral_types.go b/api/v1beta1/designatecentral_types.go index 0310924a..602bdcdc 100644 --- a/api/v1beta1/designatecentral_types.go +++ b/api/v1beta1/designatecentral_types.go @@ -18,6 +18,7 @@ package v1beta1 import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -62,6 +63,10 @@ type DesignateCentralSpecBase struct { // +kubebuilder:validation:Optional // ServiceAccount - service account name used internally to provide Designate services the default SA name ServiceAccount string `json:"serviceAccount"` + + // +operator-sdk:csv:customresourcedefinitions:type=spec + // TLS - Parameters related to the TLS + TLS tls.Ca `json:"tls,omitempty"` } // DesignateCentralStatus defines the observed state of DesignateCentral diff --git a/api/v1beta1/designatemdns_types.go b/api/v1beta1/designatemdns_types.go index 62e5a958..6d62c271 100644 --- a/api/v1beta1/designatemdns_types.go +++ b/api/v1beta1/designatemdns_types.go @@ -18,6 +18,7 @@ package v1beta1 import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -62,6 +63,10 @@ type DesignateMdnsSpecBase struct { // +kubebuilder:validation:Optional // ServiceAccount - service account name used internally to provide Designate services the default SA name ServiceAccount string `json:"serviceAccount"` + + // +operator-sdk:csv:customresourcedefinitions:type=spec + // TLS - Parameters related to the TLS + TLS tls.Ca `json:"tls,omitempty"` } // DesignateMdnsStatus defines the observed state of DesignateMdns diff --git a/api/v1beta1/designateproducer_types.go b/api/v1beta1/designateproducer_types.go index 66253cb6..f2128f10 100644 --- a/api/v1beta1/designateproducer_types.go +++ b/api/v1beta1/designateproducer_types.go @@ -18,6 +18,7 @@ package v1beta1 import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -62,6 +63,10 @@ type DesignateProducerSpecBase struct { // +kubebuilder:validation:Optional // ServiceAccount - service account name used internally to provide Designate services the default SA name ServiceAccount string `json:"serviceAccount"` + + // +operator-sdk:csv:customresourcedefinitions:type=spec + // TLS - Parameters related to the TLS + TLS tls.Ca `json:"tls,omitempty"` } // DesignateProducerStatus defines the observed state of DesignateProducer diff --git a/api/v1beta1/designateworker_types.go b/api/v1beta1/designateworker_types.go index bb7cbe40..61193675 100644 --- a/api/v1beta1/designateworker_types.go +++ b/api/v1beta1/designateworker_types.go @@ -18,6 +18,7 @@ package v1beta1 import ( condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/tls" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -62,6 +63,10 @@ type DesignateWorkerSpecBase struct { // +kubebuilder:validation:Optional // ServiceAccount - service account name used internally to provide Designate services the default SA name ServiceAccount string `json:"serviceAccount"` + + // +operator-sdk:csv:customresourcedefinitions:type=spec + // TLS - Parameters related to the TLS + TLS tls.Ca `json:"tls,omitempty"` } // DesignateWorkerStatus defines the observed state of DesignateWorker diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 566dd1dc..16ff1693 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -163,6 +163,7 @@ func (in *DesignateAPISpecBase) DeepCopyInto(out *DesignateAPISpecBase) { **out = **in } in.Override.DeepCopyInto(&out.Override) + in.TLS.DeepCopyInto(&out.TLS) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesignateAPISpecBase. @@ -512,6 +513,7 @@ func (in *DesignateCentralSpecBase) DeepCopyInto(out *DesignateCentralSpecBase) *out = new(int32) **out = **in } + out.TLS = in.TLS } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesignateCentralSpecBase. @@ -739,6 +741,7 @@ func (in *DesignateMdnsSpecBase) DeepCopyInto(out *DesignateMdnsSpecBase) { *out = new(int32) **out = **in } + out.TLS = in.TLS } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesignateMdnsSpecBase. @@ -897,6 +900,7 @@ func (in *DesignateProducerSpecBase) DeepCopyInto(out *DesignateProducerSpecBase *out = new(int32) **out = **in } + out.TLS = in.TLS } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesignateProducerSpecBase. @@ -1397,6 +1401,7 @@ func (in *DesignateWorkerSpecBase) DeepCopyInto(out *DesignateWorkerSpecBase) { *out = new(int32) **out = **in } + out.TLS = in.TLS } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DesignateWorkerSpecBase. diff --git a/config/crd/bases/designate.openstack.org_designateapis.yaml b/config/crd/bases/designate.openstack.org_designateapis.yaml index 03471b94..8bcec9fe 100644 --- a/config/crd/bases/designate.openstack.org_designateapis.yaml +++ b/config/crd/bases/designate.openstack.org_designateapis.yaml @@ -368,6 +368,36 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret for + the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + public: + description: Public GenericService - holds the secret for + the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for the + service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/crd/bases/designate.openstack.org_designatecentrals.yaml b/config/crd/bases/designate.openstack.org_designatecentrals.yaml index 66fae3a8..c47a85a0 100644 --- a/config/crd/bases/designate.openstack.org_designatecentrals.yaml +++ b/config/crd/bases/designate.openstack.org_designatecentrals.yaml @@ -195,6 +195,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/crd/bases/designate.openstack.org_designatemdnses.yaml b/config/crd/bases/designate.openstack.org_designatemdnses.yaml index c5b39f0a..b731be6e 100644 --- a/config/crd/bases/designate.openstack.org_designatemdnses.yaml +++ b/config/crd/bases/designate.openstack.org_designatemdnses.yaml @@ -195,6 +195,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/crd/bases/designate.openstack.org_designateproducers.yaml b/config/crd/bases/designate.openstack.org_designateproducers.yaml index fab6f0da..d4c8f56d 100644 --- a/config/crd/bases/designate.openstack.org_designateproducers.yaml +++ b/config/crd/bases/designate.openstack.org_designateproducers.yaml @@ -194,6 +194,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/crd/bases/designate.openstack.org_designates.yaml b/config/crd/bases/designate.openstack.org_designates.yaml index 6344b9bc..68357b76 100644 --- a/config/crd/bases/designate.openstack.org_designates.yaml +++ b/config/crd/bases/designate.openstack.org_designates.yaml @@ -421,6 +421,36 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + api: + description: API tls type which encapsulates for API services + properties: + internal: + description: Internal GenericService - holds the secret + for the internal endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + public: + description: Public GenericService - holds the secret + for the public endpoint + properties: + secretName: + description: SecretName - holding the cert, key for + the service + type: string + type: object + type: object + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -737,6 +767,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -895,6 +933,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -1053,6 +1099,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string @@ -1320,6 +1374,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in + a pre-created bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/crd/bases/designate.openstack.org_designateworkers.yaml b/config/crd/bases/designate.openstack.org_designateworkers.yaml index e0cc97e6..0f189470 100644 --- a/config/crd/bases/designate.openstack.org_designateworkers.yaml +++ b/config/crd/bases/designate.openstack.org_designateworkers.yaml @@ -190,6 +190,14 @@ spec: description: ServiceUser - optional username used for this service to register in designate type: string + tls: + description: TLS - Parameters related to the TLS + properties: + caBundleSecretName: + description: CaBundleSecretName - holding the CA certs in a pre-created + bundle file + type: string + type: object transportURLSecret: description: Secret containing RabbitMq transport URL type: string diff --git a/config/samples/designate_v1beta1_designate_tls.yaml b/config/samples/designate_v1beta1_designate_tls.yaml new file mode 100644 index 00000000..cff0af1c --- /dev/null +++ b/config/samples/designate_v1beta1_designate_tls.yaml @@ -0,0 +1,72 @@ +apiVersion: designate.openstack.org/v1beta1 +kind: Designate +metadata: + name: designate +spec: + databaseInstance: openstack + databaseAccount: designate + serviceUser: designate + rabbitMqClusterName: rabbitmq + secret: osp-secret + preserveJobs: false + customServiceConfig: | + [DEFAULT] + debug = true + designateProducer: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateMdns: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateCentral: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateBackendbind9: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + designateWorker: + databaseAccount: designate + serviceUser: designate + role: worker + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateAPI: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + api: + internal: + secretName: cert-designate-internal-svc + public: + secretName: cert-designate-public-svc + caBundleSecretName: combined-ca-bundle diff --git a/tests/kuttl/tests/designate_tls/01-assert.yaml b/tests/kuttl/tests/designate_tls/01-assert.yaml new file mode 100644 index 00000000..58c13f92 --- /dev/null +++ b/tests/kuttl/tests/designate_tls/01-assert.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-designate-internal-svc +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-designate-public-svc +--- +apiVersion: v1 +kind: Secret +metadata: + name: combined-ca-bundle diff --git a/tests/kuttl/tests/designate_tls/01-tls-certs.yaml b/tests/kuttl/tests/designate_tls/01-tls-certs.yaml new file mode 100644 index 00000000..ba291225 --- /dev/null +++ b/tests/kuttl/tests/designate_tls/01-tls-certs.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Secret +metadata: + name: combined-ca-bundle + labels: + service: designate +data: + tls-ca-bundle.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNLZ0F3SUJBZ0lRUHhtRFFscmxjNTNhb215RVU5MU9pakFLQmdncWhrak9QUVFEQWpBZU1Sd3cKR2dZRFZRUURFeE5yZFhSMGJDMXpaV3htYzJsbmJtVmtMV05oTUI0WERUSXpNVEF4T0RFeU1EazFNMW9YRFRJMApNREV4TmpFeU1EazFNMW93SGpFY01Cb0dBMVVFQXhNVGEzVjBkR3d0YzJWc1puTnBaMjVsWkMxallUQlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSVdJY0JiR0cveEg4Lzlkc2lMbkJCdnRqcEZoQ2JRM3U4R0EKZXBVcnhTY25XM0hrZ2hrc1BCVE12M3NCeGdnVFQwL0Eva0dtazRYTkJ0dElnbUZJaFBpalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFKaDd3VklFYjgxcFlsCkl3RDAraTBwSnlCTjNqQUtCZ2dxaGtqT1BRUURBZ05KQURCR0FpRUF2a3h5RzZjNzltSDlRWHRIVWFSM014REkKUUVRRGVtL1hZR3VGY1ZCUDJpQUNJUUNFeEZqeStQUTBkNFU5dEJacTVOd1gzdmxibnQxVlNCYWE5VFIrNkNkbAozdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tIyByb290Y2EtaW50ZXJuYWwKLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNhZ0F3SUJBZ0lRUWxlcTNZcDBtU2kwVDNiTm03Q29UVEFLQmdncWhrak9QUVFEQWpBZ01SNHcKSEFZRFZRUURFeFZ5YjI5MFkyRXRhM1YwZEd3dGFXNTBaWEp1WVd3d0hoY05NalF3TVRFMU1URTBOelUwV2hjTgpNelF3TVRFeU1URTBOelUwV2pBZ01SNHdIQVlEVlFRREV4VnliMjkwWTJFdGEzVjBkR3d0YVc1MFpYSnVZV3d3CldUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFTRk9rNHJPUldVUGhoTjUrK09EN1I2MW5Gb1lBY0QKenpvUS91SW93NktjeGhwRWNQTDFxb3ZZUGxUYUJabEh3c2FpNE50VHA4aDA1RHVRSGZKOE9JNXFvMEl3UURBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXE3TGtFSk1TCm1MOVpKWjBSOUluKzZkclhycEl3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVlN1K00ydnZ3QlF3eTJHMVlhdkkKQld2RGtSNlRla0I5U0VqdzJIblRSMWtDSUZSNFNkWGFPQkFGWjVHa2RLWCtSY2IzaDFIZm52eFJEVW96bTl2agphenp3Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KIyByb290Y2EtcHVibGljCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZXpDQ0FTS2dBd0lCQWdJUU5IREdZc0JzNzk4aWJERDdxL28ybGpBS0JnZ3Foa2pPUFFRREFqQWVNUnd3CkdnWURWUVFERXhOeWIyOTBZMkV0YTNWMGRHd3RjSFZpYkdsak1CNFhEVEkwTURFeE5URXdNVFV6TmxvWERUTTAKTURFeE1qRXdNVFV6Tmxvd0hqRWNNQm9HQTFVRUF4TVRjbTl2ZEdOaExXdDFkSFJzTFhCMVlteHBZekJaTUJNRwpCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkQ3OGF2WHFocmhDNXc4czlXa2Q0SXBiZUV1MDNDUitYWFVkCmtEek9SeXhhOXdjY0lkRGl2YkdKakpGWlRUY1ZtYmpxMUJNWXNqcjEyVUlFNUVUM1ZscWpRakJBTUE0R0ExVWQKRHdFQi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJUS0ppeldVSjllVUtpMQpkczBscjZjNnNEN0VCREFLQmdncWhrak9QUVFEQWdOSEFEQkVBaUJJWndZcTYxQnFNSmFCNlVjRm9Sc3hlY3dICjV6L3pNT2RyT3llMG1OaThKZ0lnUUxCNHdES3JwZjl0WDJsb00rMHVUb3BBRFNZSW5yY2ZWdTRGQnVZVTNJZz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-designate-internal-svc + labels: + service: designate +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkVENDQVJxZ0F3SUJBZ0lRTkZUVDE2eTc0RGJaOGJTL25ESDBkakFLQmdncWhrak9QUVFEQWpBYU1SZ3cKRmdZRFZRUURFdzl5YjI5MFkyRXRhVzUwWlhKdVlXd3dIaGNOTWpRd01URXdNVFV5T0RBMFdoY05NalF3TkRBNQpNVFV5T0RBMFdqQWFNUmd3RmdZRFZRUURFdzl5YjI5MFkyRXRhVzUwWlhKdVlXd3dXVEFUQmdjcWhrak9QUUlCCkJnZ3Foa2pPUFFNQkJ3TkNBQVFjK2d5OVFCNmw1NFNBQlkxUTJKZWx5MEhSTGEvMzlkRUxzU2RhNnJDRENKQWwKWjJ2bGlGbUo5WVlJNCtSbGRIejJWNXYvYjBpK2x0RjcxMGZ1OHJTbW8wSXdRREFPQmdOVkhROEJBZjhFQkFNQwpBcVF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeUsyc0hXaUxHNnR6bWlVbENkUmhsRTJLCnNHSXdDZ1lJS29aSXpqMEVBd0lEU1FBd1JnSWhBSzVtTi9zQlBVcXAwckd1QjhnMVRxY21KR3ZMVUpyNjlnaEEKaEozMldCT1BBaUVBbEtwU0dVTzhac25UcVQrQ1hWbXNuWkxBcVJMV1NhbUI5U2NyczNDZ05zWT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNhekNDQWhHZ0F3SUJBZ0lSQU1GRmpzWkpHY3BuaVBFNXNmQytrOEV3Q2dZSUtvWkl6ajBFQXdJd0dqRVkKTUJZR0ExVUVBeE1QY205dmRHTmhMV2x1ZEdWeWJtRnNNQjRYRFRJME1ERXhOVEV4TkRnMU1sb1hEVE0wTURFeApNakV4TkRnMU1sb3dBRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNRzhQSWwzCnc4RXdXMHdUUG5qRURpU2dTdVI4WHJaajcrSjYyUkJMTHJ3ZUxKdWd1Wm1MaUh3M09uSldWa0hEOVpaZzlYSGUKbGZ6UDY3Wi8rYXBNMzJ5VWJTVUcrRjlBdXlGMHRTK2lPODFkUFRSY1luNzVBK0xWdnk1UkVpOGIvTFkzNTNPbgpxUEhuK2kyeTNLUC9HZkhjSi9lVlVXNFJkV2wyTHEyejRtRDRUK2twS0VwSnRGSTJQa2lrSVNOV2RRdmtEeW1WClF3a1B3U01FVy9yaEdGL2s3b0gvVWtwdy9wU1N1R0M2a1lpSnlwOTFHT0xCMlVoc254Z3dLelh5VS9MdGFrZXoKS2RHSFUvNUNLTTRKczg0ZnlNTDBBNXMxalpZQXZEWkVLNEgvYVpCb3EzV0NoQ1R4WWhIOVVuczhIQy9KbHJCMApHaitwVHNuaEc2cUlFQ2tDQXdFQUFhT0JoakNCZ3pBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3CkNnWUlLd1lCQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVElyYXdkYUlzYnEzT2EKSlNVSjFHR1VUWXF3WWpBdEJnTlZIUkVCQWY4RUl6QWhnaDlyWlhsemRHOXVaUzFwYm5SbGNtNWhiQzV2Y0dWdQpjM1JoWTJzdWMzWmpNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJRTFJYXcxcnRnU0ROZmxBSjJRek9VQjJxU1llCk03ZWdsaXZLVW01cmVOZThBaUVBMU93SGcwQ1YxOUNhYUpSSi9SS25UcXNJTGhNdjBEUVNPdnFwbWc0MWZDTT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBd2J3OGlYZkR3VEJiVEJNK2VNUU9KS0JLNUh4ZXRtUHY0bnJaRUVzdXZCNHNtNkM1Cm1ZdUlmRGM2Y2xaV1FjUDFsbUQxY2Q2Vi9NL3J0bi81cWt6ZmJKUnRKUWI0WDBDN0lYUzFMNkk3elYwOU5GeGkKZnZrRDR0Vy9MbEVTTHh2OHRqZm5jNmVvOGVmNkxiTGNvLzhaOGR3bjk1VlJiaEYxYVhZdXJiUGlZUGhQNlNrbwpTa20wVWpZK1NLUWhJMVoxQytRUEtaVkRDUS9CSXdSYit1RVlYK1R1Z2Y5U1NuRCtsSks0WUxxUmlJbktuM1VZCjRzSFpTR3lmR0RBck5mSlQ4dTFxUjdNcDBZZFQva0lvemdtenpoL0l3dlFEbXpXTmxnQzhOa1FyZ2Y5cGtHaXIKZFlLRUpQRmlFZjFTZXp3Y0w4bVdzSFFhUDZsT3llRWJxb2dRS1FJREFRQUJBb0lCQVFDQ0hweUdNK05OY040UQo1V2Z6RXJMeEZKdlloRlBVcXFDbWU1NG9uR1ppUU4zekZPc3pYbzBuNkt3ZnVTOHI4cUtUQXNJM1hhbGRhSVRIClNZTDFSN1pVSmdoOGN3Y0VhdVNFbnU5R2MrODRpbVFlTStLUHAwNWQzdlFOOXJPQTRvcEVGSjRtaHJnbzZZYVYKaE9rK1dJc2piNXVFWlV5UTRiYjdRejRzdW9IVVlDYXFkVGlqU1lYQzNOd092YUlwa3pTNEo0cU5CUlhyYnNWSwowaGt4ZFNIY1hKNEREN0hybktpcEsxT2xUbUVObVZYbmlaNnRPcWc2eUNFeXFteWN0UnlUVTZRRzVPbVM2clJVCm82Z25EclA1TlgwRUhuakY3b1lka0JVbGJxWk96UHVGbG5CdUVKOFpTUEtOZHA5ejhuS3lqbGJiL0YxWGRDdEkKZERhVUhmREZBb0dCQVBFZkZZbDhPb2VhU21oSElKcGpxd3RCanYrRjFuOXNJbHNuZWNyQ1JmN243RW53d1hXaQpReStXQ3l6aDJGRVVad1dod2RQeXFJT3NVaG1vaXBIQmN3NlVUaW9xalM4SlpvSDlURFBQUEd5OXIwMHZwRkNuCnFkdjNXMkhWVytRckMrWk1nc2ZKdUlTTnFtbFdFeHpCNFBJQWRHQTdKVzFMY0ZCcG1Zd25DdXZyQW9HQkFNMncKbS94cVRhMmgySjFnNUI0elE5UnBhM280SEoyL2pTaHEzNW9heVNGNWJDYWtnWGRxek0yU0FwQ0x4dzlvY3doRAp3WWRaMWliaHl6b1dDQVZZZ0RlaXViUi96ZTN3Nzk4NktScUNmNnptMk5HOEoxODVDZDdKSjBiaTZBTTgvalpTCnFqWkJIK0FqanF2aFFJM0FMMEdzNlFvc2Z3L3hOL2k1cG00UWM5TTdBb0dBZjZCbFpQVmxnWnN3WVV1c3ZTdWUKUUlIOTc5Qm12ZUY5dWVRR09rVmtpVTAzSzlnTWZuaFp1WmxnNXV2UDlQS29xVGw2Zi9aRUxoWUxDdHZFSk94UgpPMWxTbWswVmw5MFE3aU1scjVLMHVCWWE4TzhUdVVGVnprRjZsQ2s3ejJUZGtwUFM4VzhiaE1YN2VtLytBODIzCmhFQ3JXTGhWMGlrSkZQY2dPQ2YrUnVzQ2dZQTYvcld1cnhxNmUxb3l3WENNVE8zZWhhSUMrd2NTSTdlcjZRTmIKSXVXZlNVRkEwQndtRVNiT3ExczY5Q3hTK2dWTVVJcTRkSWJjdmhSWkE2cW5SZHY0bVI2a2E2ZTM0RXdjZllUKwppb0Z1S1FQMUcvODY2NVF1SndteDVqRGZoT1h3MU1MbkxzU2l0L0FhMGs5K21LbTFMNC9qa0NHZGcvVW16TEMwCmp0bDVzd0tCZ0VPTVI3ODVLT2hyNXFoWmE2b0MvU25JeEptS1FxTWdXU0NGV1pGMDZrVlRnSmthb1hwUEl0bUIKOUZGbE1nTTJSeC91S2V3YTNDSTdQK240ek1uYSswTmhDL0RwNkMxVFVsVWlrcnJYQ3I5a1NPR2dXaEFISDljTwozRENvdkhOcE1PaG51dnhoMlpDeTdYbjFJeGgxWXdlYnVobFZzeTFvR0tDQ0lJb00rOVg1Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-designate-public-svc + labels: + service: designate +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlekNDQVNLZ0F3SUJBZ0lRTkhER1lzQnM3OThpYkREN3EvbzJsakFLQmdncWhrak9QUVFEQWpBZU1Sd3cKR2dZRFZRUURFeE55YjI5MFkyRXRhM1YwZEd3dGNIVmliR2xqTUI0WERUSTBNREV4TlRFd01UVXpObG9YRFRNMApNREV4TWpFd01UVXpObG93SGpFY01Cb0dBMVVFQXhNVGNtOXZkR05oTFd0MWRIUnNMWEIxWW14cFl6QlpNQk1HCkJ5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRDc4YXZYcWhyaEM1dzhzOVdrZDRJcGJlRXUwM0NSK1hYVWQKa0R6T1J5eGE5d2NjSWREaXZiR0pqSkZaVFRjVm1ianExQk1Zc2pyMTJVSUU1RVQzVmxxalFqQkFNQTRHQTFVZApEd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlRLSml6V1VKOWVVS2kxCmRzMGxyNmM2c0Q3RUJEQUtCZ2dxaGtqT1BRUURBZ05IQURCRUFpQklad1lxNjFCcU1KYUI2VWNGb1JzeGVjd0gKNXovek1PZHJPeWUwbU5pOEpnSWdRTEI0d0RLcnBmOXRYMmxvTSswdVRvcEFEU1lJbnJjZlZ1NEZCdVlVM0lnPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNiVENDQWhPZ0F3SUJBZ0lSQUtacXlMbUhLNC9VRTZmMi9LNWxiQnN3Q2dZSUtvWkl6ajBFQXdJd0hqRWMKTUJvR0ExVUVBeE1UY205dmRHTmhMV3QxZEhSc0xYQjFZbXhwWXpBZUZ3MHlOREF4TVRVeE1ESXdOVFJhRncwegpOREF4TVRJeE1ESXdOVFJhTUFBd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMxCjhDcFJRVG1abHNzSUlmZ2hIK2ltUUtFMFdZVlJOeS8vMVM0aDVtV2tBcUZiVkhoUmptbFJ2cCtQUWpKOU16TDUKMXpXdmYxandEQ2pzYUxvL2FwSW9OSXJIcjN4TTRoYWl0emU0RjFwZzNoL3MvblExNWN5Q2U5dHdHR0RuWEllMwo2djBuNE9LNnAwSWJjcVk2Q1RBMTBwcGJZa3V6bzdVRkx6ZWxsc1ZhRlhzZ21JWDg4bTRXNmNBTi84cjJPWUI3Ck9HM0ZNOXAxSUFxT0hyT21EelFlTldqOUVjQy9TSCs5MGg4c1FyY1pvMWtWa1g1b2tpSUhDZjRlc2o3Q08rTGgKR3lsTmZyRzl6QTlPM0c3QVNDWVdPVWwyZTBhNHhZbE9QMmI4ejFEV3NIMTBVYXVsZHlRQXNtbkhtaW1VNzBmKwpEazZkQ1hXVHN4cGZ2cXphOVR4YkFnTUJBQUdqZ1lRd2dZRXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkCkpRUU1NQW9HQ0NzR0FRVUZCd01CTUF3R0ExVWRFd0VCL3dRQ01BQXdId1lEVlIwakJCZ3dGb0FVeWlZczFsQ2YKWGxDb3RYYk5KYStuT3JBK3hBUXdLd1lEVlIwUkFRSC9CQ0V3SDRJZGEyVjVjM1J2Ym1VdGNIVmliR2xqTG05dwpaVzV6ZEdGamF5NXpkbU13Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnTzAzT2JmNm9uV2RiZG4xa282OVpuTFhMCmtQSHFYU3VRNlcxTDFvY3NDR3NDSVFEakEyVm9pWVdYN0hzSjVGNkZYV3FsZnl0RmduVVgvTmhvT1lIVnB2TWQKSGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdGZBcVVVRTVtWmJMQ0NINElSL29wa0NoTkZtRlVUY3YvOVV1SWVabHBBS2hXMVI0ClVZNXBVYjZmajBJeWZUTXkrZGMxcjM5WThBd283R2k2UDJxU0tEU0t4Njk4VE9JV29yYzN1QmRhWU40ZjdQNTAKTmVYTWdudmJjQmhnNTF5SHQrcjlKK0RpdXFkQ0czS21PZ2t3TmRLYVcySkxzNk8xQlM4M3BaYkZXaFY3SUppRgovUEp1RnVuQURmL0s5am1BZXpodHhUUGFkU0FLamg2enBnODBIalZvL1JIQXYwaC92ZElmTEVLM0dhTlpGWkYrCmFKSWlCd24rSHJJK3dqdmk0UnNwVFg2eHZjd1BUdHh1d0VnbUZqbEpkbnRHdU1XSlRqOW0vTTlRMXJCOWRGR3IKcFhja0FMSnB4NW9wbE85SC9nNU9uUWwxazdNYVg3NnMydlU4V3dJREFRQUJBb0lCQUd0eVdvdUNLYkk3Qzh6Ugp3dWhOSCtpUFlxUzMrYlB0RTd2UytsdXE1WHZtMGNST0xvQjd5bGNzYks3K09UTVhlWk56TlpGZmMvYlFONXJtCmZwZlZLRnYySzcraU01WjBMMG9KU2k2K0cvSDVQSUdLQkxlUDd5ZGdYa2ZsSGRXRkgrSE9OWlBIakI4UGlFc04KZW4zcnp6ejZFNDdFamxDWTdkOFI4NXNuWDRYREN2bG1CQnhvcnpqVERuK1dTWWpKS09SSk5zY3oxQXFYR1VjVwpQaHRNYkwybC8zN2hPbTA4SjRRWXowTWduOWE5VUFXLzFNS2lXbHVpc1NHNG9YaFNPS1hkdk1IS3VxS09sUDJzCk9xWjBlR3JBNmpKdWlmZVY2Q2NIU2p3VUgwdHpiMmdZQVM2cm5RQlREbFkxR1I4Skx0YWhWREtqdUwyV0hjclkKbHhCOGZBRUNnWUVBMWpxc01weFo5cG9LNkpmRDZzVTU0ZUU1UWlNYlB0MERRZjlYU1J6NW5zQXlraHdKWEZDVwpKWTNiU3BhcGREeEgzakpDQ0VzN3NSWUhUeDRzNVJQSldtWC9oZTFwVEs4TDVlaFV2TmVudG5nVTB3aE4rZVEzCjl4Sk1VbHVYdGkvU0FpNi9jQk5HY1ZjQjFGRStmVzY0VDhqYVVQakRrL0Z2dFRXOXkzZnNVZnNDZ1lFQTJXbXMKYStuZ2RaS24rVTlCMlFCTXB0K0RLL0txNVF6RW1qZDVMSjJMb3FLUjhGbjlpVVZoUVljUEpobDJVV3VjTTl0RQp0QUlYdEY0anVUejlqUUNMMGQ5a09DeCswdTBKUFZJejdlVmFFVGs1enF0azRsTnhVUkJhQ3pCUEJkdjZJd3BDCkR4UXJWRXBXYlMra1JvYTNKSElOdHdjUWt2Nk50N1JIajd1WEVTRUNnWUJsREozbTdZc2Q0QUZmUHg4Qm9YQXgKRkt5T2ZzSytQei9uSkl0R2lHMVNMWFJ0S041ZGRnR3N5eUh5SitqY1ZBYk9UMFNJWnZ4TUJva0NEOGk3Y1Q3Ygo3aHErVUlNSDBkVzU1NEg0NVh4TmZJek9FaSs5dktHTllFc3gyZFJROG5PTDVnTVUyWEt6eVllcVgzd3JiRXR5CkR0cXpzUE9IMkMySiswU0FNaHY5ZXdLQmdRQ2szeWs5TUwvaUNWUk9rTmNybTdtRk5xeS9rQ2dleU43eTRDeUoKTS9RbllrZHYwSjZmRWJrZU96QzJ3TXBrRmtuL1hVR3RqSVN6YUV5STlnS0ZnaXVGL1hWL3orWmhTQllncFl6eAoxR0xIK3ZDbWxIMU4wTjkzRFFKcng3ZTFoc3NhOVhXQS85ZVg5VU96UzFTMWt3V2hvc2haeXdhN29rU1FVaXVPCmlVQ1hZUUtCZ1FEUVZUVHc3WUY3QzNTVmg5OWRObUdTaHV2LzZ2aTJmNDlOMklGMURNQ1haaEpoOUVZck9TV2kKY05oakxGRFhmdzVlZlFURWU3Ykx5bTJGVDd0YnZFSm5USHFyakVuUDRUWExqZnczL3RiQ3RxWVNZRlRqdThFUApadHVwd21ZWjhFVU1pSnVHS2l2SExmSjk2dy8xR21BOHVCZUVtV05YRW9FUU1ySmxuM3g5d3c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= diff --git a/tests/kuttl/tests/designate_tls/02-assert.yaml b/tests/kuttl/tests/designate_tls/02-assert.yaml new file mode 100644 index 00000000..52ba967c --- /dev/null +++ b/tests/kuttl/tests/designate_tls/02-assert.yaml @@ -0,0 +1,71 @@ +apiVersion: designate.openstack.org/v1beta1 +kind: Designate +metadata: + name: designate +spec: + customServiceConfig: | + [DEFAULT] + debug = true + databaseInstance: openstack + databaseAccount: designate + preserveJobs: false + secret: osp-secret + serviceUser: designate + designateAPI: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + replicas: 1 + secret: osp-secret + serviceUser: designate + tls: + api: + internal: + secretName: cert-designate-internal-svc + public: + secretName: cert-designate-public-svc + caBundleSecretName: combined-ca-bundle + designateProducer: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + secret: osp-secret + serviceUser: designate + tls: + caBundleSecretName: combined-ca-bundle + designateMdns: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + secret: osp-secret + serviceUser: designate + tls: + caBundleSecretName: combined-ca-bundle + designateBackendbind9: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + secret: osp-secret + serviceUser: designate + designateCentral: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + secret: osp-secret + serviceUser: designate + tls: + caBundleSecretName: combined-ca-bundle + designateWorker: + customServiceConfig: | + [DEFAULT] + debug = true + databaseAccount: designate + secret: osp-secret + serviceUser: designate + tls: + caBundleSecretName: combined-ca-bundle diff --git a/tests/kuttl/tests/designate_tls/02-deploy.yaml b/tests/kuttl/tests/designate_tls/02-deploy.yaml new file mode 100644 index 00000000..fce33c7a --- /dev/null +++ b/tests/kuttl/tests/designate_tls/02-deploy.yaml @@ -0,0 +1,73 @@ +apiVersion: designate.openstack.org/v1beta1 +kind: Designate +metadata: + name: designate +spec: + databaseInstance: openstack + databaseAccount: designate + serviceUser: designate + rabbitMqClusterName: rabbitmq + secret: osp-secret + preserveJobs: false + customServiceConfig: | + [DEFAULT] + debug = true + designateProducer: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateMdns: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateBackendbind9: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateCentral: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateWorker: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + caBundleSecretName: combined-ca-bundle + designateAPI: + databaseAccount: designate + serviceUser: designate + secret: osp-secret + customServiceConfig: | + [DEFAULT] + debug = true + tls: + api: + internal: + secretName: cert-designate-internal-svc + public: + secretName: cert-designate-public-svc + caBundleSecretName: combined-ca-bundle