Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

Commit

Permalink
Merge pull request #875 from vakwetu/add_multiple_cert_support
Browse files Browse the repository at this point in the history 
Add multiple cert support
  • Loading branch information
@slagle
slagle authored Jun 6, 2024
2 parents 650ed3f + ce25cd9 commit e2cd3f7
Show file tree
Hide file tree
Showing 27 changed files with 491 additions and 361 deletions.
90 changes: 46 additions & 44 deletions api/bases/dataplane.openstack.org_openstackdataplaneservices.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,52 +83,54 @@ spec:
items:
type: string
type: array
tlsCert:
properties:
contents:
items:
type: string
minItems: 1
type: array
edpmRoleServiceName:
type: string
issuer:
type: string
keyUsages:
items:
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
tlsCerts:
additionalProperties:
properties:
contents:
items:
type: string
minItems: 1
type: array
edpmRoleServiceName:
type: string
type: array
networks:
items:
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$
issuer:
type: string
type: array
required:
- contents
keyUsages:
items:
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
type: string
type: array
networks:
items:
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$
type: string
type: array
required:
- contents
type: object
type: object
type: object
status:
Expand Down
4 changes: 2 additions & 2 deletions api/v1beta1/openstackdataplaneservice_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,9 @@ type OpenStackDataPlaneServiceSpec struct {
// OpenStackAnsibleEE
DataSources []DataSource `json:"datasources,omitempty"`

// TLSCert tls certs to be generated
// TLSCerts tls certs to be generated
// +kubebuilder:validation:Optional
TLSCert *OpenstackDataPlaneServiceCert `json:"tlsCert,omitempty" yaml:"tlsCert,omitempty"`
TLSCerts map[string]OpenstackDataPlaneServiceCert `json:"tlsCerts,omitempty" yaml:"tlsCerts,omitempty"`

// Play is an inline playbook contents that ansible will run on execution.
Play string `json:"play,omitempty"`
Expand Down
10 changes: 6 additions & 4 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

90 changes: 46 additions & 44 deletions config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,52 +83,54 @@ spec:
items:
type: string
type: array
tlsCert:
properties:
contents:
items:
type: string
minItems: 1
type: array
edpmRoleServiceName:
type: string
issuer:
type: string
keyUsages:
items:
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
tlsCerts:
additionalProperties:
properties:
contents:
items:
type: string
minItems: 1
type: array
edpmRoleServiceName:
type: string
type: array
networks:
items:
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$
issuer:
type: string
type: array
required:
- contents
keyUsages:
items:
enum:
- signing
- digital signature
- content commitment
- key encipherment
- key agreement
- data encipherment
- cert sign
- crl sign
- encipher only
- decipher only
- any
- server auth
- client auth
- code signing
- email protection
- s/mime
- ipsec end system
- ipsec tunnel
- ipsec user
- timestamping
- ocsp signing
- microsoft sgc
- netscape sgc
type: string
type: array
networks:
items:
pattern: ^[a-zA-Z0-9][a-zA-Z0-9\-_]*[a-zA-Z0-9]$
type: string
type: array
required:
- contents
type: object
type: object
type: object
status:
Expand Down
25 changes: 13 additions & 12 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_libvirt.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,17 @@ spec:
# NOTE: this Secret needs to be created before deploying the data plane.
# It should contain the libvirt sasl auth password using the key LibvirtPassword
- libvirt-secret
tlsCert:
contents:
- dnsnames
- ips
networks:
- ctlplane
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
issuer: osp-rootca-issuer-libvirt
tlsCerts:
default:
contents:
- dnsnames
- ips
networks:
- ctlplane
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
issuer: osp-rootca-issuer-libvirt
caCerts: combined-ca-bundle
23 changes: 12 additions & 11 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_neutron_metadata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,18 @@ spec:
secrets:
- neutron-ovn-metadata-agent-neutron-config
- nova-metadata-neutron-config
tlsCert:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- client auth
tlsCerts:
default:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- client auth
caCerts: combined-ca-bundle
containerImageFields:
- EdpmNeutronMetadataAgentImage
23 changes: 12 additions & 11 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_neutron_ovn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,17 +6,18 @@ spec:
playbook: osp.edpm.neutron_ovn
secrets:
- neutron-ovn-agent-neutron-config
tlsCert:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- client auth
tlsCerts:
default:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- client auth
caCerts: combined-ca-bundle
containerImageFields:
- EdpmNeutronOvnAgentImage
25 changes: 13 additions & 12 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_ovn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,19 @@ spec:
playbook: osp.edpm.ovn
configMaps:
- ovncontroller-config
tlsCert:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
tlsCerts:
default:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
caCerts: combined-ca-bundle
containerImageFields:
- OvnControllerImage
25 changes: 13 additions & 12 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_ovn_bgp_agent.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,19 @@ spec:
playbook: osp.edpm.ovn_bgp_agent
secrets:
- neutron-ovn-agent-neutron-config
tlsCert:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
tlsCerts:
default:
contents:
- dnsnames
- ips
networks:
- ctlplane
issuer: osp-rootca-issuer-ovn
keyUsages:
- digital signature
- key encipherment
- server auth
- client auth
caCerts: combined-ca-bundle
containerImageFields:
- EdpmOvnBgpAgentImage
7 changes: 4 additions & 3 deletions config/services/dataplane_v1beta1_openstackdataplaneservice_telemetry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ spec:
secrets:
- ceilometer-compute-config-data
playbook: osp.edpm.telemetry
tlsCert:
contents:
- ips
tlsCerts:
default:
contents:
- ips
caCerts: combined-ca-bundle
containerImageFields:
- CeilometerComputeImage
Expand Down
Loading

0 comments on commit e2cd3f7

Please sign in to comment.