Skip to content

Commit

Permalink
Merge pull request #1137 from stuggi/default_edpm_cacerts
Browse files Browse the repository at this point in the history
Set combined-ca-bundle as the default CACerts secret name
  • Loading branch information
openshift-merge-bot[bot] authored Oct 30, 2024
2 parents 1276a85 + 15d7bf8 commit 937ac9e
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ spec:
default: false
type: boolean
caCerts:
default: combined-ca-bundle
maxLength: 253
type: string
certsFrom:
Expand Down
3 changes: 2 additions & 1 deletion apis/dataplane/v1beta1/openstackdataplaneservice_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ type OpenStackDataPlaneServiceSpec struct {
// CACerts - Secret containing the CA certificate chain
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength:=253
CACerts string `json:"caCerts,omitempty" yaml:"caCerts,omitempty"`
// +kubebuilder:default="combined-ca-bundle"
CACerts string `json:"caCerts" yaml:"caCerts"`

// OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image
// +kubebuilder:validation:Optional
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ spec:
default: false
type: boolean
caCerts:
default: combined-ca-bundle
maxLength: 253
type: string
certsFrom:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -763,6 +763,8 @@ spec:
name: libvirt-combined-ca-bundle
- mountPath: /var/lib/openstack/cacerts/nova
name: nova-combined-ca-bundle
- mountPath: /var/lib/openstack/cacerts/custom-global-service
name: custom-global-service-combined-ca-bundle
- mountPath: /runner/env/ssh_key
name: ssh-key
subPath: ssh_key
Expand Down Expand Up @@ -804,6 +806,10 @@ spec:
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: custom-global-service-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: ssh-key
secret:
defaultMode: 420
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,8 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/openstack/cacerts/install-certs-ovr
name: install-certs-ovr-combined-ca-bundle
- mountPath: /var/lib/openstack/certs/generic-service1/default
name: openstack-edpm-tls-generic-service1-default-certs-0
- mountPath: /var/lib/openstack/cacerts/generic-service1
Expand All @@ -190,6 +192,10 @@ spec:
serviceAccountName: openstack-edpm-tls
terminationGracePeriodSeconds: 30
volumes:
- name: install-certs-ovr-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: openstack-edpm-tls-generic-service1-default-certs-0
projected:
defaultMode: 420
Expand Down
6 changes: 6 additions & 0 deletions tests/kuttl/tests/dataplane-deploy-tls-test/02-assert.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ spec:
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/openstack/cacerts/install-certs-ovrd
name: install-certs-ovrd-combined-ca-bundle
- mountPath: /var/lib/openstack/certs/tls-dnsnames/default
name: openstack-edpm-tls-tls-dnsnames-default-certs-0
- mountPath: /var/lib/openstack/certs/tls-dnsnames/second
Expand All @@ -225,6 +227,10 @@ spec:
serviceAccountName: openstack-edpm-tls
terminationGracePeriodSeconds: 30
volumes:
- name: install-certs-ovrd-combined-ca-bundle
secret:
defaultMode: 420
secretName: combined-ca-bundle
- name: openstack-edpm-tls-tls-dnsnames-default-certs-0
projected:
defaultMode: 420
Expand Down

0 comments on commit 937ac9e

Please sign in to comment.