Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "Cert management" #205

Merged
merged 1 commit into from
Nov 30, 2023
Merged

Revert "Cert management" #205

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 2 additions & 8 deletions api/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,9 @@ spec:
description: OctaviaAmphoraControllerSpec defines common state for all
Octavia Amphora Controllers
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing certs
for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image URL
Expand Down
30 changes: 6 additions & 24 deletions api/bases/octavia.openstack.org_octavias.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,15 +456,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -638,15 +632,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -820,15 +808,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down
10 changes: 2 additions & 8 deletions api/v1beta1/amphoracontroller_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,16 +77,10 @@ type OctaviaAmphoraControllerSpec struct {
// Secret containing OpenStack password information for octavia OctaviaDatabasePassword, AdminPassword
Secret string `json:"secret"`

// +kubebuilder:validation:Required
// +kubebuilder:default=octavia-certs-secret
// LoadBalancerCerts - Secret containing certs for securing communication with amphora based Load Balancers
// *kubebuilder:validation:Required
// Secret containing certs for securing communication with amphora based Load Balancers
LoadBalancerCerts string `json:"certssecret"`

// +kubebuilder:validation:Optional
// +kubebuilder:default=octavia-ca-passphrase
// Name of secret containing passphrase for the CA private keys
CAKeyPassphraseSecret string `json:"certspassphrasesecret"`

// +kubebuilder:validation:Optional
// +kubebuilder:default={database: OctaviaDatabasePassword, service: OctaviaPassword}
// PasswordSelectors - Selectors to identify the DB and AdminUser password from the Secret
Expand Down
10 changes: 2 additions & 8 deletions config/crd/bases/octavia.openstack.org_octaviaamphoracontrollers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,9 @@ spec:
description: OctaviaAmphoraControllerSpec defines common state for all
Octavia Amphora Controllers
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing certs
for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image URL
Expand Down
30 changes: 6 additions & 24 deletions config/crd/bases/octavia.openstack.org_octavias.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,15 +456,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -638,15 +632,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down Expand Up @@ -820,15 +808,9 @@ spec:
description: OctaviaHousekeeping - Spec definition for the Octavia
Housekeeping agent for the Octavia deployment
properties:
certspassphrasesecret:
default: octavia-ca-passphrase
description: Name of secret containing passphrase for the CA private
keys
type: string
certssecret:
default: octavia-certs-secret
description: LoadBalancerCerts - Secret containing certs for securing
communication with amphora based Load Balancers
description: '*kubebuilder:validation:Required Secret containing
certs for securing communication with amphora based Load Balancers'
type: string
containerImage:
description: ContainerImage - Amphora Controller Container Image
Expand Down
6 changes: 3 additions & 3 deletions config/samples/octavia_v1beta1_octavia.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: housekeeping
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand All @@ -33,7 +33,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: healthmanager
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand All @@ -45,7 +45,7 @@ spec:
serviceUser: octavia
serviceAccount: octavia
role: worker
certssecret: octavia-amp-cert-data
certssecret: todo
secret: osp-secret
preserveJobs: false
customServiceConfig: |
Expand Down
29 changes: 2 additions & 27 deletions controllers/amphoracontroller_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ import (
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
"github.com/openstack-k8s-operators/lib-common/modules/common/labels"
nad "github.com/openstack-k8s-operators/lib-common/modules/common/networkattachment"
"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
"github.com/openstack-k8s-operators/lib-common/modules/common/util"

keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
Expand Down Expand Up @@ -254,17 +253,6 @@ func (r *OctaviaAmphoraControllerReconciler) reconcileNormal(ctx context.Context
return ctrl.Result{}, err
}

err = amphoracontrollers.EnsureAmphoraCerts(ctx, instance, helper, &Log)
if err != nil {
instance.Status.Conditions.Set(condition.FalseCondition(
condition.ServiceConfigReadyCondition,
condition.ErrorReason,
condition.SeverityWarning,
condition.ServiceConfigReadyErrorMessage,
err.Error()))
return ctrl.Result{}, err
}

instance.Status.Conditions.MarkTrue(condition.InputReadyCondition, condition.InputReadyMessage)

//
Expand Down Expand Up @@ -429,25 +417,12 @@ func (r *OctaviaAmphoraControllerReconciler) generateServiceConfigMaps(
if err != nil {
return err
}
caPassSecret, _, err := secret.GetSecret(
ctx, helper, instance.Spec.CAKeyPassphraseSecret, instance.Namespace)
if err != nil {
return err
}
spec := instance.Spec
templateParameters["ServiceUser"] = spec.ServiceUser
templateParameters["ServiceUser"] = instance.Spec.ServiceUser
templateParameters["KeystoneInternalURL"] = keystoneInternalURL
templateParameters["KeystonePublicURL"] = keystonePublicURL
templateParameters["ServiceRoleName"] = spec.Role
templateParameters["ServiceRoleName"] = instance.Spec.Role
templateParameters["LbMgmtNetworkId"] = templateVars.LbMgmtNetworkID
templateParameters["AmpFlavorId"] = templateVars.AmphoraDefaultFlavorID
serverCAPassphrase := caPassSecret.Data["server-ca-passphrase"]
if serverCAPassphrase != nil {
templateParameters["ServerCAKeyPassphrase"] = string(serverCAPassphrase)
} else {
// Can't do string(nil)
templateParameters["ServerCAKeyPassphrase"] = ""
}

// TODO(beagles): populate the template parameters
cms := []util.Template{
Expand Down
Loading
Loading