Add barbican certificate generation

This PS adds generation of certificate for barbican, when tls connection is enabled (manifest.certificate=true), using values from endpoints.key_manager.host_fqdn_override.default.tls This PS also fixes tls connection to rabbitmq. Change-Id: I6397ce934e33975b1d91795aaade498f3a71468a Signed-off-by: Anselme, Schubert (sa246v) <sa246v@att.com>
2023-11-16 10:56:56 -05:00 · 2023-11-16 10:56:56 -05:00 · 11eb3b2384
parent 41d046c1b5
commit 11eb3b2384
5 changed files with 28 additions and 2 deletions
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.3.6
+version: 0.3.7
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:
--- a/barbican/templates/certificates.yaml
+++ b/barbican/templates/certificates.yaml
@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.certificates -}}
+{{  dict "envAll" . "service" "key_manager" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
+{{- end -}}
--- a/barbican/templates/job-rabbit-init.yaml
+++ b/barbican/templates/job-rabbit-init.yaml
@ -21,6 +21,9 @@ helm.sh/hook-weight: "-4"

 {{- if .Values.manifests.job_rabbit_init }}
 {{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
+{{- end -}}
 {{- if .Values.pod.tolerations.barbican.enabled -}}
 {{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
 {{- end -}}
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -570,7 +570,12 @@ endpoints:
      default: barbican-api
      public: barbican
    host_fqdn_override:
-      default: null
+      default:
+        tls:
+          secretName: barbican-tls-internal
+          issuerRef:
+            kind: ClusterIssuer
+            name: ca-clusterissuer
    path:
      default: /
    scheme:
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@ -30,4 +30,5 @@ barbican:
  - 0.3.4 Add 2023.1 overrides
  - 0.3.5 Add Ubuntu Jammy overrides
  - 0.3.6 Add 2023.2 Ubuntu Jammy overrides
+  - 0.3.7 Fix TLS connection to rabbitmq, and generate barbican certificate
 ...