feat(tls): add tls to ingress for public endpoint

This patch set adds TLS on overridden fqdns for public endpoints for
airship-deckhand. As cacerts are not loaded into the containers, this
only supports certificates that can be externally verified.

Change-Id: I41606129c8d59dfedcb648f5390985a31b690eec
This commit is contained in:
Tin Lam 2018-06-26 17:03:09 -05:00
parent 85896437af
commit 7b862e05d8
2 changed files with 28 additions and 0 deletions

View File

@ -0,0 +1,16 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "deckhand" ) }}
{{- end }}

View File

@ -165,6 +165,13 @@ endpoints:
default: http
host_fqdn_override:
default: null
# NOTE(lamt): This chart supports TLS for fqdn overriden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
postgresql:
name: postgresql
auth:
@ -215,6 +222,10 @@ secrets:
postgresql:
admin: deckhand-db-admin
user: deckhand-db-user
tls:
deckhand:
api:
public: deckhand-tls-public
conf:
uwsgi:
@ -386,6 +397,7 @@ manifests:
job_ks_service: true
job_ks_user: true
secret_db: true
secret_ingress_tls: true
secret_keystone: true
service_api: true
service_ingress_api: true