Skip to content

Commit

Permalink
Merge pull request #109 from stuggi/tlse
Browse files Browse the repository at this point in the history 
[tlse] tls for SwiftProxy pod configuration
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Feb 2, 2024
2 parents e08e718 + c333b40 commit a34147b
Show file tree
Hide file tree
Showing 26 changed files with 1,268 additions and 47 deletions.
35 changes: 35 additions & 0 deletions api/bases/swift.openstack.org_swiftproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,36 @@ spec:
default: swift-conf
description: Name of Secret containing swift.conf
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret for
the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
public:
description: Public GenericService - holds the secret for
the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
required:
- containerImageProxy
- memcachedServers
Expand Down Expand Up @@ -321,6 +351,11 @@ spec:
- type
type: object
type: array
hash:
additionalProperties:
type: string
description: Map of hashes to track e.g. job status
type: object
networkAttachments:
additionalProperties:
items:
Expand Down
30 changes: 30 additions & 0 deletions api/bases/swift.openstack.org_swifts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,36 @@ spec:
default: swift-conf
description: Name of Secret containing swift.conf
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret
for the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
public:
description: Public GenericService - holds the secret
for the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in
a pre-created bundle file
type: string
type: object
required:
- containerImageProxy
- memcachedServers
Expand Down
9 changes: 9 additions & 0 deletions api/v1beta1/swiftproxy_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1beta1
import (
condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand Down Expand Up @@ -76,6 +77,11 @@ type SwiftProxySpec struct {
// +kubebuilder:default=""
// List of memcached servers.
MemcachedServers string `json:"memcachedServers"`

// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
// TLS - Parameters related to the TLS
TLS tls.API `json:"tls,omitempty"`
}

// ProxyOverrideSpec to override the generated manifest of several child resources.
Expand All @@ -95,6 +101,9 @@ type SwiftProxyStatus struct {

// NetworkAttachments status of the deployment pods
NetworkAttachments map[string][]string `json:"networkAttachments,omitempty"`

// Map of hashes to track e.g. job status
Hash map[string]string `json:"hash,omitempty"`
}

//+kubebuilder:object:root=true
Expand Down
8 changes: 8 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

35 changes: 35 additions & 0 deletions config/crd/bases/swift.openstack.org_swiftproxies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,36 @@ spec:
default: swift-conf
description: Name of Secret containing swift.conf
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret for
the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
public:
description: Public GenericService - holds the secret for
the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
required:
- containerImageProxy
- memcachedServers
Expand Down Expand Up @@ -321,6 +351,11 @@ spec:
- type
type: object
type: array
hash:
additionalProperties:
type: string
description: Map of hashes to track e.g. job status
type: object
networkAttachments:
additionalProperties:
items:
Expand Down
30 changes: 30 additions & 0 deletions config/crd/bases/swift.openstack.org_swifts.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,36 @@ spec:
default: swift-conf
description: Name of Secret containing swift.conf
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret
for the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
public:
description: Public GenericService - holds the secret
for the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in
a pre-created bundle file
type: string
type: object
required:
- containerImageProxy
- memcachedServers
Expand Down
21 changes: 21 additions & 0 deletions config/samples/swift_v1beta1_swift_tls.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: swift.openstack.org/v1beta1
kind: Swift
metadata:
name: swift
spec:
swiftRing:
ringReplicas: 1
swiftStorage:
storageClass: local-storage
replicas: 1
swiftProxy:
replicas: 1
passwordSelectors:
service: SwiftPassword
tls:
api:
internal:
secretName: cert-swift-internal-svc
public:
secretName: cert-swift-public-svc
caBundleSecretName: combined-ca-bundle
34 changes: 34 additions & 0 deletions controllers/swift_common.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
/*
Copyright 2022.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package controllers

// fields to index to reconcile when change
const (
passwordSecretField = ".spec.secret"
caBundleSecretNameField = ".spec.tls.caBundleSecretName"
tlsAPIInternalField = ".spec.tls.api.internal.secretName"
tlsAPIPublicField = ".spec.tls.api.public.secretName"
)

var (
swiftProxyWatchFields = []string{
passwordSecretField,
caBundleSecretNameField,
tlsAPIInternalField,
tlsAPIPublicField,
}
)
1 change: 1 addition & 0 deletions controllers/swift_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,7 @@ func (r *SwiftReconciler) proxyCreateOrUpdate(ctx context.Context, instance *swi
Override: instance.Spec.SwiftProxy.Override,
NetworkAttachments: instance.Spec.SwiftProxy.NetworkAttachments,
MemcachedServers: memcachedServers,
TLS: instance.Spec.SwiftProxy.TLS,
}

deployment := &swiftv1.SwiftProxy{
Expand Down
Loading

0 comments on commit a34147b

Please sign in to comment.