[tlse] internal TLS support for telemetry aodh service

Deydra71 · Deydra71 · commit 83005bca0297 · 2024-03-07T11:41:58.000+01:00
Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like: ~~~ customServiceConfig: | [keystone_authtoken] insecure = true [placement] insecure = true [neutron] insecure = true [glance] insecure = true [cinder] insecure = true ~~~ Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: openstack-k8s-operators#620 Depends-On: openstack-k8s-operators/telemetry-operator#310 Depends-On: openstack-k8s-operators/telemetry-operator#327 Depends-On: openstack-k8s-operators/telemetry-operator#330 Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -15384,6 +15384,112 @@ spec:
                 type: object
               telemetry:
                 properties:
+                  apiOverride:
+                    properties:
+                      route:
+                        properties:
+                          metadata:
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            type: object
+                          spec:
+                            properties:
+                              alternateBackends:
+                                items:
+                                  properties:
+                                    kind:
+                                      enum:
+                                      - Service
+                                      - ""
+                                      type: string
+                                    name:
+                                      type: string
+                                    weight:
+                                      format: int32
+                                      maximum: 256
+                                      minimum: 0
+                                      type: integer
+                                  type: object
+                                maxItems: 3
+                                type: array
+                              host:
+                                maxLength: 253
+                                pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                                type: string
+                              path:
+                                pattern: ^/
+                                type: string
+                              port:
+                                properties:
+                                  targetPort:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                - targetPort
+                                type: object
+                              subdomain:
+                                maxLength: 253
+                                pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                                type: string
+                              tls:
+                                properties:
+                                  caCertificate:
+                                    type: string
+                                  certificate:
+                                    type: string
+                                  destinationCACertificate:
+                                    type: string
+                                  insecureEdgeTerminationPolicy:
+                                    type: string
+                                  key:
+                                    type: string
+                                  termination:
+                                    enum:
+                                    - edge
+                                    - reencrypt
+                                    - passthrough
+                                    type: string
+                                required:
+                                - termination
+                                type: object
+                              to:
+                                properties:
+                                  kind:
+                                    enum:
+                                    - Service
+                                    - ""
+                                    type: string
+                                  name:
+                                    type: string
+                                  weight:
+                                    format: int32
+                                    maximum: 256
+                                    minimum: 0
+                                    type: integer
+                                type: object
+                              wildcardPolicy:
+                                enum:
+                                - None
+                                - Subdomain
+                                - ""
+                                type: string
+                            type: object
+                        type: object
+                      tls:
+                        properties:
+                          secretName:
+                            type: string
+                        type: object
+                    type: object
                   enabled:
                     default: true
                     type: boolean
@@ -15495,6 +15601,24 @@ spec:
                               serviceUser:
                                 default: aodh
                                 type: string
+                              tls:
+                                properties:
+                                  api:
+                                    properties:
+                                      internal:
+                                        properties:
+                                          secretName:
+                                            type: string
+                                        type: object
+                                      public:
+                                        properties:
+                                          secretName:
+                                            type: string
+                                        type: object
+                                    type: object
+                                  caBundleSecretName:
+                                    type: string
+                                type: object
                             required:
                             - apiImage
                             - databaseInstance
diff --git a/apis/core/v1beta1/conditions.go b/apis/core/v1beta1/conditions.go
@@ -108,6 +108,9 @@ const (
 	// OpenStackControlPlaneTelemetryReadyCondition Status=True condition which indicates if OpenStack Telemetry service is configured and operational
 	OpenStackControlPlaneTelemetryReadyCondition condition.Type = "OpenStackControlPlaneTelemetryReady"
 
+	// OpenStackControlPlaneExposeTelemetryReadyCondition Status=True condition which indicates if Telemetry is exposed via a route
+	OpenStackControlPlaneExposeTelemetryReadyCondition condition.Type = "OpenStackControlPlaneExposeTelemetryReady"
+
 	// OpenStackControlPlaneServiceOverrideReadyCondition Status=True condition which indicates if OpenStack service override has created ok
 	OpenStackControlPlaneServiceOverrideReadyCondition condition.Type = "OpenStackControlPlaneServiceOverrideReady"
 
diff --git a/apis/core/v1beta1/openstackcontrolplane_types.go b/apis/core/v1beta1/openstackcontrolplane_types.go
@@ -547,6 +547,11 @@ type TelemetrySection struct {
 	//+operator-sdk:csv:customresourcedefinitions:type=spec
 	// Template - Overrides to use when creating the OpenStack Telemetry services
 	Template telemetryv1.TelemetrySpec `json:"template,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// APIOverride, provides the ability to override the generated manifest of several child resources.
+	APIOverride Override `json:"apiOverride,omitempty"`
 }
 
 // SwiftSection defines the desired state of Swift service
diff --git a/apis/core/v1beta1/zz_generated.deepcopy.go b/apis/core/v1beta1/zz_generated.deepcopy.go
diff --git a/apis/go.mod b/apis/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240227150317-d42793e452c2
 	github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240229134606-d2a5a5abde9d
 	github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79
-	github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5
+	github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31
 	github.com/rabbitmq/cluster-operator/v2 v2.6.0
 	k8s.io/api v0.28.7
 	k8s.io/apimachinery v0.28.7
diff --git a/apis/go.sum b/apis/go.sum
@@ -128,8 +128,8 @@ github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.2024022913460
 github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240229134606-d2a5a5abde9d/go.mod h1:ePH8U08vCJQ4dwTuh/nLiidqlNOPx/EuRWjIbSEW1hY=
 github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79 h1:OPqHOID5/2sr4hZtvWdm03xje1GeCf/u6FiRViZXFwU=
 github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79/go.mod h1:NW/gfy7soUXzx7H/JsOcqQ7GhBJ2DvrjEy4ZKr5uR8s=
-github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5 h1:j8Kj8+xQC2FQRkdVUwOgFAZlhFtMV1YygVCypxLmllw=
-github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5/go.mod h1:Css7ZpU59JmTX/GegION98Y6XFKceBx/zxQQHptwd+8=
+github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31 h1:duKTmS6gFGCkVw151HxATWtsRMVCws1Tka1WcbpL3Mo=
+github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31/go.mod h1:Css7ZpU59JmTX/GegION98Y6XFKceBx/zxQQHptwd+8=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -15384,6 +15384,112 @@ spec:
                 type: object
               telemetry:
                 properties:
+                  apiOverride:
+                    properties:
+                      route:
+                        properties:
+                          metadata:
+                            properties:
+                              annotations:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                              labels:
+                                additionalProperties:
+                                  type: string
+                                type: object
+                            type: object
+                          spec:
+                            properties:
+                              alternateBackends:
+                                items:
+                                  properties:
+                                    kind:
+                                      enum:
+                                      - Service
+                                      - ""
+                                      type: string
+                                    name:
+                                      type: string
+                                    weight:
+                                      format: int32
+                                      maximum: 256
+                                      minimum: 0
+                                      type: integer
+                                  type: object
+                                maxItems: 3
+                                type: array
+                              host:
+                                maxLength: 253
+                                pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                                type: string
+                              path:
+                                pattern: ^/
+                                type: string
+                              port:
+                                properties:
+                                  targetPort:
+                                    anyOf:
+                                    - type: integer
+                                    - type: string
+                                    x-kubernetes-int-or-string: true
+                                required:
+                                - targetPort
+                                type: object
+                              subdomain:
+                                maxLength: 253
+                                pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
+                                type: string
+                              tls:
+                                properties:
+                                  caCertificate:
+                                    type: string
+                                  certificate:
+                                    type: string
+                                  destinationCACertificate:
+                                    type: string
+                                  insecureEdgeTerminationPolicy:
+                                    type: string
+                                  key:
+                                    type: string
+                                  termination:
+                                    enum:
+                                    - edge
+                                    - reencrypt
+                                    - passthrough
+                                    type: string
+                                required:
+                                - termination
+                                type: object
+                              to:
+                                properties:
+                                  kind:
+                                    enum:
+                                    - Service
+                                    - ""
+                                    type: string
+                                  name:
+                                    type: string
+                                  weight:
+                                    format: int32
+                                    maximum: 256
+                                    minimum: 0
+                                    type: integer
+                                type: object
+                              wildcardPolicy:
+                                enum:
+                                - None
+                                - Subdomain
+                                - ""
+                                type: string
+                            type: object
+                        type: object
+                      tls:
+                        properties:
+                          secretName:
+                            type: string
+                        type: object
+                    type: object
                   enabled:
                     default: true
                     type: boolean
@@ -15495,6 +15601,24 @@ spec:
                               serviceUser:
                                 default: aodh
                                 type: string
+                              tls:
+                                properties:
+                                  api:
+                                    properties:
+                                      internal:
+                                        properties:
+                                          secretName:
+                                            type: string
+                                        type: object
+                                      public:
+                                        properties:
+                                          secretName:
+                                            type: string
+                                        type: object
+                                    type: object
+                                  caBundleSecretName:
+                                    type: string
+                                type: object
                             required:
                             - apiImage
                             - databaseInstance
diff --git a/go.mod b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240227150317-d42793e452c2
 	github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240229134606-d2a5a5abde9d
 	github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79
-	github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5
+	github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31
 	github.com/operator-framework/api v0.20.0
 	github.com/rabbitmq/cluster-operator/v2 v2.6.0
 	go.uber.org/zap v1.27.0
diff --git a/go.sum b/go.sum
@@ -150,8 +150,8 @@ github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.2024022913460
 github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240229134606-d2a5a5abde9d/go.mod h1:ePH8U08vCJQ4dwTuh/nLiidqlNOPx/EuRWjIbSEW1hY=
 github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79 h1:OPqHOID5/2sr4hZtvWdm03xje1GeCf/u6FiRViZXFwU=
 github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240301170116-13941759ec79/go.mod h1:NW/gfy7soUXzx7H/JsOcqQ7GhBJ2DvrjEy4ZKr5uR8s=
-github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5 h1:j8Kj8+xQC2FQRkdVUwOgFAZlhFtMV1YygVCypxLmllw=
-github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240301135657-444ba309cbb5/go.mod h1:Css7ZpU59JmTX/GegION98Y6XFKceBx/zxQQHptwd+8=
+github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31 h1:duKTmS6gFGCkVw151HxATWtsRMVCws1Tka1WcbpL3Mo=
+github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240305220843-2385f2581b31/go.mod h1:Css7ZpU59JmTX/GegION98Y6XFKceBx/zxQQHptwd+8=
 github.com/operator-framework/api v0.20.0 h1:A2YCRhr+6s0k3pRJacnwjh1Ue8BqjIGuQ2jvPg9XCB4=
 github.com/operator-framework/api v0.20.0/go.mod h1:rXPOhrQ6mMeXqCmpDgt1ALoar9ZlHL+Iy5qut9R99a4=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
diff --git a/pkg/openstack/telemetry.go b/pkg/openstack/telemetry.go
