[tlse] rename TLSPodLevelConfig.Default to TLSPodLevelConfig.Internal

Jira: OSPRH-5342

Author: stuggi

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

@@ -16189,12 +16189,12 @@ spec:
                       duration: 8760h
                     enabled: true
                   podLevel:
-                    default:
+                    enabled: false
+                    internal:
                       ca:
                         duration: 43800h
                       cert:
                         duration: 8760h
-                    enabled: false
                     ovn:
                       ca:
                         duration: 43800h
@@ -16224,7 +16224,9 @@ spec:
                     type: object
                   podLevel:
                     properties:
-                      default:
+                      enabled:
+                        type: boolean
+                      internal:
                         properties:
                           ca:
                             properties:
@@ -16241,8 +16243,6 @@ spec:
                                 type: string
                             type: object
                         type: object
-                      enabled:
-                        type: boolean
                       ovn:
                         properties:
                           ca:

apis/core/v1beta1/openstackcontrolplane_types.go

@@ -76,7 +76,7 @@ type OpenStackControlPlaneSpec struct {
 
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
-	// +kubebuilder:default={ingress: {enabled: true, ca: {duration: "43800h"}, cert: {duration: "8760h"}}, podLevel: {enabled: false, default:{ca: {duration: "43800h"}, cert: {duration: "8760h"}}, ovn: {ca: {duration: "43800h"}, cert: {duration: "8760h"}}}}
+	// +kubebuilder:default={ingress: {enabled: true, ca: {duration: "43800h"}, cert: {duration: "8760h"}}, podLevel: {enabled: false, internal:{ca: {duration: "43800h"}, cert: {duration: "8760h"}}, ovn: {ca: {duration: "43800h"}, cert: {duration: "8760h"}}}}
 	// TLS - Parameters related to the TLS
 	TLS TLSSection `json:"tls"`
 
@@ -224,9 +224,9 @@ type TLSPodLevelConfig struct {
 
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
-	// Default - CA used for all OpenStackControlPlane and OpenStackDataplane endpoints,
+	// Internal - default CA used for all OpenStackControlPlane and OpenStackDataplane endpoints,
 	// except OVN related CA and certs
-	Default CertSection `json:"default,omitempty"`
+	Internal CertSection `json:"internal,omitempty"`
 
 	// +kubebuilder:validation:Optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec

apis/core/v1beta1/zz_generated.deepcopy.go

@@ -16189,12 +16189,12 @@ spec:
                       duration: 8760h
                     enabled: true
                   podLevel:
-                    default:
+                    enabled: false
+                    internal:
                       ca:
                         duration: 43800h
                       cert:
                         duration: 8760h
-                    enabled: false
                     ovn:
                       ca:
                         duration: 43800h
@@ -16224,7 +16224,9 @@ spec:
                     type: object
                   podLevel:
                     properties:
-                      default:
+                      enabled:
+                        type: boolean
+                      internal:
                         properties:
                           ca:
                             properties:
@@ -16241,8 +16243,6 @@ spec:
                                 type: string
                             type: object
                         type: object
-                      enabled:
-                        type: boolean
                       ovn:
                         properties:
                           ca:

config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml

@@ -407,21 +407,21 @@ spec:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - displayName: Pod Level
         path: tls.podLevel
-      - description: Default - CA used for all OpenStackControlPlane and OpenStackDataplane
-          endpoints, except OVN related CA and certs
-        displayName: Default
-        path: tls.podLevel.default
-      - description: Ca - defines details for CA cert config
-        displayName: Ca
-        path: tls.podLevel.default.ca
-      - description: Cert - defines details for cert config
-        displayName: Cert
-        path: tls.podLevel.default.cert
       - description: Enabled - Whether TLS should be enabled for endpoint type
         displayName: Enabled
         path: tls.podLevel.enabled
         x-descriptors:
         - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
+      - description: Internal - default CA used for all OpenStackControlPlane and
+          OpenStackDataplane endpoints, except OVN related CA and certs
+        displayName: Internal
+        path: tls.podLevel.internal
+      - description: Ca - defines details for CA cert config
+        displayName: Ca
+        path: tls.podLevel.internal.ca
+      - description: Cert - defines details for cert config
+        displayName: Cert
+        path: tls.podLevel.internal.cert
       - description: Ovn - CA used for all OVN services on OpenStackControlPlane and
           OpenStackDataplane
         displayName: Ovn

config/manifests/bases/openstack-operator.clusterserviceversion.yaml

@@ -122,7 +122,7 @@ func ReconcileCAs(ctx context.Context, instance *corev1.OpenStackControlPlane, h
 		map[string]string{certmanager.RootCAIssuerInternalLabel: ""},
 		bundle,
 		caOnlyBundle,
-		instance.Spec.TLS.PodLevel.Default.Ca,
+		instance.Spec.TLS.PodLevel.Internal.Ca,
 	)
 	if err != nil {
 		return ctrlResult, err

pkg/openstack/ca.go

@@ -318,11 +318,11 @@ func EnsureEndpointConfig(
 					Labels:      ed.Labels,
 					Usages:      nil,
 				}
-				if instance.Spec.TLS.PodLevel.Default.Cert.Duration != nil {
-					certRequest.Duration = &instance.Spec.TLS.PodLevel.Default.Cert.Duration.Duration
+				if instance.Spec.TLS.PodLevel.Internal.Cert.Duration != nil {
+					certRequest.Duration = &instance.Spec.TLS.PodLevel.Internal.Cert.Duration.Duration
 				}
-				if instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore != nil {
-					certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore.Duration
+				if instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore != nil {
+					certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore.Duration
 				}
 				certSecret, ctrlResult, err := certmanager.EnsureCert(
 					ctx,

pkg/openstack/common.go

@@ -58,11 +58,11 @@ func ReconcileGaleras(
 				"client auth",
 			},
 		}
-		if instance.Spec.TLS.PodLevel.Default.Cert.Duration != nil {
-			certRequest.Duration = &instance.Spec.TLS.PodLevel.Default.Cert.Duration.Duration
+		if instance.Spec.TLS.PodLevel.Internal.Cert.Duration != nil {
+			certRequest.Duration = &instance.Spec.TLS.PodLevel.Internal.Cert.Duration.Duration
 		}
-		if instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore != nil {
-			certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore.Duration
+		if instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore != nil {
+			certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore.Duration
 		}
 		certSecret, ctrlResult, err := certmanager.EnsureCert(
 			ctx,

pkg/openstack/galera.go

@@ -181,11 +181,11 @@ func reconcileRabbitMQ(
 			CertName:   fmt.Sprintf("%s-svc", rabbitmq.Name),
 			Hostnames:  []string{hostname},
 		}
-		if instance.Spec.TLS.PodLevel.Default.Cert.Duration != nil {
-			certRequest.Duration = &instance.Spec.TLS.PodLevel.Default.Cert.Duration.Duration
+		if instance.Spec.TLS.PodLevel.Internal.Cert.Duration != nil {
+			certRequest.Duration = &instance.Spec.TLS.PodLevel.Internal.Cert.Duration.Duration
 		}
-		if instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore != nil {
-			certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Default.Cert.RenewBefore.Duration
+		if instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore != nil {
+			certRequest.RenewBefore = &instance.Spec.TLS.PodLevel.Internal.Cert.RenewBefore.Duration
 		}
 		certSecret, ctrlResult, err := certmanager.EnsureCert(
 			ctx,