Skip to content

Commit 849dea1

Browse files
Deydra71Deydra71
committed
[tlse] internal TLS support for telemetry aodh service
Creates the telemetry aodh route and svc overrides. Creates certs for k8s service of the service operator when spec.tls.endpoint.internal.enabled: true For a service like nova which talks to multiple service internal endpoints, this has to be set for each of them for, like: ~~~ customServiceConfig: | [keystone_authtoken] insecure = true [placement] insecure = true [neutron] insecure = true [glance] insecure = true [cinder] insecure = true ~~~ Depends-On: openstack-k8s-operators/lib-common#428 Depends-On: #620 Depends-On: openstack-k8s-operators/telemetry-operator#310 Depends-On: openstack-k8s-operators/telemetry-operator#327 Depends-On: openstack-k8s-operators/telemetry-operator#330 Signed-off-by: Veronika Fisarova <[email protected]>
1 parent c73a218 commit 849dea1

File tree

10 files changed

+281
-2
lines changed

10 files changed

+281
-2
lines changed

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15324,6 +15324,112 @@ spec:
1532415324
type: object
1532515325
telemetry:
1532615326
properties:
15327+
apiOverride:
15328+
properties:
15329+
route:
15330+
properties:
15331+
metadata:
15332+
properties:
15333+
annotations:
15334+
additionalProperties:
15335+
type: string
15336+
type: object
15337+
labels:
15338+
additionalProperties:
15339+
type: string
15340+
type: object
15341+
type: object
15342+
spec:
15343+
properties:
15344+
alternateBackends:
15345+
items:
15346+
properties:
15347+
kind:
15348+
enum:
15349+
- Service
15350+
- ""
15351+
type: string
15352+
name:
15353+
type: string
15354+
weight:
15355+
format: int32
15356+
maximum: 256
15357+
minimum: 0
15358+
type: integer
15359+
type: object
15360+
maxItems: 3
15361+
type: array
15362+
host:
15363+
maxLength: 253
15364+
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
15365+
type: string
15366+
path:
15367+
pattern: ^/
15368+
type: string
15369+
port:
15370+
properties:
15371+
targetPort:
15372+
anyOf:
15373+
- type: integer
15374+
- type: string
15375+
x-kubernetes-int-or-string: true
15376+
required:
15377+
- targetPort
15378+
type: object
15379+
subdomain:
15380+
maxLength: 253
15381+
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
15382+
type: string
15383+
tls:
15384+
properties:
15385+
caCertificate:
15386+
type: string
15387+
certificate:
15388+
type: string
15389+
destinationCACertificate:
15390+
type: string
15391+
insecureEdgeTerminationPolicy:
15392+
type: string
15393+
key:
15394+
type: string
15395+
termination:
15396+
enum:
15397+
- edge
15398+
- reencrypt
15399+
- passthrough
15400+
type: string
15401+
required:
15402+
- termination
15403+
type: object
15404+
to:
15405+
properties:
15406+
kind:
15407+
enum:
15408+
- Service
15409+
- ""
15410+
type: string
15411+
name:
15412+
type: string
15413+
weight:
15414+
format: int32
15415+
maximum: 256
15416+
minimum: 0
15417+
type: integer
15418+
type: object
15419+
wildcardPolicy:
15420+
enum:
15421+
- None
15422+
- Subdomain
15423+
- ""
15424+
type: string
15425+
type: object
15426+
type: object
15427+
tls:
15428+
properties:
15429+
secretName:
15430+
type: string
15431+
type: object
15432+
type: object
1532715433
enabled:
1532815434
default: true
1532915435
type: boolean

apis/core/v1beta1/conditions.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,9 @@ const (
108108
// OpenStackControlPlaneTelemetryReadyCondition Status=True condition which indicates if OpenStack Telemetry service is configured and operational
109109
OpenStackControlPlaneTelemetryReadyCondition condition.Type = "OpenStackControlPlaneTelemetryReady"
110110

111+
// OpenStackControlPlaneExposeTelemetryReadyCondition Status=True condition which indicates if Telemetry is exposed via a route
112+
OpenStackControlPlaneExposeTelemetryReadyCondition condition.Type = "OpenStackControlPlaneExposeTelemetryReady"
113+
111114
// OpenStackControlPlaneServiceOverrideReadyCondition Status=True condition which indicates if OpenStack service override has created ok
112115
OpenStackControlPlaneServiceOverrideReadyCondition condition.Type = "OpenStackControlPlaneServiceOverrideReady"
113116

apis/core/v1beta1/openstackcontrolplane_types.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -605,6 +605,11 @@ type TelemetrySection struct {
605605
//+operator-sdk:csv:customresourcedefinitions:type=spec
606606
// Template - Overrides to use when creating the OpenStack Telemetry services
607607
Template telemetryv1.TelemetrySpec `json:"template,omitempty"`
608+
609+
// +kubebuilder:validation:Optional
610+
// +operator-sdk:csv:customresourcedefinitions:type=spec
611+
// APIOverride, provides the ability to override the generated manifest of several child resources.
612+
APIOverride Override `json:"apiOverride,omitempty"`
608613
}
609614

610615
// SwiftSection defines the desired state of Swift service

apis/core/v1beta1/zz_generated.deepcopy.go

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apis/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ require (
2424
github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240307150054-826f3260f9aa
2525
github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240307105529-ab602118fd5d
2626
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890
27-
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd
27+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1
2828
github.com/rabbitmq/cluster-operator/v2 v2.6.0
2929
k8s.io/api v0.28.7
3030
k8s.io/apimachinery v0.28.7

apis/go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,8 @@ github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1f
115115
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890/go.mod h1:GaoEq+SBg1xlafynZQEyK7wU0YMkajHEbig6J1CQjUo=
116116
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd h1:4du2HsmcEZRc06Ams3FI9kQZDkcYg3FxeDXsfkx9jSg=
117117
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd/go.mod h1:QUHaxzPPQ1OzWvG8BJIE+D1LSpm+bdv2yfrXHXiYQ+4=
118+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1 h1:qefN+xCULerSvCGKrZhSLfEZKysbg3qkuh8z3S762os=
119+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1/go.mod h1:o31YpCBy9vQK7ORT+Qa1ZmwxZwlA9bQhfehs1ZVG8hQ=
118120
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
119121
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
120122
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15324,6 +15324,112 @@ spec:
1532415324
type: object
1532515325
telemetry:
1532615326
properties:
15327+
apiOverride:
15328+
properties:
15329+
route:
15330+
properties:
15331+
metadata:
15332+
properties:
15333+
annotations:
15334+
additionalProperties:
15335+
type: string
15336+
type: object
15337+
labels:
15338+
additionalProperties:
15339+
type: string
15340+
type: object
15341+
type: object
15342+
spec:
15343+
properties:
15344+
alternateBackends:
15345+
items:
15346+
properties:
15347+
kind:
15348+
enum:
15349+
- Service
15350+
- ""
15351+
type: string
15352+
name:
15353+
type: string
15354+
weight:
15355+
format: int32
15356+
maximum: 256
15357+
minimum: 0
15358+
type: integer
15359+
type: object
15360+
maxItems: 3
15361+
type: array
15362+
host:
15363+
maxLength: 253
15364+
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
15365+
type: string
15366+
path:
15367+
pattern: ^/
15368+
type: string
15369+
port:
15370+
properties:
15371+
targetPort:
15372+
anyOf:
15373+
- type: integer
15374+
- type: string
15375+
x-kubernetes-int-or-string: true
15376+
required:
15377+
- targetPort
15378+
type: object
15379+
subdomain:
15380+
maxLength: 253
15381+
pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$
15382+
type: string
15383+
tls:
15384+
properties:
15385+
caCertificate:
15386+
type: string
15387+
certificate:
15388+
type: string
15389+
destinationCACertificate:
15390+
type: string
15391+
insecureEdgeTerminationPolicy:
15392+
type: string
15393+
key:
15394+
type: string
15395+
termination:
15396+
enum:
15397+
- edge
15398+
- reencrypt
15399+
- passthrough
15400+
type: string
15401+
required:
15402+
- termination
15403+
type: object
15404+
to:
15405+
properties:
15406+
kind:
15407+
enum:
15408+
- Service
15409+
- ""
15410+
type: string
15411+
name:
15412+
type: string
15413+
weight:
15414+
format: int32
15415+
maximum: 256
15416+
minimum: 0
15417+
type: integer
15418+
type: object
15419+
wildcardPolicy:
15420+
enum:
15421+
- None
15422+
- Subdomain
15423+
- ""
15424+
type: string
15425+
type: object
15426+
type: object
15427+
tls:
15428+
properties:
15429+
secretName:
15430+
type: string
15431+
type: object
15432+
type: object
1532715433
enabled:
1532815434
default: true
1532915435
type: boolean

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ require (
3636
github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240307150054-826f3260f9aa
3737
github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240307105529-ab602118fd5d
3838
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890
39-
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd
39+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1
4040
github.com/operator-framework/api v0.20.0
4141
github.com/rabbitmq/cluster-operator/v2 v2.6.0
4242
go.uber.org/zap v1.27.0

go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,8 @@ github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1f
137137
github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240307114522-1fa027839890/go.mod h1:GaoEq+SBg1xlafynZQEyK7wU0YMkajHEbig6J1CQjUo=
138138
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd h1:4du2HsmcEZRc06Ams3FI9kQZDkcYg3FxeDXsfkx9jSg=
139139
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307120415-25f01ea4a7fd/go.mod h1:QUHaxzPPQ1OzWvG8BJIE+D1LSpm+bdv2yfrXHXiYQ+4=
140+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1 h1:qefN+xCULerSvCGKrZhSLfEZKysbg3qkuh8z3S762os=
141+
github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240307150616-71834757d8e1/go.mod h1:o31YpCBy9vQK7ORT+Qa1ZmwxZwlA9bQhfehs1ZVG8hQ=
140142
github.com/operator-framework/api v0.20.0 h1:A2YCRhr+6s0k3pRJacnwjh1Ue8BqjIGuQ2jvPg9XCB4=
141143
github.com/operator-framework/api v0.20.0/go.mod h1:rXPOhrQ6mMeXqCmpDgt1ALoar9ZlHL+Iy5qut9R99a4=
142144
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

pkg/openstack/telemetry.go

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66

77
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
88
"github.com/openstack-k8s-operators/lib-common/modules/common/helper"
9+
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
910

1011
corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1"
1112
telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
@@ -38,6 +39,59 @@ func ReconcileTelemetry(ctx context.Context, instance *corev1beta1.OpenStackCont
3839
return ctrl.Result{}, nil
3940
}
4041

42+
// add selector to service overrides
43+
for _, endpointType := range []service.Endpoint{service.EndpointPublic, service.EndpointInternal} {
44+
if instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service == nil {
45+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service = make(map[service.Endpoint]service.RoutedOverrideSpec)
46+
}
47+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service[endpointType] =
48+
AddServiceOpenStackOperatorLabel(
49+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service[endpointType],
50+
telemetry.Name)
51+
}
52+
53+
// preserve any previously set TLS certs, set CA cert
54+
if instance.Spec.TLS.Enabled(service.EndpointInternal) {
55+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.TLS = telemetry.Spec.Autoscaling.Aodh.TLS
56+
}
57+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName
58+
59+
svcs, err := service.GetServicesListWithLabel(
60+
ctx,
61+
helper,
62+
instance.Namespace,
63+
GetServiceOpenStackOperatorLabel(telemetry.Name),
64+
)
65+
if err != nil {
66+
return ctrl.Result{}, err
67+
}
68+
69+
// make sure to get to EndpointConfig when all service got created
70+
if len(svcs.Items) == len(instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service) {
71+
endpointDetails, ctrlResult, err := EnsureEndpointConfig(
72+
ctx,
73+
instance,
74+
helper,
75+
telemetry,
76+
svcs,
77+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service,
78+
instance.Spec.Telemetry.APIOverride,
79+
corev1beta1.OpenStackControlPlaneExposeTelemetryReadyCondition,
80+
false, // TODO (mschuppert) could be removed when all integrated service support TLS
81+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.TLS,
82+
)
83+
if err != nil {
84+
return ctrlResult, err
85+
} else if (ctrlResult != ctrl.Result{}) {
86+
return ctrlResult, nil
87+
}
88+
// set service overrides
89+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.Override.Service = endpointDetails.GetEndpointServiceOverrides()
90+
// update TLS settings with cert secret
91+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
92+
instance.Spec.Telemetry.Template.Autoscaling.Aodh.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)
93+
}
94+
4195
helper.GetLogger().Info("Reconciling Telemetry", telemetryNamespaceLabel, instance.Namespace, telemetryNameLabel, telemetryName)
4296
op, err := controllerutil.CreateOrPatch(ctx, helper.GetClient(), telemetry, func() error {
4397
instance.Spec.Telemetry.Template.DeepCopyInto(&telemetry.Spec)

0 commit comments

Comments
 (0)