From 1a573b8560a478fe4736f4c258db07b5206aa212 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 2 Jul 2024 15:34:11 +0200 Subject: [PATCH] patch --- .../core_v1beta1_openstackcontrolplane.yaml | 200 ---------------- .../samples/tls/custom_ca/kustomization.yaml | 20 +- config/samples/tls/custom_ca/patch.yaml | 7 + .../core_v1beta1_openstackcontrolplane.yaml | 222 ------------------ .../tls/custom_duration/kustomization.yaml | 20 +- config/samples/tls/custom_duration/patch.yaml | 27 +++ .../core_v1beta1_openstackcontrolplane.yaml | 208 ---------------- .../tls/custom_issuers/kustomization.yaml | 16 +- config/samples/tls/custom_issuers/patch.yaml | 13 + 9 files changed, 83 insertions(+), 650 deletions(-) delete mode 100644 config/samples/tls/custom_ca/core_v1beta1_openstackcontrolplane.yaml create mode 100644 config/samples/tls/custom_ca/patch.yaml delete mode 100644 config/samples/tls/custom_duration/core_v1beta1_openstackcontrolplane.yaml create mode 100644 config/samples/tls/custom_duration/patch.yaml delete mode 100644 config/samples/tls/custom_issuers/core_v1beta1_openstackcontrolplane.yaml create mode 100644 config/samples/tls/custom_issuers/patch.yaml diff --git a/config/samples/tls/custom_ca/core_v1beta1_openstackcontrolplane.yaml b/config/samples/tls/custom_ca/core_v1beta1_openstackcontrolplane.yaml deleted file mode 100644 index 5563c0909..000000000 --- a/config/samples/tls/custom_ca/core_v1beta1_openstackcontrolplane.yaml +++ /dev/null @@ -1,200 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack -spec: - secret: osp-secret - storageClass: local-storage - tls: - caBundleSecretName: ca-custom-kuttl - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - templates: - openstack: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - openstack-cell1: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - rabbitmq: - templates: - rabbitmq: - replicas: 1 - #resources: - # requests: - # cpu: 500m - # memory: 1Gi - # limits: - # cpu: 800m - # memory: 1Gi - rabbitmq-cell1: - replicas: 1 - memcached: - templates: - memcached: - replicas: 1 - barbican: - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - secret: osp-secret - databaseInstance: openstack - storage: - storageClass: "" - storageRequest: 10G - keystoneEndpoint: default - glanceAPIs: - default: - type: single - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - manila: - template: - manilaAPI: - replicas: 1 - manilaScheduler: - replicas: 1 - manilaShares: - share1: - replicas: 1 - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: {} - neutron: - template: - databaseInstance: openstack - secret: osp-secret - horizon: - template: - replicas: 1 - secret: osp-secret - nova: - template: - secret: osp-secret - heat: - enabled: false - template: - databaseInstance: openstack - heatAPI: - replicas: 1 - heatEngine: - replicas: 1 - secret: osp-secret - ironic: - enabled: false - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - metricStorage: - enabled: false - monitoringStack: - alertingEnabled: true - scrapeInterval: 30s - storage: - strategy: persistent - retention: 24h - persistent: - pvcStorageRequest: 20G - autoscaling: - enabled: false - aodh: - passwordSelectors: - databaseAccount: aodh - databaseInstance: openstack - secret: osp-secret - heatInstance: heat - ceilometer: - enabled: true - secret: osp-secret - logging: - enabled: false - network: internalapi - ipaddr: 172.17.0.80 - port: 10514 - cloNamespace: openshift-logging - swift: - enabled: true - template: - swiftRing: - ringReplicas: 1 - swiftStorage: - replicas: 1 - swiftProxy: - replicas: 1 - octavia: - enabled: false - template: - databaseInstance: openstack - octaviaAPI: - replicas: 1 - secret: osp-secret - designate: - template: - databaseInstance: openstack - secret: osp-secret - designateAPI: - replicas: 1 - designateCentral: - replicas: 0 # backend needs to be configured - designateWorker: - replicas: 0 # backend needs to be configured - designateProducer: - replicas: 0 # backend needs to be configured - designateMdns: - replicas: 0 # backend needs to be configured - designateBackendbind9: - replicas: 0 # backend needs to be configured diff --git a/config/samples/tls/custom_ca/kustomization.yaml b/config/samples/tls/custom_ca/kustomization.yaml index 49681507c..94aa1cafb 100644 --- a/config/samples/tls/custom_ca/kustomization.yaml +++ b/config/samples/tls/custom_ca/kustomization.yaml @@ -1,10 +1,14 @@ resources: -- core_v1beta1_openstackcontrolplane.yaml +- ../../base/openstackcontrolplane + patches: - - target: - kind: OpenStackControlPlane - name: .* - patch: |- - - op: replace - path: /metadata/name - value: openstack +- target: + kind: OpenStackControlPlane + name: .* + patch: |- + - op: replace + path: /metadata/name + value: openstack +- target: + kind: OpenStackControlPlane + path: patch.yaml diff --git a/config/samples/tls/custom_ca/patch.yaml b/config/samples/tls/custom_ca/patch.yaml new file mode 100644 index 000000000..928a2d784 --- /dev/null +++ b/config/samples/tls/custom_ca/patch.yaml @@ -0,0 +1,7 @@ +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack +spec: + tls: + caBundleSecretName: ca-custom-kuttl diff --git a/config/samples/tls/custom_duration/core_v1beta1_openstackcontrolplane.yaml b/config/samples/tls/custom_duration/core_v1beta1_openstackcontrolplane.yaml deleted file mode 100644 index a2e3017e9..000000000 --- a/config/samples/tls/custom_duration/core_v1beta1_openstackcontrolplane.yaml +++ /dev/null @@ -1,222 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack -spec: - secret: osp-secret - storageClass: local-storage - tls: - ingress: - enabled: true - ca: - duration: 1000h0m0s - cert: - duration: 500h0m0s - podLevel: - enabled: true - internal: - ca: - duration: 1000h0m0s - cert: - duration: 500h0m0s - libvirt: - ca: - duration: 1000h0m0s - cert: - duration: 500h0m0s - ovn: - ca: - duration: 1000h0m0s - cert: - duration: 500h0m0s - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - templates: - openstack: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - openstack-cell1: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - rabbitmq: - templates: - rabbitmq: - replicas: 1 - #resources: - # requests: - # cpu: 500m - # memory: 1Gi - # limits: - # cpu: 800m - # memory: 1Gi - rabbitmq-cell1: - replicas: 1 - memcached: - templates: - memcached: - replicas: 1 - barbican: - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - secret: osp-secret - databaseInstance: openstack - storage: - storageClass: "" - storageRequest: 10G - keystoneEndpoint: default - glanceAPIs: - default: - type: single - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - manila: - template: - manilaAPI: - replicas: 1 - manilaScheduler: - replicas: 1 - manilaShares: - share1: - replicas: 1 - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: {} - neutron: - template: - databaseInstance: openstack - secret: osp-secret - horizon: - template: - replicas: 1 - secret: osp-secret - nova: - template: - secret: osp-secret - heat: - enabled: false - template: - databaseInstance: openstack - heatAPI: - replicas: 1 - heatEngine: - replicas: 1 - secret: osp-secret - ironic: - enabled: false - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - metricStorage: - enabled: false - monitoringStack: - alertingEnabled: true - scrapeInterval: 30s - storage: - strategy: persistent - retention: 24h - persistent: - pvcStorageRequest: 20G - autoscaling: - enabled: false - aodh: - passwordSelectors: - databaseAccount: aodh - databaseInstance: openstack - secret: osp-secret - heatInstance: heat - ceilometer: - enabled: true - secret: osp-secret - logging: - enabled: false - network: internalapi - ipaddr: 172.17.0.80 - port: 10514 - cloNamespace: openshift-logging - swift: - enabled: true - template: - swiftRing: - ringReplicas: 1 - swiftStorage: - replicas: 1 - swiftProxy: - replicas: 1 - octavia: - enabled: false - template: - databaseInstance: openstack - octaviaAPI: - replicas: 1 - secret: osp-secret - designate: - template: - databaseInstance: openstack - secret: osp-secret - designateAPI: - replicas: 1 - designateCentral: - replicas: 0 # backend needs to be configured - designateWorker: - replicas: 0 # backend needs to be configured - designateProducer: - replicas: 0 # backend needs to be configured - designateMdns: - replicas: 0 # backend needs to be configured - designateBackendbind9: - replicas: 0 # backend needs to be configured diff --git a/config/samples/tls/custom_duration/kustomization.yaml b/config/samples/tls/custom_duration/kustomization.yaml index 49681507c..94aa1cafb 100644 --- a/config/samples/tls/custom_duration/kustomization.yaml +++ b/config/samples/tls/custom_duration/kustomization.yaml @@ -1,10 +1,14 @@ resources: -- core_v1beta1_openstackcontrolplane.yaml +- ../../base/openstackcontrolplane + patches: - - target: - kind: OpenStackControlPlane - name: .* - patch: |- - - op: replace - path: /metadata/name - value: openstack +- target: + kind: OpenStackControlPlane + name: .* + patch: |- + - op: replace + path: /metadata/name + value: openstack +- target: + kind: OpenStackControlPlane + path: patch.yaml diff --git a/config/samples/tls/custom_duration/patch.yaml b/config/samples/tls/custom_duration/patch.yaml new file mode 100644 index 000000000..a86bb729f --- /dev/null +++ b/config/samples/tls/custom_duration/patch.yaml @@ -0,0 +1,27 @@ +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack +spec: + tls: + ingress: + ca: + duration: 1000h0m0s + cert: + duration: 500h0m0s + podLevel: + internal: + ca: + duration: 1000h0m0s + cert: + duration: 500h0m0s + libvirt: + ca: + duration: 1000h0m0s + cert: + duration: 500h0m0s + ovn: + ca: + duration: 1000h0m0s + cert: + duration: 500h0m0s diff --git a/config/samples/tls/custom_issuers/core_v1beta1_openstackcontrolplane.yaml b/config/samples/tls/custom_issuers/core_v1beta1_openstackcontrolplane.yaml deleted file mode 100644 index 9aff993a3..000000000 --- a/config/samples/tls/custom_issuers/core_v1beta1_openstackcontrolplane.yaml +++ /dev/null @@ -1,208 +0,0 @@ -apiVersion: core.openstack.org/v1beta1 -kind: OpenStackControlPlane -metadata: - name: openstack -spec: - secret: osp-secret - storageClass: local-storage - tls: - ingress: - enabled: true - ca: - customIssuer: rootca-ingress-custom - podLevel: - enabled: true - internal: - ca: - customIssuer: rootca-internal-custom - keystone: - template: - databaseInstance: openstack - secret: osp-secret - galera: - templates: - openstack: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - openstack-cell1: - storageClass: local-storage - storageRequest: 500M - secret: osp-secret - replicas: 1 - rabbitmq: - templates: - rabbitmq: - replicas: 1 - #resources: - # requests: - # cpu: 500m - # memory: 1Gi - # limits: - # cpu: 800m - # memory: 1Gi - rabbitmq-cell1: - replicas: 1 - memcached: - templates: - memcached: - replicas: 1 - barbican: - template: - databaseInstance: openstack - secret: osp-secret - barbicanAPI: - replicas: 1 - barbicanWorker: - replicas: 1 - barbicanKeystoneListener: - replicas: 1 - placement: - template: - databaseInstance: openstack - secret: osp-secret - glance: - template: - secret: osp-secret - databaseInstance: openstack - storage: - storageClass: "" - storageRequest: 10G - keystoneEndpoint: default - glanceAPIs: - default: - type: single - replicas: 1 - cinder: - template: - databaseInstance: openstack - secret: osp-secret - cinderAPI: - replicas: 1 - cinderScheduler: - replicas: 1 - cinderBackup: - replicas: 0 # backend needs to be configured - cinderVolumes: - volume1: - replicas: 0 # backend needs to be configured - manila: - template: - manilaAPI: - replicas: 1 - manilaScheduler: - replicas: 1 - manilaShares: - share1: - replicas: 1 - ovn: - template: - ovnDBCluster: - ovndbcluster-nb: - replicas: 1 - dbType: NB - storageRequest: 10G - ovndbcluster-sb: - replicas: 1 - dbType: SB - storageRequest: 10G - ovnNorthd: - replicas: 1 - ovnController: {} - neutron: - template: - databaseInstance: openstack - secret: osp-secret - horizon: - template: - replicas: 1 - secret: osp-secret - nova: - template: - secret: osp-secret - heat: - enabled: false - template: - databaseInstance: openstack - heatAPI: - replicas: 1 - heatEngine: - replicas: 1 - secret: osp-secret - ironic: - enabled: false - template: - databaseInstance: openstack - ironicAPI: - replicas: 1 - ironicConductors: - - replicas: 1 - storageRequest: 10G - ironicInspector: - replicas: 1 - ironicNeutronAgent: - replicas: 1 - secret: osp-secret - telemetry: - enabled: true - template: - metricStorage: - enabled: false - monitoringStack: - alertingEnabled: true - scrapeInterval: 30s - storage: - strategy: persistent - retention: 24h - persistent: - pvcStorageRequest: 20G - autoscaling: - enabled: false - aodh: - passwordSelectors: - databaseAccount: aodh - databaseInstance: openstack - secret: osp-secret - heatInstance: heat - ceilometer: - enabled: true - secret: osp-secret - logging: - enabled: false - network: internalapi - ipaddr: 172.17.0.80 - port: 10514 - cloNamespace: openshift-logging - swift: - enabled: true - template: - swiftRing: - ringReplicas: 1 - swiftStorage: - replicas: 1 - swiftProxy: - replicas: 1 - octavia: - enabled: false - template: - databaseInstance: openstack - octaviaAPI: - replicas: 1 - secret: osp-secret - designate: - template: - databaseInstance: openstack - secret: osp-secret - designateAPI: - replicas: 1 - designateCentral: - replicas: 0 # backend needs to be configured - designateWorker: - replicas: 0 # backend needs to be configured - designateProducer: - replicas: 0 # backend needs to be configured - designateMdns: - replicas: 0 # backend needs to be configured - designateBackendbind9: - replicas: 0 # backend needs to be configured diff --git a/config/samples/tls/custom_issuers/kustomization.yaml b/config/samples/tls/custom_issuers/kustomization.yaml index 0309650d3..94aa1cafb 100644 --- a/config/samples/tls/custom_issuers/kustomization.yaml +++ b/config/samples/tls/custom_issuers/kustomization.yaml @@ -1,6 +1,14 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization resources: - - ../../base/openstackcontrolplane +- ../../base/openstackcontrolplane + patches: - - path: core_v1beta1_openstackcontrolplane.yaml +- target: + kind: OpenStackControlPlane + name: .* + patch: |- + - op: replace + path: /metadata/name + value: openstack +- target: + kind: OpenStackControlPlane + path: patch.yaml diff --git a/config/samples/tls/custom_issuers/patch.yaml b/config/samples/tls/custom_issuers/patch.yaml new file mode 100644 index 000000000..65226ba20 --- /dev/null +++ b/config/samples/tls/custom_issuers/patch.yaml @@ -0,0 +1,13 @@ +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack +spec: + tls: + ingress: + ca: + customIssuer: rootca-ingress-custom + podLevel: + internal: + ca: + customIssuer: rootca-internal-custom