fix(libvirt): add HOSTNAME_FQDN to certificate (#627)
diff --git a/charts/libvirt/charts/helm-toolkit/Chart.yaml b/charts/libvirt/charts/helm-toolkit/Chart.yaml
index e6aec81..1ee9758 100644
--- a/charts/libvirt/charts/helm-toolkit/Chart.yaml
+++ b/charts/libvirt/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.54
+version: 0.2.55
diff --git a/charts/libvirt/charts/helm-toolkit/requirements.lock b/charts/libvirt/charts/helm-toolkit/requirements.lock
index 6b627a3..1be4fbf 100644
--- a/charts/libvirt/charts/helm-toolkit/requirements.lock
+++ b/charts/libvirt/charts/helm-toolkit/requirements.lock
@@ -1,3 +1,3 @@
dependencies: []
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
-generated: "2023-09-01T16:05:35.715054762Z"
+generated: "2023-10-04T02:47:43.2057745Z"
diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl
index 4c476b2..972e429 100644
--- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_ingress.tpl
@@ -67,10 +67,10 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
rules:
- host: barbican
http:
@@ -108,10 +108,10 @@
metadata:
name: barbican-namespace-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public
hosts:
@@ -133,10 +133,10 @@
metadata:
name: barbican-cluster-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx-cluster"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx-cluster"
tls:
- secretName: barbican-tls-public
hosts:
@@ -202,10 +202,10 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public
hosts:
@@ -302,12 +302,12 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: ca-issuer
certmanager.k8s.io/issuer: ca-issuer
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public-certmanager
hosts:
@@ -404,12 +404,12 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: ca-issuer
certmanager.k8s.io/cluster-issuer: ca-issuer
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public-certmanager
hosts:
@@ -488,10 +488,10 @@
metadata:
name: grafana
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
rules:
- host: grafana
http:
@@ -529,10 +529,10 @@
metadata:
name: grafana-namespace-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: grafana-tls-public
hosts:
@@ -565,10 +565,10 @@
metadata:
name: grafana-cluster-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx-cluster"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx-cluster"
tls:
- secretName: grafana-tls-public
hosts:
@@ -639,7 +639,6 @@
metadata:
name: {{ $ingressName }}
annotations:
- kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }}
{{- if $certIssuer }}
cert-manager.io/{{ $certIssuerType }}: {{ $certIssuer }}
certmanager.k8s.io/{{ $certIssuerType }}: {{ $certIssuer }}
@@ -650,6 +649,7 @@
{{- end }}
{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }}
spec:
+ ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }}
{{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "hosts" }}
{{- if $certIssuer }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
@@ -695,9 +695,9 @@
metadata:
name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }}
annotations:
- kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }}
{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }}
spec:
+ ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }}
{{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "host_fqdn_override" }}
{{- if hasKey $host $endpoint }}
{{- $endpointHost := index $host $endpoint }}
diff --git a/charts/libvirt/requirements.lock b/charts/libvirt/requirements.lock
index 0e9a84f..a71c0cd 100644
--- a/charts/libvirt/requirements.lock
+++ b/charts/libvirt/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../helm-toolkit
- version: 0.2.54
-digest: sha256:dd4dba67518d3c1ed79bf1663fbb9379b51c4a5d985f8a4884f4e9d168ab940d
-generated: "2023-09-01T16:05:39.633360672Z"
+ version: 0.2.55
+digest: sha256:fe6ad5ce9983b4435c76e650bb0050609eb56467a4429aa844e50d954d2e91c8
+generated: "2023-10-04T02:47:46.734613773Z"
diff --git a/charts/libvirt/values.yaml b/charts/libvirt/values.yaml
index 60653f0..c57c9f8 100644
--- a/charts/libvirt/values.yaml
+++ b/charts/libvirt/values.yaml
@@ -277,8 +277,9 @@
#!/bin/bash
set -x
- # Script to create certs for each libvirt pod based on pod IP (by default).
+ HOSTNAME_FQDN=$(hostname --fqdn)
+ # Script to create certs for each libvirt pod based on pod IP (by default).
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -298,6 +299,7 @@
- server auth
dnsNames:
- ${HOSTNAME}
+ - ${HOSTNAME_FQDN}
ipAddresses:
- ${POD_IP}
issuerRef:
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index e0f1748..500c126 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -109,7 +109,7 @@
LIBVIRT_VERSION=0.1.23
curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/libvirt-${LIBVIRT_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/5/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/6/patch?download' \
| base64 --decode \
| filterdiff -p1 -x 'releasenotes/*' \
| filterdiff -p2 -x 'Chart.yaml' \