chore: bump Barbican to 0.3.10 (#1136)
diff --git a/.charts.yml b/.charts.yml
index cecb75d..a03428a 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -10,7 +10,7 @@
charts:
- name: barbican
- version: 0.3.6
+ version: 0.3.10
repository: *openstack_helm_repository
dependencies: *openstack_helm_dependencies
- name: ceph-csi-rbd
diff --git a/charts/barbican/Chart.yaml b/charts/barbican/Chart.yaml
index 3c47288..f025cbe 100644
--- a/charts/barbican/Chart.yaml
+++ b/charts/barbican/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/barbican
- https://opendev.org/openstack/openstack-helm
-version: 0.3.6
+version: 0.3.10
diff --git a/charts/barbican/templates/certificates.yaml b/charts/barbican/templates/certificates.yaml
new file mode 100644
index 0000000..6df861d
--- /dev/null
+++ b/charts/barbican/templates/certificates.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.certificates -}}
+{{ dict "envAll" . "service" "key_manager" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
+{{- end -}}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 4e281d9..d777f42 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -43,6 +43,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "barbican_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
@@ -118,9 +119,9 @@
mountPath: /tmp/barbican.sh
subPath: barbican.sh
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -136,9 +137,9 @@
configMap:
name: barbican-bin
defaultMode: 0555
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_barbican_api.volumes }}{{ toYaml $mounts_barbican_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/barbican/templates/job-rabbit-init.yaml b/charts/barbican/templates/job-rabbit-init.yaml
index 75bb5fc..0f9839e 100644
--- a/charts/barbican/templates/job-rabbit-init.yaml
+++ b/charts/barbican/templates/job-rabbit-init.yaml
@@ -21,6 +21,9 @@
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
+{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
+{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
+{{- end -}}
{{- if .Values.pod.tolerations.barbican.enabled -}}
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index 09e2198..9e6f406 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -570,7 +570,12 @@
default: barbican-api
public: barbican
host_fqdn_override:
- default: null
+ default:
+ tls:
+ secretName: barbican-tls-internal
+ issuerRef:
+ kind: ClusterIssuer
+ name: ca-clusterissuer
path:
default: /
scheme: