Set issuer config separately in values
diff --git a/charts/libvirt/templates/daemonset-libvirt.yaml b/charts/libvirt/templates/daemonset-libvirt.yaml
index b2a2bce..35cd6e1 100644
--- a/charts/libvirt/templates/daemonset-libvirt.yaml
+++ b/charts/libvirt/templates/daemonset-libvirt.yaml
@@ -89,9 +89,9 @@
- name: TYPE
value: api
- name: ISSUER_KIND
- value: {{ .Values.conf.libvirt.issuer.kind }}
+ value: {{ .Values.issuers.libvirt.kind }}
- name: ISSUER_NAME
- value: {{ .Values.conf.libvirt.issuer.name }}
+ value: {{ .Values.issuers.libvirt.name }}
- name: POD_UID
valueFrom:
fieldRef:
@@ -126,9 +126,9 @@
- name: TYPE
value: vnc
- name: ISSUER_KIND
- value: {{ .Values.conf.vencrypt.issuer.kind }}
+ value: {{ .Values.issuers.vencrypt.kind }}
- name: ISSUER_NAME
- value: {{ .Values.conf.vencrypt.issuer.name }}
+ value: {{ .Values.issuers.vencrypt.name }}
- name: POD_UID
valueFrom:
fieldRef:
diff --git a/charts/libvirt/values.yaml b/charts/libvirt/values.yaml
index 7314f78..60653f0 100644
--- a/charts/libvirt/values.yaml
+++ b/charts/libvirt/values.yaml
@@ -90,6 +90,17 @@
configmap: ceph-etc
user_secret_name: pvc-ceph-client-key
+# Issuers for TLS certificates
+issuers:
+ # Issuer to issue a certificate for libvirt api when listen_tls is enabled
+ libvirt:
+ kind: ClusterIssuer
+ name: ca-clusterissuer
+ # Issuer to issue a certificate for vencrypt
+ vencrypt:
+ kind: ClusterIssuer
+ name: ca-clusterissuer
+
conf:
ceph:
enabled: true
@@ -105,10 +116,6 @@
secret_uuid: null
user_secret_name: null
libvirt:
- # Issuer to issue a certificate for libvirt api when listen_tls is enabled.
- issuer:
- kind: ClusterIssuer
- name: ca-clusterissuer
listen_tcp: "1"
listen_tls: "0"
auth_tcp: "none"
@@ -125,13 +132,9 @@
stdio_handler: "file"
user: "nova"
group: "kvm"
+ default_tls_x509_cert_dir: /etc/pki/qemu
kubernetes:
cgroup: "kubepods.slice"
- vencrypt:
- # Issuer to use for the vencrypt certs.
- issuer:
- kind: ClusterIssuer
- name: ca-clusterissuer
pod:
probes:
diff --git a/hack/sync-charts.sh b/hack/sync-charts.sh
index 5de6162..7eddf21 100755
--- a/hack/sync-charts.sh
+++ b/hack/sync-charts.sh
@@ -109,7 +109,7 @@
LIBVIRT_VERSION=0.1.23
curl -sL https://tarballs.opendev.org/openstack/openstack-helm-infra/libvirt-${LIBVIRT_VERSION}.tgz \
| tar -xz -C ${ATMOSPHERE}/charts
-curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/4/patch?download' \
+curl 'https://review.opendev.org/changes/openstack%2Fopenstack-helm-infra~893406/revisions/5/patch?download' \
| base64 --decode \
| filterdiff -p1 -x 'releasenotes/*' \
| filterdiff -p2 -x 'Chart.yaml' \
diff --git a/roles/libvirt/vars/main.yml b/roles/libvirt/vars/main.yml
index 0eef048..7bda6b5 100644
--- a/roles/libvirt/vars/main.yml
+++ b/roles/libvirt/vars/main.yml
@@ -23,9 +23,6 @@
ceph:
enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
libvirt:
- issuer:
- kind: Issuer
- name: libvirt-api-ca
listen_tcp: "0"
listen_tls: "1"
listen_addr: 0.0.0.0
@@ -33,7 +30,10 @@
default_tls_x509_cert_dir: /etc/pki/qemu
default_tls_x509_verify: "1"
vnc_tls: "1"
+ issuers:
+ libvirt:
+ kind: Issuer
+ name: libvirt-api-ca
vencrypt:
- issuer:
- kind: Issuer
- name: libvirt-vnc-ca
+ kind: Issuer
+ name: libvirt-vnc-ca