diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml index e51b9d9e5..f2a6244f3 100644 --- a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -10542,6 +10542,11 @@ spec: type: object caBundleSecretName: type: string + ovn: + properties: + secretName: + type: string + type: object type: object transportURLSecret: type: string diff --git a/apis/go.mod b/apis/go.mod index 9bfbee846..01ee5ae99 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -20,7 +20,7 @@ require ( github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240411135034-a77c10351c47 github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933-2fa11969312b github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433 - github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d + github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2 github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240412212308-52c4fc7de5a4 github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240404140050-69252e99daaf github.com/openstack-k8s-operators/swift-operator/api v0.3.1-0.20240412224825-4de3d73ff582 diff --git a/apis/go.sum b/apis/go.sum index 9844e29f6..0af701568 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -105,8 +105,8 @@ github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933- github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933-2fa11969312b/go.mod h1:iA/flM2a8U+wIT9QNC+mZxQsiebhOOlLv7qpCcHFrME= github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433 h1:YACRumvGLOC4qxE9Ew8BcQfx9lrpFEOxJhLcR1k99BI= github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433/go.mod h1:VypWxGnIf++Ch2lG9AQYK1TmMkaInYGN56g6FEiKFv8= -github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d h1:LJsJxX4ukD/h8QIRQtDJ3f55Ic2Rnl9Wy6dzEwvwkA4= -github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d/go.mod h1:EZymlUAhQzGNIAGrpGZ5P6oqfq2IhqY2lNPKLG9iKh8= +github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2 h1:VuFtvrkVPYztDwItMvo6K0pDBxXi2kSVMPiOD8nfC3E= +github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2/go.mod h1:EZymlUAhQzGNIAGrpGZ5P6oqfq2IhqY2lNPKLG9iKh8= github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240412212308-52c4fc7de5a4 h1:3/lBXj0vyqaca2EakQZ8tA1koIrPZZeoJ2jwRoNYE/c= github.com/openstack-k8s-operators/ovn-operator/api v0.3.1-0.20240412212308-52c4fc7de5a4/go.mod h1:geYtiRKn+GKR61YhAMsvPvLqVdMb4wtvMrj1kFG0SdU= github.com/openstack-k8s-operators/placement-operator/api v0.3.1-0.20240404140050-69252e99daaf h1:O7RzcKH3qRORucojkKZc1vIpQv5naYoWn34zhVzTs0E= diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml index e51b9d9e5..f2a6244f3 100644 --- a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -10542,6 +10542,11 @@ spec: type: object caBundleSecretName: type: string + ovn: + properties: + secretName: + type: string + type: object type: object transportURLSecret: type: string diff --git a/go.mod b/go.mod index c988999fc..e92821f73 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240411135034-a77c10351c47 github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933-2fa11969312b github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433 - github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d + github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2 github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.1-0.20240410174327-61aaa39a5449 github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20240415092655-7e783e887608 github.com/openstack-k8s-operators/openstack-operator/apis v0.0.0-00010101000000-000000000000 diff --git a/go.sum b/go.sum index 328fc7069..e9410341a 100644 --- a/go.sum +++ b/go.sum @@ -134,8 +134,8 @@ github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933- github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240411120933-2fa11969312b/go.mod h1:iA/flM2a8U+wIT9QNC+mZxQsiebhOOlLv7qpCcHFrME= github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433 h1:YACRumvGLOC4qxE9Ew8BcQfx9lrpFEOxJhLcR1k99BI= github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240415072306-b848abde3433/go.mod h1:VypWxGnIf++Ch2lG9AQYK1TmMkaInYGN56g6FEiKFv8= -github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d h1:LJsJxX4ukD/h8QIRQtDJ3f55Ic2Rnl9Wy6dzEwvwkA4= -github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240408184306-f4d50944f99d/go.mod h1:EZymlUAhQzGNIAGrpGZ5P6oqfq2IhqY2lNPKLG9iKh8= +github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2 h1:VuFtvrkVPYztDwItMvo6K0pDBxXi2kSVMPiOD8nfC3E= +github.com/openstack-k8s-operators/octavia-operator/api v0.3.1-0.20240416115956-468bde1c9db2/go.mod h1:EZymlUAhQzGNIAGrpGZ5P6oqfq2IhqY2lNPKLG9iKh8= github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.1-0.20240410174327-61aaa39a5449 h1:s1UHKf5rGfpthhoB2SdyjSEQsioWTzMkTDm6dFoDHN4= github.com/openstack-k8s-operators/openstack-ansibleee-operator/api v0.3.1-0.20240410174327-61aaa39a5449/go.mod h1:YD7kgzFwVoedxEpttup/pKPxUCxo/c7y3GEGR1Ab708= github.com/openstack-k8s-operators/openstack-baremetal-operator/api v0.3.1-0.20240415092655-7e783e887608 h1:wy7PYgPNE/oFP7Vddh/Z5kSo562EkW0ffGdmDP5aL4Y= diff --git a/pkg/openstack/octavia.go b/pkg/openstack/octavia.go index 89866a18e..fe4af24bb 100644 --- a/pkg/openstack/octavia.go +++ b/pkg/openstack/octavia.go @@ -20,6 +20,8 @@ import ( "context" "fmt" + certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "github.com/openstack-k8s-operators/lib-common/modules/certmanager" "github.com/openstack-k8s-operators/lib-common/modules/common/condition" "github.com/openstack-k8s-operators/lib-common/modules/common/helper" "github.com/openstack-k8s-operators/lib-common/modules/common/service" @@ -67,6 +69,36 @@ func ReconcileOctavia(ctx context.Context, instance *corev1beta1.OpenStackContro // preserve any previously set TLS certs, set CA cert if instance.Spec.TLS.PodLevel.Enabled { instance.Spec.Octavia.Template.OctaviaAPI.TLS = octavia.Spec.OctaviaAPI.TLS + + serviceName := "octavia" + // create ovndb client certificate for octavia + certRequest := certmanager.CertificateRequest{ + IssuerName: instance.GetOvnIssuer(), + CertName: fmt.Sprintf("%s-ovndbs", serviceName), + Duration: nil, + Hostnames: []string{ + fmt.Sprintf("%s.%s.svc", serviceName, instance.Namespace), + fmt.Sprintf("%s.%s.svc.%s", serviceName, instance.Namespace, ClusterInternalDomain), + }, + Ips: nil, + Usages: []certmgrv1.KeyUsage{ + certmgrv1.UsageKeyEncipherment, + certmgrv1.UsageDigitalSignature, + certmgrv1.UsageClientAuth, + }, + } + certSecret, ctrlResult, err := certmanager.EnsureCert( + ctx, + helper, + certRequest, + nil) + if err != nil { + return ctrl.Result{}, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrl.Result{}, nil + } + + instance.Spec.Octavia.Template.OctaviaAPI.TLS.Ovn.SecretName = &certSecret.Name } instance.Spec.Octavia.Template.OctaviaAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName