Enable TLS for glanceAPI Edge instances

When a glanceAPI Edge instance is deployed, the glance-operator creates an internal SVC, but the public one is skipped (because these instances are not exposed outside). However, we're currently not able to enable TLS because the EnsureEndpoint function is skipped due to the different size of the generated Overrides that is compared with the service list (svcs.Items). This patch fixes the current behavior and generates an internal override only for an Edge API instance type: by doing this we're able to properly execute the EnsureEndpoint function and generate both key and cert, referenced by the Edge API. Signed-off-by: Francesco Pantano <[email protected]>
olliewalsh · May 22, 2024 · 0d0840a · 0d0840a
1 parent d9a3921
commit 0d0840a
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/pkg/openstack/glance.go b/pkg/openstack/glance.go
@@ -55,7 +55,12 @@ func ReconcileGlance(ctx context.Context, instance *corev1beta1.OpenStackControl
 
 	// add selector to service overrides
 	for name, glanceAPI := range instance.Spec.Glance.Template.GlanceAPIs {
-		for _, endpointType := range []service.Endpoint{service.EndpointPublic, service.EndpointInternal} {
+		eps := []service.Endpoint{service.EndpointPublic, service.EndpointInternal}
+		// An Edge glanceAPI has an internal endpoint only
+		if glanceAPI.Type == glancev1.APIEdge {
+			eps = []service.Endpoint{service.EndpointInternal}
+		}
+		for _, endpointType := range eps {
 			if glanceAPI.Override.Service == nil {
 				glanceAPI.Override.Service = map[service.Endpoint]service.RoutedOverrideSpec{}
 			}
@@ -122,8 +127,11 @@ func ReconcileGlance(ctx context.Context, instance *corev1beta1.OpenStackControl
 			}
 			// set service overrides
 			glanceAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides()
-			// update TLS cert secret
-			glanceAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
+			// update TLS cert secret, but skip Public endpoint for Edge
+			// instances
+			if glanceAPI.Type != glancev1.APIEdge {
+				glanceAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
+			}
 			glanceAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)
 
 			// let's keep track of changes for any instance, but return