Add app credential to operator chart

charts/kubernikus/templates/operator.yaml

@@ -7,6 +7,10 @@ kind: Deployment
 
 metadata:
   name: kubernikus-operator
+  {{- if .Values.openstack.application_credential_secret }}
+  annotations:
+    secret.reloader.stakater.com/reload: "kubernikus-operator"
+  {{- end }}
   labels:
     app: kubernikus
     type: operator
@@ -36,7 +40,7 @@ spec:
             - kubernikus
             - operator
             - --chart-directory=/etc/kubernikus/charts
-            {{- if .Values.openstack.auth_url }}
+            {{- if and .Values.openstack.auth_url (emtpy .Values.openstack.application_credential_secret) }}
             {{- /* This is a bit convoluted but making sure that the url ends with /v3 */}}
             - --auth-url={{ trimSuffix "/" .Values.openstack.auth_url | trimSuffix "/v3" }}/v3
             - --auth-username={{ .Values.openstack.auth_user_id }}
@@ -72,13 +76,30 @@ spec:
             - name: USE_OCTAVIA
               value: "true"
             {{- end }}
-            {{- if .Values.openstack.auth_url }}
+            {{- if and .Values.openstack.auth_url (empty .Values.openstack.application_credential_secret) }}
             - name: OS_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: kubernikus-operator
                   key: password
             {{- end }}
+            {{- if .Values.openstack.application_credential_secret }}
+            - name: OS_APPLICATION_CREDENTIAL_ID
+              valueFrom:
+                secretKeyRef:
+                  name: kubernikus-operator
+                  key: applicationCredentialID
+            - name: OS_APPLICATION_CREDENTIAL_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: kubernikus-operator
+                  key: applicationCredentialName
+            - name: OS_APPLICATION_CREDENTIAL_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: kubernikus-operator
+                  key: applicationCredentialSecret
+            {{- end }}
           {{- if .Values.operator.resources }}
           resources: {{- toYaml .Values.operator.resources | nindent 12 }}
           {{- end}}

charts/kubernikus/templates/secret-operator.yaml

@@ -8,11 +8,15 @@ metadata:
 
 data:
   authURL: {{ required "openstack.auth_url undefined" .Values.openstack.auth_url | trimSuffix "/"  | trimSuffix "/v3" | printf "%s/v3" | b64enc }}
+  {{- if .Values.openstack.application_credential_secret }}
+  applicationCredentialID: {{ required "openstack.application_credential_id undefined" .Values.openstack.application_credential_id | b64enc }}
+  applicationCredentialName: {{ required "openstack.application_credential_name undefined" .Values.openstack.application_credential_name | b64enc }}
+  applicationCredentialSecret: {{ required "openstack.application_credential_secret undefined" .Values.openstack.application_credential_secret | b64enc }}
+  {{- else }}
   username: {{ required "openstack.auth_user_id undefined" .Values.openstack.auth_user_id | b64enc }}
   password: {{ required "openstack.auth_user_password undefined" .Values.openstack.auth_user_password | b64enc }}
   userDomain: {{ required "openstack.auth_domain undefined" .Values.openstack.auth_domain | b64enc }}
   project: {{ required "openstack.auth_project undefined" .Values.openstack.auth_project | b64enc }}
   projectDomain: {{ required "openstack.auth_project_domain undefined" .Values.openstack.auth_project_domain | b64enc }}
+  {{- end }}
 {{- end }}
-
-

charts/kubernikus/values.yaml

@@ -8,6 +8,9 @@ openstack: {}
   #auth_domain: "Default"
   #auth_project: "master"
   #auth_project_domain: "Default"
+  #application_credential_id:
+  #application_credential_name:
+  #application_credential_secret:
 
 dex:
   ldap: