bug 1420425. Allow setting of public facing certs for kibana in openshift_logging role

roles/openshift_logging/defaults/main.yml

@@ -27,6 +27,18 @@ openshift_logging_kibana_proxy_cpu_limit: null
 openshift_logging_kibana_proxy_memory_limit: null
 openshift_logging_kibana_replica_count: 1
 
+#The absolute path on the control node to the cert file to use
+#for the public facing kibana certs
+openshift_logging_kibana_cert: ""
+
+#The absolute path on the control node to the key file to use
+#for the public facing kibana certs
+openshift_logging_kibana_key: ""
+
+#The absolute path on the control node to the CA file to use
+#for the public facing kibana certs
+openshift_logging_kibana_ca: ""
+
 openshift_logging_kibana_ops_hostname: "{{ openshift_hosted_logging_ops_hostname | default(kibana-ops.{{openshift.common.dns_domain}}) }}"
 openshift_logging_kibana_ops_cpu_limit: null
 openshift_logging_kibana_ops_memory_limit: null

roles/openshift_logging/tasks/generate_routes.yaml

@@ -1,4 +1,20 @@
 ---
+- set_fact: kibana_key={{ lookup('file', openshift_logging_kibana_key) | b64encode }}
+  when: "{{ openshift_logging_kibana_key | trim | length > 0 }}"
+  changed_when: false
+
+- set_fact: kibana_cert={{ lookup('file', openshift_logging_kibana_cert)| b64encode  }}
+  when: "{{openshift_logging_kibana_cert | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ca={{ lookup('file', openshift_logging_kibana_ca)| b64encode  }}
+  when: "{{openshift_logging_kibana_ca | trim | length > 0}}"
+  changed_when: false
+
+- set_fact: kibana_ca={{key_pairs | entry_from_named_pair('ca_file') }}
+  when: kibana_ca is not defined
+  changed_when: false
+
 - name: Generating logging routes
   template: src=route_reencrypt.j2 dest={{mktemp.stdout}}/templates/logging-{{route_info.name}}-route.yaml
   tags: routes
@@ -6,7 +22,9 @@
     obj_name: "{{route_info.name}}"
     route_host: "{{route_info.host}}"
     service_name: "{{route_info.name}}"
-    tls_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
+    tls_key: "{{kibana_key | default('') | b64decode}}"
+    tls_cert: "{{kibana_cert | default('') | b64decode}}"
+    tls_ca_cert: "{{kibana_ca | b64decode}}"
     tls_dest_ca_cert: "{{key_pairs | entry_from_named_pair('ca_file')| b64decode }}"
     labels:
       component: support

roles/openshift_logging/templates/route_reencrypt.j2

@@ -11,6 +11,14 @@ metadata:
 spec:
   host: {{ route_host }}
   tls:
+{% if tls_key is defined and tls_key | length > 0 %}
+    key: |
+{{ tls_key|indent(6, true) }}
+{% if tls_cert is defined and tls_cert | length > 0 %}
+    certificate: |
+{{ tls_cert|indent(6, true) }}
+{% endif %}
+{% endif %}
     caCertificate: |
 {% for line in tls_ca_cert.split('\n') %}
       {{ line }}