From 646a9480478fa3e664ba4c24217c223ae5515eb3 Mon Sep 17 00:00:00 2001
From: Doug Goldstein <doug.goldstein@rackspace.com>
Date: Fri, 27 Jun 2025 16:57:13 -0500
Subject: [PATCH] chore: only set the tls secretName as needed

All charts have the proper values and default them to keep them in sync
except for the Ironic chart. We can drop this configuration in the
deploy repos and just default it in Ironic until upstream fixes the
issue.
---
 components/ironic/values.yaml           |  8 ++++++++
 components/openstack-secrets.tpl.yaml   | 25 -------------------------
 go/understackctl/cmd/other/openstack.go | 25 -------------------------
 3 files changed, 8 insertions(+), 50 deletions(-)

diff --git a/components/ironic/values.yaml b/components/ironic/values.yaml
index 684802d5b..81b063263 100644
--- a/components/ironic/values.yaml
+++ b/components/ironic/values.yaml
@@ -117,6 +117,14 @@ endpoints:
             name: understack-cluster-issuer
             kind: ClusterIssuer
 
+secrets:
+  tls:
+    baremetal:
+      api:
+        # needs to be kept in sync with secretName in the host_fqdn_override
+        # because helm-toolkit checks one field but then uses the other
+        public: ironic-tls-public
+
 network:
   api:
     ingress:
diff --git a/components/openstack-secrets.tpl.yaml b/components/openstack-secrets.tpl.yaml
index c48864121..f6d5099f2 100644
--- a/components/openstack-secrets.tpl.yaml
+++ b/components/openstack-secrets.tpl.yaml
@@ -137,29 +137,4 @@ endpoints:
     host_fqdn_override:
       public:
         host: horizon.${DNS_ZONE}
-
-# necessary cause the ingress definition in openstack-helm-infra helm-toolkit hardcodes this
-secrets:
-  tls:
-    baremetal:
-      api:
-        public: ironic-tls-public
-    image:
-      api:
-        public: glance-tls-public
-    identity:
-      api:
-        public: keystone-tls-public
-    network:
-      server:
-        public: neutron-tls-public
-    compute:
-      osapi:
-        public: nova-tls-public
-    placement:
-      api:
-        public: placement-tls-public
-    dashboard:
-      dashboard:
-        public: horizon-tls-public
 ...
diff --git a/go/understackctl/cmd/other/openstack.go b/go/understackctl/cmd/other/openstack.go
index ba37b8167..edb58cd77 100644
--- a/go/understackctl/cmd/other/openstack.go
+++ b/go/understackctl/cmd/other/openstack.go
@@ -138,29 +138,4 @@ endpoints:
     host_fqdn_override:
       public:
         host: horizon.{{ .DNS_ZONE }}
-
-# necessary cause the ingress definition in openstack-helm-infra helm-toolkit hardcodes this
-secrets:
-  tls:
-    baremetal:
-      api:
-        public: ironic-tls-public
-    image:
-      api:
-        public: glance-tls-public
-    identity:
-      api:
-        public: keystone-tls-public
-    network:
-      server:
-        public: neutron-tls-public
-    compute:
-      osapi:
-        public: nova-tls-public
-    placement:
-      api:
-        public: placement-tls-public
-    dashboard:
-      dashboard:
-        public: horizon-tls-public
 `