Manage certificates for Octavia controller-amphora communication
Octavia presently allows for one method for the controller to
communicate with amphorae: the amphora REST API. Both amphora API and
Octavia controller do bi-directional certificate-based authentication in
order to authenticate and encrypt communication.
This change doesn't affect Octavia user-facing API.
What this change does:
- Creates Octavia CA stored on a node where Octavia controller
is running
- Creates certificates for controller-amphora communication
signed by this CA. (Amphora-side certs are generated by Octavia
itself)
Depends on: https://gerrit.mcp.mirantis.net/7680
Related PROD: PROD-11933
Change-Id: Iedca3b5888af6e331005ed7387d4ca68d34e0261
3 files changed