Add podLevel TLS between OpenStackAssistant and MCP server sidecar

dprince · dprince · commit 283396d44794 · 2026-05-18T13:36:12.000-04:00
Adds TLS encryption for the Streamable HTTP connection between the
OpenStackAssistant pod (Goose) and the rhos-ls-mcps MCP server sidecar
running in the OpenStackClient pod. TLS is conditional: enabled when
CaBundleSecretName is set on the OpenStackClient (indicating TLS is
active in the cluster via the OpenStackControlPlane).

When enabled, the OpenStackClient controller creates a cert-manager
Certificate using the existing rootca-internal issuer for the MCP
service endpoint. The resulting TLS cert/key are mounted into the
MCP sidecar container and referenced in the rhos-mcps config.yaml
via the new tls.ssl_certfile/ssl_keyfile fields. The assistant
controller switches resolved MCP URLs from http:// to https:// when
the referenced OpenStackClient has TLS enabled, and the existing
combined-ca-bundle mount provides the internal CA for verification.

The existing TLS between the MCP server sidecar and OpenStack services
(Keystone etc. via OS_CACERT/REQUESTS_CA_BUNDLE) is unchanged.

Also fixes the mcp-ca-bundle SubPath in the assistant pod from
"ca-bundle.crt" to "tls-ca-bundle.pem" to match the actual key
in the combined-ca-bundle secret.

Files changed:
- internal/controller/client/openstackclient_controller.go
- internal/openstackclient/funcs.go
- internal/controller/assistant/openstackassistant_controller.go
- internal/openstackassistant/funcs.go
- internal/openstackassistant/funcs_test.go
diff --git a/config/operator/default_images.yaml b/config/operator/default_images.yaml
@@ -159,6 +159,8 @@ spec:
           value: quay.io/podified-antelope-centos9/openstack-rsyslog:current-podified
         - name: RELATED_IMAGE_OPENSTACK_CLIENT_IMAGE_URL_DEFAULT
           value: quay.io/podified-antelope-centos9/openstack-openstackclient:current-podified
+        - name: RELATED_IMAGE_OPENSTACK_MCP_IMAGE_URL_DEFAULT
+          value: quay.io/podified-antelope-centos9/openstack-rhos-mcps:current-podified
         - name: RELATED_IMAGE_OS_CONTAINER_IMAGE_URL_DEFAULT
           value: quay.io/podified-antelope-centos9/edpm-hardened-uefi:current-podified
         - name: RELATED_IMAGE_OVN_CONTROLLER_IMAGE_URL_DEFAULT
diff --git a/internal/controller/assistant/openstackassistant_controller.go b/internal/controller/assistant/openstackassistant_controller.go
@@ -327,7 +327,11 @@ func (r *OpenStackAssistantReconciler) Reconcile(ctx context.Context, req ctrl.R
 				if osclient.Spec.CaBundleSecretName != "" {
 					mcpCaBundleSecretName = osclient.Spec.CaBundleSecretName
 				}
-				mcpURL := fmt.Sprintf("http://%s.%s.svc:8080/openstack/", mcpSvcName, instance.Namespace)
+				scheme := "http"
+				if osclient.Spec.CaBundleSecretName != "" {
+					scheme = "https"
+				}
+				mcpURL := fmt.Sprintf("%s://%s.%s.svc:8080/openstack/", scheme, mcpSvcName, instance.Namespace)
 				resolvedMCPServers[mcp.Name] = mcpURL
 				Log.Info("Auto-resolved MCP server", "name", mcp.Name, "url", mcpURL, "openstackClientRef", mcp.OpenStackClientRef)
 			} else if mcp.URL != "" {
diff --git a/internal/controller/client/openstackclient_controller.go b/internal/controller/client/openstackclient_controller.go
@@ -40,19 +40,21 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
+	certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
+	"github.com/openstack-k8s-operators/lib-common/modules/certmanager"
 	"github.com/openstack-k8s-operators/lib-common/modules/common"
 	condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/configmap"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/env"
 	helper "github.com/openstack-k8s-operators/lib-common/modules/common/helper"
 	common_rbac "github.com/openstack-k8s-operators/lib-common/modules/common/rbac"
-	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
-	telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
-
 	"github.com/openstack-k8s-operators/lib-common/modules/common/secret"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/service"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/util"
+	telemetryv1 "github.com/openstack-k8s-operators/telemetry-operator/api/v1beta1"
 	clientv1 "github.com/openstack-k8s-operators/openstack-operator/api/client/v1beta1"
 	"github.com/openstack-k8s-operators/openstack-operator/internal/openstackclient"
 )
@@ -312,7 +314,11 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 	instance.Status.Conditions.MarkTrue(condition.TLSInputReadyCondition, condition.InputReadyMessage)
 
 	// Reconcile MCP sidecar resources when enabled
+	mcpTLSCertSecret := ""
 	if instance.Spec.MCP != nil && instance.Spec.MCP.Enabled {
+		if instance.Spec.MCPContainerImage == "" {
+			return ctrl.Result{}, fmt.Errorf("MCP is enabled but MCPContainerImage is not set")
+		}
 		// Use the internal Keystone endpoint for the MCP sidecar's clouds.yaml
 		// so it connects directly to the in-cluster service and avoids
 		// TLS issues with the public OCP route.
@@ -326,6 +332,47 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 			return ctrl.Result{RequeueAfter: time.Duration(5) * time.Second}, nil
 		}
 
+		// Create TLS certificate for MCP server when TLS is enabled
+		if instance.Spec.CaBundleSecretName != "" {
+			issuerName := tls.DefaultCAPrefix + string(service.EndpointInternal)
+			mcpSvcName := instance.Name + "-mcp"
+			certRequest := certmanager.CertificateRequest{
+				IssuerName: issuerName,
+				CertName:   mcpSvcName + "-tls",
+				Hostnames: []string{
+					fmt.Sprintf("%s.%s.svc", mcpSvcName, instance.Namespace),
+					fmt.Sprintf("%s.%s.svc.cluster.local", mcpSvcName, instance.Namespace),
+				},
+				Usages: []certmgrv1.KeyUsage{
+					certmgrv1.UsageKeyEncipherment,
+					certmgrv1.UsageDigitalSignature,
+					certmgrv1.UsageServerAuth,
+				},
+				Labels: map[string]string{},
+			}
+			certSecret, ctrlResult, err := certmanager.EnsureCert(ctx, helper, certRequest, nil)
+			if err != nil {
+				instance.Status.Conditions.Set(condition.FalseCondition(
+					clientv1.OpenStackClientReadyCondition,
+					condition.ErrorReason,
+					condition.SeverityWarning,
+					clientv1.OpenStackClientReadyErrorMessage,
+					err.Error()))
+				return ctrlResult, err
+			} else if (ctrlResult != ctrl.Result{}) {
+				instance.Status.Conditions.Set(condition.FalseCondition(
+					clientv1.OpenStackClientReadyCondition,
+					condition.RequestedReason,
+					condition.SeverityInfo,
+					clientv1.OpenStackClientReadyRunningMessage))
+				return ctrlResult, nil
+			}
+			mcpTLSCertSecret = certSecret.Name
+			configVars[mcpTLSCertSecret] = env.SetValue(mcpTLSCertSecret)
+		}
+
+		mcpTLSEnabled := mcpTLSCertSecret != ""
+
 		mcpCloudsYAML := openstackclient.MCPCloudsYAML(
 			internalAuthURL,
 			keystoneAPI.Spec.AdminProject,
@@ -342,15 +389,15 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		}
 		_, err = controllerutil.CreateOrPatch(ctx, r.Client, mcpConfigCM, func() error {
 			mcpConfigCM.Data = map[string]string{
-				"config.yaml": openstackclient.MCPConfigYAML(instance.Spec.CaBundleSecretName),
+				"config.yaml": openstackclient.MCPConfigYAML(instance.Spec.CaBundleSecretName, mcpTLSEnabled),
 				"clouds.yaml": mcpCloudsYAML,
 			}
 			return controllerutil.SetControllerReference(instance, mcpConfigCM, r.Scheme)
 		})
 		if err != nil {
 			return ctrl.Result{}, fmt.Errorf("error creating MCP config ConfigMap: %w", err)
 		}
-		configVars[instance.Name+"-mcp-config"] = env.SetValue(openstackclient.MCPConfigYAML(instance.Spec.CaBundleSecretName) + mcpCloudsYAML)
+		configVars[instance.Name+"-mcp-config"] = env.SetValue(openstackclient.MCPConfigYAML(instance.Spec.CaBundleSecretName, mcpTLSEnabled) + mcpCloudsYAML)
 
 	}
 
@@ -403,7 +450,7 @@ func (r *OpenStackClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
 		},
 	}
 
-	spec := openstackclient.ClientPodSpec(ctx, instance, helper, configVarsHash)
+	spec := openstackclient.ClientPodSpec(ctx, instance, helper, configVarsHash, mcpTLSCertSecret)
 
 	podSpecHash, err := util.ObjectHash(spec)
 	if err != nil {
diff --git a/internal/openstackassistant/funcs.go b/internal/openstackassistant/funcs.go
@@ -15,6 +15,7 @@ package openstackassistant
 
 import (
 	env "github.com/openstack-k8s-operators/lib-common/modules/common/env"
+	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	assistantv1 "github.com/openstack-k8s-operators/openstack-operator/api/assistant/v1beta1"
 
 	corev1 "k8s.io/api/core/v1"
@@ -105,9 +106,9 @@ fi
 # Combine CA bundles if MCP CA is present alongside Lightspeed CA
 if [ -f /etc/ssl/certs/mcp-ca-bundle.crt ]; then
   if [ -f /etc/ssl/certs/ca-certificates.crt ]; then
-    cp /etc/ssl/certs/ca-certificates.crt /tmp/combined-ca.crt
-    cat /etc/ssl/certs/mcp-ca-bundle.crt >> /tmp/combined-ca.crt
-    export SSL_CERT_FILE=/tmp/combined-ca.crt
+    cp /etc/ssl/certs/ca-certificates.crt $HOME/combined-ca.crt
+    cat /etc/ssl/certs/mcp-ca-bundle.crt >> $HOME/combined-ca.crt
+    export SSL_CERT_FILE=$HOME/combined-ca.crt
   else
     export SSL_CERT_FILE=/etc/ssl/certs/mcp-ca-bundle.crt
   fi
@@ -240,7 +241,7 @@ func assistantPodVolumeMounts(instance *assistantv1.OpenStackAssistant, mcpCaBun
 		mounts = append(mounts, corev1.VolumeMount{
 			Name:      "mcp-ca-bundle",
 			MountPath: "/etc/ssl/certs/mcp-ca-bundle.crt",
-			SubPath:   "ca-bundle.crt",
+			SubPath:   tls.CABundleKey,
 			ReadOnly:  true,
 		})
 	}
diff --git a/internal/openstackassistant/funcs_test.go b/internal/openstackassistant/funcs_test.go
@@ -333,6 +333,25 @@ func TestAssistantPodSpec_MCPServers(t *testing.T) {
 	g.Expect(envMap).To(HaveKeyWithValue("MCP_SERVER_openstack", "http://openstackclient-mcp.openstack.svc:8080/openstack/"))
 }
 
+func TestAssistantPodSpec_MCPServersHTTPS(t *testing.T) {
+	g := NewWithT(t)
+	instance := newTestInstance()
+
+	resolvedMCPServers := map[string]string{
+		"openstack": "https://openstackclient-mcp.openstack.svc:8080/openstack/",
+	}
+
+	spec := AssistantPodSpec(instance, "hash", resolvedMCPServers, "")
+	envVars := spec.Containers[0].Env
+
+	envMap := make(map[string]string)
+	for _, e := range envVars {
+		envMap[e.Name] = e.Value
+	}
+
+	g.Expect(envMap).To(HaveKeyWithValue("MCP_SERVER_openstack", "https://openstackclient-mcp.openstack.svc:8080/openstack/"))
+}
+
 func TestAssistantPodSpec_MCPCaBundle(t *testing.T) {
 	g := NewWithT(t)
 	instance := newTestInstance()
@@ -358,7 +377,7 @@ func TestAssistantPodSpec_MCPCaBundle(t *testing.T) {
 	}
 	g.Expect(mcpCaMount).NotTo(BeNil())
 	g.Expect(mcpCaMount.MountPath).To(Equal("/etc/ssl/certs/mcp-ca-bundle.crt"))
-	g.Expect(mcpCaMount.SubPath).To(Equal("ca-bundle.crt"))
+	g.Expect(mcpCaMount.SubPath).To(Equal("tls-ca-bundle.pem"))
 	g.Expect(mcpCaMount.ReadOnly).To(BeTrue())
 }
 
diff --git a/internal/openstackclient/funcs.go b/internal/openstackclient/funcs.go
@@ -34,6 +34,7 @@ func ClientPodSpec(
 	instance *clientv1.OpenStackClient,
 	helper *helper.Helper,
 	configHash string,
+	mcpTLSCertSecret string,
 ) corev1.PodSpec {
 	envVars := map[string]env.Setter{}
 	envVars["OS_CLOUD"] = env.SetValue("default")
@@ -137,6 +138,23 @@ func ClientPodSpec(
 			mcpVolumeMounts = append(mcpVolumeMounts, instance.Spec.CreateVolumeMounts(nil)...)
 		}
 
+		if mcpTLSCertSecret != "" {
+			mcpVolumeMounts = append(mcpVolumeMounts,
+				corev1.VolumeMount{
+					Name:      "mcp-tls-cert",
+					MountPath: "/etc/pki/tls/certs/tls.crt",
+					SubPath:   "tls.crt",
+					ReadOnly:  true,
+				},
+				corev1.VolumeMount{
+					Name:      "mcp-tls-cert",
+					MountPath: "/etc/pki/tls/private/tls.key",
+					SubPath:   "tls.key",
+					ReadOnly:  true,
+				},
+			)
+		}
+
 		podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
 			Name: "mcp-config",
 			VolumeSource: corev1.VolumeSource{
@@ -148,6 +166,18 @@ func ClientPodSpec(
 			},
 		})
 
+		if mcpTLSCertSecret != "" {
+			podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
+				Name: "mcp-tls-cert",
+				VolumeSource: corev1.VolumeSource{
+					Secret: &corev1.SecretVolumeSource{
+						SecretName:  mcpTLSCertSecret,
+						DefaultMode: ptr.To[int32](0440),
+					},
+				},
+			})
+		}
+
 		mcpEnvVars := []corev1.EnvVar{
 			{Name: "HOME", Value: "/home/cloud-admin"},
 			{Name: "RHOS_MCPS_CONFIG", Value: "/tmp/mcp-config/config.yaml"},
@@ -190,11 +220,23 @@ func ClientPodSpec(
 }
 
 // MCPConfigYAML returns the rhos-mcps config.yaml content for the MCP sidecar
-func MCPConfigYAML(caBundleSecretName string) string {
+func MCPConfigYAML(caBundleSecretName string, mcpTLSEnabled bool) string {
 	caCert := ""
 	if caBundleSecretName != "" {
 		caCert = fmt.Sprintf("\n  ca_cert: %s", tls.DownstreamTLSCABundlePath)
 	}
+	mcpTLS := ""
+	if mcpTLSEnabled {
+		mcpTLS = `
+tls:
+  ssl_certfile: /etc/pki/tls/certs/tls.crt
+  ssl_keyfile: /etc/pki/tls/private/tls.key`
+	}
+	allowedOrigins := `    - "http://*:*"`
+	if mcpTLSEnabled {
+		allowedOrigins = `    - "http://*:*"
+    - "https://*:*"`
+	}
 	return fmt.Sprintf(`port: 8080
 openstack:
   enabled: true
@@ -206,8 +248,8 @@ mcp_transport_security:
   allowed_hosts:
     - "*:*"
   allowed_origins:
-    - "http://*:*"
-`, caCert)
+%s%s
+`, caCert, allowedOrigins, mcpTLS)
 }
 
 // MCPCloudsYAML returns a clouds.yaml using the given auth URL for the MCP sidecar.
