5db88a5fb4
Challenge: Now remote_ks_admin and remote_rgw_user are using for user labels of backup target openstack cloud. When the backup user doesn't exist and we can enable job_ks_user manifest. But job_ks_user uses .Vaules.secrets.identity.admin and mariadb, while secret-rgw and cron-job-backup-mariadb use .Values.secrets. identity.remote_ks_admin and remote_rgw_user. It requires to use same values for admin and remote_ks_admin, and for mariadb and remote_rgw_user. Seems it isbreaking values consistency. Suggestion: Now providing 2 kinds of backup - pvc and swift. "remote_" means the swift backup. In fact, mariadb chart has no case to access to keystone except swift backup. So we can remove remote_xx_* prefix and there is no confusion. Change-Id: Ib82120611659bd36bae35f2e90054642fb8ee31f
79 lines
3.2 KiB
YAML
79 lines
3.2 KiB
YAML
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
|
|
|
|
This manifest results in two secrets being created:
|
|
1) Keystone "mariadb" secret, which is needed to access the cluster
|
|
(remote or same cluster) for storing mariadb backups. If the
|
|
cluster is remote, the auth_url would be non-null.
|
|
2) Keystone "admin" secret, which is needed to create the
|
|
"mariadb" keystone account mentioned above. This may not
|
|
be needed if the account is in a remote cluster (auth_url is non-null
|
|
in that case).
|
|
*/}}
|
|
|
|
{{- if .Values.conf.backup.remote_backup.enabled }}
|
|
|
|
{{- $envAll := . }}
|
|
{{- $userClass := "mariadb" }}
|
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $secretName }}
|
|
type: Opaque
|
|
data:
|
|
{{- $identityClass := index .Values.endpoints.identity.auth $userClass }}
|
|
{{- if $identityClass.auth_url }}
|
|
OS_AUTH_URL: {{ $identityClass.auth_url | b64enc }}
|
|
{{- else }}
|
|
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
|
|
{{- end }}
|
|
OS_REGION_NAME: {{ $identityClass.region_name | b64enc }}
|
|
OS_INTERFACE: {{ $identityClass.interface | default "internal" | b64enc }}
|
|
OS_PROJECT_DOMAIN_NAME: {{ $identityClass.project_domain_name | b64enc }}
|
|
OS_PROJECT_NAME: {{ $identityClass.project_name | b64enc }}
|
|
OS_USER_DOMAIN_NAME: {{ $identityClass.user_domain_name | b64enc }}
|
|
OS_USERNAME: {{ $identityClass.username | b64enc }}
|
|
OS_PASSWORD: {{ $identityClass.password | b64enc }}
|
|
OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }}
|
|
...
|
|
{{- if .Values.manifests.job_ks_user }}
|
|
{{- $userClass := "admin" }}
|
|
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ $secretName }}
|
|
type: Opaque
|
|
data:
|
|
{{- $identityClass := index .Values.endpoints.identity.auth $userClass }}
|
|
{{- if $identityClass.auth_url }}
|
|
OS_AUTH_URL: {{ $identityClass.auth_url | b64enc }}
|
|
{{- else }}
|
|
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
|
|
{{- end }}
|
|
OS_REGION_NAME: {{ $identityClass.region_name | b64enc }}
|
|
OS_INTERFACE: {{ $identityClass.interface | default "internal" | b64enc }}
|
|
OS_PROJECT_DOMAIN_NAME: {{ $identityClass.project_domain_name | b64enc }}
|
|
OS_PROJECT_NAME: {{ $identityClass.project_name | b64enc }}
|
|
OS_USER_DOMAIN_NAME: {{ $identityClass.user_domain_name | b64enc }}
|
|
OS_USERNAME: {{ $identityClass.username | b64enc }}
|
|
OS_PASSWORD: {{ $identityClass.password | b64enc }}
|
|
OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }}
|
|
...
|
|
{{- end }}
|
|
{{- end }}
|