diff --git a/doc/source/chart/openstack_charts.rst b/doc/source/chart/openstack_charts.rst
index 80d6fe5a5a..ab6c86a8be 100644
--- a/doc/source/chart/openstack_charts.rst
+++ b/doc/source/chart/openstack_charts.rst
@@ -26,7 +26,6 @@ OpenStack charts options
neutron
nova
octavia
- openstack
placement
rally
skyline
diff --git a/openstack/.helmignore b/openstack/.helmignore
deleted file mode 100644
index f0c1319444..0000000000
--- a/openstack/.helmignore
+++ /dev/null
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
diff --git a/openstack/Chart.yaml b/openstack/Chart.yaml
deleted file mode 100644
index 9640678205..0000000000
--- a/openstack/Chart.yaml
+++ /dev/null
@@ -1,64 +0,0 @@
----
-apiVersion: v2
-appVersion: 1.16.0
-dependencies:
-- name: helm-toolkit
- repository: file://../helm-toolkit
- version: ">0.1.0"
- condition: helm-toolkit.enabled
-- name: mariadb
- repository: file://../mariadb
- version: ">0.1.0"
- condition: mariadb.enabled
-- name: rabbitmq
- repository: file://../rabbitmq
- version: ">0.1.0"
- condition: rabbitmq.enabled
-- name: memcached
- repository: file://../memcached
- version: ">0.1.0"
- condition: memcached.enabled
-- name: keystone
- repository: file://../keystone
- version: ">0.1.0"
- condition: keystone.enabled
-- name: heat
- repository: file://../heat
- version: ">0.1.0"
- condition: heat.enabled
-- name: glance
- repository: file://../glance
- version: ">0.1.0"
- condition: glance.enabled
-- name: openvswitch
- repository: file://../openvswitch
- version: ">0.1.0"
- condition: openvswitch.enabled
-- name: libvirt
- repository: file://../libvirt
- version: ">0.1.0"
- condition: libvirt.enabled
-- name: nova
- repository: file://../nova
- version: ">0.1.0"
- condition: nova.enabled
-- name: placement
- repository: file://../placement
- version: ">0.1.0"
- condition: placement.enabled
-- name: neutron
- repository: file://../neutron
- version: ">0.1.0"
- condition: neutron.enabled
-- name: horizon
- repository: file://../horizon
- version: ">0.1.0"
- condition: horizon.enabled
-
-description: A chart for openstack helm commmon deployment items
-name: openstack
-type: application
-version: 2025.2.0
-maintainers:
- - name: OpenStack-Helm Authors
-...
diff --git a/openstack/charts/glance b/openstack/charts/glance
deleted file mode 120000
index b01e3db18c..0000000000
--- a/openstack/charts/glance
+++ /dev/null
@@ -1 +0,0 @@
-../../glance/
\ No newline at end of file
diff --git a/openstack/charts/heat b/openstack/charts/heat
deleted file mode 120000
index 16e7cb9710..0000000000
--- a/openstack/charts/heat
+++ /dev/null
@@ -1 +0,0 @@
-../../heat
\ No newline at end of file
diff --git a/openstack/charts/helm-toolkit b/openstack/charts/helm-toolkit
deleted file mode 120000
index 2265977aa4..0000000000
--- a/openstack/charts/helm-toolkit
+++ /dev/null
@@ -1 +0,0 @@
-../../helm-toolkit
\ No newline at end of file
diff --git a/openstack/charts/horizon b/openstack/charts/horizon
deleted file mode 120000
index 76edbbe54e..0000000000
--- a/openstack/charts/horizon
+++ /dev/null
@@ -1 +0,0 @@
-../../horizon
\ No newline at end of file
diff --git a/openstack/charts/keystone b/openstack/charts/keystone
deleted file mode 120000
index f3098a8aa0..0000000000
--- a/openstack/charts/keystone
+++ /dev/null
@@ -1 +0,0 @@
-../../keystone/
\ No newline at end of file
diff --git a/openstack/charts/libvirt b/openstack/charts/libvirt
deleted file mode 120000
index 6319c10ab3..0000000000
--- a/openstack/charts/libvirt
+++ /dev/null
@@ -1 +0,0 @@
-../../libvirt
\ No newline at end of file
diff --git a/openstack/charts/mariadb b/openstack/charts/mariadb
deleted file mode 120000
index 73e9d17e07..0000000000
--- a/openstack/charts/mariadb
+++ /dev/null
@@ -1 +0,0 @@
-../../mariadb
\ No newline at end of file
diff --git a/openstack/charts/memcached b/openstack/charts/memcached
deleted file mode 120000
index f8f0adba06..0000000000
--- a/openstack/charts/memcached
+++ /dev/null
@@ -1 +0,0 @@
-../../memcached
\ No newline at end of file
diff --git a/openstack/charts/neutron b/openstack/charts/neutron
deleted file mode 120000
index a25b8df4c0..0000000000
--- a/openstack/charts/neutron
+++ /dev/null
@@ -1 +0,0 @@
-../../neutron/
\ No newline at end of file
diff --git a/openstack/charts/nova b/openstack/charts/nova
deleted file mode 120000
index df1edcdc07..0000000000
--- a/openstack/charts/nova
+++ /dev/null
@@ -1 +0,0 @@
-../../nova/
\ No newline at end of file
diff --git a/openstack/charts/openvswitch b/openstack/charts/openvswitch
deleted file mode 120000
index 28e5cf22a0..0000000000
--- a/openstack/charts/openvswitch
+++ /dev/null
@@ -1 +0,0 @@
-../../openvswitch
\ No newline at end of file
diff --git a/openstack/charts/placement b/openstack/charts/placement
deleted file mode 120000
index 9bbdf9c2ed..0000000000
--- a/openstack/charts/placement
+++ /dev/null
@@ -1 +0,0 @@
-../../placement/
\ No newline at end of file
diff --git a/openstack/charts/rabbitmq b/openstack/charts/rabbitmq
deleted file mode 120000
index 6683fe411c..0000000000
--- a/openstack/charts/rabbitmq
+++ /dev/null
@@ -1 +0,0 @@
-../../rabbitmq
\ No newline at end of file
diff --git a/openstack/templates/NOTES.txt b/openstack/templates/NOTES.txt
deleted file mode 100644
index 8035d37be6..0000000000
--- a/openstack/templates/NOTES.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-The Openstack chart (a.k.a umbrella chart) is deprecated and will be deleted after 2025.2 release.
-
-For details see the discussion [1].
-
-[1] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/LAFZHXWIEM5MIT2KY2SXBE77NIOG7GK2/
diff --git a/openstack/values.yaml b/openstack/values.yaml
deleted file mode 100644
index c26ddf5433..0000000000
--- a/openstack/values.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-# default values for openstack umbrella chart
-# Global overrides for subcharts
-
-# note(v-dspecker): helm3_hook must be disabled
-# There is a cyclic dependency otherwise. For example, libvirt-default ->
-# nuetron-ovs-agent-default -> neutron-server -> neutron-ks-user.
-# Since libvirt-default is deployed during install phase, neutron-ks-user must also
-# be installed during install phase instead of post-install phase.
-
----
-global:
- subchart_release_name: true
-
-helm-toolkit:
- enabled: true
-
-rabbitmq:
- release_group: rabbitmq
- enabled: true
- pod:
- replicas:
- server: 1
-
-mariadb:
- release_group: mariadb
- enabled: true
- pod:
- replicas:
- server: 1
-
-memcached:
- release_group: memcached
- enabled: true
-
-keystone:
- release_group: keystone
- enabled: true
-
-heat:
- release_group: heat
- enabled: true
- helm3_hook: false
-
-glance:
- release_group: glance
- enabled: true
- helm3_hook: false
-
-openvswitch:
- release_group: openvswitch
- enabled: true
-
-libvirt:
- release_group: libvirt
- enabled: true
-
-nova:
- release_group: nova
- enabled: true
- helm3_hook: false
-
-placement:
- release_group: placement
- enabled: true
- helm3_hook: false
-
-horizon:
- release_group: horizon
- enabled: false
- helm3_hook: false
-
-neutron:
- release_group: neutron
- enabled: true
- helm3_hook: false
- conf:
- auto_bridge_add:
- # no idea why, but something with sub-charts and null values get ommitted entirely from sub chart
- br-ex: "null"
-...
diff --git a/tools/deployment/common/validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh b/tools/deployment/common/validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh
deleted file mode 100755
index 839077f307..0000000000
--- a/tools/deployment/common/validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/bash
-set -ex
-set -o pipefail
-
-: ${OSH_HELM_REPO:="../openstack-helm"}
-
-# This test case aims to prove that updating a subhcart's configuration for
-# the OpenStack Umbrella Helm chart results in no other subcharts' components
-# being updated.
-
-# This test case is proven by:
-# 1. getting the list of DaemonSets, Deployment, StatefulSets after an installation
-# 2. performing a helm upgrade with modifying a config specific to one subchart
-# 3. getting the list of DaemonSets, Deployment, StatefulSets after the upgrade
-# 4. Verifying the expected subchart application changes
-# 5. Verifying no other applications are changed
-
-validate_only_expected_application_changes () {
- local app_name="$1"
- local config_change="$2"
-
- before_apps_list="$(mktemp)"
- after_apps_list="$(mktemp)"
-
- kubectl get daemonsets,deployments,statefulsets \
- --namespace openstack \
- --no-headers \
- --output custom-columns=Kind:.kind,Name:.metadata.name,Generation:.status.observedGeneration \
- > "$before_apps_list"
-
- kubectl delete jobs \
- --namespace openstack \
- -l "application=$app_name" \
- --wait
-
- helm upgrade openstack ${OSH_HELM_REPO}/openstack \
- --namespace openstack \
- --reuse-values \
- ${config_change} \
- --timeout=600s \
- --wait
-
- helm osh wait-for-pods openstack
-
- kubectl get daemonsets,deployments,statefulsets \
- --namespace openstack \
- --no-headers \
- --output custom-columns=Kind:.kind,Name:.metadata.name,Generation:.status.observedGeneration \
- > "$after_apps_list"
-
- # get list of apps that exist in after list, but not in before list
- changed_apps="$(comm -13 "$before_apps_list" "$after_apps_list")"
-
- if ! echo "$changed_apps" | grep "$app_name" ; then
- echo "Expected $app_name application to update"
- exit 1
- fi
-
- # use awk to find applications not matching app_name and pretty format as Kind/Name
- unexpected_changed_apps="$(echo "$changed_apps" | awk -v appname="$app_name" '$0 !~ appname { print $1 "/" $2 }')"
- if [ "x$unexpected_changed_apps" != "x" ]; then
- echo "Applications changed unexpectedly: $unexpected_changed_apps"
- exit 1
- fi
-}
-
-validate_only_expected_application_changes "glance" "--set glance.conf.logging.logger_glance.level=WARN"
-validate_only_expected_application_changes "heat" "--set heat.conf.logging.logger_heat.level=WARN"
-validate_only_expected_application_changes "keystone" "--set keystone.conf.logging.logger_keystone.level=WARN"
-validate_only_expected_application_changes "libvirt" "--set libvirt.conf.libvirt.log_level=2"
-validate_only_expected_application_changes "memcached" "--set memcached.conf.memcached.stats_cachedump.enabled=false"
-validate_only_expected_application_changes "neutron" "--set neutron.conf.logging.logger_neutron.level=WARN"
-validate_only_expected_application_changes "nova" "--set nova.conf.logging.logger_nova.level=WARN"
-validate_only_expected_application_changes "openvswitch" "--set openvswitch.pod.user.nova.uid=42425"
-validate_only_expected_application_changes "placement" "--set placement.conf.logging.logger_placement.level=WARN"
diff --git a/tools/deployment/common/validate-umbrella-upgrade-no-side-effects.sh b/tools/deployment/common/validate-umbrella-upgrade-no-side-effects.sh
deleted file mode 100755
index 99eac8728a..0000000000
--- a/tools/deployment/common/validate-umbrella-upgrade-no-side-effects.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash
-set -ex
-
-: ${OSH_HELM_REPO:="../openstack-helm"}
-
-# This test confirms that upgrading a OpenStack Umbrella Helm release using
-# --reuse-values does not result in any unexpected pods from being recreated.
-# Ideally, no pods would be created if the upgrade has no configuration change.
-# Unfortunately, some jobs have hooks defined such that each Helm release deletes
-# and recreates jobs. These jobs are ignored in this test.
-# This test aims to validate no Deployment, DaemonSet, or StatefulSet pods are
-# changed by verifying the Observed Generation remains the same.
-
-# This test case is proven by:
-# 1. getting the list of DaemonSets, Deployment, StatefulSets after an installation
-# 2. performing a helm upgrade with --reuse-values
-# 3. getting the list of DaemonSets, Deployment, StatefulSets after the upgrade
-# 4. Verifying the list is empty since no applications should have changed
-
-before_apps_list="$(mktemp)"
-after_apps_list="$(mktemp)"
-
-kubectl get daemonsets,deployments,statefulsets \
- --namespace openstack \
- --no-headers \
- --output custom-columns=Kind:.kind,Name:.metadata.name,Generation:.status.observedGeneration \
- > "$before_apps_list"
-
-helm upgrade openstack ${OSH_HELM_REPO}/openstack \
- --namespace openstack \
- --reuse-values \
- --wait
-
-kubectl get daemonsets,deployments,statefulsets \
- --namespace openstack \
- --no-headers \
- --output custom-columns=Kind:.kind,Name:.metadata.name,Generation:.status.observedGeneration \
- > "$after_apps_list"
-
-# get list of apps that exist in after list, but not in before list
-changed_apps="$(comm -13 "$before_apps_list" "$after_apps_list")"
-
-if [ "x$changed_apps" != "x" ]; then
- echo "Applications changed unexpectedly: $changed_apps"
- exit 1
-fi
diff --git a/values_overrides/openstack/glance/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/glance/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index 6b0dd97b3f..0000000000
--- a/values_overrides/openstack/glance/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-glance:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- glance_db_sync: "quay.io/airshipit/glance:2024.1-ubuntu_jammy"
- glance_api: "quay.io/airshipit/glance:2024.1-ubuntu_jammy"
- glance_metadefs_load: "quay.io/airshipit/glance:2024.1-ubuntu_jammy"
- glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/glance/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/glance/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index 1acf93f14f..0000000000
--- a/values_overrides/openstack/glance/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-glance:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- glance_db_sync: "quay.io/airshipit/glance:2024.2-ubuntu_jammy"
- glance_api: "quay.io/airshipit/glance:2024.2-ubuntu_jammy"
- glance_metadefs_load: "quay.io/airshipit/glance:2024.2-ubuntu_jammy"
- glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/glance/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/glance/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index 985b20aae7..0000000000
--- a/values_overrides/openstack/glance/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-glance:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- glance_db_sync: "quay.io/airshipit/glance:2025.1-ubuntu_jammy"
- glance_api: "quay.io/airshipit/glance:2025.1-ubuntu_jammy"
- glance_metadefs_load: "quay.io/airshipit/glance:2025.1-ubuntu_jammy"
- glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/glance/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/glance/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 07e4da14f3..0000000000
--- a/values_overrides/openstack/glance/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-glance:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- glance_db_sync: "quay.io/airshipit/glance:2025.1-ubuntu_noble"
- glance_api: "quay.io/airshipit/glance:2025.1-ubuntu_noble"
- glance_metadefs_load: "quay.io/airshipit/glance:2025.1-ubuntu_noble"
- glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/glance/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/glance/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index 7edfe5074c..0000000000
--- a/values_overrides/openstack/glance/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-glance:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- glance_db_sync: "quay.io/airshipit/glance:2025.2-ubuntu_noble"
- glance_api: "quay.io/airshipit/glance:2025.2-ubuntu_noble"
- glance_metadefs_load: "quay.io/airshipit/glance:2025.2-ubuntu_noble"
- glance_storage_init: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/glance/apparmor.yaml b/values_overrides/openstack/glance/apparmor.yaml
deleted file mode 100644
index 58ab68cccf..0000000000
--- a/values_overrides/openstack/glance/apparmor.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
----
-pod:
- security_context:
- glance:
- container:
- glance_api:
- appArmorProfile:
- type: RuntimeDefault
- glance_perms:
- appArmorProfile:
- type: RuntimeDefault
- nginx:
- appArmorProfile:
- type: RuntimeDefault
- metadefs_load:
- container:
- glance_metadefs_load:
- appArmorProfile:
- type: RuntimeDefault
- storage_init:
- container:
- glance_storage_init:
- appArmorProfile:
- type: RuntimeDefault
- test:
- container:
- glance_test_ks_user:
- appArmorProfile:
- type: RuntimeDefault
- glance_test:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/glance/netpol.yaml b/values_overrides/openstack/glance/netpol.yaml
deleted file mode 100644
index dd2124636c..0000000000
--- a/values_overrides/openstack/glance/netpol.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-glance:
- manifests:
- network_policy: true
- network_policy:
- glance:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: glance
- - podSelector:
- matchLabels:
- application: nova
- - podSelector:
- matchLabels:
- application: horizon
- - podSelector:
- matchLabels:
- application: ingress
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: ironic
- - podSelector:
- matchLabels:
- application: cinder
- ports:
- - protocol: TCP
- port: 9292
- egress:
- - to:
- ports:
- - protocol: TCP
- port: 80
- - protocol: TCP
- port: 443
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/glance/tls.yaml b/values_overrides/openstack/glance/tls.yaml
deleted file mode 100644
index 13c4d5cfe1..0000000000
--- a/values_overrides/openstack/glance/tls.yaml
+++ /dev/null
@@ -1,128 +0,0 @@
----
-glance:
- images:
- tags:
- nginx: docker.io/nginx:1.18.0
- conf:
- glance:
- DEFAULT:
- bind_host: 127.0.0.1
- keystone_authtoken:
- cafile: /etc/glance/certs/ca.crt
- glance_store:
- https_ca_certificates_file: /etc/glance/certs/ca.crt
- swift_store_cacert: /etc/glance/certs/ca.crt
- oslo_messaging_rabbit:
- ssl: true
- ssl_ca_file: /etc/rabbitmq/certs/ca.crt
- ssl_cert_file: /etc/rabbitmq/certs/tls.crt
- ssl_key_file: /etc/rabbitmq/certs/tls.key
- nginx: |
- worker_processes 1;
- daemon off;
- user nginx;
-
- events {
- worker_connections 1024;
- }
-
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- sendfile on;
- keepalive_timeout 65s;
- tcp_nodelay on;
-
- log_format main '[nginx] method=$request_method path=$request_uri '
- 'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
- '"$remote_user" "$http_referer" "$http_user_agent"';
-
- access_log /dev/stdout main;
-
- upstream websocket {
- server 127.0.0.1:$PORT;
- }
-
- server {
- server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
- listen $POD_IP:$PORT ssl;
-
- client_max_body_size 0;
-
- ssl_certificate /etc/nginx/certs/tls.crt;
- ssl_certificate_key /etc/nginx/certs/tls.key;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
-
- location / {
- proxy_pass_request_headers on;
-
- proxy_http_version 1.1;
- proxy_pass http://websocket;
- proxy_read_timeout 90;
- }
- }
- }
- network:
- api:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
-
- endpoints:
- identity:
- name: keystone
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- glance:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- image:
- host_fqdn_override:
- default:
- tls:
- secretName: glance-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- public: https
- port:
- api:
- public: 443
- dashboard:
- scheme:
- default: https
- public: https
- port:
- web:
- default: 80
- public: 443
- oslo_messaging:
- port:
- https:
- default: 15680
- pod:
- security_context:
- glance:
- pod:
- runAsUser: 0
- resources:
- nginx:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/heat/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/heat/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index 0d5f99f358..0000000000
--- a/values_overrides/openstack/heat/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-heat:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_db_sync: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_api: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_cfn: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_engine: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_engine_cleaner: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- heat_purge_deleted: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/heat/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/heat/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index 0f0f13cbc9..0000000000
--- a/values_overrides/openstack/heat/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-heat:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_db_sync: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_api: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_cfn: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_engine: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_engine_cleaner: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- heat_purge_deleted: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/heat/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/heat/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index ee701ab412..0000000000
--- a/values_overrides/openstack/heat/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-heat:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_db_sync: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_api: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_cfn: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_engine: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_engine_cleaner: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- heat_purge_deleted: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/heat/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/heat/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 72b7b8d950..0000000000
--- a/values_overrides/openstack/heat/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-heat:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_db_sync: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_api: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_cfn: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_engine: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_engine_cleaner: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- heat_purge_deleted: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/heat/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/heat/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index ff657552aa..0000000000
--- a/values_overrides/openstack/heat/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-heat:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_db_sync: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_api: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_cfn: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_engine: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_engine_cleaner: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- heat_purge_deleted: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/heat/apparmor.yaml b/values_overrides/openstack/heat/apparmor.yaml
deleted file mode 100644
index a592f564c2..0000000000
--- a/values_overrides/openstack/heat/apparmor.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-pod:
- security_context:
- heat:
- container:
- heat_api:
- appArmorProfile:
- type: RuntimeDefault
- heat_cfn:
- appArmorProfile:
- type: RuntimeDefault
- heat_engine:
- appArmorProfile:
- type: RuntimeDefault
- engine_cleaner:
- container:
- heat_engine_cleaner:
- appArmorProfile:
- type: RuntimeDefault
- ks_user:
- container:
- heat_ks_domain_user:
- appArmorProfile:
- type: RuntimeDefault
- trusts:
- container:
- heat_trusts:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/heat/netpol.yaml b/values_overrides/openstack/heat/netpol.yaml
deleted file mode 100644
index cc9e887050..0000000000
--- a/values_overrides/openstack/heat/netpol.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
----
-heat:
- manifests:
- network_policy: true
- network_policy:
- heat:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: ingress
- - podSelector:
- matchLabels:
- application: horizon
- ports:
- - protocol: TCP
- port: 8000
- - protocol: TCP
- port: 8003
- - protocol: TCP
- port: 8004
- egress:
- - to:
- - podSelector:
- matchLabels:
- application: neutron
- - to:
- - podSelector:
- matchLabels:
- application: nova
- - to:
- - podSelector:
- matchLabels:
- application: glance
- - to:
- - podSelector:
- matchLabels:
- application: cinder
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/heat/tls.yaml b/values_overrides/openstack/heat/tls.yaml
deleted file mode 100644
index ce0ee5d111..0000000000
--- a/values_overrides/openstack/heat/tls.yaml
+++ /dev/null
@@ -1,174 +0,0 @@
----
-heat:
- conf:
- software:
- apache2:
- binary: apache2
- start_parameters: -DFOREGROUND
- site_dir: /etc/apache2/sites-enabled
- conf_dir: /etc/apache2/conf-enabled
- mods_dir: /etc/apache2/mods-available
- a2enmod:
- - ssl
- a2dismod: null
- mpm_event: |
-
- ServerLimit 1024
- StartServers 32
- MinSpareThreads 32
- MaxSpareThreads 256
- ThreadsPerChild 25
- MaxRequestsPerChild 128
- ThreadLimit 720
-
- wsgi_heat: |
- {{- $portInt := tuple "orchestration" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- Listen {{ $portInt }}
-
- ServerName {{ printf "%s.%s.svc.%s" "heat-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess heat-api processes=1 threads=1 user=heat display-name=%{GROUP}
- WSGIProcessGroup heat-api
- WSGIScriptAlias / /var/www/cgi-bin/heat/heat-wsgi-api
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- AllowEncodedSlashes On
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/heat/certs/tls.crt
- SSLCertificateKeyFile /etc/heat/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
-
- wsgi_cfn: |
- {{- $portInt := tuple "cloudformation" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- Listen {{ $portInt }}
-
- ServerName {{ printf "%s.%s.svc.%s" "heat-api-cfn" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess heat-api-cfn processes=1 threads=1 user=heat display-name=%{GROUP}
- WSGIProcessGroup heat-api-cfn
- WSGIScriptAlias / /var/www/cgi-bin/heat/heat-wsgi-api-cfn
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- AllowEncodedSlashes On
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/heat/certs/tls.crt
- SSLCertificateKeyFile /etc/heat/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
-
- heat:
- clients_neutron:
- ca_file: /etc/heat/certs/ca.crt
- clients_cinder:
- ca_file: /etc/heat/certs/ca.crt
- clients_glance:
- ca_file: /etc/heat/certs/ca.crt
- clients_nova:
- ca_file: /etc/heat/certs/ca.crt
- clients_swift:
- ca_file: /etc/heat/certs/ca.crt
- ssl:
- ca_file: /etc/heat/certs/ca.crt
- keystone_authtoken:
- cafile: /etc/heat/certs/ca.crt
- clients:
- ca_file: /etc/heat/certs/ca.crt
- clients_keystone:
- ca_file: /etc/heat/certs/ca.crt
- oslo_messaging_rabbit:
- ssl: true
- ssl_ca_file: /etc/rabbitmq/certs/ca.crt
- ssl_cert_file: /etc/rabbitmq/certs/tls.crt
- ssl_key_file: /etc/rabbitmq/certs/tls.key
-
- network:
- api:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- cfn:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
-
- pod:
- security_context:
- heat:
- container:
- heat_api:
- readOnlyRootFilesystem: false
- runAsUser: 0
- heat_cfn:
- readOnlyRootFilesystem: false
- runAsUser: 0
-
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- heat:
- cacert: /etc/ssl/certs/openstack-helm.crt
- heat_trustee:
- cacert: /etc/ssl/certs/openstack-helm.crt
- heat_stack_user:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- orchestration:
- host_fqdn_override:
- default:
- tls:
- secretName: heat-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- api:
- public: 443
- cloudformation:
- host_fqdn_override:
- default:
- tls:
- secretName: heat-tls-cfn
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- api:
- public: 443
- ingress:
- port:
- ingress:
- default: 443
- oslo_messaging:
- port:
- https:
- default: 15680
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/horizon/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/horizon/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index 4f1a636472..0000000000
--- a/values_overrides/openstack/horizon/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-horizon:
- images:
- tags:
- db_init: quay.io/airshipit/heat:2024.1-ubuntu_jammy
- db_drop: quay.io/airshipit/heat:2024.1-ubuntu_jammy
- horizon_db_sync: quay.io/airshipit/horizon:2024.1-ubuntu_jammy
- horizon: quay.io/airshipit/horizon:2024.1-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/horizon/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/horizon/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index c140ff0b2b..0000000000
--- a/values_overrides/openstack/horizon/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-horizon:
- images:
- tags:
- db_init: quay.io/airshipit/heat:2024.2-ubuntu_jammy
- db_drop: quay.io/airshipit/heat:2024.2-ubuntu_jammy
- horizon_db_sync: quay.io/airshipit/horizon:2024.2-ubuntu_jammy
- horizon: quay.io/airshipit/horizon:2024.2-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/horizon/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/horizon/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index 7d67cc1228..0000000000
--- a/values_overrides/openstack/horizon/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-horizon:
- images:
- tags:
- db_init: quay.io/airshipit/heat:2025.1-ubuntu_jammy
- db_drop: quay.io/airshipit/heat:2025.1-ubuntu_jammy
- horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_jammy
- horizon: quay.io/airshipit/horizon:2025.1-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/horizon/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/horizon/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 66457f244c..0000000000
--- a/values_overrides/openstack/horizon/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-horizon:
- images:
- tags:
- db_init: quay.io/airshipit/heat:2025.1-ubuntu_noble
- db_drop: quay.io/airshipit/heat:2025.1-ubuntu_noble
- horizon_db_sync: quay.io/airshipit/horizon:2025.1-ubuntu_noble
- horizon: quay.io/airshipit/horizon:2025.1-ubuntu_noble
-...
diff --git a/values_overrides/openstack/horizon/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/horizon/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index 80b72fcd30..0000000000
--- a/values_overrides/openstack/horizon/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-horizon:
- images:
- tags:
- db_init: quay.io/airshipit/heat:2025.2-ubuntu_noble
- db_drop: quay.io/airshipit/heat:2025.2-ubuntu_noble
- horizon_db_sync: quay.io/airshipit/horizon:2025.2-ubuntu_noble
- horizon: quay.io/airshipit/horizon:2025.2-ubuntu_noble
-...
diff --git a/values_overrides/openstack/horizon/apparmor.yaml b/values_overrides/openstack/horizon/apparmor.yaml
deleted file mode 100644
index caff0b19e7..0000000000
--- a/values_overrides/openstack/horizon/apparmor.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-pod:
- security_context:
- horizon:
- container:
- horizon:
- appArmorProfile:
- type: RuntimeDefault
- db_sync:
- container:
- horizon_db_sync:
- appArmorProfile:
- type: RuntimeDefault
- test:
- container:
- horizon_test:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/horizon/netpol.yaml b/values_overrides/openstack/horizon/netpol.yaml
deleted file mode 100644
index d2be299d49..0000000000
--- a/values_overrides/openstack/horizon/netpol.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-horizon:
- manifests:
- network_policy: true
- network_policy:
- horizon:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: horizon
- - from:
- - podSelector:
- matchLabels:
- application: prometheus-openstack-exporter
- - from:
- - podSelector:
- matchLabels:
- application: ingress
- ports:
- - port: 80
- protocol: TCP
- - port: 443
- protocol: TCP
- egress:
- - to:
- - podSelector:
- matchLabels:
- application: neutron
- - to:
- - podSelector:
- matchLabels:
- application: nova
- - to:
- - podSelector:
- matchLabels:
- application: glance
- - to:
- - podSelector:
- matchLabels:
- application: cinder
- - to:
- - podSelector:
- matchLabels:
- application: keystone
- - to:
- - podSelector:
- matchLabels:
- application: heat
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/horizon/tls.yaml b/values_overrides/openstack/horizon/tls.yaml
deleted file mode 100644
index 8a9d5d04c5..0000000000
--- a/values_overrides/openstack/horizon/tls.yaml
+++ /dev/null
@@ -1,107 +0,0 @@
----
-horizon:
- network:
- dashboard:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- conf:
- software:
- apache2:
- a2enmod:
- - headers
- - rewrite
- - ssl
- horizon:
- apache: |
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
-
- ServerName horizon-int.openstack.svc.cluster.local
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
-
-
-
- ServerName horizon-int.openstack.svc.cluster.local
- WSGIScriptReloading On
- WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages
- WSGIProcessGroup horizon-http
- WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi
- WSGIPassAuthorization On
-
- RewriteEngine On
- RewriteCond %{REQUEST_METHOD} !^(POST|PUT|GET|DELETE|PATCH)
- RewriteRule .* - [F]
-
-
- Require all granted
-
-
- Alias /static /var/www/html/horizon
-
- SetHandler static
-
-
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- TransferLog /dev/stdout
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- ErrorLog /dev/stdout
- SSLEngine on
- SSLCertificateFile /etc/openstack-dashboard/certs/tls.crt
- SSLCertificateKeyFile /etc/openstack-dashboard/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
- local_settings:
- config:
- use_ssl: "True"
- csrf_cookie_secure: "True"
- csrf_cookie_httponly: "True"
- enforce_password_check: "True"
- session_cookie_secure: "True"
- session_cookie_httponly: "True"
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- dashboard:
- host_fqdn_override:
- default:
- tls:
- secretName: horizon-tls-web
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- public: https
- port:
- web:
- default: 443
- public: 443
- ingress:
- port:
- ingress:
- default: 443
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/keystone/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/keystone/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index 1486e81398..0000000000
--- a/values_overrides/openstack/keystone/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-keystone:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- keystone_api: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- keystone_credential_rotate: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_credential_setup: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_db_sync: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_domain_manage: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- keystone_fernet_setup: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/keystone/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/keystone/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index d2b6e26c48..0000000000
--- a/values_overrides/openstack/keystone/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-keystone:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- keystone_api: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- keystone_credential_rotate: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_credential_setup: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_db_sync: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_domain_manage: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- keystone_fernet_setup: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/keystone/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/keystone/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index 6ab9f726f1..0000000000
--- a/values_overrides/openstack/keystone/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-keystone:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- keystone_api: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- keystone_credential_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_credential_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_db_sync: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_domain_manage: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/keystone/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/keystone/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 3a25d20381..0000000000
--- a/values_overrides/openstack/keystone/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-keystone:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- keystone_api: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- keystone_credential_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_credential_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_db_sync: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_domain_manage: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/keystone/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/keystone/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index bd955b2dba..0000000000
--- a/values_overrides/openstack/keystone/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-keystone:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- keystone_api: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- keystone_credential_rotate: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_credential_setup: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_db_sync: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_domain_manage: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- keystone_fernet_setup: "quay.io/airshipit/keystone:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/keystone/apparmor.yaml b/values_overrides/openstack/keystone/apparmor.yaml
deleted file mode 100644
index 0e45ae9bb4..0000000000
--- a/values_overrides/openstack/keystone/apparmor.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-pod:
- security_context:
- keystone:
- container:
- keystone_api:
- appArmorProfile:
- type: RuntimeDefault
- credential_setup:
- container:
- keystone_credential_setup:
- appArmorProfile:
- type: RuntimeDefault
- fernet_setup:
- container:
- keystone_fernet_setup:
- appArmorProfile:
- type: RuntimeDefault
- domain_manage:
- container:
- keystone_domain_manage:
- appArmorProfile:
- type: RuntimeDefault
- keystone_domain_manage_init:
- appArmorProfile:
- type: RuntimeDefault
- test:
- container:
- keystone_test:
- appArmorProfile:
- type: RuntimeDefault
- keystone_test_ks_user:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/keystone/ldap.yaml b/values_overrides/openstack/keystone/ldap.yaml
deleted file mode 100644
index a2e0900cc0..0000000000
--- a/values_overrides/openstack/keystone/ldap.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-keystone:
- conf:
- keystone:
- identity:
- driver: sql
- default_domain_id: default
- domain_specific_drivers_enabled: True
- domain_configurations_from_database: True
- domain_config_dir: /etc/keystone/domains
- ks_domains:
- ldapdomain:
- identity:
- driver: ldap
- ldap:
- url: "ldap://ldap.openstack.svc.cluster.local:389"
- user: "cn=admin,dc=cluster,dc=local"
- password: password
- suffix: "dc=cluster,dc=local"
- user_attribute_ignore: "enabled,email,tenants,default_project_id"
- query_scope: sub
- user_enabled_emulation: True
- user_enabled_emulation_dn: "cn=overwatch,ou=Groups,dc=cluster,dc=local"
- user_tree_dn: "ou=People,dc=cluster,dc=local"
- user_enabled_mask: 2
- user_enabled_default: 512
- user_name_attribute: cn
- user_id_attribute: sn
- user_mail_attribute: mail
- user_pass_attribute: userPassword
- group_tree_dn: "ou=Groups,dc=cluster,dc=local"
- group_filter: ""
- group_objectclass: posixGroup
- group_id_attribute: cn
- group_name_attribute: cn
- group_desc_attribute: description
- group_member_attribute: memberUID
- use_pool: true
- pool_size: 27
- pool_retry_max: 3
- pool_retry_delay: 0.1
- pool_connection_timeout: 15
- pool_connection_lifetime: 600
- use_auth_pool: true
- auth_pool_size: 100
- auth_pool_connection_lifetime: 60
-...
diff --git a/values_overrides/openstack/keystone/netpol.yaml b/values_overrides/openstack/keystone/netpol.yaml
deleted file mode 100644
index 5aef4cbb0f..0000000000
--- a/values_overrides/openstack/keystone/netpol.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-keystone:
- manifests:
- network_policy: true
- network_policy:
- keystone:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: ceph
- - podSelector:
- matchLabels:
- application: ingress
- - podSelector:
- matchLabels:
- application: keystone
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: glance
- - podSelector:
- matchLabels:
- application: cinder
- - podSelector:
- matchLabels:
- application: barbican
- - podSelector:
- matchLabels:
- application: ceilometer
- - podSelector:
- matchLabels:
- application: horizon
- - podSelector:
- matchLabels:
- application: ironic
- - podSelector:
- matchLabels:
- application: magnum
- - podSelector:
- matchLabels:
- application: mistral
- - podSelector:
- matchLabels:
- application: nova
- - podSelector:
- matchLabels:
- application: neutron
- - podSelector:
- matchLabels:
- application: placement
- - podSelector:
- matchLabels:
- application: prometheus-openstack-exporter
- ports:
- - protocol: TCP
- port: 5000
- egress:
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/keystone/tls.yaml b/values_overrides/openstack/keystone/tls.yaml
deleted file mode 100644
index d06bdae545..0000000000
--- a/values_overrides/openstack/keystone/tls.yaml
+++ /dev/null
@@ -1,89 +0,0 @@
----
-keystone:
- network:
- api:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: null
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- pod:
- security_context:
- keystone:
- pod:
- runAsUser: 0
- container:
- keystone_api:
- readOnlyRootFilesystem: false
- allowPrivilegeEscalation: false
- conf:
- software:
- apache2:
- a2enmod:
- - ssl
- keystone:
- oslo_messaging_rabbit:
- ssl: true
- ssl_ca_file: /etc/rabbitmq/certs/ca.crt
- ssl_cert_file: /etc/rabbitmq/certs/tls.crt
- ssl_key_file: /etc/rabbitmq/certs/tls.key
- wsgi_keystone: |
- {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- {{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-
- Listen 0.0.0.0:{{ $portInt }}
-
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
-
- ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
- WSGIProcessGroup keystone-public
- WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/keystone/certs/tls.crt
- SSLCertificateKeyFile /etc/keystone/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
- host_fqdn_override:
- default:
- tls:
- secretName: keystone-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- public: https
- port:
- api:
- default: 443
- oslo_messaging:
- port:
- https:
- default: 15680
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/libvirt/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/libvirt/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index b8d58fa755..0000000000
--- a/values_overrides/openstack/libvirt/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-libvirt:
- images:
- tags:
- libvirt: docker.io/openstackhelm/libvirt:2024.1-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/libvirt/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/libvirt/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index 33a030e162..0000000000
--- a/values_overrides/openstack/libvirt/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-libvirt:
- images:
- tags:
- libvirt: docker.io/openstackhelm/libvirt:2024.2-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/libvirt/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/libvirt/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index b470c34763..0000000000
--- a/values_overrides/openstack/libvirt/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-libvirt:
- images:
- tags:
- libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_jammy
-...
diff --git a/values_overrides/openstack/libvirt/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/libvirt/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 48f4456d2c..0000000000
--- a/values_overrides/openstack/libvirt/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-libvirt:
- images:
- tags:
- libvirt: docker.io/openstackhelm/libvirt:2025.1-ubuntu_noble
-...
diff --git a/values_overrides/openstack/libvirt/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/libvirt/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index a0ec02a8f8..0000000000
--- a/values_overrides/openstack/libvirt/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-libvirt:
- images:
- tags:
- libvirt: docker.io/openstackhelm/libvirt:2025.2-ubuntu_noble
-...
diff --git a/values_overrides/openstack/libvirt/apparmor.yaml b/values_overrides/openstack/libvirt/apparmor.yaml
deleted file mode 100644
index 497573ab4e..0000000000
--- a/values_overrides/openstack/libvirt/apparmor.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-pod:
- security_context:
- libvirt:
- container:
- libvirt:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/libvirt/cinder-external-ceph-backend.yaml b/values_overrides/openstack/libvirt/cinder-external-ceph-backend.yaml
deleted file mode 100644
index 5ffa5914bd..0000000000
--- a/values_overrides/openstack/libvirt/cinder-external-ceph-backend.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-# Note: This yaml file serves as an example for overriding the manifest
-# to enable additional externally managed Ceph Cinder backend. When additional
-# externally managed Ceph Cinder backend is provisioned as shown in
-# cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm,
-# below override is needed to store the secret key of the cinder user in
-# libvirt.
----
-libvirt:
- conf:
- ceph:
- cinder:
- external_ceph:
- enabled: true
- user: cinder2
- secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74
- user_secret_name: cinder-volume-external-rbd-keyring
-...
diff --git a/values_overrides/openstack/libvirt/netpol.yaml b/values_overrides/openstack/libvirt/netpol.yaml
deleted file mode 100644
index 9c393832d4..0000000000
--- a/values_overrides/openstack/libvirt/netpol.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-libvirt:
- manifests:
- network_policy: true
-...
diff --git a/values_overrides/openstack/libvirt/ssl.yaml b/values_overrides/openstack/libvirt/ssl.yaml
deleted file mode 100644
index a5041fab37..0000000000
--- a/values_overrides/openstack/libvirt/ssl.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-libvirt:
- conf:
- libvirt:
- listen_tcp: "0"
- listen_tls: "1"
- listen_addr: 0.0.0.0
-...
diff --git a/values_overrides/openstack/mariadb/apparmor.yaml b/values_overrides/openstack/mariadb/apparmor.yaml
deleted file mode 100644
index 8abf11ba4a..0000000000
--- a/values_overrides/openstack/mariadb/apparmor.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-pod:
- security_context:
- server:
- container:
- mariadb:
- appArmorProfile:
- type: RuntimeDefault
- exporter:
- appArmorProfile:
- type: RuntimeDefault
- perms:
- appArmorProfile:
- type: RuntimeDefault
- mariadb_backup:
- container:
- mariadb_backup:
- appArmorProfile:
- type: RuntimeDefault
- verify_perms:
- appArmorProfile:
- type: RuntimeDefault
- backup_perms:
- appArmorProfile:
- type: RuntimeDefault
- tests:
- container:
- test:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/mariadb/local-storage.yaml b/values_overrides/openstack/mariadb/local-storage.yaml
deleted file mode 100644
index ba99d6c645..0000000000
--- a/values_overrides/openstack/mariadb/local-storage.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-mariadb:
- pod:
- replicas:
- server: 1
- volume:
- size: 1Gi
- class_name: local-storage
- monitoring:
- prometheus:
- enabled: false
-...
diff --git a/values_overrides/openstack/mariadb/netpol.yaml b/values_overrides/openstack/mariadb/netpol.yaml
deleted file mode 100644
index 94d08c0d9b..0000000000
--- a/values_overrides/openstack/mariadb/netpol.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-mariadb:
- manifests:
- network_policy: true
- network_policy:
- mariadb:
- egress:
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: keystone
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: glance
- - podSelector:
- matchLabels:
- application: cinder
- - podSelector:
- matchLabels:
- application: aodh
- - podSelector:
- matchLabels:
- application: barbican
- - podSelector:
- matchLabels:
- application: ceilometer
- - podSelector:
- matchLabels:
- application: designate
- - podSelector:
- matchLabels:
- application: horizon
- - podSelector:
- matchLabels:
- application: ironic
- - podSelector:
- matchLabels:
- application: magnum
- - podSelector:
- matchLabels:
- application: mistral
- - podSelector:
- matchLabels:
- application: nova
- - podSelector:
- matchLabels:
- application: neutron
- - podSelector:
- matchLabels:
- application: rally
- - podSelector:
- matchLabels:
- application: placement
- - podSelector:
- matchLabels:
- application: prometheus-mysql-exporter
- - podSelector:
- matchLabels:
- application: mariadb
- - podSelector:
- matchLabels:
- application: mariadb-backup
- ports:
- - protocol: TCP
- port: 3306
- - protocol: TCP
- port: 4567
- - protocol: TCP
- port: 80
- - protocol: TCP
- port: 8080
-...
diff --git a/values_overrides/openstack/mariadb/tls.yaml b/values_overrides/openstack/mariadb/tls.yaml
deleted file mode 100644
index 86f4692513..0000000000
--- a/values_overrides/openstack/mariadb/tls.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-mariadb:
- pod:
- security_context:
- server:
- container:
- perms:
- readOnlyRootFilesystem: false
- mariadb:
- runAsUser: 0
- allowPrivilegeEscalation: true
- readOnlyRootFilesystem: false
- endpoints:
- oslo_db:
- host_fqdn_override:
- default:
- tls:
- secretName: mariadb-tls-direct
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/memcached/apparmor.yaml b/values_overrides/openstack/memcached/apparmor.yaml
deleted file mode 100644
index da1d6e7b72..0000000000
--- a/values_overrides/openstack/memcached/apparmor.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-pod:
- security_context:
- server:
- container:
- memcached:
- appArmorProfile:
- type: RuntimeDefault
- memcached_exporter:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/memcached/netpol.yaml b/values_overrides/openstack/memcached/netpol.yaml
deleted file mode 100644
index c0c0768d31..0000000000
--- a/values_overrides/openstack/memcached/netpol.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-memcached:
- manifests:
- network_policy: true
- network_policy:
- memcached:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: ingress
- - podSelector:
- matchLabels:
- application: keystone
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: glance
- - podSelector:
- matchLabels:
- application: cinder
- - podSelector:
- matchLabels:
- application: barbican
- - podSelector:
- matchLabels:
- application: ceilometer
- - podSelector:
- matchLabels:
- application: horizon
- - podSelector:
- matchLabels:
- application: ironic
- - podSelector:
- matchLabels:
- application: magnum
- - podSelector:
- matchLabels:
- application: mistral
- - podSelector:
- matchLabels:
- application: nova
- - podSelector:
- matchLabels:
- application: neutron
- - podSelector:
- matchLabels:
- application: placement
- - podSelector:
- matchLabels:
- application: prometheus_memcached_exporter
- - podSelector:
- matchLabels:
- application: aodh
- - podSelector:
- matchLabels:
- application: rally
- - podSelector:
- matchLabels:
- application: memcached
- - podSelector:
- matchLabels:
- application: gnocchi
- ports:
- - port: 11211
- protocol: TCP
- - port: 9150
- protocol: TCP
- egress:
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/neutron/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/neutron/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index bc4e3f7250..0000000000
--- a/values_overrides/openstack/neutron/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-neutron:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- neutron_db_sync: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_dhcp: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_l3: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_l2gw: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_linuxbridge_agent: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_metadata: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_openvswitch_agent: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_server: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_rpc_server: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_bagpipe_bgp: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
- neutron_netns_cleanup_cron: "quay.io/airshipit/neutron:2024.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/neutron/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/neutron/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index b9119db9de..0000000000
--- a/values_overrides/openstack/neutron/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-neutron:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- neutron_db_sync: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_dhcp: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_l3: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_l2gw: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_linuxbridge_agent: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_metadata: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_openvswitch_agent: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_server: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_rpc_server: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_bagpipe_bgp: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
- neutron_netns_cleanup_cron: "quay.io/airshipit/neutron:2024.2-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/neutron/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/neutron/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index a3a8853d90..0000000000
--- a/values_overrides/openstack/neutron/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-neutron:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- neutron_db_sync: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_dhcp: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_l3: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_l2gw: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_linuxbridge_agent: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_metadata: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_openvswitch_agent: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_server: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_rpc_server: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_bagpipe_bgp: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
- neutron_netns_cleanup_cron: "quay.io/airshipit/neutron:2025.1-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/neutron/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/neutron/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 86f8066ce4..0000000000
--- a/values_overrides/openstack/neutron/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-neutron:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- neutron_db_sync: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_dhcp: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_l3: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_l2gw: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_linuxbridge_agent: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_metadata: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_openvswitch_agent: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_server: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_rpc_server: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_bagpipe_bgp: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
- neutron_netns_cleanup_cron: "quay.io/airshipit/neutron:2025.1-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/neutron/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/neutron/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index 83d97c4651..0000000000
--- a/values_overrides/openstack/neutron/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-neutron:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- neutron_db_sync: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_dhcp: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_l3: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_l2gw: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_linuxbridge_agent: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_metadata: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_openvswitch_agent: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_server: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_rpc_server: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_bagpipe_bgp: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
- neutron_netns_cleanup_cron: "quay.io/airshipit/neutron:2025.2-ubuntu_noble"
-...
diff --git a/values_overrides/openstack/neutron/apparmor.yaml b/values_overrides/openstack/neutron/apparmor.yaml
deleted file mode 100644
index bf5d3e78fe..0000000000
--- a/values_overrides/openstack/neutron/apparmor.yaml
+++ /dev/null
@@ -1,81 +0,0 @@
----
-pod:
- security_context:
- neutron_dhcp_agent:
- container:
- neutron_dhcp_agent:
- appArmorProfile:
- type: RuntimeDefault
- neutron_dhcp_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- neutron_l3_agent:
- container:
- neutron_l3_agent:
- appArmorProfile:
- type: RuntimeDefault
- neutron_l3_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- neutron_lb_agent:
- container:
- neutron_lb_agent:
- appArmorProfile:
- type: RuntimeDefault
- neutron_lb_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- neutron_lb_agent_kernel_modules:
- appArmorProfile:
- type: RuntimeDefault
- neutron_metadata_agent:
- container:
- neutron_metadata_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- neutron_ovs_agent:
- container:
- neutron_ovs_agent:
- appArmorProfile:
- type: RuntimeDefault
- neutron_openvswitch_agent_kernel_modules:
- appArmorProfile:
- type: RuntimeDefault
- neutron_ovs_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- netoffload:
- appArmorProfile:
- type: RuntimeDefault
- neutron_sriov_agent:
- container:
- neutron_sriov_agent:
- appArmorProfile:
- type: RuntimeDefault
- neutron_sriov_agent_init:
- appArmorProfile:
- type: RuntimeDefault
- neutron_netns_cleanup_cron:
- container:
- neutron_netns_cleanup_cron:
- appArmorProfile:
- type: RuntimeDefault
- neutron_server:
- container:
- neutron_server:
- appArmorProfile:
- type: RuntimeDefault
- nginx:
- appArmorProfile:
- type: RuntimeDefault
- neutron_rpc_server:
- container:
- neutron_rpc_server:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/neutron/dpdk-bond.yaml b/values_overrides/openstack/neutron/dpdk-bond.yaml
deleted file mode 100644
index f125f65eef..0000000000
--- a/values_overrides/openstack/neutron/dpdk-bond.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-neutron:
- network:
- interface:
- tunnel: br-phy-bond0
- conf:
- plugins:
- openvswitch_agent:
- agent:
- tunnel_types: vxlan
- ovs:
- bridge_mappings: public:br-ex
- datapath_type: netdev
- vhostuser_socket_dir: /var/run/openvswitch/vhostuser
- ovs_dpdk:
- enabled: true
- driver: uio_pci_generic
- nics: []
- bonds:
- # CHANGE-ME: modify below parameters according to your hardware
- - name: dpdkbond0
- bridge: br-phy-bond0
- # The IP from the first nic in nics list shall be used
- migrate_ip: true
- ovs_options: "bond_mode=active-backup"
- nics:
- - name: dpdk_b0s0
- pci_id: '0000:00:05.0'
- - name: dpdk_b0s1
- pci_id: '0000:00:06.0'
- bridges:
- - name: br-phy-bond0
-...
diff --git a/values_overrides/openstack/neutron/dpdk.yaml b/values_overrides/openstack/neutron/dpdk.yaml
deleted file mode 100644
index c48cbda683..0000000000
--- a/values_overrides/openstack/neutron/dpdk.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-neutron:
- network:
- interface:
- tunnel: br-phy
- conf:
- plugins:
- openvswitch_agent:
- agent:
- tunnel_types: vxlan
- ovs:
- bridge_mappings: public:br-ex
- datapath_type: netdev
- vhostuser_socket_dir: /var/run/openvswitch/vhostuser
- ovs_dpdk:
- enabled: true
- driver: uio_pci_generic
- nics:
- # CHANGE-ME: modify pci_id according to your hardware
- - name: dpdk0
- pci_id: '0000:05:00.0'
- bridge: br-phy
- migrate_ip: true
- bridges:
- - name: br-phy
- bonds: []
-...
diff --git a/values_overrides/openstack/neutron/gate.yaml b/values_overrides/openstack/neutron/gate.yaml
deleted file mode 100644
index d01a1d8c94..0000000000
--- a/values_overrides/openstack/neutron/gate.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-neutron:
- network:
- interface:
- tunnel: docker0
- conf:
- neutron:
- DEFAULT:
- l3_ha: False
- max_l3_agents_per_router: 1
- l3_ha_network_type: vxlan
- dhcp_agents_per_network: 1
- plugins:
- ml2_conf:
- ml2_type_flat:
- flat_networks: public
- openvswitch_agent:
- agent:
- tunnel_types: vxlan
- ovs:
- bridge_mappings: public:br-ex
- linuxbridge_agent:
- linux_bridge:
- bridge_mappings: public:br-ex
-...
diff --git a/values_overrides/openstack/neutron/netpol.yaml b/values_overrides/openstack/neutron/netpol.yaml
deleted file mode 100644
index 9a1002552d..0000000000
--- a/values_overrides/openstack/neutron/netpol.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-neutron:
- manifests:
- network_policy: true
- network_policy:
- neutron:
- egress:
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/neutron/shared-sriov-ovs-dpdk-bond.yaml b/values_overrides/openstack/neutron/shared-sriov-ovs-dpdk-bond.yaml
deleted file mode 100644
index a6b2d36126..0000000000
--- a/values_overrides/openstack/neutron/shared-sriov-ovs-dpdk-bond.yaml
+++ /dev/null
@@ -1,97 +0,0 @@
----
-neutron:
- network:
- interface:
- sriov:
- - device: enp3s0f0
- num_vfs: 32
- promisc: false
- - device: enp66s0f1
- num_vfs: 32
- promisc: false
- tunnel: br-phy-bond0
- backend:
- - openvswitch
- - sriov
- conf:
- auto_bridge_add:
- br-ex: null
- neutron:
- DEFAULT:
- l3_ha: False
- max_l3_agents_per_router: 1
- l3_ha_network_type: vxlan
- dhcp_agents_per_network: 1
- service_plugins: router
- plugins:
- ml2_conf:
- ml2:
- mechanism_drivers: l2population,openvswitch,sriovnicswitch
- type_drivers: vlan,flat,vxlan
- tenant_network_types: vxlan
- ml2_type_flat:
- flat_networks: public
- ml2_type_vlan:
- network_vlan_ranges: ovsnet:2:4094,sriovnet1:100:4000,sriovnet2:100:4000
- openvswitch_agent:
- default:
- ovs_vsctl_timeout: 30
- agent:
- tunnel_types: vxlan
- securitygroup:
- enable_security_group: False
- firewall_driver: neutron.agent.firewall.NoopFirewallDriver
- ovs:
- bridge_mappings: public:br-ex,ovsnet:br-phy-bond0
- datapath_type: netdev
- vhostuser_socket_dir: /var/run/openvswitch/vhostuser
- of_connect_timeout: 60
- of_request_timeout: 30
- sriov_agent:
- securitygroup:
- firewall_driver: neutron.agent.firewall.NoopFirewallDriver
- sriov_nic:
- physical_device_mappings: sriovnet1:enp3s0f0,sriovnet2:enp66s0f1
- exclude_devices: enp3s0f0:0000:00:05.1,enp66s0f1:0000:00:06.1
- ovs_dpdk:
- enabled: true
- driver: uio_pci_generic
- nics: []
- bonds:
- # CHANGE-ME: modify below parameters according to your hardware
- - name: dpdkbond0
- bridge: br-phy-bond0
- mtu: 9000
- # The IP from the first nic in nics list shall be used
- migrate_ip: true
- n_rxq: 2
- n_rxq_size: 1024
- n_txq_size: 1024
- ovs_options: "bond_mode=active-backup"
- nics:
- - name: dpdk_b0s0
- pci_id: '0000:00:05.0'
- vf_index: 0
- - name: dpdk_b0s1
- pci_id: '0000:00:06.0'
- vf_index: 0
- bridges:
- - name: br-phy-bond0
- modules:
- - name: dpdk
- log_level: info
-
- # In case of shared profile (sriov + ovs-dpdk), sriov agent should finish
- # first so as to let it configure the SRIOV VFs before ovs-agent tries to
- # bind it with DPDK driver.
- dependencies:
- dynamic:
- targeted:
- openvswitch:
- ovs_agent:
- pod:
- - requireSameNode: true
- labels:
- application: neutron
- component: neutron-sriov-agent
-...
diff --git a/values_overrides/openstack/neutron/tf.yaml b/values_overrides/openstack/neutron/tf.yaml
deleted file mode 100644
index c2485de747..0000000000
--- a/values_overrides/openstack/neutron/tf.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-neutron:
- images:
- tags:
- tf_neutron_init: opencontrailnightly/contrail-openstack-neutron-init:master-latest
- labels:
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- server:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- network:
- backend:
- - tungstenfabric
- dependencies:
- dynamic:
- targeted:
- tungstenfabric:
- server:
- daemonset: []
- conf:
- openstack_version: queens
- neutron:
- DEFAULT:
- core_plugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
- service_plugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
- l3_ha: False
- api_extensions_path: /opt/plugin/site-packages/neutron_plugin_contrail/extensions:/opt/plugin/site-packages/neutron_lbaas/extensions
- interface_driver: null
- quotas:
- quota_driver: neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
- plugins:
- tungstenfabric:
- APISERVER:
- api_server_ip: config-api-server.tungsten-fabric.svc.cluster.local
- api_server_port: 8082
- contrail_extensions: "ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None"
- multi_tenancy: True
- KEYSTONE:
- insecure: True
- tf_vnc_api_lib:
- global:
- WEB_SERVER: config-api-server.tungsten-fabric.svc.cluster.local
- WEB_PORT: 8082
- auth:
- AUTHN_TYPE: keystone
- AUTHN_PROTOCOL: http
- AUTHN_URL: /v3/auth/tokens
- manifests:
- daemonset_dhcp_agent: false
- daemonset_l3_agent: false
- daemonset_lb_agent: false
- daemonset_metadata_agent: false
- daemonset_ovs_agent: false
- daemonset_sriov_agent: false
- pod_rally_test: false
- pod:
- mounts:
- neutron_db_sync:
- neutron_db_sync:
- volumeMounts:
- - name: db-sync-conf
- mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
- subPath: tf_plugin.ini
- readOnly: true
- volumes:
-...
diff --git a/values_overrides/openstack/neutron/tls.yaml b/values_overrides/openstack/neutron/tls.yaml
deleted file mode 100644
index 416effc294..0000000000
--- a/values_overrides/openstack/neutron/tls.yaml
+++ /dev/null
@@ -1,142 +0,0 @@
----
-neutron:
- images:
- tags:
- nginx: docker.io/nginx:1.18.0
- network:
- server:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- pod:
- security_context:
- neutron_server:
- pod:
- runAsUser: 0
- container:
- neutron_server:
- readOnlyRootFilesystem: false
- resources:
- nginx:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
- conf:
- nginx: |
- worker_processes 1;
- daemon off;
- user nginx;
-
- events {
- worker_connections 1024;
- }
-
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- sendfile on;
- keepalive_timeout 65s;
- tcp_nodelay on;
-
- log_format main '[nginx] method=$request_method path=$request_uri '
- 'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
- '"$remote_user" "$http_referer" "$http_user_agent"';
-
- access_log /dev/stdout main;
-
- upstream websocket {
- server 127.0.0.1:$PORT;
- }
-
- server {
- server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
- listen $POD_IP:$PORT ssl;
-
- client_max_body_size 0;
-
- ssl_certificate /etc/nginx/certs/tls.crt;
- ssl_certificate_key /etc/nginx/certs/tls.key;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
-
- location / {
- proxy_pass_request_headers on;
-
- proxy_http_version 1.1;
- proxy_pass http://websocket;
- proxy_read_timeout 90;
- }
- }
- }
- neutron:
- DEFAULT:
- bind_host: 127.0.0.1
- nova:
- cafile: /etc/neutron/certs/ca.crt
- keystone_authtoken:
- cafile: /etc/neutron/certs/ca.crt
- oslo_messaging_rabbit:
- ssl: true
- ssl_ca_file: /etc/rabbitmq/certs/ca.crt
- ssl_cert_file: /etc/rabbitmq/certs/tls.crt
- ssl_key_file: /etc/rabbitmq/certs/tls.key
- metadata_agent:
- DEFAULT:
- auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
- nova_metadata_port: 443
- nova_metadata_protocol: https
- endpoints:
- compute:
- scheme:
- default: https
- port:
- api:
- public: 443
- compute_metadata:
- scheme:
- default: https
- port:
- metadata:
- public: 443
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- neutron:
- cacert: /etc/ssl/certs/openstack-helm.crt
- nova:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- network:
- host_fqdn_override:
- default:
- tls:
- secretName: neutron-tls-server
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- api:
- public: 443
- ingress:
- port:
- ingress:
- default: 443
- oslo_messaging:
- port:
- https:
- default: 15680
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/nova/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/nova/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index d4dead485b..0000000000
--- a/values_overrides/openstack/nova/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-nova:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- nova_api: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_cell_setup: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_cell_setup_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- nova_compute: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_compute_ssh: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_conductor: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_db_sync: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_novncproxy: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_novncproxy_assets: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_scheduler: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_spiceproxy: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_spiceproxy_assets: "quay.io/airshipit/nova:2024.1-ubuntu_jammy"
- nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/nova/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/nova/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index 68ef054554..0000000000
--- a/values_overrides/openstack/nova/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-nova:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- nova_api: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_cell_setup: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_cell_setup_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- nova_compute: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_compute_ssh: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_conductor: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_db_sync: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_novncproxy: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_novncproxy_assets: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_scheduler: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_spiceproxy: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_spiceproxy_assets: "quay.io/airshipit/nova:2024.2-ubuntu_jammy"
- nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/nova/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/nova/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index ed55949326..0000000000
--- a/values_overrides/openstack/nova/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-nova:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- nova_api: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_cell_setup: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_cell_setup_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- nova_compute: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_compute_ssh: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_conductor: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_db_sync: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_novncproxy: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_novncproxy_assets: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_scheduler: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_spiceproxy: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_spiceproxy_assets: "quay.io/airshipit/nova:2025.1-ubuntu_jammy"
- nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/nova/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/nova/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index c5142dddce..0000000000
--- a/values_overrides/openstack/nova/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-nova:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- nova_api: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_cell_setup: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_cell_setup_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- nova_compute: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_compute_ssh: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_conductor: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_db_sync: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_novncproxy: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_novncproxy_assets: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_scheduler: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_spiceproxy: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_spiceproxy_assets: "quay.io/airshipit/nova:2025.1-ubuntu_noble"
- nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/nova/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/nova/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index 3cf38201c4..0000000000
--- a/values_overrides/openstack/nova/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-nova:
- images:
- tags:
- bootstrap: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- nova_api: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_cell_setup: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_cell_setup_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- nova_compute: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_compute_ssh: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_conductor: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_db_sync: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_novncproxy: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_novncproxy_assets: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_scheduler: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_spiceproxy: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_spiceproxy_assets: "quay.io/airshipit/nova:2025.2-ubuntu_noble"
- nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy"
-...
diff --git a/values_overrides/openstack/nova/apparmor.yaml b/values_overrides/openstack/nova/apparmor.yaml
deleted file mode 100644
index 8352f7d4d2..0000000000
--- a/values_overrides/openstack/nova/apparmor.yaml
+++ /dev/null
@@ -1,52 +0,0 @@
----
-pod:
- security_context:
- nova:
- container:
- nova_compute:
- appArmorProfile:
- type: RuntimeDefault
- nova_compute_init:
- appArmorProfile:
- type: RuntimeDefault
- nova_compute_vnc_init:
- appArmorProfile:
- type: RuntimeDefault
- nova_api:
- appArmorProfile:
- type: RuntimeDefault
- nova_api_metadata_init:
- appArmorProfile:
- type: RuntimeDefault
- nova_osapi:
- appArmorProfile:
- type: RuntimeDefault
- nova_conductor:
- appArmorProfile:
- type: RuntimeDefault
- nova_novncproxy:
- appArmorProfile:
- type: RuntimeDefault
- nova_novncproxy_init_assets:
- appArmorProfile:
- type: RuntimeDefault
- nova_novncproxy_init:
- appArmorProfile:
- type: RuntimeDefault
- nova_scheduler:
- appArmorProfile:
- type: RuntimeDefault
- nova_cell_setup:
- container:
- nova_cell_setup:
- appArmorProfile:
- type: RuntimeDefault
- nova_cell_setup_init:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/nova/cntt.yaml b/values_overrides/openstack/nova/cntt.yaml
deleted file mode 100644
index 57e07b86ee..0000000000
--- a/values_overrides/openstack/nova/cntt.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-nova:
- conf:
- nova:
- DEFAULT:
- reserved_huge_pages:
- type: multistring
- values:
- - node:0,size:1GB,count:4
- - node:1,size:1GB,count:4
- reserved_host_memory_mb: 512
-...
diff --git a/values_overrides/openstack/nova/netpol.yaml b/values_overrides/openstack/nova/netpol.yaml
deleted file mode 100644
index 8d0901cb45..0000000000
--- a/values_overrides/openstack/nova/netpol.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-nova:
- manifests:
- network_policy: true
- network_policy:
- nova:
- egress:
- - to:
- - podSelector:
- matchLabels:
- application: nova
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-...
diff --git a/values_overrides/openstack/nova/opensuse_15.yaml b/values_overrides/openstack/nova/opensuse_15.yaml
deleted file mode 100644
index 5cb0ec8281..0000000000
--- a/values_overrides/openstack/nova/opensuse_15.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-nova:
- conf:
- software:
- apache2:
- binary: apache2ctl
- start_parameters: -DFOREGROUND -k start
- site_dir: /etc/apache2/vhosts.d
- conf_dir: /etc/apache2/conf.d
- a2enmod:
- - version
- security: |
-
- Options Indexes FollowSymLinks
- AllowOverride All
-
- Require all granted
-
-
- Order allow,deny
- Allow from all
-
-
- nova:
- DEFAULT:
- mkisofs_cmd: mkisofs
-...
diff --git a/values_overrides/openstack/nova/ssh.yaml b/values_overrides/openstack/nova/ssh.yaml
deleted file mode 100644
index e776c09fbb..0000000000
--- a/values_overrides/openstack/nova/ssh.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-nova:
- network:
- ssh:
- enabled: true
- public_key: |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
- private_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
- YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
- acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
- xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
- sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
- mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
- Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
- wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
- ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
- YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
- b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
- 942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
- P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
- MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
- h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
- xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
- WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
- qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
- Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
- Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
- sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
- K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
- PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
- 2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
- UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
- -----END RSA PRIVATE KEY-----
-...
diff --git a/values_overrides/openstack/nova/tf.yaml b/values_overrides/openstack/nova/tf.yaml
deleted file mode 100644
index ef8cbfca23..0000000000
--- a/values_overrides/openstack/nova/tf.yaml
+++ /dev/null
@@ -1,79 +0,0 @@
----
-nova:
- images:
- tags:
- tf_compute_init: opencontrailnightly/contrail-openstack-compute-init:master-latest
- conf:
- nova:
- libvirt:
- virt_type: qemu
- cpu_mode: host-model
- agent:
- compute:
- node_selector_key: openstack-compute-node
- node_selector_value: enabled
- compute_ironic:
- node_selector_key: openstack-compute-node
- node_selector_value: enabled
- api_metadata:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- conductor:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- job:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- novncproxy:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- osapi:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- scheduler:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- spiceproxy:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- test:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
- rootwrap: |
- # Configuration for nova-rootwrap
- # This file should be owned by (and only-writeable by) the root user
-
- [DEFAULT]
- # List of directories to load filter definitions from (separated by ',').
- # These directories MUST all be only writeable by root !
- filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
-
- # List of directories to search executables in, in case filters do not
- # explicitely specify a full path (separated by ',')
- # If not specified, defaults to system PATH environment variable.
- # These directories MUST all be only writeable by root !
- exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin,/opt/plugin/bin
-
- # Enable logging to syslog
- # Default value is False
- use_syslog=False
-
- # Which syslog facility to use.
- # Valid values include auth, authpriv, syslog, local0, local1...
- # Default value is 'syslog'
- syslog_log_facility=syslog
-
- # Which messages to log.
- # INFO means log all usage
- # ERROR means only log unsuccessful attempts
- syslog_log_level=ERROR
- network:
- backend:
- - tungstenfabric
- dependencies:
- dynamic:
- targeted:
- tungstenfabric:
- compute:
- daemonset: []
-...
diff --git a/values_overrides/openstack/nova/tls-offloading.yaml b/values_overrides/openstack/nova/tls-offloading.yaml
deleted file mode 100644
index c2b771a53e..0000000000
--- a/values_overrides/openstack/nova/tls-offloading.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-nova:
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- nova:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
-
- tls:
- identity: true
-...
diff --git a/values_overrides/openstack/nova/tls.yaml b/values_overrides/openstack/nova/tls.yaml
deleted file mode 100644
index 95df1b182b..0000000000
--- a/values_overrides/openstack/nova/tls.yaml
+++ /dev/null
@@ -1,209 +0,0 @@
----
-nova:
- network:
- osapi:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- metadata:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- novncproxy:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- conf:
- mpm_event: |
-
- ServerLimit 1024
- StartServers 32
- MinSpareThreads 32
- MaxSpareThreads 256
- ThreadsPerChild 25
- MaxRequestsPerChild 128
- ThreadLimit 720
-
- wsgi_nova_api: |
- {{- $portInt := tuple "compute" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- Listen {{ $portInt }}
-
- ServerName {{ printf "%s.%s.svc.%s" "nova-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess nova-api processes=1 threads=1 user=nova display-name=%{GROUP}
- WSGIProcessGroup nova-api
- WSGIScriptAlias / /var/www/cgi-bin/nova/nova-api-wsgi
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- AllowEncodedSlashes On
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/nova/certs/tls.crt
- SSLCertificateKeyFile /etc/nova/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
- wsgi_nova_metadata: |
- {{- $portInt := tuple "compute_metadata" "internal" "metadata" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- Listen {{ $portInt }}
-
- ServerName {{ printf "%s.%s.svc.%s" "nova-metadata" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess nova-metadata processes=1 threads=1 user=nova display-name=%{GROUP}
- WSGIProcessGroup nova-metadata
- WSGIScriptAlias / /var/www/cgi-bin/nova/nova-metadata-wsgi
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- AllowEncodedSlashes On
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/nova/certs/tls.crt
- SSLCertificateKeyFile /etc/nova/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
- software:
- apache2:
- a2enmod:
- - ssl
- nova:
- console:
- ssl_minimum_version: tlsv1_2
- glance:
- cafile: /etc/nova/certs/ca.crt
- ironic:
- cafile: /etc/nova/certs/ca.crt
- neutron:
- cafile: /etc/nova/certs/ca.crt
- keystone_authtoken:
- cafile: /etc/nova/certs/ca.crt
- cinder:
- cafile: /etc/nova/certs/ca.crt
- placement:
- cafile: /etc/nova/certs/ca.crt
- keystone:
- cafile: /etc/nova/certs/ca.crt
- oslo_messaging_rabbit:
- ssl: true
- ssl_ca_file: /etc/rabbitmq/certs/ca.crt
- ssl_cert_file: /etc/rabbitmq/certs/tls.crt
- ssl_key_file: /etc/rabbitmq/certs/tls.key
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- nova:
- cacert: /etc/ssl/certs/openstack-helm.crt
- neutron:
- cacert: /etc/ssl/certs/openstack-helm.crt
- placement:
- cacert: /etc/ssl/certs/openstack-helm.crt
- test:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- image:
- scheme:
- default: https
- port:
- api:
- public: 443
- compute:
- host_fqdn_override:
- default:
- tls:
- secretName: nova-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: 'https'
- port:
- api:
- public: 443
- compute_metadata:
- host_fqdn_override:
- default:
- tls:
- secretName: metadata-tls-metadata
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- metadata:
- public: 443
- compute_novnc_proxy:
- host_fqdn_override:
- default:
- tls:
- secretName: nova-novncproxy-tls-proxy
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- novnc_proxy:
- public: 443
- compute_spice_proxy:
- host_fqdn_override:
- default:
- tls:
- secretName: nova-tls-spiceproxy
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- placement:
- host_fqdn_override:
- default:
- tls:
- secretName: placement-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- api:
- public: 443
- network:
- scheme:
- default: https
- port:
- api:
- public: 443
- oslo_messaging:
- port:
- https:
- default: 15680
- pod:
- security_context:
- nova:
- container:
- nova_api:
- runAsUser: 0
- readOnlyRootFilesystem: false
- nova_osapi:
- runAsUser: 0
- readOnlyRootFilesystem: false
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/openvswitch/apparmor.yaml b/values_overrides/openstack/openvswitch/apparmor.yaml
deleted file mode 100644
index 0622862cbe..0000000000
--- a/values_overrides/openstack/openvswitch/apparmor.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-pod:
- security_context:
- ovs:
- container:
- vswitchd:
- appArmorProfile:
- type: RuntimeDefault
- server:
- appArmorProfile:
- type: RuntimeDefault
- modules:
- appArmorProfile:
- type: RuntimeDefault
- perms:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/openvswitch/dpdk-opensuse_15.yaml b/values_overrides/openstack/openvswitch/dpdk-opensuse_15.yaml
deleted file mode 100644
index 952b09c543..0000000000
--- a/values_overrides/openstack/openvswitch/dpdk-opensuse_15.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-openvswitch:
- images:
- tags:
- openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
- openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
- pod:
- resources:
- enabled: true
- ovs:
- vswitchd:
- requests:
- memory: "2Gi"
- cpu: "2"
- limits:
- memory: "2Gi"
- cpu: "2"
- hugepages-1Gi: "1Gi"
- conf:
- ovs_dpdk:
- enabled: true
- hugepages_mountpath: /dev/hugepages
- vhostuser_socket_dir: vhostuser
- socket_memory: 1024
-...
diff --git a/values_overrides/openstack/openvswitch/dpdk-ubuntu_bionic.yaml b/values_overrides/openstack/openvswitch/dpdk-ubuntu_bionic.yaml
deleted file mode 100644
index 98265e7ecd..0000000000
--- a/values_overrides/openstack/openvswitch/dpdk-ubuntu_bionic.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-openvswitch:
- images:
- tags:
- openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
- openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
- pod:
- resources:
- enabled: true
- ovs:
- vswitchd:
- requests:
- memory: "2Gi"
- cpu: "2"
- limits:
- memory: "2Gi"
- cpu: "2"
- hugepages-1Gi: "1Gi"
- conf:
- ovs_dpdk:
- enabled: true
- hugepages_mountpath: /dev/hugepages
- vhostuser_socket_dir: vhostuser
- socket_memory: 1024
-...
diff --git a/values_overrides/openstack/openvswitch/netpol.yaml b/values_overrides/openstack/openvswitch/netpol.yaml
deleted file mode 100644
index efde08fb09..0000000000
--- a/values_overrides/openstack/openvswitch/netpol.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-openvswitch:
- manifests:
- network_policy: true
-...
diff --git a/values_overrides/openstack/openvswitch/vswitchd-probes.yaml b/values_overrides/openstack/openvswitch/vswitchd-probes.yaml
deleted file mode 100644
index 14e350cfba..0000000000
--- a/values_overrides/openstack/openvswitch/vswitchd-probes.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-openvswitch:
- pod:
- probes:
- ovs_vswitch:
- ovs_vswitch:
- liveness:
- exec:
- - /bin/bash
- - -c
- - '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))'
-...
diff --git a/values_overrides/openstack/placement/2024.1-ubuntu_jammy.yaml b/values_overrides/openstack/placement/2024.1-ubuntu_jammy.yaml
deleted file mode 100644
index e47a12cc0a..0000000000
--- a/values_overrides/openstack/placement/2024.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "quay.io/airshipit/placement:2024.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
- placement_db_sync: "quay.io/airshipit/placement:2024.1-ubuntu_jammy"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
-...
diff --git a/values_overrides/openstack/placement/2024.2-ubuntu_jammy.yaml b/values_overrides/openstack/placement/2024.2-ubuntu_jammy.yaml
deleted file mode 100644
index ec246b1f82..0000000000
--- a/values_overrides/openstack/placement/2024.2-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "quay.io/airshipit/placement:2024.2-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
- placement_db_sync: "quay.io/airshipit/placement:2024.2-ubuntu_jammy"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
-...
diff --git a/values_overrides/openstack/placement/2025.1-ubuntu_jammy.yaml b/values_overrides/openstack/placement/2025.1-ubuntu_jammy.yaml
deleted file mode 100644
index fb41280444..0000000000
--- a/values_overrides/openstack/placement/2025.1-ubuntu_jammy.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "quay.io/airshipit/placement:2025.1-ubuntu_jammy"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
- placement_db_sync: "quay.io/airshipit/placement:2025.1-ubuntu_jammy"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
-...
diff --git a/values_overrides/openstack/placement/2025.1-ubuntu_noble.yaml b/values_overrides/openstack/placement/2025.1-ubuntu_noble.yaml
deleted file mode 100644
index 7a2c2e2473..0000000000
--- a/values_overrides/openstack/placement/2025.1-ubuntu_noble.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "quay.io/airshipit/placement:2025.1-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
- placement_db_sync: "quay.io/airshipit/placement:2025.1-ubuntu_noble"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
-...
diff --git a/values_overrides/openstack/placement/2025.2-ubuntu_noble.yaml b/values_overrides/openstack/placement/2025.2-ubuntu_noble.yaml
deleted file mode 100644
index 60cab44013..0000000000
--- a/values_overrides/openstack/placement/2025.2-ubuntu_noble.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "quay.io/airshipit/placement:2025.2-ubuntu_noble"
- ks_user: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_service: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- ks_endpoints: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_init: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- db_drop: "quay.io/airshipit/heat:2025.2-ubuntu_noble"
- placement_db_sync: "quay.io/airshipit/placement:2025.2-ubuntu_noble"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
-...
diff --git a/values_overrides/openstack/placement/apparmor.yaml b/values_overrides/openstack/placement/apparmor.yaml
deleted file mode 100644
index ad00de5e7e..0000000000
--- a/values_overrides/openstack/placement/apparmor.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-pod:
- security_context:
- placement:
- container:
- placement_api:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/placement/netpol.yaml b/values_overrides/openstack/placement/netpol.yaml
deleted file mode 100644
index 284f798d92..0000000000
--- a/values_overrides/openstack/placement/netpol.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-placement:
- manifests:
- network_policy: true
- network_policy:
- placement:
- egress:
- - {}
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: nova
- ports:
- - protocol: TCP
- port: 8778
- - protocol: TCP
- port: 80
- - protocol: TCP
- port: 8080
-...
diff --git a/values_overrides/openstack/placement/tls.yaml b/values_overrides/openstack/placement/tls.yaml
deleted file mode 100644
index 8f088425ca..0000000000
--- a/values_overrides/openstack/placement/tls.yaml
+++ /dev/null
@@ -1,78 +0,0 @@
----
-placement:
- network:
- api:
- ingress:
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "https"
- conf:
- software:
- apache2:
- a2enmod:
- - ssl
- placement:
- keystone_authtoken:
- cafile: /etc/placement/certs/ca.crt
- wsgi_placement: |
- Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
- WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
- WSGIProcessGroup placement-api
- WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /dev/stdout
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- SSLEngine on
- SSLCertificateFile /etc/placement/certs/tls.crt
- SSLCertificateKeyFile /etc/placement/certs/tls.key
- SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
- SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
- SSLHonorCipherOrder on
-
- Alias /placement /var/www/cgi-bin/placement/placement-api
-
- SetHandler wsgi-script
- Options +ExecCGI
- WSGIProcessGroup placement-api
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
-
- endpoints:
- identity:
- auth:
- admin:
- cacert: /etc/ssl/certs/openstack-helm.crt
- placement:
- cacert: /etc/ssl/certs/openstack-helm.crt
- scheme:
- default: https
- port:
- api:
- default: 443
- placement:
- host_fqdn_override:
- default:
- tls:
- secretName: placement-tls-api
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- scheme:
- default: https
- port:
- api:
- public: 443
- manifests:
- certificates: true
-...
diff --git a/values_overrides/openstack/placement/train-ubuntu_bionic.yaml b/values_overrides/openstack/placement/train-ubuntu_bionic.yaml
deleted file mode 100644
index 30e4bab17f..0000000000
--- a/values_overrides/openstack/placement/train-ubuntu_bionic.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-placement:
- images:
- pull_policy: IfNotPresent
- tags:
- placement: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
- ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
- ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
- ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
- db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
- db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
- db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
- placement_db_sync: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
- dep_check: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy"
- image_repo_sync: "docker.io/docker:17.07.0"
- manifests:
- job_db_migrate: true
- dependencies:
- static:
- db_sync:
- jobs:
- - placement-db-init
- - placement-db-migrate
-...
diff --git a/values_overrides/openstack/rabbitmq/apparmor.yaml b/values_overrides/openstack/rabbitmq/apparmor.yaml
deleted file mode 100644
index 82d7c6d709..0000000000
--- a/values_overrides/openstack/rabbitmq/apparmor.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
----
-pod:
- security_context:
- cluster_wait:
- container:
- rabbitmq_cluster_wait:
- appArmorProfile:
- type: RuntimeDefault
- rabbitmq_cookie:
- appArmorProfile:
- type: RuntimeDefault
- server:
- container:
- rabbitmq:
- appArmorProfile:
- type: RuntimeDefault
- rabbitmq_perms:
- appArmorProfile:
- type: RuntimeDefault
- rabbitmq_cookie:
- appArmorProfile:
- type: RuntimeDefault
- rabbitmq_password:
- appArmorProfile:
- type: RuntimeDefault
- exporter:
- container:
- rabbitmq_exporter:
- appArmorProfile:
- type: RuntimeDefault
- test:
- container:
- rabbitmq_test:
- appArmorProfile:
- type: RuntimeDefault
- kubernetes_entrypoint:
- container:
- kubernetes_entrypoint:
- appArmorProfile:
- type: RuntimeDefault
-...
diff --git a/values_overrides/openstack/rabbitmq/netpol.yaml b/values_overrides/openstack/rabbitmq/netpol.yaml
deleted file mode 100644
index 8cb182b48d..0000000000
--- a/values_overrides/openstack/rabbitmq/netpol.yaml
+++ /dev/null
@@ -1,103 +0,0 @@
----
-rabbitmq:
- network_policy:
- rabbitmq:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: keystone
- - podSelector:
- matchLabels:
- application: heat
- - podSelector:
- matchLabels:
- application: glance
- - podSelector:
- matchLabels:
- application: cinder
- - podSelector:
- matchLabels:
- application: aodh
- - podSelector:
- matchLabels:
- application: barbican
- - podSelector:
- matchLabels:
- application: ceilometer
- - podSelector:
- matchLabels:
- application: designate
- - podSelector:
- matchLabels:
- application: ironic
- - podSelector:
- matchLabels:
- application: magnum
- - podSelector:
- matchLabels:
- application: mistral
- - podSelector:
- matchLabels:
- application: nova
- - podSelector:
- matchLabels:
- application: neutron
- - podSelector:
- matchLabels:
- application: placement
- - podSelector:
- matchLabels:
- application: rabbitmq
- - podSelector:
- matchLabels:
- application: prometheus_rabbitmq_exporter
- ports:
- # AMQP port
- - protocol: TCP
- port: 5672
- # HTTP API ports
- - protocol: TCP
- port: 15672
- - protocol: TCP
- port: 80
- - from:
- - podSelector:
- matchLabels:
- application: rabbitmq
- ports:
- # Clustering port AMQP + 20000
- - protocol: TCP
- port: 25672
- # Erlang Port Mapper Daemon (epmd)
- - protocol: TCP
- port: 4369
- egress:
- - to:
- - podSelector:
- matchLabels:
- application: rabbitmq
- ports:
- # Erlang port mapper daemon (epmd)
- - protocol: TCP
- port: 4369
- # Rabbit clustering port AMQP + 20000
- - protocol: TCP
- port: 25672
- # NOTE(lamt): Set by inet_dist_listen_{min/max}. Firewalls must
- # permit traffic in this range to pass between clustered nodes.
- # - protocol: TCP
- # port: 35197
- - to:
- - ipBlock:
- cidr: %%%REPLACE_API_ADDR%%%/32
- ports:
- - protocol: TCP
- port: %%%REPLACE_API_PORT%%%
-
- manifests:
- monitoring:
- prometheus:
- network_policy_exporter: true
- network_policy: true
-...
diff --git a/values_overrides/openstack/rabbitmq/tls.yaml b/values_overrides/openstack/rabbitmq/tls.yaml
deleted file mode 100644
index a4976bad43..0000000000
--- a/values_overrides/openstack/rabbitmq/tls.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-rabbitmq:
- conf:
- rabbitmq:
- ssl_options:
- cacertfile: "/etc/rabbitmq/certs/ca.crt"
- certfile: "/etc/rabbitmq/certs/tls.crt"
- keyfile: "/etc/rabbitmq/certs/tls.key"
- verify: verify_peer
- fail_if_no_peer_cert: false
- management:
- ssl:
- cacertfile: "/etc/rabbitmq/certs/ca.crt"
- certfile: "/etc/rabbitmq/certs/tls.crt"
- keyfile: "/etc/rabbitmq/certs/tls.key"
- endpoints:
- oslo_messaging:
- host_fqdn_override:
- default:
- tls:
- secretName: rabbitmq-tls-direct
- issuerRef:
- name: ca-issuer
- kind: ClusterIssuer
- port:
- https:
- default: 15680
- public: 443
- manifests:
- certificates: true
-...
diff --git a/zuul.d/2024.2.yaml b/zuul.d/2024.2.yaml
index 4ab0b7fd21..df1b4630c2 100644
--- a/zuul.d/2024.2.yaml
+++ b/zuul.d/2024.2.yaml
@@ -76,21 +76,6 @@
container_distro_version: jammy
feature_gates: ovn
-- job:
- name: openstack-helm-umbrella-2024-2-ubuntu_jammy
- parent: openstack-helm-umbrella
- nodeset: openstack-helm-3nodes-ubuntu_jammy
- vars:
- # FIXME: Newer versions of Helm include improved
- # validation checks that might flag immutable field
- # updates that were previously not strictly enforced
- # or detected in older versions.
- helm_version: "v3.6.3"
- osh_params:
- openstack_release: "2024.2"
- container_distro_name: ubuntu
- container_distro_version: jammy
-
- job:
name: openstack-helm-tls-2024-2-ubuntu_jammy
parent: openstack-helm-tls
diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml
index 9c12d1d6c6..dbccff0aad 100644
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@@ -365,40 +365,6 @@
- ./tools/deployment/component/cinder/cinder.sh
- ./tools/deployment/common/force-cronjob-run.sh
-- job:
- name: openstack-helm-umbrella
- parent: openstack-helm-deploy
- abstract: true
- files:
- - ^glance/.*$
- - ^heat/.*$
- - ^horizon/.*$
- - ^keystone/.*$
- - ^neutron/.*$
- - ^nova/.*$
- - ^openstack/.*$
- - ^placement/.*$
- - ^tools/deployment/common/force-cronjob-run.sh$
- - ^tools/deployment/common/setup-client.sh$
- - ^tools/deployment/component/common/openstack.sh$
- - ^tools/deployment/common/use-it.sh$
- - ^tools/deployment/common/validate-umbrella-upgrade-no-side-effects.sh$
- - ^tools/deployment/common/validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh$
- - ^zuul\.d/.*$
- vars:
- run_helm_tests: "yes"
- gate_scripts:
- - ./tools/deployment/common/prepare-bashrc.sh
- - ./tools/deployment/common/prepare-k8s.sh
- - ./tools/deployment/common/prepare-charts.sh
- - ./tools/deployment/common/setup-client.sh
- - export GLANCE_BACKEND=local; ./tools/deployment/component/common/openstack.sh
- - export HELM_TESTS_TRIES=3; export OSH_TEST_TIMEOUT=1200; ./tools/deployment/common/run-helm-tests.sh openstack
- - ./tools/deployment/common/use-it.sh
- - ./tools/deployment/common/force-cronjob-run.sh
- - ./tools/deployment/common/validate-umbrella-upgrade-no-side-effects.sh
- - ./tools/deployment/common/validate-umbrella-upgrade-config-changes-do-not-update-other-components.sh
-
- job:
name: openstack-helm-horizon
parent: openstack-helm-deploy