Merge "Distinguish between port number of internal endpoint and binding port number in keystone"
This commit is contained in:
Zuul
Gerrit Code Review
commit
350d55baad
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Keystone
|
description: OpenStack-Helm Keystone
|
||||||
name: keystone
|
name: keystone
|
||||||
version: 0.2.29
|
version: 0.2.30
|
||||||
home: https://docs.openstack.org/keystone/latest/
|
home: https://docs.openstack.org/keystone/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
|||||||
@ -14,9 +14,9 @@ limitations under the License.
|
|||||||
|
|
||||||
{{- define "apiProbeTemplate" }}
|
{{- define "apiProbeTemplate" }}
|
||||||
httpGet:
|
httpGet:
|
||||||
scheme: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
|
scheme: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
|
||||||
path: /v3/
|
path: /v3/
|
||||||
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if .Values.manifests.deployment_api }}
|
{{- if .Values.manifests.deployment_api }}
|
||||||
@ -80,7 +80,7 @@ spec:
|
|||||||
- stop
|
- stop
|
||||||
ports:
|
ports:
|
||||||
- name: ks-pub
|
- name: ks-pub
|
||||||
containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
containerPort: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
{{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
{{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -21,9 +21,8 @@ metadata:
|
|||||||
name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
||||||
- name: ks-pub
|
- name: ks-pub
|
||||||
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{ if .Values.network.api.node_port.enabled }}
|
{{ if .Values.network.api.node_port.enabled }}
|
||||||
nodePort: {{ .Values.network.api.node_port.port }}
|
nodePort: {{ .Values.network.api.node_port.port }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|||||||
@ -772,7 +772,7 @@ conf:
|
|||||||
ThreadLimit 720
|
ThreadLimit 720
|
||||||
</IfModule>
|
</IfModule>
|
||||||
wsgi_keystone: |
|
wsgi_keystone: |
|
||||||
{{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
{{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
|
||||||
Listen 0.0.0.0:{{ $portInt }}
|
Listen 0.0.0.0:{{ $portInt }}
|
||||||
|
|
||||||
@ -972,12 +972,14 @@ endpoints:
|
|||||||
default: /v3
|
default: /v3
|
||||||
scheme:
|
scheme:
|
||||||
default: http
|
default: http
|
||||||
|
service: http
|
||||||
port:
|
port:
|
||||||
api:
|
api:
|
||||||
default: 80
|
default: 80
|
||||||
# NOTE(portdirect): to retain portability across images, and allow
|
# NOTE(portdirect): to retain portability across images, and allow
|
||||||
# running under a unprivileged user simply, we default to a port > 1000.
|
# running under a unprivileged user simply, we default to a port > 1000.
|
||||||
internal: 5000
|
internal: 5000
|
||||||
|
service: 5000
|
||||||
oslo_db:
|
oslo_db:
|
||||||
namespace: null
|
namespace: null
|
||||||
auth:
|
auth:
|
||||||
|
|||||||
16
keystone/values_overrides/internal-reverse-proxy.yaml
Normal file
16
keystone/values_overrides/internal-reverse-proxy.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
endpoints:
|
||||||
|
identity:
|
||||||
|
host_fqdn_override:
|
||||||
|
public: example.com
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
public: https
|
||||||
|
internal: https
|
||||||
|
service: http
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 443
|
||||||
|
internal: 443
|
||||||
|
service: 5000
|
||||||
|
...
|
||||||
@ -26,8 +26,7 @@ conf:
|
|||||||
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||||
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||||
wsgi_keystone: |
|
wsgi_keystone: |
|
||||||
{{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
{{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
|
|
||||||
|
|
||||||
Listen 0.0.0.0:{{ $portInt }}
|
Listen 0.0.0.0:{{ $portInt }}
|
||||||
|
|
||||||
@ -38,7 +37,7 @@ conf:
|
|||||||
CustomLog /dev/stdout combined env=!forwarded
|
CustomLog /dev/stdout combined env=!forwarded
|
||||||
CustomLog /dev/stdout proxy env=forwarded
|
CustomLog /dev/stdout proxy env=forwarded
|
||||||
|
|
||||||
<VirtualHost *:{{ tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
|
<VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
|
||||||
ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
||||||
WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
||||||
WSGIProcessGroup keystone-public
|
WSGIProcessGroup keystone-public
|
||||||
@ -78,6 +77,7 @@ endpoints:
|
|||||||
scheme:
|
scheme:
|
||||||
default: https
|
default: https
|
||||||
public: https
|
public: https
|
||||||
|
service: https
|
||||||
port:
|
port:
|
||||||
api:
|
api:
|
||||||
default: 443
|
default: 443
|
||||||
|
|||||||
@ -45,4 +45,5 @@ keystone:
|
|||||||
- 0.2.27 Use LOG.warning instead of deprecated LOG.warn
|
- 0.2.27 Use LOG.warning instead of deprecated LOG.warn
|
||||||
- 0.2.28 Added OCI registry authentication
|
- 0.2.28 Added OCI registry authentication
|
||||||
- 0.2.29 Support TLS endpoints
|
- 0.2.29 Support TLS endpoints
|
||||||
|
- 0.2.30 Distinguish between port number of internal endpoint and binding port number
|
||||||
...
|
...
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user