Merge pull request #240 from portdirect/2.0ß/ks-endpoint-normalisation

KS endpoint type lookup for Keystone, Cinder & Glance Charts

cinder/templates/_helpers.tpl

@@ -1,59 +0,0 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# This file is required because we use a slightly different endpoint layout in
-# the values yaml, until we can make this change for all services.
-
-
-# this function returns the endpoint uri for a service, it takes an tuple
-# input in the form: service-type, endpoint-class, port-name. eg:
-# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoint_type_lookup_addr" }
-# will return the appropriate URI. Once merged this should phase out the above.
-
-{{- define "helm-toolkit.endpoint_type_lookup_addr" -}}
-{{- $type := index . 0 -}}
-{{- $endpoint := index . 1 -}}
-{{- $port := index . 2 -}}
-{{- $context := index . 3 -}}
-{{- $endpointMap := index $context.Values.endpoints $type }}
-{{- $fqdn := $context.Release.Namespace -}}
-{{- if $context.Values.endpoints.fqdn -}}
-{{- $fqdn := $context.Values.endpoints.fqdn -}}
-{{- end -}}
-{{- with $endpointMap -}}
-{{- $endpointScheme := .scheme }}
-{{- $endpointHost := index .hosts $endpoint | default .hosts.default}}
-{{- $endpointPort := index .port $port }}
-{{- $endpointPath := .path }}
-{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath  | quote -}}
-{{- end -}}
-{{- end -}}
-
-
-#-------------------------------
-# endpoint name lookup
-#-------------------------------
-
-# this function is used in endpoint management templates
-# it returns the service type for an openstack service eg:
-# { tuple orchestration . | include "ks_endpoint_type" }
-# will return "heat"
-
-{{- define "endpoint_name_lookup" -}}
-{{- $type := index . 0 -}}
-{{- $context := index . 1 -}}
-{{- $endpointMap := index $context.Values.endpoints $type }}
-{{- $endpointName := index $endpointMap "name" }}
-{{- $endpointName | quote -}}
-{{- end -}}

cinder/templates/deployment-api.yaml

@@ -59,10 +59,11 @@ spec:
           - --config-dir
           - /etc/cinder/conf
           ports:
-            - containerPort: {{ .Values.service.api.port }}
+            - name: c-api
+              containerPort: {{ .Values.network.port.api }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.api.port }}
+              port: {{ .Values.network.port.api }}
           volumeMounts:
             - name: pod-etc-cinder
               mountPath: /etc/cinder

cinder/templates/etc/_cinder.conf.tpl

@@ -22,11 +22,11 @@ volume_name_template = %s
 
 osapi_volume_workers = {{ .Values.api.workers }}
 osapi_volume_listen = 0.0.0.0
-osapi_volume_listen_port = {{ .Values.service.api.port }}
+osapi_volume_listen_port = {{ .Values.network.port.api }}
 
 api_paste_config = /etc/cinder/api-paste.ini
 
-glance_api_servers = "{{ .Values.glance.proto }}://{{ .Values.glance.host }}:{{ .Values.glance.port }}"
+glance_api_servers = {{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}
 glance_api_version = {{ .Values.glance.version }}
 
 enabled_backends = {{  include "helm-toolkit.joinListWithComma" .Values.backends.enabled }}
@@ -44,11 +44,13 @@ connection = mysql+pymysql://{{ .Values.database.cinder_user }}:{{ .Values.datab
 max_retries = -1
 
 [keystone_authtoken]
-auth_url = {{ .Values.keystone.auth_url }}
+auth_version = v3
+auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}
 auth_type = password
+region_name = {{ .Values.keystone.cinder_region_name }}
 project_domain_name = {{ .Values.keystone.cinder_project_domain }}
-user_domain_name = {{ .Values.keystone.cinder_user_domain }}
 project_name = {{ .Values.keystone.cinder_project_name }}
+user_domain_name = {{ .Values.keystone.cinder_user_domain }}
 username = {{ .Values.keystone.cinder_user }}
 password = {{ .Values.keystone.cinder_password }}
 

cinder/templates/job-ks-endpoints.yaml

@@ -60,11 +60,11 @@ spec:
             - name: OS_SVC_ENDPOINT
               value: {{ $osServiceEndPoint }}
             - name: OS_SERVICE_NAME
-              value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }}
+              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }}
             - name: OS_SERVICE_TYPE
               value: {{ $osServiceType }}
             - name: OS_SERVICE_ENDPOINT
-              value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.endpoint_type_lookup_addr" }}
+              value: {{ tuple $osServiceType $osServiceEndPoint "api" $envAll | include "helm-toolkit.keystone_endpoint_uri_lookup" }}
 {{- end }}
 {{- end }}
       volumes:

cinder/templates/job-ks-service.yaml

@@ -57,7 +57,7 @@ spec:
 {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }}
 {{- end }}
             - name: OS_SERVICE_NAME
-              value: {{ tuple $osServiceType $envAll | include "endpoint_name_lookup" }}
+              value: {{ tuple $osServiceType $envAll | include "helm-toolkit.keystone_endpoint_name_lookup" }}
             - name: OS_SERVICE_TYPE
               value: {{ $osServiceType }}
 {{- end }}

cinder/templates/secret-keystone-admin.env.yaml

@@ -19,7 +19,7 @@ metadata:
 type: Opaque
 data:
   OS_AUTH_URL: |
-{{ .Values.keystone.auth_url  | b64enc | indent 4 }}
+{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
   OS_REGION_NAME: |
 {{ .Values.keystone.admin_region_name  | b64enc | indent 4 }}
   OS_PROJECT_DOMAIN_NAME: |

cinder/templates/secret-keystone-user.env.yaml

@@ -19,7 +19,7 @@ metadata:
 type: Opaque
 data:
   OS_AUTH_URL: |
-{{ .Values.keystone.auth_url  | b64enc | indent 4 }}
+{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
   OS_REGION_NAME: |
 {{ .Values.keystone.cinder_region_name  | b64enc | indent 4 }}
   OS_PROJECT_DOMAIN_NAME: |

cinder/templates/service-api.yaml

@@ -15,9 +15,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.service.api.name }}
+  name: cinder-api
 spec:
   ports:
-    - port: {{ .Values.service.api.port }}
+    - port: {{ .Values.network.port.api }}
   selector:
     app: cinder-api

cinder/values.yaml

@@ -46,8 +46,6 @@ upgrades:
     max_surge: 3
 
 keystone:
-  auth_uri: "http://keystone-api:5000"
-  auth_url: "http://keystone-api:35357"
   admin_user: "admin"
   admin_user_domain: "default"
   admin_password: "password"
@@ -63,11 +61,9 @@ keystone:
   cinder_project_domain: "default"
   cinder_region_name: "RegionOne"
 
-service:
-  api:
-    name: "cinder-api"
-    port: 8776
-    proto: "http"
+network:
+  port:
+    api: 8776
 
 database:
   address: mariadb
@@ -96,9 +92,6 @@ backends:
     pool: "volumes"
 
 glance:
-  proto: "http"
-  host: "glance-api"
-  port: 9292
   version: 2
 
 messaging:
@@ -171,8 +164,17 @@ endpoints:
     path: /v3
     scheme: 'http'
     port:
-        admin: 35357
-        public: 5000
+      admin: 35357
+      api: 5000
+  image:
+    name: glance
+    hosts:
+      default: glance-api
+    path: null
+    scheme: 'http'
+    port:
+      api: 9292
+      registry: 9191
   volume:
     name: cinder
     hosts:
@@ -256,4 +258,3 @@ resources:
     limits:
       memory: "1024Mi"
       cpu: "2000m"
-

glance/templates/bin/_post.sh.tpl

@@ -21,7 +21,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
 service_type=image \
 description='Openstack Image' \
 endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \
+url='{{ tuple "image" "admin" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \
 interface=admin \
 region_name='{{ .Values.keystone.admin_region_name }}' \
 auth='{{ include "helm-toolkit.keystone_auth" . }}'" \
@@ -31,7 +31,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
 service_type=image \
 description='Openstack Image' \
 endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \
+url='{{ tuple "image" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \
 interface=internal \
 region_name='{{ .Values.keystone.admin_region_name }}' \
 auth='{{ include "helm-toolkit.keystone_auth" . }}'" \
@@ -41,7 +41,7 @@ ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
 service_type=image \
 description='Openstack Image' \
 endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-url='{{ include "helm-toolkit.endpoint_glance_api_internal" . }}' \
+url='{{ tuple "image" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}' \
 interface=public \
 region_name='{{ .Values.keystone.admin_region_name }}' \
 auth='{{ include "helm-toolkit.keystone_auth" . }}'" \

glance/templates/etc/_glance-api.conf.tpl

@@ -22,27 +22,28 @@ workers = {{ .Values.misc.workers }}
 registry_host = glance-registry
 # Enable Copy-on-Write
 show_image_direct_url = True
-    
+
 [database]
 connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
 max_retries = -1
-    
+
 [keystone_authtoken]
-auth_uri = {{ .Values.keystone.auth_uri }}
-auth_url = {{ .Values.keystone.auth_url }}
+auth_version = v3
+auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
-project_name = service
+region_name = {{ .Values.keystone.glance_region_name }}
+project_domain_name = {{ .Values.keystone.glance_project_domain }}
+project_name = {{ .Values.keystone.glance_project_name }}
+user_domain_name = {{ .Values.keystone.glance_user_domain }}
 username = {{ .Values.keystone.glance_user }}
 password = {{ .Values.keystone.glance_password }}
-    
+
 [paste_deploy]
 flavor = keystone
-    
+
 [oslo_messaging_notifications]
 driver = noop
-    
+
 [glance_store]
 filesystem_store_datadir = /var/lib/glance/images/
 {{- if .Values.development.enabled }}

glance/templates/etc/_glance-registry.conf.tpl

@@ -16,25 +16,27 @@
 debug = {{ .Values.misc.debug }}
 use_syslog = False
 use_stderr = True
+
 bind_port = {{ .Values.network.port.registry }}
 workers = {{ .Values.misc.workers }}
-    
+
 [database]
 connection = mysql+pymysql://{{ .Values.database.glance_user }}:{{ .Values.database.glance_password }}@{{ .Values.database.address }}/{{ .Values.database.glance_database_name }}
 max_retries = -1
-    
+
 [keystone_authtoken]
-auth_uri = {{ .Values.keystone.auth_uri }}
-auth_url = {{ .Values.keystone.auth_url }}
+auth_version = v3
+auth_url = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}
 auth_type = password
-project_domain_id = default
-user_domain_id = default
-project_name = service
+region_name = {{ .Values.keystone.glance_region_name }}
+project_domain_name = {{ .Values.keystone.glance_project_domain }}
+project_name = {{ .Values.keystone.glance_project_name }}
+user_domain_name = {{ .Values.keystone.glance_user_domain }}
 username = {{ .Values.keystone.glance_user }}
 password = {{ .Values.keystone.glance_password }}
-    
+
 [paste_deploy]
 flavor = keystone
-    
+
 [oslo_messaging_notifications]
 driver = noop

glance/values.yaml

@@ -46,22 +46,25 @@ upgrades:
     max_surge: 3
 
 keystone:
-  auth_uri: "http://keystone-api:5000"
-  auth_url: "http://keystone-api:35357"
   admin_user: "admin"
+  admin_user_domain: "default"
   admin_password: "password"
   admin_project_name: "admin"
+  admin_project_domain: "default"
   admin_region_name: "RegionOne"
 
   glance_user: "glance"
+  glance_user_domain: "default"
+  glance_user_role: "admin"
   glance_password: "password"
+  glance_project_name: "service"
+  glance_project_domain: "default"
   glance_region_name: "RegionOne"
 
 network:
   port:
     api: 9292
     registry: 9191
-  ip_address: "0.0.0.0"
 
 database:
   address: mariadb
@@ -173,21 +176,21 @@ dependencies:
 # values, but should include all endpoints
 # required by this chart
 endpoints:
-  glance:
+  identity:
+    name: keystone
+    hosts:
+      default: keystone-api
+    path: /v3
+    scheme: 'http'
+    port:
+      admin: 35357
+      api: 5000
+  image:
+    name: glance
     hosts:
       default: glance-api
-    type: image
     path: null
     scheme: 'http'
     port:
       api: 9292
       registry: 9191
-  keystone:
-    hosts:
-      default: keystone-api
-    path: /v3
-    type: identity
-    scheme: 'http'
-    port:
-        admin: 35357
-        public: 5000

helm-toolkit/templates/_endpoints.tpl

@@ -126,6 +126,29 @@
 {{- end -}}
 {{- end -}}
 
+# this function returns the endpoint uri for a service, it takes an tuple
+# input in the form: service-type, endpoint-class, port-name. eg:
+# { tuple "orchestration" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }
+# will return the appropriate URI. Once merged this should phase out the above.
+
+{{- define "helm-toolkit.keystone_endpoint_uri_lookup" -}}
+{{- $type := index . 0 -}}
+{{- $endpoint := index . 1 -}}
+{{- $port := index . 2 -}}
+{{- $context := index . 3 -}}
+{{- $endpointMap := index $context.Values.endpoints $type }}
+{{- $fqdn := $context.Release.Namespace -}}
+{{- if $context.Values.endpoints.fqdn -}}
+{{- $fqdn := $context.Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with $endpointMap -}}
+{{- $endpointScheme := .scheme }}
+{{- $endpointHost := index .hosts $endpoint | default .hosts.default}}
+{{- $endpointPort := index .port $port }}
+{{- $endpointPath := .path | default "" }}
+{{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath -}}
+{{- end -}}
+{{- end -}}
 
 #-------------------------------
 # endpoint type lookup
@@ -145,7 +168,25 @@
 {{- $endpointType | quote -}}
 {{- end -}}
 
+
+#-------------------------------
+# endpoint name lookup
+#-------------------------------
+
+# this function is used in endpoint management templates
+# it returns the service type for an openstack service eg:
+# { tuple orchestration . | include "ks_endpoint_type" }
+# will return "heat"
+
+{{- define "helm-toolkit.keystone_endpoint_name_lookup" -}}
+{{- $type := index . 0 -}}
+{{- $context := index . 1 -}}
+{{- $endpointMap := index $context.Values.endpoints $type }}
+{{- $endpointName := index $endpointMap "name" }}
+{{- $endpointName | quote -}}
+{{- end -}}
+
 #-------------------------------
 # kolla helpers
 #-------------------------------
-{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ include "helm-toolkit.endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}}
+{{ define "helm-toolkit.keystone_auth" }}{'auth_url':'{{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}}

keystone/templates/bin/_db-sync.sh.tpl

@@ -22,7 +22,7 @@ keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
     --bootstrap-username {{ .Values.keystone.admin_user }} \
     --bootstrap-password {{ .Values.keystone.admin_password }} \
     --bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
-    --bootstrap-admin-url {{ include "helm-toolkit.endpoint_keystone_admin" . }} \
-    --bootstrap-public-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \
-    --bootstrap-internal-url {{ include "helm-toolkit.endpoint_keystone_internal" . }} \
+    --bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \
+    --bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \
+    --bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.keystone_endpoint_uri_lookup" }} \
     --bootstrap-region-id {{ .Values.keystone.admin_region_name }}

keystone/templates/deployment.yaml

@@ -58,8 +58,10 @@ spec:
             - bash
             - /tmp/start.sh
           ports:
-            - containerPort: {{ .Values.network.port.public }}
-            - containerPort: {{ .Values.network.port.admin }}
+            - name: api-public
+              containerPort: {{ .Values.network.port.api }}
+            - name: api-admin
+              containerPort: {{ .Values.network.port.admin }}
           lifecycle:
             preStop:
               exec:
@@ -69,7 +71,7 @@ spec:
                   - graceful-stop
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.network.port.public }}
+              port: {{ .Values.network.port.api }}
           volumeMounts:
             - name: pod-etc-keystone
               mountPath: /etc/keystone

keystone/templates/etc/_wsgi-keystone.conf.tpl

@@ -12,13 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.public }}
-Listen {{ .Values.network.ip_address }}:{{ .Values.network.port.admin }}
+Listen 0.0.0.0:{{ .Values.network.port.api }}
+Listen 0.0.0.0:{{ .Values.network.port.admin }}
 
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
 LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
 
-<VirtualHost *:{{ .Values.network.port.public }}>
+<VirtualHost *:{{ .Values.network.port.api }}>
     WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP}
     WSGIProcessGroup keystone-public
     WSGIScriptAlias / /var/www/cgi-bin/keystone/main

keystone/templates/service.yaml

@@ -19,7 +19,7 @@ metadata:
 spec:
   ports:
   - name: keystone-api-public
-    port: {{ .Values.network.port.public }}
+    port: {{ .Values.network.port.api }}
   - name: keystone-api-admin
     port: {{ .Values.network.port.admin }}
   selector:

keystone/values.yaml

@@ -54,15 +54,7 @@ api:
 network:
   port:
     admin: 35357
-    public: 5000
-  # alanmeadows(TODO): I seem unable to use {{ .IP }} here
-  # but it does work for wsrep.conf in mariadb, I have spent
-  # time trying to figure this out am completely stumped
-  #
-  # helm --debug --dry-run shows me that the config map
-  # contains {{ .IP }} but its simply translated by K8s
-  # to ""
-  ip_address: "0.0.0.0"
+    api: 5000
 
 database:
   port: 3306
@@ -120,12 +112,12 @@ resources:
 # values, but should include all endpoints
 # required by this chart
 endpoints:
-  keystone:
+  identity:
+    name: keystone
     hosts:
       default: keystone-api
     path: /v3
-    type: identity
     scheme: 'http'
     port:
-        admin: 35357
-        public: 5000
+      admin: 35357
+      api: 5000