diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index ec12baa9ad..ddbf3deff1 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -31,24 +31,6 @@ limitations under the License. {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.keystone_authtoken "auth_url" -}} {{- end }} -{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} -{{- $_ := set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.project_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.keystone_authtoken "project_domain_name" $envAll.Values.endpoints.identity.auth.neutron.project_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.user_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.keystone_authtoken "user_domain_name" $envAll.Values.endpoints.identity.auth.neutron.user_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.username -}} -{{- $_ := set $envAll.Values.conf.neutron.keystone_authtoken "username" $envAll.Values.endpoints.identity.auth.neutron.username -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.password -}} -{{- $_ := set $envAll.Values.conf.neutron.keystone_authtoken "password" $envAll.Values.endpoints.identity.auth.neutron.password -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.region_name -}} -{{- $_ := set $envAll.Values.conf.neutron.keystone_authtoken "region_name" $envAll.Values.endpoints.identity.auth.neutron.region_name -}} -{{- end -}} {{- if empty $envAll.Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.keystone_authtoken "memcached_servers" -}} @@ -74,47 +56,11 @@ limitations under the License. {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.nova "auth_url" -}} {{- end }} -{{- if empty $envAll.Values.conf.neutron.nova.region_name -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "region_name" $envAll.Values.endpoints.identity.auth.nova.region_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.nova.project_name -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "project_name" $envAll.Values.endpoints.identity.auth.nova.project_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.nova.project_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "project_domain_name" $envAll.Values.endpoints.identity.auth.nova.project_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.nova.user_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "user_domain_name" $envAll.Values.endpoints.identity.auth.nova.user_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.nova.username -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "username" $envAll.Values.endpoints.identity.auth.nova.username -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.nova.password -}} -{{- $_ := set $envAll.Values.conf.neutron.nova "password" $envAll.Values.endpoints.identity.auth.nova.password -}} -{{- end -}} {{- if empty $envAll.Values.conf.neutron.placement.auth_url -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.placement "auth_url" -}} {{- end }} -{{- if empty $envAll.Values.conf.neutron.placement.region_name -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "region_name" $envAll.Values.endpoints.identity.auth.placement.region_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.placement.project_name -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "project_name" $envAll.Values.endpoints.identity.auth.placement.project_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.placement.project_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "project_domain_name" $envAll.Values.endpoints.identity.auth.placement.project_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.placement.user_domain_name -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "user_domain_name" $envAll.Values.endpoints.identity.auth.placement.user_domain_name -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.placement.username -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "username" $envAll.Values.endpoints.identity.auth.placement.username -}} -{{- end -}} -{{- if empty $envAll.Values.conf.neutron.placement.password -}} -{{- $_ := set $envAll.Values.conf.neutron.placement "password" $envAll.Values.endpoints.identity.auth.placement.password -}} -{{- end -}} {{- if empty $envAll.Values.conf.neutron.octavia.base_url -}} {{- $_ := tuple "load_balancer" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.octavia "base_url" -}} @@ -223,42 +169,12 @@ limitations under the License. {{/* Designate DNS driver */}} {{- if eq (.Values.conf.neutron.DEFAULT.external_dns_driver | default "") "designate" -}} -{{- if empty .Values.conf.neutron.designate.project_name -}} -{{- $_ := set .Values.conf.neutron.designate "project_name" .Values.endpoints.identity.auth.designate.project_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.designate.project_domain_name -}} -{{- $_ := set .Values.conf.neutron.designate "project_domain_name" .Values.endpoints.identity.auth.designate.project_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.designate.user_domain_name -}} -{{- $_ := set .Values.conf.neutron.designate "user_domain_name" .Values.endpoints.identity.auth.designate.user_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.designate.username -}} -{{- $_ := set .Values.conf.neutron.designate "username" .Values.endpoints.identity.auth.designate.username -}} -{{- end -}} -{{- if empty .Values.conf.neutron.designate.password -}} -{{- $_ := set .Values.conf.neutron.designate "password" .Values.endpoints.identity.auth.designate.password -}} -{{- end -}} {{- if empty .Values.conf.neutron.designate.auth_url -}} {{- $_ := tuple "dns" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.neutron.designate "auth_url" -}} {{- end -}} {{- end }} {{- if (has "baremetal" .Values.network.backend) -}} -{{- if empty .Values.conf.neutron.ironic.project_name -}} -{{- $_ := set .Values.conf.neutron.ironic "project_name" .Values.endpoints.identity.auth.ironic.project_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.ironic.project_domain_name -}} -{{- $_ := set .Values.conf.neutron.ironic "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.ironic.user_domain_name -}} -{{- $_ := set .Values.conf.neutron.ironic "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}} -{{- end -}} -{{- if empty .Values.conf.neutron.ironic.username -}} -{{- $_ := set .Values.conf.neutron.ironic "username" .Values.endpoints.identity.auth.ironic.username -}} -{{- end -}} -{{- if empty .Values.conf.neutron.ironic.password -}} -{{- $_ := set .Values.conf.neutron.ironic "password" .Values.endpoints.identity.auth.ironic.password -}} -{{- end -}} {{- if empty $envAll.Values.conf.neutron.ironic.auth_url -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.ironic "auth_url" -}} {{- end }} diff --git a/neutron/templates/cron-job-ovn-db-sync.yaml b/neutron/templates/cron-job-ovn-db-sync.yaml index e593414fcb..6d336cd4ee 100644 --- a/neutron/templates/cron-job-ovn-db-sync.yaml +++ b/neutron/templates/cron-job-ovn-db-sync.yaml @@ -99,6 +99,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if( has "tungstenfabric" .Values.network.backend ) }} - name: neutron-etc mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini @@ -169,6 +172,11 @@ spec: secret: secretName: neutron-etc defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc {{- if ( has "tungstenfabric" .Values.network.backend ) }} - name: neutron-plugin-shared emptyDir: {} diff --git a/neutron/templates/daemonset-bgp-dragent.yaml b/neutron/templates/daemonset-bgp-dragent.yaml index a44b7f6a31..a5446e1608 100644 --- a/neutron/templates/daemonset-bgp-dragent.yaml +++ b/neutron/templates/daemonset-bgp-dragent.yaml @@ -96,6 +96,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -146,6 +149,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: libmodules hostPath: path: /lib/modules diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index 75266dd6df..ec53407829 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -128,6 +128,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/dhcp_agent.ini subPath: dhcp_agent.ini @@ -202,6 +205,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -279,6 +285,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: iptables-lockfile hostPath: path: /run/xtables.lock diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml index e798aca0db..ca12fcb493 100644 --- a/neutron/templates/daemonset-l2gw-agent.yaml +++ b/neutron/templates/daemonset-l2gw-agent.yaml @@ -128,6 +128,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -153,6 +156,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 1afc268560..e97b73115a 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -120,6 +120,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/metadata_agent.ini subPath: metadata_agent.ini @@ -190,6 +193,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -262,6 +268,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: libmodules hostPath: path: /lib/modules diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml index f9c9cea93b..515c25dcda 100644 --- a/neutron/templates/daemonset-lb-agent.yaml +++ b/neutron/templates/daemonset-lb-agent.yaml @@ -105,6 +105,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini @@ -164,6 +167,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -218,6 +224,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: run hostPath: path: /run diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index 5ecbc5eb95..68209f0f9c 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -113,6 +113,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: socket mountPath: /var/lib/neutron/openstack-helm containers: @@ -147,6 +150,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -211,6 +217,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: socket hostPath: path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-netns-cleanup-cron.yaml b/neutron/templates/daemonset-netns-cleanup-cron.yaml index eab1dbd0ac..609b16e9a0 100644 --- a/neutron/templates/daemonset-netns-cleanup-cron.yaml +++ b/neutron/templates/daemonset-netns-cleanup-cron.yaml @@ -87,6 +87,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -148,6 +151,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: libmodules hostPath: path: /lib/modules diff --git a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml index 15707bf7d5..ffe257c874 100644 --- a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml +++ b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml @@ -115,6 +115,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: socket mountPath: /var/lib/neutron/openstack-helm - name: ovn-neutron-init @@ -164,6 +167,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -235,6 +241,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: socket hostPath: path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml index 98d7887806..9b93a0a247 100644 --- a/neutron/templates/daemonset-ovn-metadata-agent.yaml +++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml @@ -115,6 +115,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: socket mountPath: /var/lib/neutron/openstack-helm - name: ovn-neutron-init @@ -164,6 +167,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -231,6 +237,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: socket hostPath: path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 7491278d59..3da3120dd3 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -143,6 +143,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini @@ -238,6 +241,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -300,6 +306,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: run hostPath: path: /run diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml index 9b68c53c04..f9dc638d41 100644 --- a/neutron/templates/daemonset-sriov-agent.yaml +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -98,6 +98,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini @@ -172,6 +175,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -238,6 +244,11 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc - name: run hostPath: path: /run diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml index 96f795adc4..a79cc948cd 100644 --- a/neutron/templates/deployment-ironic-agent.yaml +++ b/neutron/templates/deployment-ironic-agent.yaml @@ -104,6 +104,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true {{- if .Values.conf.neutron.DEFAULT.log_config_append }} - name: neutron-etc mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} @@ -131,6 +134,11 @@ spec: secret: secretName: neutron-etc defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/neutron/templates/deployment-rpc_server.yaml b/neutron/templates/deployment-rpc_server.yaml index 363b899bc8..39a356928c 100644 --- a/neutron/templates/deployment-rpc_server.yaml +++ b/neutron/templates/deployment-rpc_server.yaml @@ -126,6 +126,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/neutron-api-uwsgi.ini subPath: neutron-api-uwsgi.ini @@ -218,6 +221,11 @@ spec: secret: secretName: neutron-etc defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc {{- if ( has "tungstenfabric" .Values.network.backend ) }} - name: neutron-plugin-shared emptyDir: {} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index c560899d11..7b49b7f9d9 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -206,6 +206,9 @@ spec: mountPath: /etc/neutron/neutron.conf subPath: neutron.conf readOnly: true + - name: neutron-etc-snippets + mountPath: /etc/neutron/neutron.conf.d/ + readOnly: true - name: neutron-etc mountPath: /etc/neutron/neutron-api-uwsgi.ini subPath: neutron-api-uwsgi.ini @@ -298,6 +301,11 @@ spec: secret: secretName: neutron-etc defaultMode: 0444 + - name: neutron-etc-snippets + projected: + sources: + - secret: + name: neutron-ks-etc {{- if ( has "tungstenfabric" .Values.network.backend ) }} - name: neutron-plugin-shared emptyDir: {} diff --git a/neutron/templates/secret-ks-etc.yaml b/neutron/templates/secret-ks-etc.yaml new file mode 100644 index 0000000000..de12a1cb13 --- /dev/null +++ b/neutron/templates/secret-ks-etc.yaml @@ -0,0 +1,35 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_ks_etc }} +{{- $envAll := . -}} +{{/* the endpoints.identity.auth sections with the oslo conf sections they get rendered to */}} +{{- $ksUsers := dict + "neutron" "keystone_authtoken" + "nova" "nova" + "placement" "placement" +-}} +{{- if eq (.Values.conf.neutron.DEFAULT.external_dns_driver | default "") "designate" -}} +{{- $_ := set $ksUsers "designate" "designate" -}} +{{- end -}} +{{- if (has "baremetal" .Values.network.backend) -}} +{{- $_ := set $ksUsers "ironic" "ironic" -}} +{{- end -}} +{{ dict + "envAll" $envAll + "serviceName" "neutron" + "serviceUserSections" $ksUsers + | include "helm-toolkit.manifests.secret_ks_etc" +}} +{{- end }} \ No newline at end of file diff --git a/neutron/values.yaml b/neutron/values.yaml index 1aa391fb2a..c6b8d5ad94 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -2711,6 +2711,7 @@ manifests: secret_db: true secret_ingress_tls: true secret_keystone: true + secret_ks_etc: true secret_rabbitmq: true secret_registry: true service_ingress_server: true diff --git a/releasenotes/notes/neutron-670d4cd96f100dea.yaml b/releasenotes/notes/neutron-670d4cd96f100dea.yaml new file mode 100644 index 0000000000..abc8fec902 --- /dev/null +++ b/releasenotes/notes/neutron-670d4cd96f100dea.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + Split out the OpenStack service account definitions from neutron.conf and into + config snippets which are loaded at /etc/neutron/neutron.d/, which is automatically + loaded by OSLO when loading the main neutron.conf. This makes it easier for users + to use the regular config generation while supplying credentials out of band. +...