Auth: Update credential keys to reference service specifically
This PS moves all credentials for OpenStack services from 'user' to the service name. This allows a single yaml snippet to articulate the credentials for a deployment. Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This commit is contained in:
parent
a72db2e8ff
commit
b180d28618
@ -31,22 +31,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.barbican.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.barbican.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.barbican.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.barbican.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.barbican.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
|
||||
@ -54,11 +54,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "barbican" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "barbican"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.barbican.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "barbican" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "barbican" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -377,10 +377,10 @@ conf:
|
||||
secrets:
|
||||
identity:
|
||||
admin: barbican-keystone-admin
|
||||
user: barbican-keystone-user
|
||||
barbican: barbican-keystone-user
|
||||
oslo_db:
|
||||
admin: barbican-db-admin
|
||||
user: barbican-db-user
|
||||
barbican: barbican-db-user
|
||||
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
@ -394,7 +394,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
barbican:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: barbican
|
||||
@ -436,7 +436,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
barbican:
|
||||
username: barbican
|
||||
password: password
|
||||
hosts:
|
||||
@ -450,7 +450,7 @@ endpoints:
|
||||
default: 3306
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
barbican:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -30,68 +30,68 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.database.event_connection -}}
|
||||
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
|
||||
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.database.metering_connection -}}
|
||||
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
|
||||
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.oslo_messaging_notifications.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.notification.messaging_urls -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.auth_url -}}
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ceilometer.service_credentials "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.region_name -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.project_name -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.project_domain_name -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.user_domain_name -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.username -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.ceilometer.service_credentials.password -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.ceilometer.dispatcher_gnocchi.url -}}
|
||||
|
@ -48,7 +48,7 @@ spec:
|
||||
- name: USER_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.mongodb.user }}
|
||||
name: {{ .Values.secrets.mongodb.ceilometer }}
|
||||
key: DB_CONNECTION
|
||||
command:
|
||||
- /tmp/db-init-mongodb.sh
|
||||
|
@ -52,11 +52,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "ceilometer"
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_mongodb }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.mongodb $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -1600,13 +1600,13 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: ceilometer-keystone-admin
|
||||
user: ceilometer-keystone-user
|
||||
ceilometer: ceilometer-keystone-user
|
||||
oslo_db:
|
||||
admin: ceilometer-db-admin
|
||||
user: ceilometer-db-user
|
||||
ceilometer: ceilometer-db-user
|
||||
mongodb:
|
||||
admin: ceilometer-mongodb-admin
|
||||
user: ceilometer-mongodb-user
|
||||
ceilometer: ceilometer-mongodb-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -1623,7 +1623,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
ceilometer:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: ceilometer
|
||||
@ -1710,7 +1710,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
ceilometer:
|
||||
username: ceilometer
|
||||
password: password
|
||||
hosts:
|
||||
@ -1727,7 +1727,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
ceilometer:
|
||||
username: ceilometer
|
||||
password: password
|
||||
hosts:
|
||||
@ -1749,7 +1749,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
ceilometer:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -56,11 +56,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "ceph"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.swift.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -17,7 +17,7 @@ limitations under the License.
|
||||
{{- if .Values.manifests.secret_keystone_rgw }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- range $key1, $userClass := tuple "user" }}
|
||||
{{- range $key1, $userClass := tuple "swift" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -17,7 +17,7 @@ limitations under the License.
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "swift" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -172,7 +172,7 @@ secrets:
|
||||
admin: ceph-client-admin-keyring
|
||||
identity:
|
||||
admin: ceph-keystone-admin
|
||||
user: ceph-keystone-user
|
||||
swift: ceph-keystone-user
|
||||
user_rgw: ceph-keystone-user-rgw
|
||||
|
||||
network:
|
||||
@ -381,7 +381,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
swift:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: swift
|
||||
|
@ -31,22 +31,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
|
||||
@ -54,11 +54,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "cinder" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.glance_api_servers -}}
|
||||
@ -73,19 +73,19 @@ limitations under the License.
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}}
|
||||
{{- set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" | quote | trunc 0 -}}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "cinder"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.cinder.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "cinder" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "cinder" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -599,10 +599,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: cinder-keystone-admin
|
||||
user: cinder-keystone-user
|
||||
cinder: cinder-keystone-user
|
||||
oslo_db:
|
||||
admin: cinder-db-admin
|
||||
user: cinder-db-user
|
||||
cinder: cinder-db-user
|
||||
rbd:
|
||||
backup: cinder-backup-rbd-keyring
|
||||
volume: cinder-volume-rbd-keyring
|
||||
@ -622,7 +622,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
cinder:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: cinder
|
||||
@ -724,7 +724,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
cinder:
|
||||
username: cinder
|
||||
password: password
|
||||
hosts:
|
||||
@ -738,7 +738,7 @@ endpoints:
|
||||
default: 3306
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
cinder:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -18,11 +18,11 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- if empty .Values.conf.congress.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "congress" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.congress.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "congress" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
|
||||
@ -38,22 +38,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.congress.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.congress.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.congress.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.congress.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.congress.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.congress.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.congress.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "congress"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.congress.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "congress" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "congress" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -124,10 +124,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: congress-keystone-admin
|
||||
user: congress-keystone-user
|
||||
congress: congress-keystone-user
|
||||
oslo_db:
|
||||
admin: congress-db-admin
|
||||
user: congress-db-user
|
||||
congress: congress-db-user
|
||||
rbd: images-rbd-keyring
|
||||
|
||||
endpoints:
|
||||
@ -142,7 +142,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
congress:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: congress
|
||||
@ -184,7 +184,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
congress:
|
||||
username: congress
|
||||
password: password
|
||||
hosts:
|
||||
@ -206,7 +206,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
congress:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
@ -218,25 +218,6 @@ endpoints:
|
||||
port:
|
||||
amqp:
|
||||
default: 5672
|
||||
ceph_object_store:
|
||||
name: radosgw
|
||||
namespace: ceph
|
||||
auth:
|
||||
user:
|
||||
username: congress
|
||||
password: password
|
||||
tmpurlkey: supersecret
|
||||
hosts:
|
||||
default: ceph-rgw
|
||||
host_fqdn_override:
|
||||
default: null
|
||||
path:
|
||||
default: /auth/v1.0
|
||||
scheme:
|
||||
default: http
|
||||
port:
|
||||
api:
|
||||
default: 8088
|
||||
|
||||
policy:
|
||||
datasource_services:
|
||||
|
@ -40,41 +40,41 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.memcached_servers -}}
|
||||
@ -85,17 +85,17 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.DEFAULT.registry_host -}}
|
||||
|
@ -18,13 +18,13 @@ limitations under the License.
|
||||
{{- if eq .Values.storage "radosgw" }}
|
||||
auth_version = 1
|
||||
auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
user = {{ .Values.endpoints.ceph_object_store.auth.user.username }}:swift
|
||||
key = {{ .Values.endpoints.ceph_object_store.auth.user.password }}
|
||||
user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
|
||||
key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
|
||||
{{- else }}
|
||||
user = {{ .Values.endpoints.identity.auth.user.project_name }}:{{ .Values.endpoints.identity.auth.user.username }}
|
||||
key = {{ .Values.endpoints.identity.auth.user.password }}
|
||||
user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
|
||||
key = {{ .Values.endpoints.identity.auth.glance.password }}
|
||||
auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
user_domain_name = {{ .Values.endpoints.identity.auth.user.user_domain_name }}
|
||||
project_domain_name = {{ .Values.endpoints.identity.auth.user.project_domain_name }}
|
||||
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
|
||||
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
|
||||
auth_version = 3
|
||||
{{- end -}}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "glance"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.glance.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -108,11 +108,11 @@ spec:
|
||||
{{ end }}
|
||||
{{- if eq .Values.storage "radosgw" }}
|
||||
- name: RADOSGW_USERNAME
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.user.username | quote }}
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.glance.username | quote }}
|
||||
- name: RADOSGW_PASSWORD
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.user.password | quote }}
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.glance.password | quote }}
|
||||
- name: RADOSGW_TMPURL_KEY
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.user.tmpurlkey | quote }}
|
||||
value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
|
||||
{{ end }}
|
||||
command:
|
||||
- /tmp/storage-init.sh
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "glance" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "glance" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -378,10 +378,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: glance-keystone-admin
|
||||
user: glance-keystone-user
|
||||
glance: glance-keystone-user
|
||||
oslo_db:
|
||||
admin: glance-db-admin
|
||||
user: glance-db-user
|
||||
glance: glance-db-user
|
||||
rbd: images-rbd-keyring
|
||||
|
||||
# typically overriden by environmental
|
||||
@ -399,7 +399,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
glance:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: glance
|
||||
@ -456,7 +456,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
glance:
|
||||
username: glance
|
||||
password: password
|
||||
hosts:
|
||||
@ -478,7 +478,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
glance:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
@ -494,7 +494,7 @@ endpoints:
|
||||
name: radosgw
|
||||
namespace: ceph
|
||||
auth:
|
||||
user:
|
||||
glance:
|
||||
username: glance
|
||||
password: password
|
||||
tmpurlkey: supersecret
|
||||
|
@ -33,33 +33,33 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.gnocchi.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.gnocchi.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.gnocchi.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.gnocchi.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.gnocchi.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.gnocchi.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.gnocchi.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.gnocchi.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.gnocchi.indexer.url -}}
|
||||
{{ if eq .Values.conf.gnocchi.indexer.driver "postgresql" }}
|
||||
{{- tuple "oslo_db_postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db_postgresql" "internal" "gnocchi" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
|
||||
{{ else }}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
|
||||
{{ end }}
|
||||
{{- end -}}
|
||||
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "gnocchi"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
|
||||
{{ $osAuthType := $auth.os_auth_type }}
|
||||
|
@ -342,10 +342,10 @@ conf:
|
||||
secrets:
|
||||
identity:
|
||||
admin: gnocchi-keystone-admin
|
||||
user: gnocchi-keystone-user
|
||||
gnocchi: gnocchi-keystone-user
|
||||
oslo_db:
|
||||
admin: gnocchi-db-admin
|
||||
user: gnocchi-db-user
|
||||
gnocchi: gnocchi-db-user
|
||||
rbd: gnocchi-rbd-keyring
|
||||
|
||||
# typically overriden by environmental
|
||||
@ -365,7 +365,7 @@ endpoints:
|
||||
region_name: "RegionOne"
|
||||
os_auth_type: "password"
|
||||
os_tenant_name: "admin"
|
||||
user:
|
||||
gnocchi:
|
||||
username: "gnocchi"
|
||||
user_domain_name: "default"
|
||||
role: "admin"
|
||||
@ -409,7 +409,7 @@ endpoints:
|
||||
admin:
|
||||
username: postgres
|
||||
password: password
|
||||
user:
|
||||
gnocchi:
|
||||
username: gnocchi
|
||||
password: password
|
||||
hosts:
|
||||
@ -426,7 +426,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
gnocchi:
|
||||
username: gnocchi
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -30,51 +30,51 @@ limitations under the License.
|
||||
{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.heat.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.heat.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.heat.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.heat.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.heat.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.trustee.region_name -}}
|
||||
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.heat_trustee.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.project_name -}}
|
||||
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.heat_trustee.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.project_domain_name -}}
|
||||
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.heat_trustee.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.user_domain_name -}}
|
||||
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.heat_trustee.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.username -}}
|
||||
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.heat_trustee.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.password -}}
|
||||
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.heat_trustee.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.DEFAULT.stack_user_domain_name -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.heat_stack_user.domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.heat_stack_user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin_password -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.heat_stack_user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
|
||||
@ -82,11 +82,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.DEFAULT.heat_metadata_server_url -}}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "heat"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.heat.role | quote }}
|
||||
- name: heat-ks-trustee-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
@ -76,11 +76,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "heat"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }}
|
||||
- name: heat-ks-domain-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
@ -100,25 +100,25 @@ spec:
|
||||
- name: SERVICE_OS_REGION_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
name: {{ .Values.secrets.identity.heat_stack_user }}
|
||||
key: OS_REGION_NAME
|
||||
- name: SERVICE_OS_DOMAIN_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
name: {{ .Values.secrets.identity.heat_stack_user }}
|
||||
key: OS_DOMAIN_NAME
|
||||
- name: SERVICE_OS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
name: {{ .Values.secrets.identity.heat_stack_user }}
|
||||
key: OS_USERNAME
|
||||
- name: SERVICE_OS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
name: {{ .Values.secrets.identity.heat_stack_user }}
|
||||
key: OS_PASSWORD
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -60,7 +60,7 @@ spec:
|
||||
- name: SERVICE_OS_ROLES
|
||||
value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }}
|
||||
- name: SERVICE_OS_TRUSTEE
|
||||
value: {{ .Values.endpoints.identity.auth.trustee.username }}
|
||||
value: {{ .Values.endpoints.identity.auth.heat_trustee.username }}
|
||||
volumes:
|
||||
- name: heat-bin
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "heat" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "heat" "heat_trustee" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
@ -31,12 +31,12 @@ data:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $envAll.Values.secrets.identity.stack_user }}
|
||||
name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
|
||||
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
|
||||
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
|
||||
{{- end }}
|
||||
|
@ -332,12 +332,12 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: heat-keystone-admin
|
||||
user: heat-keystone-user
|
||||
trustee: heat-keystone-trustee
|
||||
stack_user: heat-keystone-stack-user
|
||||
heat: heat-keystone-user
|
||||
heat_trustee: heat-keystone-trustee
|
||||
heat_stack_user: heat-keystone-stack-user
|
||||
oslo_db:
|
||||
admin: heat-db-admin
|
||||
user: heat-db-user
|
||||
heat: heat-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -354,7 +354,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
heat:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat
|
||||
@ -362,7 +362,7 @@ endpoints:
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
trustee:
|
||||
heat_trustee:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat-trust
|
||||
@ -370,7 +370,7 @@ endpoints:
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
stack_user:
|
||||
heat_stack_user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat-domain
|
||||
@ -442,7 +442,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
heat:
|
||||
username: heat
|
||||
password: password
|
||||
hosts:
|
||||
@ -464,7 +464,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
heat:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -148,8 +148,8 @@ DATABASES = {
|
||||
# Database configuration here
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': '{{ .Values.endpoints.oslo_db.path | base }}',
|
||||
'USER': '{{ .Values.endpoints.oslo_db.auth.user.username }}',
|
||||
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.user.password }}',
|
||||
'USER': '{{ .Values.endpoints.oslo_db.auth.horizon.username }}',
|
||||
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
|
||||
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
|
||||
'default-character-set': 'utf8',
|
||||
'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'
|
||||
|
@ -60,7 +60,7 @@ spec:
|
||||
- name: DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.oslo_db.user }}
|
||||
name: {{ .Values.secrets.oslo_db.horizon }}
|
||||
key: DB_CONNECTION
|
||||
command:
|
||||
- /tmp/db-drop.py
|
||||
|
@ -54,7 +54,7 @@ spec:
|
||||
- name: DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ .Values.secrets.oslo_db.user }}
|
||||
name: {{ .Values.secrets.oslo_db.horizon }}
|
||||
key: DB_CONNECTION
|
||||
command:
|
||||
- /tmp/db-init.py
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "horizon" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -1216,7 +1216,7 @@ pod:
|
||||
secrets:
|
||||
oslo_db:
|
||||
admin: horizon-db-admin
|
||||
user: horizon-db-user
|
||||
horizon: horizon-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -1266,7 +1266,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
horizon:
|
||||
username: horizon
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -18,11 +18,11 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- if empty .Values.conf.keystone.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "keystone" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.keystone.cache.memcache_servers -}}
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "keystone" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -516,7 +516,7 @@ secrets:
|
||||
admin: keystone-keystone-admin
|
||||
oslo_db:
|
||||
admin: keystone-db-admin
|
||||
user: keystone-db-user
|
||||
keystone: keystone-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -554,7 +554,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
keystone:
|
||||
username: keystone
|
||||
password: password
|
||||
hosts:
|
||||
@ -569,8 +569,8 @@ endpoints:
|
||||
oslo_messaging:
|
||||
namespace: null
|
||||
auth:
|
||||
user:
|
||||
username: keystone
|
||||
keystone:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
default: rabbitmq
|
||||
|
@ -31,22 +31,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.magnum.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.magnum.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.magnum.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.magnum.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.magnum.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
|
||||
@ -54,11 +54,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "magnum" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "magnum"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.magnum.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "magnum" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "magnum" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -182,10 +182,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: magnum-keystone-admin
|
||||
user: magnum-keystone-user
|
||||
magnum: magnum-keystone-user
|
||||
oslo_db:
|
||||
admin: magnum-db-admin
|
||||
user: magnum-db-user
|
||||
magnum: magnum-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -202,7 +202,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
magnum:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: magnum
|
||||
@ -244,7 +244,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
magnum:
|
||||
username: magnum
|
||||
password: password
|
||||
hosts:
|
||||
@ -266,7 +266,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
magnum:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
@ -284,11 +284,11 @@ pod:
|
||||
magnum:
|
||||
uid: 1000
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||
topologyKey:
|
||||
default: kubernetes.io/hostname
|
||||
anti:
|
||||
type:
|
||||
default: preferredDuringSchedulingIgnoredDuringExecution
|
||||
topologyKey:
|
||||
default: kubernetes.io/hostname
|
||||
mounts:
|
||||
magnum_api:
|
||||
init_container: null
|
||||
|
@ -31,22 +31,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.mistral.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.mistral.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.mistral.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.mistral.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.mistral.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
|
||||
@ -54,11 +54,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "mistral" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "mistral"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.mistral.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "mistral" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "mistral" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -129,10 +129,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: mistral-keystone-admin
|
||||
user: mistral-keystone-user
|
||||
mistral: mistral-keystone-user
|
||||
oslo_db:
|
||||
admin: mistral-db-admin
|
||||
user: mistral-db-user
|
||||
mistral: mistral-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -149,7 +149,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
mistral:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: mistral
|
||||
@ -191,7 +191,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
mistral:
|
||||
username: mistral
|
||||
password: password
|
||||
hosts:
|
||||
@ -205,7 +205,7 @@ endpoints:
|
||||
default: 3306
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
mistral:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -31,22 +31,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
|
||||
@ -54,11 +54,11 @@ limitations under the License.
|
||||
{{- end }}
|
||||
|
||||
{{- if empty .Values.conf.neutron.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if empty .Values.conf.neutron.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if empty .Values.conf.neutron.nova.auth_url -}}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "neutron"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.neutron.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "neutron" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "neutron" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -1060,10 +1060,10 @@ conf:
|
||||
secrets:
|
||||
identity:
|
||||
admin: neutron-keystone-admin
|
||||
user: neutron-keystone-user
|
||||
neutron: neutron-keystone-user
|
||||
oslo_db:
|
||||
admin: neutron-db-admin
|
||||
user: neutron-db-user
|
||||
neutron: neutron-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -1075,7 +1075,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
neutron:
|
||||
username: neutron
|
||||
password: password
|
||||
hosts:
|
||||
@ -1089,7 +1089,7 @@ endpoints:
|
||||
default: 3306
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
neutron:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
@ -1151,7 +1151,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
neutron:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: neutron
|
||||
|
@ -32,22 +32,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
|
||||
@ -55,19 +55,19 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.api_database.connection -}}
|
||||
{{- tuple "oslo_db_api" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.cell0_database.connection -}}
|
||||
{{- tuple "oslo_db_cell0" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.glance.api_servers -}}
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "nova"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.nova.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "nova" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "nova" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "nova" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -1043,17 +1043,17 @@ conf:
|
||||
secrets:
|
||||
identity:
|
||||
admin: nova-keystone-admin
|
||||
user: nova-keystone-user
|
||||
nova: nova-keystone-user
|
||||
placement: nova-keystone-placement
|
||||
oslo_db:
|
||||
admin: nova-db-admin
|
||||
user: nova-db-user
|
||||
nova: nova-db-user
|
||||
oslo_db_api:
|
||||
admin: nova-db-api-admin
|
||||
user: nova-db-api-user
|
||||
nova: nova-db-api-user
|
||||
oslo_db_cell0:
|
||||
admin: nova-db-api-admin
|
||||
user: nova-db-api-user
|
||||
nova: nova-db-api-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -1065,7 +1065,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
nova:
|
||||
username: nova
|
||||
password: password
|
||||
hosts:
|
||||
@ -1082,7 +1082,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
nova:
|
||||
username: nova
|
||||
password: password
|
||||
hosts:
|
||||
@ -1099,7 +1099,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
nova:
|
||||
username: nova
|
||||
password: password
|
||||
hosts:
|
||||
@ -1113,7 +1113,7 @@ endpoints:
|
||||
default: 3306
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
nova:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
@ -1143,7 +1143,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
nova:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: nova
|
||||
@ -1151,6 +1151,8 @@ endpoints:
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
#NOTE(portdirect): the neutron user is not managed by the nova chart
|
||||
# these values should match those set in the neutron chart.
|
||||
neutron:
|
||||
region_name: RegionOne
|
||||
project_name: service
|
||||
|
@ -23,22 +23,22 @@ limitations under the License.
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.rally.keystone_authtoken "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.rally.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.rally.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.rally.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.rally.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.rally.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.rally.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
|
||||
@ -46,7 +46,7 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.rally.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
|
@ -54,11 +54,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "rally"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.rally.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "rally" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "rally" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -178,10 +178,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: rally-keystone-admin
|
||||
user: rally-keystone-user
|
||||
rally: rally-keystone-user
|
||||
oslo_db:
|
||||
admin: rally-db-admin
|
||||
user: rally-db-user
|
||||
rally: rally-db-user
|
||||
|
||||
endpoints:
|
||||
cluster_domain_suffix: cluster.local
|
||||
@ -195,7 +195,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
rally:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: rally
|
||||
@ -237,7 +237,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
rally:
|
||||
username: rally
|
||||
password: password
|
||||
hosts:
|
||||
|
@ -32,22 +32,22 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.project_name -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.senlin.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.project_domain_name -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.senlin.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.user_domain_name -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.senlin.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.username -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.senlin.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.password -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.senlin.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
|
||||
@ -55,11 +55,11 @@ limitations under the License.
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.senlin.database.connection -}}
|
||||
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.senlin.DEFAULT.transport_url -}}
|
||||
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- tuple "oslo_messaging" "internal" "senlin" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
---
|
||||
|
@ -55,11 +55,11 @@ spec:
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "senlin"
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.senlin.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_db }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "senlin" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -16,7 +16,7 @@ limitations under the License.
|
||||
|
||||
{{- if .Values.manifests.secret_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- range $key1, $userClass := tuple "admin" "senlin" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -194,10 +194,10 @@ dependencies:
|
||||
secrets:
|
||||
identity:
|
||||
admin: senlin-keystone-admin
|
||||
user: senlin-keystone-user
|
||||
senlin: senlin-keystone-user
|
||||
oslo_db:
|
||||
admin: senlin-db-admin
|
||||
user: senlin-db-user
|
||||
senlin: senlin-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -214,7 +214,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
senlin:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: senlin
|
||||
@ -256,7 +256,7 @@ endpoints:
|
||||
admin:
|
||||
username: root
|
||||
password: password
|
||||
user:
|
||||
senlin:
|
||||
username: senlin
|
||||
password: password
|
||||
hosts:
|
||||
@ -278,7 +278,7 @@ endpoints:
|
||||
default: 11211
|
||||
oslo_messaging:
|
||||
auth:
|
||||
user:
|
||||
senlin:
|
||||
username: rabbitmq
|
||||
password: password
|
||||
hosts:
|
||||
|
Loading…
Reference in New Issue
Block a user