Auth: Update credential keys to reference service specifically

This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.

Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This commit is contained in:
portdirect 2018-01-14 19:20:34 -05:00 committed by Pete Birley
parent a72db2e8ff
commit b180d28618
83 changed files with 317 additions and 334 deletions

View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.barbican.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.barbican.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.barbican.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.username -}}
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.barbican.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.password -}}
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.barbican.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "barbican" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "barbican"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.barbican.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -377,10 +377,10 @@ conf:
secrets:
identity:
admin: barbican-keystone-admin
user: barbican-keystone-user
barbican: barbican-keystone-user
oslo_db:
admin: barbican-db-admin
user: barbican-db-user
barbican: barbican-db-user
endpoints:
cluster_domain_suffix: cluster.local
@ -394,7 +394,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
barbican:
role: admin
region_name: RegionOne
username: barbican
@ -436,7 +436,7 @@ endpoints:
admin:
username: root
password: password
user:
barbican:
username: barbican
password: password
hosts:
@ -450,7 +450,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
barbican:
username: rabbitmq
password: password
hosts:

View File

@ -30,68 +30,68 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.event_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.metering_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.oslo_messaging_notifications.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.notification.messaging_urls -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.region_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.username -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.password -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ceilometer.service_credentials "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.region_name -}}
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.user_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.username -}}
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.password -}}
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.dispatcher_gnocchi.url -}}

View File

@ -48,7 +48,7 @@ spec:
- name: USER_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.mongodb.user }}
name: {{ .Values.secrets.mongodb.ceilometer }}
key: DB_CONNECTION
command:
- /tmp/db-init-mongodb.sh

View File

@ -52,11 +52,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceilometer"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_mongodb }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.mongodb $userClass }}
---
apiVersion: v1

View File

@ -1600,13 +1600,13 @@ dependencies:
secrets:
identity:
admin: ceilometer-keystone-admin
user: ceilometer-keystone-user
ceilometer: ceilometer-keystone-user
oslo_db:
admin: ceilometer-db-admin
user: ceilometer-db-user
ceilometer: ceilometer-db-user
mongodb:
admin: ceilometer-mongodb-admin
user: ceilometer-mongodb-user
ceilometer: ceilometer-mongodb-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1623,7 +1623,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
ceilometer:
role: admin
region_name: RegionOne
username: ceilometer
@ -1710,7 +1710,7 @@ endpoints:
admin:
username: root
password: password
user:
ceilometer:
username: ceilometer
password: password
hosts:
@ -1727,7 +1727,7 @@ endpoints:
admin:
username: root
password: password
user:
ceilometer:
username: ceilometer
password: password
hosts:
@ -1749,7 +1749,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
ceilometer:
username: rabbitmq
password: password
hosts:

View File

@ -56,11 +56,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceph"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.swift.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone_rgw }}
{{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- range $key1, $userClass := tuple "user" }}
{{- range $key1, $userClass := tuple "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
---
apiVersion: v1

View File

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -172,7 +172,7 @@ secrets:
admin: ceph-client-admin-keyring
identity:
admin: ceph-keystone-admin
user: ceph-keystone-user
swift: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw
network:
@ -381,7 +381,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
swift:
role: admin
region_name: RegionOne
username: swift

View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.username -}}
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.password -}}
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "cinder" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.glance_api_servers -}}
@ -73,19 +73,19 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}}
{{- set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" | quote | trunc 0 -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "cinder"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.cinder.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -599,10 +599,10 @@ dependencies:
secrets:
identity:
admin: cinder-keystone-admin
user: cinder-keystone-user
cinder: cinder-keystone-user
oslo_db:
admin: cinder-db-admin
user: cinder-db-user
cinder: cinder-db-user
rbd:
backup: cinder-backup-rbd-keyring
volume: cinder-volume-rbd-keyring
@ -622,7 +622,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
cinder:
role: admin
region_name: RegionOne
username: cinder
@ -724,7 +724,7 @@ endpoints:
admin:
username: root
password: password
user:
cinder:
username: cinder
password: password
hosts:
@ -738,7 +738,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
cinder:
username: rabbitmq
password: password
hosts:

View File

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.congress.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "congress" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "congress" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
@ -38,22 +38,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.congress.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.congress.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.congress.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.congress.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.username -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.congress.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.password -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.congress.password | quote | trunc 0 -}}
{{- end -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "congress"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.congress.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -124,10 +124,10 @@ dependencies:
secrets:
identity:
admin: congress-keystone-admin
user: congress-keystone-user
congress: congress-keystone-user
oslo_db:
admin: congress-db-admin
user: congress-db-user
congress: congress-db-user
rbd: images-rbd-keyring
endpoints:
@ -142,7 +142,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
congress:
role: admin
region_name: RegionOne
username: congress
@ -184,7 +184,7 @@ endpoints:
admin:
username: root
password: password
user:
congress:
username: congress
password: password
hosts:
@ -206,7 +206,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
congress:
username: rabbitmq
password: password
hosts:
@ -218,25 +218,6 @@ endpoints:
port:
amqp:
default: 5672
ceph_object_store:
name: radosgw
namespace: ceph
auth:
user:
username: congress
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
policy:
datasource_services:

View File

@ -40,41 +40,41 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.username -}}
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.password -}}
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.username -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.password -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.memcached_servers -}}
@ -85,17 +85,17 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.glance.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.registry_host -}}

View File

@ -18,13 +18,13 @@ limitations under the License.
{{- if eq .Values.storage "radosgw" }}
auth_version = 1
auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user = {{ .Values.endpoints.ceph_object_store.auth.user.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.user.password }}
user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
{{- else }}
user = {{ .Values.endpoints.identity.auth.user.project_name }}:{{ .Values.endpoints.identity.auth.user.username }}
key = {{ .Values.endpoints.identity.auth.user.password }}
user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
key = {{ .Values.endpoints.identity.auth.glance.password }}
auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user_domain_name = {{ .Values.endpoints.identity.auth.user.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.user.project_domain_name }}
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
auth_version = 3
{{- end -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "glance"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.glance.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -108,11 +108,11 @@ spec:
{{ end }}
{{- if eq .Values.storage "radosgw" }}
- name: RADOSGW_USERNAME
value: {{ .Values.endpoints.ceph_object_store.auth.user.username | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.username | quote }}
- name: RADOSGW_PASSWORD
value: {{ .Values.endpoints.ceph_object_store.auth.user.password | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.password | quote }}
- name: RADOSGW_TMPURL_KEY
value: {{ .Values.endpoints.ceph_object_store.auth.user.tmpurlkey | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
{{ end }}
command:
- /tmp/storage-init.sh

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -378,10 +378,10 @@ dependencies:
secrets:
identity:
admin: glance-keystone-admin
user: glance-keystone-user
glance: glance-keystone-user
oslo_db:
admin: glance-db-admin
user: glance-db-user
glance: glance-db-user
rbd: images-rbd-keyring
# typically overriden by environmental
@ -399,7 +399,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
glance:
role: admin
region_name: RegionOne
username: glance
@ -456,7 +456,7 @@ endpoints:
admin:
username: root
password: password
user:
glance:
username: glance
password: password
hosts:
@ -478,7 +478,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
glance:
username: rabbitmq
password: password
hosts:
@ -494,7 +494,7 @@ endpoints:
name: radosgw
namespace: ceph
auth:
user:
glance:
username: glance
password: password
tmpurlkey: supersecret

View File

@ -33,33 +33,33 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.gnocchi.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.gnocchi.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.gnocchi.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.gnocchi.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.username -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.gnocchi.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.password -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.gnocchi.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.indexer.url -}}
{{ if eq .Values.conf.gnocchi.indexer.driver "postgresql" }}
{{- tuple "oslo_db_postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{- tuple "oslo_db_postgresql" "internal" "gnocchi" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ else }}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ end }}
{{- end -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "gnocchi"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
{{ $osAuthType := $auth.os_auth_type }}

View File

@ -342,10 +342,10 @@ conf:
secrets:
identity:
admin: gnocchi-keystone-admin
user: gnocchi-keystone-user
gnocchi: gnocchi-keystone-user
oslo_db:
admin: gnocchi-db-admin
user: gnocchi-db-user
gnocchi: gnocchi-db-user
rbd: gnocchi-rbd-keyring
# typically overriden by environmental
@ -365,7 +365,7 @@ endpoints:
region_name: "RegionOne"
os_auth_type: "password"
os_tenant_name: "admin"
user:
gnocchi:
username: "gnocchi"
user_domain_name: "default"
role: "admin"
@ -409,7 +409,7 @@ endpoints:
admin:
username: postgres
password: password
user:
gnocchi:
username: gnocchi
password: password
hosts:
@ -426,7 +426,7 @@ endpoints:
admin:
username: root
password: password
user:
gnocchi:
username: gnocchi
password: password
hosts:

View File

@ -30,51 +30,51 @@ limitations under the License.
{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.heat.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.heat.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.heat.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.username -}}
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.heat.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.password -}}
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.heat.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.region_name -}}
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.heat_trustee.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.project_name -}}
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.heat_trustee.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.project_domain_name -}}
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.heat_trustee.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.user_domain_name -}}
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.heat_trustee.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.username -}}
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.heat_trustee.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.password -}}
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.heat_trustee.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_user_domain_name -}}
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.heat_stack_user.domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.heat_stack_user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin_password -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.heat_stack_user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
@ -82,11 +82,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.heat.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.heat_metadata_server_url -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat.role | quote }}
- name: heat-ks-trustee-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
@ -76,11 +76,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }}
- name: heat-ks-domain-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
@ -100,25 +100,25 @@ spec:
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -60,7 +60,7 @@ spec:
- name: SERVICE_OS_ROLES
value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }}
- name: SERVICE_OS_TRUSTEE
value: {{ .Values.endpoints.identity.auth.trustee.username }}
value: {{ .Values.endpoints.identity.auth.heat_trustee.username }}
volumes:
- name: heat-bin
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
{{- range $key1, $userClass := tuple "admin" "heat" "heat_trustee" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
@ -31,12 +31,12 @@ data:
apiVersion: v1
kind: Secret
metadata:
name: {{ $envAll.Values.secrets.identity.stack_user }}
name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
{{- end }}

View File

@ -332,12 +332,12 @@ dependencies:
secrets:
identity:
admin: heat-keystone-admin
user: heat-keystone-user
trustee: heat-keystone-trustee
stack_user: heat-keystone-stack-user
heat: heat-keystone-user
heat_trustee: heat-keystone-trustee
heat_stack_user: heat-keystone-stack-user
oslo_db:
admin: heat-db-admin
user: heat-db-user
heat: heat-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -354,7 +354,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
heat:
role: admin
region_name: RegionOne
username: heat
@ -362,7 +362,7 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
trustee:
heat_trustee:
role: admin
region_name: RegionOne
username: heat-trust
@ -370,7 +370,7 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
stack_user:
heat_stack_user:
role: admin
region_name: RegionOne
username: heat-domain
@ -442,7 +442,7 @@ endpoints:
admin:
username: root
password: password
user:
heat:
username: heat
password: password
hosts:
@ -464,7 +464,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
heat:
username: rabbitmq
password: password
hosts:

View File

@ -148,8 +148,8 @@ DATABASES = {
# Database configuration here
'ENGINE': 'django.db.backends.mysql',
'NAME': '{{ .Values.endpoints.oslo_db.path | base }}',
'USER': '{{ .Values.endpoints.oslo_db.auth.user.username }}',
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.user.password }}',
'USER': '{{ .Values.endpoints.oslo_db.auth.horizon.username }}',
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
'default-character-set': 'utf8',
'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'

View File

@ -60,7 +60,7 @@ spec:
- name: DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }}
name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION
command:
- /tmp/db-drop.py

View File

@ -54,7 +54,7 @@ spec:
- name: DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }}
name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION
command:
- /tmp/db-init.py

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "horizon" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -1216,7 +1216,7 @@ pod:
secrets:
oslo_db:
admin: horizon-db-admin
user: horizon-db-user
horizon: horizon-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1266,7 +1266,7 @@ endpoints:
admin:
username: root
password: password
user:
horizon:
username: horizon
password: password
hosts:

View File

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.keystone.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "keystone" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.cache.memcache_servers -}}

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -516,7 +516,7 @@ secrets:
admin: keystone-keystone-admin
oslo_db:
admin: keystone-db-admin
user: keystone-db-user
keystone: keystone-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -554,7 +554,7 @@ endpoints:
admin:
username: root
password: password
user:
keystone:
username: keystone
password: password
hosts:
@ -569,8 +569,8 @@ endpoints:
oslo_messaging:
namespace: null
auth:
user:
username: keystone
keystone:
username: rabbitmq
password: password
hosts:
default: rabbitmq

View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.magnum.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.magnum.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.magnum.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.username -}}
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.magnum.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.password -}}
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.magnum.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.magnum.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "magnum" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "magnum"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.magnum.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -182,10 +182,10 @@ dependencies:
secrets:
identity:
admin: magnum-keystone-admin
user: magnum-keystone-user
magnum: magnum-keystone-user
oslo_db:
admin: magnum-db-admin
user: magnum-db-user
magnum: magnum-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -202,7 +202,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
magnum:
role: admin
region_name: RegionOne
username: magnum
@ -244,7 +244,7 @@ endpoints:
admin:
username: root
password: password
user:
magnum:
username: magnum
password: password
hosts:
@ -266,7 +266,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
magnum:
username: rabbitmq
password: password
hosts:
@ -284,11 +284,11 @@ pod:
magnum:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
magnum_api:
init_container: null

View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.mistral.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.mistral.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.mistral.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.username -}}
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.mistral.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.password -}}
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.mistral.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.mistral.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "mistral" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "mistral"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.mistral.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -129,10 +129,10 @@ dependencies:
secrets:
identity:
admin: mistral-keystone-admin
user: mistral-keystone-user
mistral: mistral-keystone-user
oslo_db:
admin: mistral-db-admin
user: mistral-db-user
mistral: mistral-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -149,7 +149,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
mistral:
role: admin
region_name: RegionOne
username: mistral
@ -191,7 +191,7 @@ endpoints:
admin:
username: root
password: password
user:
mistral:
username: mistral
password: password
hosts:
@ -205,7 +205,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
mistral:
username: rabbitmq
password: password
hosts:

View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.username -}}
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.password -}}
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end }}
{{- if empty .Values.conf.neutron.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
{{- end }}
{{- if empty .Values.conf.neutron.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end }}
{{- if empty .Values.conf.neutron.nova.auth_url -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "neutron"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.neutron.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -1060,10 +1060,10 @@ conf:
secrets:
identity:
admin: neutron-keystone-admin
user: neutron-keystone-user
neutron: neutron-keystone-user
oslo_db:
admin: neutron-db-admin
user: neutron-db-user
neutron: neutron-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1075,7 +1075,7 @@ endpoints:
admin:
username: root
password: password
user:
neutron:
username: neutron
password: password
hosts:
@ -1089,7 +1089,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
neutron:
username: rabbitmq
password: password
hosts:
@ -1151,7 +1151,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
neutron:
role: admin
region_name: RegionOne
username: neutron

View File

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.username -}}
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.password -}}
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
@ -55,19 +55,19 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.nova.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.api_database.connection -}}
{{- tuple "oslo_db_api" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.cell0_database.connection -}}
{{- tuple "oslo_db_cell0" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.glance.api_servers -}}

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "nova"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.nova.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db_api }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -1043,17 +1043,17 @@ conf:
secrets:
identity:
admin: nova-keystone-admin
user: nova-keystone-user
nova: nova-keystone-user
placement: nova-keystone-placement
oslo_db:
admin: nova-db-admin
user: nova-db-user
nova: nova-db-user
oslo_db_api:
admin: nova-db-api-admin
user: nova-db-api-user
nova: nova-db-api-user
oslo_db_cell0:
admin: nova-db-api-admin
user: nova-db-api-user
nova: nova-db-api-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1065,7 +1065,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1082,7 +1082,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1099,7 +1099,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1113,7 +1113,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
nova:
username: rabbitmq
password: password
hosts:
@ -1143,7 +1143,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
nova:
role: admin
region_name: RegionOne
username: nova
@ -1151,6 +1151,8 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
#NOTE(portdirect): the neutron user is not managed by the nova chart
# these values should match those set in the neutron chart.
neutron:
region_name: RegionOne
project_name: service

View File

@ -23,22 +23,22 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.rally.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.region_name -}}
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.rally.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.rally.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.rally.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.rally.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.username -}}
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.rally.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.password -}}
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.rally.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
@ -46,7 +46,7 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.rally.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
{{- end -}}
---

View File

@ -54,11 +54,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "rally"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.rally.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -178,10 +178,10 @@ dependencies:
secrets:
identity:
admin: rally-keystone-admin
user: rally-keystone-user
rally: rally-keystone-user
oslo_db:
admin: rally-db-admin
user: rally-db-user
rally: rally-db-user
endpoints:
cluster_domain_suffix: cluster.local
@ -195,7 +195,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
rally:
role: admin
region_name: RegionOne
username: rally
@ -237,7 +237,7 @@ endpoints:
admin:
username: root
password: password
user:
rally:
username: rally
password: password
hosts:

View File

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.senlin.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.senlin.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.senlin.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.username -}}
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.senlin.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.password -}}
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.senlin.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
@ -55,11 +55,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.senlin.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "senlin" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "senlin"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.senlin.role | quote }}
volumes:
- name: ks-user-sh
configMap:

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -194,10 +194,10 @@ dependencies:
secrets:
identity:
admin: senlin-keystone-admin
user: senlin-keystone-user
senlin: senlin-keystone-user
oslo_db:
admin: senlin-db-admin
user: senlin-db-user
senlin: senlin-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -214,7 +214,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
senlin:
role: admin
region_name: RegionOne
username: senlin
@ -256,7 +256,7 @@ endpoints:
admin:
username: root
password: password
user:
senlin:
username: senlin
password: password
hosts:
@ -278,7 +278,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
senlin:
username: rabbitmq
password: password
hosts: