Secret and endpoint standardisation.
This PS moves keystone credentials to the endpoints section within the values.yaml, and also adds a 'secrets' key, allowing standardiation of secrets and credential management across OpenStack-Helm. Change-Id: I86a21e625afd822379ac11351603b2c606a3769f
This commit is contained in:
parent
6f3f72f57e
commit
c221fa5248
@ -20,6 +20,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -41,7 +41,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: barbican-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/barbican/barbican.conf
|
||||
|
@ -11,7 +11,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -48,7 +47,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -11,7 +11,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -47,7 +46,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -10,8 +10,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "barbican-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "barbican-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -47,16 +45,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "barbican"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.barbican_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -11,20 +11,15 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.stack }}
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.heat_stack_region_name | b64enc | indent 4 }}
|
||||
OS_DOMAIN_NAME: |
|
||||
{{ .Values.conf.heat.default.heat.common.config.stack_user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.heat.default.heat.common.config.stack_domain_admin_password | b64enc | indent 4 }}
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,32 +0,0 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: barbican-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,32 +0,0 @@
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: barbican-env-keystone-user
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
@ -1,3 +1,5 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
@ -9,11 +11,15 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: barbican-db-root
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -45,22 +45,6 @@ network:
|
||||
enabled: false
|
||||
port: 39486
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
|
||||
barbican_user: "barbican"
|
||||
barbican_user_domain: "default"
|
||||
barbican_user_role: "admin"
|
||||
barbican_password: "password"
|
||||
barbican_project_name: "service"
|
||||
barbican_project_domain: "default"
|
||||
barbican_region_name: "RegionOne"
|
||||
|
||||
dependencies:
|
||||
db_init:
|
||||
services:
|
||||
@ -115,12 +99,6 @@ conf:
|
||||
auth_token:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: barbican
|
||||
password: password
|
||||
database:
|
||||
oslo:
|
||||
db:
|
||||
@ -130,9 +108,34 @@ conf:
|
||||
config:
|
||||
bind_port: 9311
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: barbican-keystone-admin
|
||||
user: barbican-keystone-user
|
||||
oslo_db:
|
||||
admin: barbican-db-admin
|
||||
user: barbican-db-user
|
||||
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: barbican
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -23,6 +23,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -14,7 +14,6 @@
|
||||
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -44,7 +43,7 @@ spec:
|
||||
command:
|
||||
- /tmp/bootstrap.sh
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: cinder-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/cinder/cinder.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -12,8 +12,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "cinder-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "cinder"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.cinder_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "cinder-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
{{- $mounts_cinder_tests := .Values.mounts.cinder_tests.cinder_tests }}
|
||||
{{- $mounts_cinder_tests_init := .Values.mounts.cinder_tests.init_container }}
|
||||
@ -42,7 +41,7 @@ spec:
|
||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
{{- end }}
|
||||
- name: RALLY_ENV_NAME
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cinder-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
cinder/templates/secret-db.yaml
Normal file
25
cinder/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cinder-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: cinder-env-keystone-user
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
25
cinder/templates/secret-keystone.yaml
Normal file
25
cinder/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -67,15 +67,6 @@ bootstrap:
|
||||
group:
|
||||
volume_backend_name:
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
cinder_user_role: "admin"
|
||||
|
||||
network:
|
||||
api:
|
||||
ingress:
|
||||
@ -129,12 +120,6 @@ conf:
|
||||
auth_token:
|
||||
auth_version: v3
|
||||
auth_type: password
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: cinder
|
||||
password: password
|
||||
oslo_concurrency:
|
||||
oslo:
|
||||
concurrency:
|
||||
@ -235,12 +220,37 @@ dependencies:
|
||||
- service: volume
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: cinder-keystone-admin
|
||||
user: cinder-keystone-user
|
||||
oslo_db:
|
||||
admin: cinder-db-admin
|
||||
user: cinder-db-user
|
||||
|
||||
# We use a different layout of the endpoints here to account for versioning
|
||||
# this swaps the service name and type, and should be rolled out to other
|
||||
# services.
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: cinder
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -29,6 +29,44 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
@ -66,6 +104,7 @@
|
||||
{{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
|
@ -13,8 +13,8 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -41,7 +41,7 @@ spec:
|
||||
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: glance-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/glance/glance-api.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -11,10 +11,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -11,11 +11,9 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "glance-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "glance"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.glance_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "glance-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
{{- $mounts_glance_tests := .Values.mounts.glance_tests.glance_tests }}
|
||||
{{- $mounts_glance_tests_init := .Values.mounts.glance_tests.init_container }}
|
||||
@ -42,7 +41,7 @@ spec:
|
||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
{{- end }}
|
||||
- name: RALLY_ENV_NAME
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: glance-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
glance/templates/secret-db.yaml
Normal file
25
glance/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: glance-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: glance-env-keystone-user
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
25
glance/templates/secret-keystone.yaml
Normal file
25
glance/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -76,16 +76,6 @@ bootstrap:
|
||||
hypervisor_type: "qemu"
|
||||
os_distro: "cirros"
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
glance_user_role: "admin"
|
||||
|
||||
|
||||
conf:
|
||||
rally_tests:
|
||||
override:
|
||||
@ -120,12 +110,6 @@ conf:
|
||||
auth_token:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: glance
|
||||
password: password
|
||||
glance_store:
|
||||
glance:
|
||||
store:
|
||||
@ -151,12 +135,6 @@ conf:
|
||||
auth_token:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: glance
|
||||
password: password
|
||||
|
||||
network:
|
||||
api:
|
||||
@ -296,12 +274,37 @@ dependencies:
|
||||
- service: image
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: glance-keystone-admin
|
||||
user: glance-keystone-user
|
||||
oslo_db:
|
||||
admin: glance-db-admin
|
||||
user: glance-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: glance
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -23,6 +23,54 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.region_name -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_name -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.project_domain_name -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.user_domain_name -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.username -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.trustee.heat.common.context.password -}}
|
||||
{{- set .Values.conf.heat.trustee.heat.common.context "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.default.heat.common.config.stack_user_domain_name -}}
|
||||
{{- set .Values.conf.heat.default.heat.common.config "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin -}}
|
||||
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.heat.default.heat.common.config.stack_domain_admin_password -}}
|
||||
{{- set .Values.conf.heat.default.heat.common.config "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: heat-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/heat/heat.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -14,11 +14,7 @@
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $ksUserSecret := .Values.keystone_secrets.user }}
|
||||
# The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user
|
||||
{{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }}
|
||||
{{- $ksStackUserSecret := .Values.keystone_secrets.stack }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
@ -52,21 +48,20 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "heat"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.heat_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
- name: heat-ks-trustee-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-user.sh
|
||||
volumeMounts:
|
||||
- name: ks-user-sh
|
||||
@ -74,21 +69,20 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "heat"
|
||||
{{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.heat_trustee_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
|
||||
- name: heat-ks-domain-user
|
||||
image: {{ .Values.images.ks_user }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /tmp/ks-domain-user.sh
|
||||
volumeMounts:
|
||||
- name: ks-user-sh
|
||||
@ -96,7 +90,7 @@ spec:
|
||||
subPath: ks-domain-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
@ -104,25 +98,25 @@ spec:
|
||||
- name: SERVICE_OS_REGION_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $ksStackUserSecret }}
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
key: OS_REGION_NAME
|
||||
- name: SERVICE_OS_DOMAIN_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $ksStackUserSecret }}
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
key: OS_DOMAIN_NAME
|
||||
- name: SERVICE_OS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $ksStackUserSecret }}
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
key: OS_USERNAME
|
||||
- name: SERVICE_OS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ $ksStackUserSecret }}
|
||||
name: {{ .Values.secrets.identity.stack_user }}
|
||||
key: OS_PASSWORD
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.heat_stack_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: heat-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
heat/templates/secret-db.yaml
Normal file
25
heat/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.admin }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.trustee }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.heat_trustee_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.heat.trustee.heat.common.context.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.heat.trustee.heat.common.context.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.heat.trustee.heat.common.context.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.heat.trustee.heat.common.context.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.heat.trustee.heat.common.context.password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.user }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
37
heat/templates/secret-keystone.yaml
Normal file
37
heat/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $envAll.Values.secrets.identity.stack_user }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
|
||||
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}
|
@ -64,29 +64,6 @@ termination_grace_period:
|
||||
cloudwatch:
|
||||
timeout: 30
|
||||
|
||||
keystone_secrets:
|
||||
admin: "heat-env-keystone-admin"
|
||||
user: "heat-env-keystone-user"
|
||||
trustee: "heat-env-keystone-trustee"
|
||||
stack: "heat-env-keystone-stack-user"
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
|
||||
heat_user_role: "admin"
|
||||
|
||||
heat_trustee_role: "admin"
|
||||
heat_trustee_region_name: "RegionOne"
|
||||
|
||||
heat_stack_user_role: "admin"
|
||||
heat_stack_region_name: "RegionOne"
|
||||
|
||||
|
||||
conf:
|
||||
paste:
|
||||
override:
|
||||
@ -101,9 +78,6 @@ conf:
|
||||
heat:
|
||||
common:
|
||||
config:
|
||||
stack_user_domain_name: heat
|
||||
stack_domain_admin: heat-domain
|
||||
stack_domain_admin_password: password
|
||||
num_engine_workers: 4
|
||||
trusts_delegated_roles: _member_
|
||||
keystone_authtoken:
|
||||
@ -111,24 +85,12 @@ conf:
|
||||
auth_token:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: heat
|
||||
password: password
|
||||
trustee:
|
||||
heat:
|
||||
common:
|
||||
context:
|
||||
auth_section: trustee
|
||||
auth_type: password
|
||||
password: password
|
||||
user_domain_name: default
|
||||
username: heat-trust
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
region_name: RegionOne
|
||||
auth_version: v3
|
||||
heat_api:
|
||||
heat:
|
||||
@ -249,12 +211,53 @@ dependencies:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: heat-keystone-admin
|
||||
user: heat-keystone-user
|
||||
trustee: heat-keystone-trustee
|
||||
stack_user: heat-keystone-stack-user
|
||||
oslo_db:
|
||||
admin: heat-db-admin
|
||||
user: heat-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
trustee:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat-trust
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
stack_user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: heat-trust
|
||||
password: password
|
||||
domain_name: heat
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
27
helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
Normal file
27
helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
Normal file
@ -0,0 +1,27 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- define "helm-toolkit.snippets.keystone_secret_openrc" }}
|
||||
{{- $userClass := index . 0 -}}
|
||||
{{- $identityEndpoint := index . 1 -}}
|
||||
{{- $context := index . 2 -}}
|
||||
{{- $userContext := index $context.Values.endpoints.identity.auth $userClass }}
|
||||
OS_AUTH_URL: {{ tuple "identity" $identityEndpoint "api" $context | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc }}
|
||||
OS_REGION_NAME: {{ $userContext.region_name | b64enc }}
|
||||
OS_PROJECT_DOMAIN_NAME: {{ $userContext.project_domain_name | b64enc }}
|
||||
OS_PROJECT_NAME: {{ $userContext.project_name | b64enc }}
|
||||
OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }}
|
||||
OS_USERNAME: {{ $userContext.username | b64enc }}
|
||||
OS_PASSWORD: {{ $userContext.password | b64enc }}
|
||||
{{- end }}
|
@ -19,10 +19,10 @@ set -ex
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf db_sync
|
||||
|
||||
keystone-manage --config-file=/etc/keystone/keystone.conf bootstrap \
|
||||
--bootstrap-username {{ .Values.keystone.admin_user }} \
|
||||
--bootstrap-password {{ .Values.keystone.admin_password }} \
|
||||
--bootstrap-project-name {{ .Values.keystone.admin_project_name }} \
|
||||
--bootstrap-admin-url {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
||||
--bootstrap-public-url {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
||||
--bootstrap-internal-url {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} \
|
||||
--bootstrap-region-id {{ .Values.keystone.admin_region_name }}
|
||||
--bootstrap-username ${OS_USERNAME} \
|
||||
--bootstrap-password ${OS_PASSWORD} \
|
||||
--bootstrap-project-name ${OS_PROJECT_NAME} \
|
||||
--bootstrap-admin-url ${OS_BOOTSTRAP_ADMIN_URL} \
|
||||
--bootstrap-public-url ${OS_BOOTSTRAP_PUBLIC_URL} \
|
||||
--bootstrap-internal-url ${OS_BOOTSTRAP_INTERNAL_URL} \
|
||||
--bootstrap-region-id ${OS_REGION_NAME}
|
||||
|
@ -14,7 +14,6 @@
|
||||
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
{{- $mounts_keystone_bootstrap := .Values.mounts.keystone_bootstrap.keystone_bootstrap }}
|
||||
{{- $mounts_keystone_bootstrap_init := .Values.mounts.keystone_bootstrap.init_container }}
|
||||
@ -45,7 +44,7 @@ spec:
|
||||
memory: {{ .Values.resources.jobs.bootstrap.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
|
@ -47,7 +47,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keystone-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/keystone/keystone.conf
|
||||
|
@ -43,6 +43,16 @@ spec:
|
||||
cpu: {{ .Values.resources.jobs.db_sync.requests.cpu | quote }}
|
||||
memory: {{ .Values.resources.jobs.db_sync.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: OS_BOOTSTRAP_ADMIN_URL
|
||||
value: {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
- name: OS_BOOTSTRAP_PUBLIC_URL
|
||||
value: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
- name: OS_BOOTSTRAP_INTERNAL_URL
|
||||
value: {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /tmp/db-sync.sh
|
||||
volumeMounts:
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "keystone-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
{{- $mounts_keystone_tests := .Values.mounts.keystone_tests.keystone_tests }}
|
||||
{{- $mounts_keystone_tests_init := .Values.mounts.keystone_tests.init_container }}
|
||||
@ -42,7 +41,7 @@ spec:
|
||||
memory: {{ .Values.resources.tests.requests.memory | quote }}
|
||||
{{- end }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
{{- end }}
|
||||
- name: RALLY_ENV_NAME
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keystone-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
keystone/templates/secret-db.yaml
Normal file
25
keystone/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keystone-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -11,11 +11,15 @@
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mistral-db-root
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -48,14 +48,7 @@ termination_grace_period:
|
||||
timeout: 30
|
||||
|
||||
keystone:
|
||||
version: v3
|
||||
scheme: http
|
||||
admin_region_name: RegionOne
|
||||
admin_user: admin
|
||||
admin_password: password
|
||||
admin_project_name: admin
|
||||
admin_user_domain: default
|
||||
admin_project_domain: default
|
||||
|
||||
|
||||
bootstrap:
|
||||
enabled: true
|
||||
@ -194,12 +187,28 @@ conf:
|
||||
enabled: true
|
||||
backend: dogpile.cache.memcached
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: keystone-keystone-admin
|
||||
oslo_db:
|
||||
admin: keystone-db-admin
|
||||
user: keystone-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -23,6 +23,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: magnum-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/magnum/magnum.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone_secrets.admin }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -12,8 +12,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "magnum-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "magnum-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "magnum"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.magnum_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: magnum-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
magnum/templates/secret-db.yaml
Normal file
25
magnum/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.admin }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.keystone_secrets.user }}
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
25
magnum/templates/secret-keystone.yaml
Normal file
25
magnum/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -17,7 +17,6 @@
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
|
||||
replicas:
|
||||
api: 1
|
||||
conductor: 1
|
||||
@ -52,20 +51,6 @@ termination_grace_period:
|
||||
api:
|
||||
timeout: 30
|
||||
|
||||
keystone_secrets:
|
||||
admin: "magnum-env-keystone-admin"
|
||||
user: "magnum-env-keystone-user"
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
|
||||
magnum_user_role: "admin"
|
||||
|
||||
conf:
|
||||
paste:
|
||||
override:
|
||||
@ -146,12 +131,37 @@ dependencies:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: magnum-keystone-admin
|
||||
user: magnum-keystone-user
|
||||
oslo_db:
|
||||
admin: magnum-db-admin
|
||||
user: magnum-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: magnum
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -22,6 +22,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mistral-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/mistral/mistral.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -12,8 +12,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "mistral-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "mistral-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "mistral"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.mistral_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
25
mistral/templates/secret-db.yaml
Normal file
25
mistral/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,35 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mistral-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
||||
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: mistral-env-keystone-user
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.username | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.password | b64enc | indent 4 }}
|
25
mistral/templates/secret-keystone.yaml
Normal file
25
mistral/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -17,7 +17,6 @@
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
|
||||
replicas:
|
||||
api: 1
|
||||
engine: 1
|
||||
@ -56,26 +55,6 @@ termination_grace_period:
|
||||
api:
|
||||
timeout: 30
|
||||
|
||||
keystone_secrets:
|
||||
admin: "mistral-env-keystone-admin"
|
||||
user: "mistral-env-keystone-user"
|
||||
|
||||
keystone:
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
|
||||
mistral_user: "mistral"
|
||||
mistral_user_domain: "default"
|
||||
mistral_user_role: "admin"
|
||||
mistral_password: "password"
|
||||
mistral_project_name: "service"
|
||||
mistral_project_domain: "default"
|
||||
mistral_region_name: "RegionOne"
|
||||
|
||||
network:
|
||||
api:
|
||||
ingress:
|
||||
@ -150,12 +129,37 @@ dependencies:
|
||||
- service: identity
|
||||
endpoint: internal
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: mistral-keystone-admin
|
||||
user: mistral-keystone-user
|
||||
oslo_db:
|
||||
admin: mistral-db-admin
|
||||
user: mistral-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
# required by this chart
|
||||
endpoints:
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: mistral
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -33,6 +33,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end }}
|
||||
|
@ -34,7 +34,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: neutron-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/neutron/neutron.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -12,8 +12,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "neutron-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "neutron"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.neutron_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "neutron-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
{{- $mounts_neutron_tests := .Values.mounts.neutron_tests.neutron_tests }}
|
||||
{{- $mounts_neutron_tests_init := .Values.mounts.neutron_tests.init_container }}
|
||||
@ -32,7 +31,7 @@ spec:
|
||||
- name: {{.Release.Name}}-token-issue-test
|
||||
image: {{ .Values.images.test }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
{{- end }}
|
||||
- name: RALLY_ENV_NAME
|
||||
|
@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neutron-db-root
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" "admin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
|
25
neutron/templates/secret-db.yaml
Normal file
25
neutron/templates/secret-db.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neutron-env-keystone-admin
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.admin_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.admin_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.admin_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.admin_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.admin_password | b64enc | indent 4 }}
|
@ -1,34 +0,0 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neutron-env-keystone-user
|
||||
type: Opaque
|
||||
data:
|
||||
OS_AUTH_URL: |
|
||||
{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
|
||||
OS_REGION_NAME: |
|
||||
{{ .Values.keystone.neutron_region_name | b64enc | indent 4 }}
|
||||
OS_PROJECT_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.neutron_project_domain | b64enc | indent 4 }}
|
||||
OS_PROJECT_NAME: |
|
||||
{{ .Values.keystone.neutron_project_name | b64enc | indent 4 }}
|
||||
OS_USER_DOMAIN_NAME: |
|
||||
{{ .Values.keystone.neutron_user_domain | b64enc | indent 4 }}
|
||||
OS_USERNAME: |
|
||||
{{ .Values.keystone.neutron_user | b64enc | indent 4 }}
|
||||
OS_PASSWORD: |
|
||||
{{ .Values.keystone.neutron_password | b64enc | indent 4 }}
|
25
neutron/templates/secret-keystone.yaml
Normal file
25
neutron/templates/secret-keystone.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
|
||||
{{- end }}
|
@ -134,23 +134,6 @@ network:
|
||||
metadata:
|
||||
port: 8775
|
||||
|
||||
keystone:
|
||||
|
||||
admin_user: "admin"
|
||||
admin_user_domain: "default"
|
||||
admin_password: "password"
|
||||
admin_project_name: "admin"
|
||||
admin_project_domain: "default"
|
||||
admin_region_name: "RegionOne"
|
||||
|
||||
neutron_user: "neutron"
|
||||
neutron_user_domain: "default"
|
||||
neutron_user_role: "admin"
|
||||
neutron_password: "password"
|
||||
neutron_project_name: "service"
|
||||
neutron_project_domain: "default"
|
||||
neutron_region_name: "RegionOne"
|
||||
|
||||
metadata:
|
||||
workers: 4
|
||||
|
||||
@ -374,12 +357,6 @@ conf:
|
||||
auth_token:
|
||||
auth_type: password
|
||||
auth_version: v3
|
||||
region_name: RegionOne
|
||||
project_domain_name: default
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
username: neutron
|
||||
password: password
|
||||
ml2_conf:
|
||||
override:
|
||||
append:
|
||||
@ -488,6 +465,14 @@ conf:
|
||||
override:
|
||||
append:
|
||||
|
||||
# Names of secrets used by bootstrap and environmental checks
|
||||
secrets:
|
||||
identity:
|
||||
admin: neutron-keystone-admin
|
||||
user: neutron-keystone-user
|
||||
oslo_db:
|
||||
admin: neutron-db-admin
|
||||
user: neutron-db-user
|
||||
|
||||
# typically overriden by environmental
|
||||
# values, but should include all endpoints
|
||||
@ -548,6 +533,22 @@ endpoints:
|
||||
default: 6080
|
||||
identity:
|
||||
name: keystone
|
||||
auth:
|
||||
admin:
|
||||
region_name: RegionOne
|
||||
username: admin
|
||||
password: password
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
user:
|
||||
role: admin
|
||||
region_name: RegionOne
|
||||
username: neutron
|
||||
password: password
|
||||
project_name: service
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
hosts:
|
||||
default: keystone-api
|
||||
public: keystone
|
||||
|
@ -23,6 +23,25 @@
|
||||
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.username -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.password -}}
|
||||
{{- set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
|
||||
{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
|
||||
{{- end -}}
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
|
||||
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
|
||||
@ -45,7 +44,7 @@ spec:
|
||||
command:
|
||||
- /tmp/bootstrap.sh
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nova-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/nova/nova.conf
|
||||
@ -80,7 +80,7 @@ spec:
|
||||
- name: ROOT_DB_CONNECTION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nova-db-root
|
||||
name: {{ .Values.secrets.oslo_db.admin }}
|
||||
key: DB_CONNECTION
|
||||
- name: OPENSTACK_CONFIG_FILE
|
||||
value: /etc/nova/nova.conf
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -50,7 +49,7 @@ spec:
|
||||
subPath: ks-endpoints.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SVC_ENDPOINT
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -49,7 +48,7 @@ spec:
|
||||
subPath: ks-service.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: OS_SERVICE_NAME
|
||||
|
@ -12,8 +12,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||
{{- $ksUserSecret := .Values.keystone.user_secret | default "nova-env-keystone-user" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
apiVersion: batch/v1
|
||||
@ -49,16 +47,16 @@ spec:
|
||||
subPath: ks-user.sh
|
||||
readOnly: true
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_SERVICE_NAME
|
||||
value: "nova"
|
||||
{{- with $env := dict "ksUserSecret" $ksUserSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
|
||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
|
||||
{{- end }}
|
||||
- name: SERVICE_OS_ROLE
|
||||
value: {{ .Values.keystone.nova_user_role | quote }}
|
||||
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
|
||||
volumes:
|
||||
- name: ks-user-sh
|
||||
configMap:
|
||||
|
@ -13,7 +13,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $ksAdminSecret := .Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
{{- $mounts_nova_tests := .Values.mounts.nova_tests.nova_tests }}
|
||||
{{- $mounts_nova_tests_init := .Values.mounts.nova_tests.init_container }}
|
||||
@ -32,7 +31,7 @@ spec:
|
||||
- name: {{.Release.Name}}-token-issue-test
|
||||
image: {{ .Values.images.test }}
|
||||
env:
|
||||
{{- with $env := dict "ksUserSecret" $ksAdminSecret }}
|
||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
|
||||
{{- end }}
|
||||
- name: RALLY_ENV_NAME
|
||||
|
25
nova/templates/secret-db-api.yaml
Normal file
25
nova/templates/secret-db-api.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
# Copyright 2017 The Openstack-Helm Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- range $key1, $userClass := tuple "admin" "user" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
type: Opaque
|
||||
data:
|
||||
DB_CONNECTION: {{ tuple "oslo_db_api" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
|
||||
{{- end }}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user