Support image registries with authentication

Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst

Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.

Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142

Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8

aodh/Chart.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: Openstack-Helm Aodh
 name: aodh
-version: 0.2.4
+version: 0.2.5
 home: https://docs.openstack.org/aodh/latest/
 sources:
   - https://opendev.org/openstack/aodh

aodh/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

aodh/values.yaml

@@ -556,6 +556,8 @@ secrets:
     alarming:
       api:
         public: aodh-tls-public
+  oci_image_registry:
+    aodh: aodh-oci-image-registry
 
 bootstrap:
   enabled: false
@@ -580,6 +582,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      aodh:
+        username: aodh
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -732,9 +749,10 @@ manifests:
   pdb_api: true
   pod_aodh_test: true
   secret_db: true
+  secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
-  secret_ingress_tls: true
+  secret_registry: true
   service_api: true
   service_ingress_api: true
 ...

barbican/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Barbican
 name: barbican
-version: 0.2.14
+version: 0.2.15
 home: https://docs.openstack.org/barbican/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
 sources:

barbican/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

barbican/values.yaml

@@ -496,6 +496,8 @@ secrets:
     key_manager:
       api:
         public: barbican-tls-public
+  oci_image_registry:
+    barbican: barbican-oci-image-registry
 
 endpoints:
   cluster_domain_suffix: cluster.local
@@ -511,6 +513,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      barbican:
+        username: barbican
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -676,6 +693,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
 ...

ceilometer/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ceilometer
 name: ceilometer
-version: 0.2.5
+version: 0.2.6
 home: https://docs.openstack.org/ceilometer/latest/
 sources:
   - https://opendev.org/openstack/ceilometer

ceilometer/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

ceilometer/values.yaml

@@ -1732,6 +1732,8 @@ secrets:
   oslo_messaging:
     admin: ceilometer-rabbitmq-admin
     ceilometer: ceilometer-rabbitmq-user
+  oci_image_registry:
+    ceilometer: ceilometer-oci-image-registry
 
 bootstrap:
   enabled: false
@@ -1756,6 +1758,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      ceilometer:
+        username: ceilometer
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -2136,6 +2153,7 @@ manifests:
   secret_keystone: true
   secret_mongodb: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_ingress_api: true
 ...

cinder/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.2.22
+version: 0.2.23
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:

cinder/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

cinder/values.yaml

@@ -1261,6 +1261,9 @@ secrets:
       api:
         public: cinder-tls-public
         internal: cinder-tls-api
+  oci_image_registry:
+    cinder: cinder-oci-image-registry
+
 # We use a different layout of the endpoints here to account for versioning
 # this swaps the service name and type, and should be rolled out to other
 # services.
@@ -1278,6 +1281,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      cinder:
+        username: cinder
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -1494,6 +1512,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_ingress_api: true
 ...

cyborg/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cyborg
 name: cyborg
-version: 0.1.1
+version: 0.1.2
 home: https://docs.openstack.org/cyborg
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cyborg/OpenStack_Project_Cyborg_vertical.png
 sources:

cyborg/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

cyborg/values.yaml

@@ -62,6 +62,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      cyborg:
+        username: cyborg
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   accelerator:
     name: cyborg
     hosts:
@@ -245,6 +260,8 @@ secrets:
   oslo_messaging:
     admin: cyborg-rabbitmq-admin
     cyborg: cyborg-rabbitmq-user
+  oci_image_registry:
+    cyborg: cyborg-oci-image-registry
 
 dependencies:
   static:
@@ -550,5 +567,6 @@ manifests:
   secret_db: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: false
   service_api: true

designate/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Designate
 name: designate
-version: 0.2.5
+version: 0.2.6
 home: https://docs.openstack.org/designate/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg
 sources:

designate/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

designate/values.yaml

@@ -649,6 +649,8 @@ secrets:
     dns:
       api:
         public: designate-tls-public
+  oci_image_registry:
+    designate: designate-oci-image-registry
 
 endpoints:
   cluster_domain_suffix: cluster.local
@@ -664,6 +666,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      designate:
+        username: designate
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -827,6 +844,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_mdns: true
   service_ingress_api: true

glance/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Glance
 name: glance
-version: 0.3.7
+version: 0.3.8
 home: https://docs.openstack.org/glance/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png
 sources:

glance/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

glance/values.yaml

@@ -509,6 +509,8 @@ secrets:
       api:
         public: glance-tls-public
         internal: glance-tls-api
+  oci_image_registry:
+    glance: glance-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -527,6 +529,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      glance:
+        username: glance
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -975,6 +992,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
 ...

heat/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Heat
 name: heat
-version: 0.2.13
+version: 0.2.14
 home: https://docs.openstack.org/heat/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png
 sources:

heat/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

heat/values.yaml

@@ -804,6 +804,9 @@ secrets:
       cfn:
         public: cloudformation-tls-public
         internal: heat-tls-cfn
+  oci_image_registry:
+    heat: heat-oci-image-registry
+
 # typically overridden by environmental
 # values, but should include all endpoints
 # required by this chart
@@ -821,6 +824,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      heat:
+        username: heat
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -1335,6 +1353,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_cfn: true
   service_cloudwatch: false

horizon/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Horizon
 name: horizon
-version: 0.2.24
+version: 0.2.25
 home: https://docs.openstack.org/horizon/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png
 sources:

horizon/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

horizon/values.yaml

@@ -1233,6 +1233,8 @@ secrets:
       dashboard:
         public: horizon-tls-public
         internal: horizon-tls-web
+  oci_image_registry:
+    horizon: horizon-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -1251,6 +1253,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      horizon:
+        username: horizon
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -1376,6 +1393,7 @@ manifests:
   secret_db: true
   secret_ingress_tls: true
   secret_keystone: true
+  secret_registry: true
   service_ingress: true
   service: true
 ...

ironic/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Ironic
 name: ironic
-version: 0.2.5
+version: 0.2.6
 home: https://docs.openstack.org/ironic/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png
 sources:

ironic/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

ironic/values.yaml

@@ -350,6 +350,8 @@ secrets:
   oslo_messaging:
     admin: ironic-rabbitmq-admin
     ironic: ironic-rabbitmq-user
+  oci_image_registry:
+    ironic: ironic-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -368,6 +370,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      ironic:
+        username: ironic
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -709,6 +726,7 @@ manifests:
   secret_db: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_ingress_api: true
   statefulset_conductor: true

keystone/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.27
+version: 0.2.28
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:

keystone/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

keystone/values.yaml

@@ -900,6 +900,8 @@ secrets:
       api:
         public: keystone-tls-public
         internal: keystone-tls-api
+  oci_image_registry:
+    keystone: keystone-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -918,6 +920,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      keystone:
+        username: keystone
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     namespace: null
     name: keystone
@@ -1097,6 +1114,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
 ...

magnum/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Magnum
 name: magnum
-version: 0.2.6
+version: 0.2.7
 home: https://docs.openstack.org/magnum/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png
 sources:

magnum/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

magnum/values.yaml

@@ -314,6 +314,8 @@ secrets:
   oslo_messaging:
     admin: magnum-rabbitmq-admin
     magnum: magnum-rabbitmq-user
+  oci_image_registry:
+    magnum: magnum-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -332,6 +334,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      magnum:
+        username: magnum
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -649,6 +666,7 @@ manifests:
   secret_db: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_api: true
   service_ingress_api: true
   statefulset_conductor: true

masakari/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Masakari
 name: masakari
-version: 0.1.4
+version: 0.1.5
 home: https://docs.openstack.org/developer/masakari
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png
 sources:

masakari/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

masakari/values.yaml

@@ -61,6 +61,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      masakari:
+        username: masakari
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   instance_ha:
     name: masakari
     hosts:
@@ -226,6 +241,8 @@ secrets:
   oslo_messaging:
     admin: masakari-rabbitmq-admin
     masakari: masakari-rabbitmq-user
+  oci_image_registry:
+    masakari: masakari-oci-image-registry
 
 dependencies:
   static:
@@ -600,6 +617,7 @@ manifests:
   secret_db: true
   secret_rabbitmq: true
   secret_keystone: true
+  secret_registry: true
   job_rabbit_init: true
   service_api: true
   pdb_api: true

mistral/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Mistral
 name: mistral
-version: 0.2.4
+version: 0.2.5
 home: https://docs.openstack.org/mistral/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Mistral/OpenStack_Project_Mistral_vertical.png
 sources:

mistral/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

mistral/values.yaml

@@ -190,6 +190,8 @@ secrets:
   oslo_messaging:
     admin: mistral-rabbitmq-admin
     mistral: mistral-rabbitmq-user
+  oci_image_registry:
+    mistral: mistral-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -208,6 +210,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      mistral:
+        username: mistral
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -727,6 +744,7 @@ manifests:
   secret_db: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
   statefulset_engine: true

neutron/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.2.23
+version: 0.2.24
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:

neutron/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

neutron/values.yaml

@@ -2230,6 +2230,8 @@ secrets:
       server:
         public: neutron-tls-public
         internal: neutron-tls-server
+  oci_image_registry:
+    neutron: neutron-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -2248,6 +2250,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      neutron:
+        username: neutron
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   oslo_db:
     auth:
       admin:
@@ -2559,6 +2576,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_server: true
   service_server: true
 ...

nova/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Nova
 name: nova
-version: 0.2.42
+version: 0.2.43
 home: https://docs.openstack.org/nova/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
 sources:

nova/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

nova/values.yaml

@@ -1563,6 +1563,8 @@ secrets:
     compute_spice_proxy:
       spiceproxy:
         internal: nova-tls-spiceproxy
+  oci_image_registry:
+    nova: nova-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -1581,6 +1583,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      nova:
+        username: nova
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   oslo_db:
     auth:
       admin:
@@ -2458,6 +2475,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_metadata: true
   service_ingress_novncproxy: true
   service_ingress_osapi: true

octavia/Chart.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Octavia
 name: octavia
-version: 0.2.5
+version: 0.2.6
 home: https://docs.openstack.org/octavia/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Octavia/OpenStack_Project_Octavia_vertical.png
 sources:

octavia/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

octavia/values.yaml

@@ -350,6 +350,8 @@ secrets:
     load_balancer:
       api:
         public: octavia-tls-public
+  oci_image_registry:
+    octavia: octavia-oci-image-registry
 
 endpoints:
   cluster_domain_suffix: cluster.local
@@ -365,6 +367,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      octavia:
+        username: octavia
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -681,6 +698,7 @@ manifests:
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
 ...

placement/Chart.yaml

@@ -16,7 +16,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Placement
 name: placement
-version: 0.2.9
+version: 0.2.10
 home: https://docs.openstack.org/placement/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png
 sources:

placement/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

placement/values.yaml

@@ -227,6 +227,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      placement:
+        username: placement
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   oslo_db:
     auth:
       admin:
@@ -434,6 +449,8 @@ secrets:
       api:
         public: placement-tls-public
         internal: placement-tls-api
+  oci_image_registry:
+    placement: placement-oci-image-registry
 
 dependencies:
   dynamic:
@@ -510,6 +527,7 @@ manifests:
   network_policy: false
   secret_db: true
   secret_ingress_tls: true
+  secret_registry: true
   pdb: true
   ingress: true
   secret_keystone: true

rally/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm rally
 name: rally
-version: 0.2.5
+version: 0.2.6
 home: https://docs.openstack.org/developer/rally
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/rally/OpenStack_Project_rally_vertical.png
 sources:

rally/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

rally/values.yaml

@@ -205,6 +205,8 @@ secrets:
   oslo_db:
     admin: rally-db-admin
     rally: rally-db-user
+  oci_image_registry:
+    rally: rally-oci-image-registry
 
 endpoints:
   cluster_domain_suffix: cluster.local
@@ -220,6 +222,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      rally:
+        username: rally
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -4021,4 +4038,5 @@ manifests:
   pvc_rally: true
   secret_db: true
   secret_keystone: true
+  secret_registry: true
 ...

releasenotes/notes/aodh.yaml

@@ -7,4 +7,5 @@ aodh:
   - 0.2.2 Update htk requirements repo
   - 0.2.3 Enable taint toleration for Openstack services
   - 0.2.4 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
+  - 0.2.5 Added OCI registry authentication
 ...

releasenotes/notes/barbican.yaml

@@ -18,4 +18,5 @@ barbican:
   - 0.2.12 Remove older values overrides
   - 0.2.13 Migrated PodDisruptionBudget resource to policy/v1 API version
   - 0.2.14 Add Xena and Yoga values overrides
+  - 0.2.15 Added OCI registry authentication
 ...

releasenotes/notes/ceilometer.yaml

@@ -8,4 +8,5 @@ ceilometer:
   - 0.2.3 Enable taint toleration for Openstack services
   - 0.2.4 Update default image values to Wallaby
   - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.6 Added OCI registry authentication
 ...

releasenotes/notes/cinder.yaml

@@ -39,4 +39,5 @@ cinder:
   - 0.2.20 Allow cinder v1/v2 endpoint creation if needed
   - 0.2.21 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
   - 0.2.22 Add Xena and Yoga values overrides
+  - 0.2.23 Added OCI registry authentication
 ...

releasenotes/notes/cyborg.yaml

@@ -2,4 +2,5 @@
 cyborg:
   - 0.1.0 Initial Chart
   - 0.1.1 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.1.2 Added OCI registry authentication
 ...

releasenotes/notes/designate.yaml

@@ -9,4 +9,5 @@ designate:
   - 0.2.3 Fix extra volume mounts
   - 0.2.4 Update default image values to Wallaby
   - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.6 Added OCI registry authentication
 ...

releasenotes/notes/glance.yaml

@@ -28,4 +28,5 @@ glance:
   - 0.3.5 Migrated PodDisruptionBudget resource to policy/v1 API version
   - 0.3.6 Add Xena and Yoga values overrides
   - 0.3.7 Fix glance-etc template changing due to comment and whitespace between install and first upgrade
+  - 0.3.8 Added OCI registry authentication
 ...

releasenotes/notes/heat.yaml

@@ -20,4 +20,5 @@ heat:
   - 0.2.11 Remove old releases values override in heat
   - 0.2.12 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
   - 0.2.13 Add Xena and Yoga values overrides
+  - 0.2.14 Added OCI registry authentication
 ...

releasenotes/notes/horizon.yaml

@@ -34,4 +34,5 @@ horizon:
   - 0.2.22 Migrated PodDisruptionBudget resource to policy/v1 API version
   - 0.2.23 Add Xena and Yoga value overrides
   - 0.2.24 Remove blank lines in logo configmap
+  - 0.2.25 Added OCI registry authentication
 ...

releasenotes/notes/ironic.yaml

@@ -9,4 +9,5 @@ ironic:
   - 0.2.3 Enable taint toleration for Openstack services
   - 0.2.4 Update defaults to W release
   - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.6 Added OCI registry authentication
 ...

releasenotes/notes/keystone.yaml

@@ -43,4 +43,5 @@ keystone:
   - 0.2.25 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
   - 0.2.26 Add Xena and Yoga values overrides
   - 0.2.27 Use LOG.warning instead of deprecated LOG.warn
+  - 0.2.28 Added OCI registry authentication
 ...

releasenotes/notes/magnum.yaml

@@ -10,4 +10,5 @@ magnum:
   - 0.2.4 Mount empty temp_cache_dir for performance
   - 0.2.5 Update default image values to wallaby
   - 0.2.6 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.7 Added OCI registry authentication
 ...

releasenotes/notes/masakari.yaml

@@ -5,4 +5,5 @@ masakari:
   - 0.1.2 Added halm hook and fix for hostmonitors to support pacemaker remote
   - 0.1.3 Mount sudoers file for masakari hostmonitors
   - 0.1.4 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.1.5 Added OCI registry authentication
 ...

releasenotes/notes/mistral.yaml

@@ -8,4 +8,5 @@ mistral:
   - 0.2.2 Update htk requirements repo
   - 0.2.3 Update default imaage values to Wallaby
   - 0.2.4 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.5 Added OCI registry authentication
 ...

releasenotes/notes/neutron.yaml

@@ -37,4 +37,5 @@ neutron:
   - 0.2.21 Fix for qdhcp NS host validation for deleting wrong namespaces.
   - 0.2.22 Fix /run/xtables.lock may be a directory
   - 0.2.23 Add neutron_netns_cleanup_cron release image override, so that the respective release image is used
+  - 0.2.24 Added OCI registry authentication
 ...

releasenotes/notes/nova.yaml

@@ -63,4 +63,5 @@ nova:
   - 0.2.40 Updated naming for subchart compatibility
   - 0.2.41 Add Xena and Yoga values overrides
   - 0.2.42 Add missing configuration ``[vnc]/novncproxy_host``
+  - 0.2.43 Added OCI registry authentication
 ...

releasenotes/notes/octavia.yaml

@@ -9,4 +9,5 @@ octavia:
   - 0.2.3 Allow using log_config_append=null
   - 0.2.4 Fix transport_url
   - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version
+  - 0.2.6 Added OCI registry authentication
 ...

releasenotes/notes/placement.yaml

@@ -18,4 +18,5 @@ placement:
   - 0.2.7 Add helm hook annotations for db-sync job
   - 0.2.8 Migrated PodDisruptionBudget resource to policy/v1 API version
   - 0.2.9 Add Xena and Yoga values overrides
+  - 0.2.10 Added OCI registry authentication
 ...

releasenotes/notes/rally.yaml

@@ -8,4 +8,5 @@ rally:
   - 0.2.3 Update default image values to Wallaby
   - 0.2.4 Migrated PodDisruptionBudget resource to policy/v1 API version
   - 0.2.5 Add helm hook for jobs
+  - 0.2.6 Added OCI registry authentication
 ...

releasenotes/notes/senlin.yaml

@@ -9,4 +9,5 @@ senlin:
   - 0.2.4 Update default image release
   - 0.2.5 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
   - 0.2.6 Add helm.sh/hook annotations for Jobs
+  - 0.2.7 Added OCI registry authentication
 ...

releasenotes/notes/tempest.yaml

@@ -7,4 +7,5 @@ tempest:
   - 0.2.2 Add helm hook for ks job
   - 0.2.3 Fix logging config
   - 0.2.4 Update default image values to Wallaby
+  - 0.2.5 Added OCI registry authentication
 ...

senlin/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Senlin
 name: senlin
-version: 0.2.6
+version: 0.2.7
 home: https://docs.openstack.org/senlin/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png
 sources:

senlin/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

senlin/values.yaml

@@ -389,6 +389,8 @@ secrets:
   oslo_messaging:
     admin: senlin-rabbitmq-admin
     senlin: senlin-rabbitmq-user
+  oci_image_registry:
+    senlin: senlin-oci-image-registry
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -407,6 +409,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      senlin:
+        username: senlin
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -744,6 +761,7 @@ manifests:
   secret_db: true
   secret_keystone: true
   secret_rabbitmq: true
+  secret_registry: true
   service_ingress_api: true
   service_api: true
 ...

tempest/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Tempest
 name: tempest
-version: 0.2.4
+version: 0.2.5
 home: https://docs.openstack.org/tempest/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/tempest/OpenStack_Project_tempest_vertical.png
 sources:

tempest/templates/secret-registry.yaml

@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}

tempest/values.yaml

@@ -267,6 +267,8 @@ secrets:
   identity:
     admin: tempest-keystone-admin
     tempest: tempest-keystone-user
+  oci_image_registry:
+    tempest: tempest-oci-image-registry
 
 endpoints:
   cluster_domain_suffix: cluster.local
@@ -282,6 +284,21 @@ endpoints:
     port:
       registry:
         node: 5000
+  oci_image_registry:
+    name: oci-image-registry
+    namespace: oci-image-registry
+    auth:
+      enabled: false
+      tempest:
+        username: tempest
+        password: password
+    hosts:
+      default: localhost
+    host_fqdn_override:
+      default: null
+    port:
+      registry:
+        default: null
   identity:
     name: keystone
     auth:
@@ -342,4 +359,5 @@ manifests:
   job_ks_user: true
   job_run_tests: true
   secret_keystone: true
+  secret_registry: true
 ...