From ced30abead0bddb528d0c5fb7c1627dd8f1e22ba Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Tue, 2 Aug 2022 14:19:13 -0400 Subject: [PATCH] Support image registries with authentication Based on spec support-OCI-image-registry-with-authentication-turned-on.rst Each Helm chart can configure an OCI image registry and credentials to use. A Kubernetes secret is then created with this info. Service Accounts then specify an imagePullSecret specifying the Secret with creds for the registry. Then any pod using one of these ServiceAccounts may pull images from an authenticated container registry. Related OSH-infra change: https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142 Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8 --- aodh/Chart.yaml | 2 +- aodh/templates/secret-registry.yaml | 17 +++++++++++++++++ aodh/values.yaml | 20 +++++++++++++++++++- barbican/Chart.yaml | 2 +- barbican/templates/secret-registry.yaml | 17 +++++++++++++++++ barbican/values.yaml | 18 ++++++++++++++++++ ceilometer/Chart.yaml | 2 +- ceilometer/templates/secret-registry.yaml | 17 +++++++++++++++++ ceilometer/values.yaml | 18 ++++++++++++++++++ cinder/Chart.yaml | 2 +- cinder/templates/secret-registry.yaml | 17 +++++++++++++++++ cinder/values.yaml | 19 +++++++++++++++++++ cyborg/Chart.yaml | 2 +- cyborg/templates/secret-registry.yaml | 17 +++++++++++++++++ cyborg/values.yaml | 18 ++++++++++++++++++ designate/Chart.yaml | 2 +- designate/templates/secret-registry.yaml | 17 +++++++++++++++++ designate/values.yaml | 18 ++++++++++++++++++ glance/Chart.yaml | 2 +- glance/templates/secret-registry.yaml | 17 +++++++++++++++++ glance/values.yaml | 18 ++++++++++++++++++ heat/Chart.yaml | 2 +- heat/templates/secret-registry.yaml | 17 +++++++++++++++++ heat/values.yaml | 19 +++++++++++++++++++ horizon/Chart.yaml | 2 +- horizon/templates/secret-registry.yaml | 17 +++++++++++++++++ horizon/values.yaml | 18 ++++++++++++++++++ ironic/Chart.yaml | 2 +- ironic/templates/secret-registry.yaml | 17 +++++++++++++++++ ironic/values.yaml | 18 ++++++++++++++++++ keystone/Chart.yaml | 2 +- keystone/templates/secret-registry.yaml | 17 +++++++++++++++++ keystone/values.yaml | 18 ++++++++++++++++++ magnum/Chart.yaml | 2 +- magnum/templates/secret-registry.yaml | 17 +++++++++++++++++ magnum/values.yaml | 18 ++++++++++++++++++ masakari/Chart.yaml | 2 +- masakari/templates/secret-registry.yaml | 17 +++++++++++++++++ masakari/values.yaml | 18 ++++++++++++++++++ mistral/Chart.yaml | 2 +- mistral/templates/secret-registry.yaml | 17 +++++++++++++++++ mistral/values.yaml | 18 ++++++++++++++++++ neutron/Chart.yaml | 2 +- neutron/templates/secret-registry.yaml | 17 +++++++++++++++++ neutron/values.yaml | 18 ++++++++++++++++++ nova/Chart.yaml | 2 +- nova/templates/secret-registry.yaml | 17 +++++++++++++++++ nova/values.yaml | 18 ++++++++++++++++++ octavia/Chart.yaml | 2 +- octavia/templates/secret-registry.yaml | 17 +++++++++++++++++ octavia/values.yaml | 18 ++++++++++++++++++ placement/Chart.yaml | 2 +- placement/templates/secret-registry.yaml | 17 +++++++++++++++++ placement/values.yaml | 18 ++++++++++++++++++ rally/Chart.yaml | 2 +- rally/templates/secret-registry.yaml | 17 +++++++++++++++++ rally/values.yaml | 18 ++++++++++++++++++ releasenotes/notes/aodh.yaml | 1 + releasenotes/notes/barbican.yaml | 1 + releasenotes/notes/ceilometer.yaml | 1 + releasenotes/notes/cinder.yaml | 1 + releasenotes/notes/cyborg.yaml | 1 + releasenotes/notes/designate.yaml | 1 + releasenotes/notes/glance.yaml | 1 + releasenotes/notes/heat.yaml | 1 + releasenotes/notes/horizon.yaml | 1 + releasenotes/notes/ironic.yaml | 1 + releasenotes/notes/keystone.yaml | 1 + releasenotes/notes/magnum.yaml | 1 + releasenotes/notes/masakari.yaml | 1 + releasenotes/notes/mistral.yaml | 1 + releasenotes/notes/neutron.yaml | 1 + releasenotes/notes/nova.yaml | 1 + releasenotes/notes/octavia.yaml | 1 + releasenotes/notes/placement.yaml | 1 + releasenotes/notes/rally.yaml | 1 + releasenotes/notes/senlin.yaml | 1 + releasenotes/notes/tempest.yaml | 1 + senlin/Chart.yaml | 2 +- senlin/templates/secret-registry.yaml | 17 +++++++++++++++++ senlin/values.yaml | 18 ++++++++++++++++++ tempest/Chart.yaml | 2 +- tempest/templates/secret-registry.yaml | 17 +++++++++++++++++ tempest/values.yaml | 18 ++++++++++++++++++ 84 files changed, 780 insertions(+), 22 deletions(-) create mode 100644 aodh/templates/secret-registry.yaml create mode 100644 barbican/templates/secret-registry.yaml create mode 100644 ceilometer/templates/secret-registry.yaml create mode 100644 cinder/templates/secret-registry.yaml create mode 100644 cyborg/templates/secret-registry.yaml create mode 100644 designate/templates/secret-registry.yaml create mode 100644 glance/templates/secret-registry.yaml create mode 100644 heat/templates/secret-registry.yaml create mode 100644 horizon/templates/secret-registry.yaml create mode 100644 ironic/templates/secret-registry.yaml create mode 100644 keystone/templates/secret-registry.yaml create mode 100644 magnum/templates/secret-registry.yaml create mode 100644 masakari/templates/secret-registry.yaml create mode 100644 mistral/templates/secret-registry.yaml create mode 100644 neutron/templates/secret-registry.yaml create mode 100644 nova/templates/secret-registry.yaml create mode 100644 octavia/templates/secret-registry.yaml create mode 100644 placement/templates/secret-registry.yaml create mode 100644 rally/templates/secret-registry.yaml create mode 100644 senlin/templates/secret-registry.yaml create mode 100644 tempest/templates/secret-registry.yaml diff --git a/aodh/Chart.yaml b/aodh/Chart.yaml index eea7192c69..421ecc5395 100644 --- a/aodh/Chart.yaml +++ b/aodh/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: Openstack-Helm Aodh name: aodh -version: 0.2.4 +version: 0.2.5 home: https://docs.openstack.org/aodh/latest/ sources: - https://opendev.org/openstack/aodh diff --git a/aodh/templates/secret-registry.yaml b/aodh/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/aodh/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/aodh/values.yaml b/aodh/values.yaml index c584d10f7f..9d2fe68ec0 100644 --- a/aodh/values.yaml +++ b/aodh/values.yaml @@ -556,6 +556,8 @@ secrets: alarming: api: public: aodh-tls-public + oci_image_registry: + aodh: aodh-oci-image-registry bootstrap: enabled: false @@ -580,6 +582,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + aodh: + username: aodh + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -732,9 +749,10 @@ manifests: pdb_api: true pod_aodh_test: true secret_db: true + secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true - secret_ingress_tls: true + secret_registry: true service_api: true service_ingress_api: true ... diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml index 556bf9b592..0191c8435d 100644 --- a/barbican/Chart.yaml +++ b/barbican/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Barbican name: barbican -version: 0.2.14 +version: 0.2.15 home: https://docs.openstack.org/barbican/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png sources: diff --git a/barbican/templates/secret-registry.yaml b/barbican/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/barbican/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/barbican/values.yaml b/barbican/values.yaml index 5bd154e003..f595d9e6d9 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -496,6 +496,8 @@ secrets: key_manager: api: public: barbican-tls-public + oci_image_registry: + barbican: barbican-oci-image-registry endpoints: cluster_domain_suffix: cluster.local @@ -511,6 +513,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + barbican: + username: barbican + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -676,6 +693,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true ... diff --git a/ceilometer/Chart.yaml b/ceilometer/Chart.yaml index 18e5c5a463..ea302c0085 100644 --- a/ceilometer/Chart.yaml +++ b/ceilometer/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ceilometer name: ceilometer -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/ceilometer/latest/ sources: - https://opendev.org/openstack/ceilometer diff --git a/ceilometer/templates/secret-registry.yaml b/ceilometer/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ceilometer/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml index b314138dd6..0e146346fd 100644 --- a/ceilometer/values.yaml +++ b/ceilometer/values.yaml @@ -1732,6 +1732,8 @@ secrets: oslo_messaging: admin: ceilometer-rabbitmq-admin ceilometer: ceilometer-rabbitmq-user + oci_image_registry: + ceilometer: ceilometer-oci-image-registry bootstrap: enabled: false @@ -1756,6 +1758,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ceilometer: + username: ceilometer + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -2136,6 +2153,7 @@ manifests: secret_keystone: true secret_mongodb: true secret_rabbitmq: true + secret_registry: true service_api: true service_ingress_api: true ... diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml index da3cda8dce..536f64c600 100644 --- a/cinder/Chart.yaml +++ b/cinder/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Cinder name: cinder -version: 0.2.22 +version: 0.2.23 home: https://docs.openstack.org/cinder/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png sources: diff --git a/cinder/templates/secret-registry.yaml b/cinder/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/cinder/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cinder/values.yaml b/cinder/values.yaml index 70ddc817f9..647a0492a1 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -1261,6 +1261,9 @@ secrets: api: public: cinder-tls-public internal: cinder-tls-api + oci_image_registry: + cinder: cinder-oci-image-registry + # We use a different layout of the endpoints here to account for versioning # this swaps the service name and type, and should be rolled out to other # services. @@ -1278,6 +1281,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cinder: + username: cinder + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -1494,6 +1512,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_api: true service_ingress_api: true ... diff --git a/cyborg/Chart.yaml b/cyborg/Chart.yaml index da379cdd0d..84e344aacf 100644 --- a/cyborg/Chart.yaml +++ b/cyborg/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Cyborg name: cyborg -version: 0.1.1 +version: 0.1.2 home: https://docs.openstack.org/cyborg icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cyborg/OpenStack_Project_Cyborg_vertical.png sources: diff --git a/cyborg/templates/secret-registry.yaml b/cyborg/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/cyborg/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/cyborg/values.yaml b/cyborg/values.yaml index 0649b2125a..cfea638734 100644 --- a/cyborg/values.yaml +++ b/cyborg/values.yaml @@ -62,6 +62,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + cyborg: + username: cyborg + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null accelerator: name: cyborg hosts: @@ -245,6 +260,8 @@ secrets: oslo_messaging: admin: cyborg-rabbitmq-admin cyborg: cyborg-rabbitmq-user + oci_image_registry: + cyborg: cyborg-oci-image-registry dependencies: static: @@ -550,5 +567,6 @@ manifests: secret_db: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: false service_api: true diff --git a/designate/Chart.yaml b/designate/Chart.yaml index a4eb6ba0ec..d06a53377b 100644 --- a/designate/Chart.yaml +++ b/designate/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Designate name: designate -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/designate/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Designate/OpenStack_Project_Designate_vertical.jpg sources: diff --git a/designate/templates/secret-registry.yaml b/designate/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/designate/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/designate/values.yaml b/designate/values.yaml index ebcec73bd4..7abd43d54e 100644 --- a/designate/values.yaml +++ b/designate/values.yaml @@ -649,6 +649,8 @@ secrets: dns: api: public: designate-tls-public + oci_image_registry: + designate: designate-oci-image-registry endpoints: cluster_domain_suffix: cluster.local @@ -664,6 +666,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + designate: + username: designate + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -827,6 +844,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_api: true service_mdns: true service_ingress_api: true diff --git a/glance/Chart.yaml b/glance/Chart.yaml index 35efb0c61e..2d9f630f60 100644 --- a/glance/Chart.yaml +++ b/glance/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Glance name: glance -version: 0.3.7 +version: 0.3.8 home: https://docs.openstack.org/glance/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png sources: diff --git a/glance/templates/secret-registry.yaml b/glance/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/glance/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/glance/values.yaml b/glance/values.yaml index 6d4dcf4a98..ba5eca7d81 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -509,6 +509,8 @@ secrets: api: public: glance-tls-public internal: glance-tls-api + oci_image_registry: + glance: glance-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -527,6 +529,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + glance: + username: glance + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -975,6 +992,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true ... diff --git a/heat/Chart.yaml b/heat/Chart.yaml index 46663840a2..014e5845e6 100644 --- a/heat/Chart.yaml +++ b/heat/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Heat name: heat -version: 0.2.13 +version: 0.2.14 home: https://docs.openstack.org/heat/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Heat/OpenStack_Project_Heat_vertical.png sources: diff --git a/heat/templates/secret-registry.yaml b/heat/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/heat/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/heat/values.yaml b/heat/values.yaml index 36017d63bb..7b03ea7a79 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -804,6 +804,9 @@ secrets: cfn: public: cloudformation-tls-public internal: heat-tls-cfn + oci_image_registry: + heat: heat-oci-image-registry + # typically overridden by environmental # values, but should include all endpoints # required by this chart @@ -821,6 +824,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + heat: + username: heat + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -1335,6 +1353,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_api: true service_cfn: true service_cloudwatch: false diff --git a/horizon/Chart.yaml b/horizon/Chart.yaml index acc3d58ac6..39ea283033 100644 --- a/horizon/Chart.yaml +++ b/horizon/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Horizon name: horizon -version: 0.2.24 +version: 0.2.25 home: https://docs.openstack.org/horizon/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Horizon/OpenStack_Project_Horizon_vertical.png sources: diff --git a/horizon/templates/secret-registry.yaml b/horizon/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/horizon/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index 4ea901bb10..1f58555371 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -1233,6 +1233,8 @@ secrets: dashboard: public: horizon-tls-public internal: horizon-tls-web + oci_image_registry: + horizon: horizon-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -1251,6 +1253,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + horizon: + username: horizon + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -1376,6 +1393,7 @@ manifests: secret_db: true secret_ingress_tls: true secret_keystone: true + secret_registry: true service_ingress: true service: true ... diff --git a/ironic/Chart.yaml b/ironic/Chart.yaml index 9c1d361c23..033884e3fe 100644 --- a/ironic/Chart.yaml +++ b/ironic/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Ironic name: ironic -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/ironic/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Ironic/OpenStack_Project_Ironic_vertical.png sources: diff --git a/ironic/templates/secret-registry.yaml b/ironic/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/ironic/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/ironic/values.yaml b/ironic/values.yaml index ec3d0230c9..6e5e3a8d42 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -350,6 +350,8 @@ secrets: oslo_messaging: admin: ironic-rabbitmq-admin ironic: ironic-rabbitmq-user + oci_image_registry: + ironic: ironic-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -368,6 +370,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + ironic: + username: ironic + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -709,6 +726,7 @@ manifests: secret_db: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_api: true service_ingress_api: true statefulset_conductor: true diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml index dec751374a..8a247fbe61 100644 --- a/keystone/Chart.yaml +++ b/keystone/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Keystone name: keystone -version: 0.2.27 +version: 0.2.28 home: https://docs.openstack.org/keystone/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png sources: diff --git a/keystone/templates/secret-registry.yaml b/keystone/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/keystone/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/keystone/values.yaml b/keystone/values.yaml index 935f618454..d6ad7b9d51 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -900,6 +900,8 @@ secrets: api: public: keystone-tls-public internal: keystone-tls-api + oci_image_registry: + keystone: keystone-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -918,6 +920,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + keystone: + username: keystone + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: namespace: null name: keystone @@ -1097,6 +1114,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true ... diff --git a/magnum/Chart.yaml b/magnum/Chart.yaml index 6e24567ba5..3f4ccf6d8d 100644 --- a/magnum/Chart.yaml +++ b/magnum/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Magnum name: magnum -version: 0.2.6 +version: 0.2.7 home: https://docs.openstack.org/magnum/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Magnum/OpenStack_Project_Magnum_vertical.png sources: diff --git a/magnum/templates/secret-registry.yaml b/magnum/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/magnum/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/magnum/values.yaml b/magnum/values.yaml index aa7b7a478c..f4d042a192 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -314,6 +314,8 @@ secrets: oslo_messaging: admin: magnum-rabbitmq-admin magnum: magnum-rabbitmq-user + oci_image_registry: + magnum: magnum-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -332,6 +334,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + magnum: + username: magnum + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -649,6 +666,7 @@ manifests: secret_db: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_api: true service_ingress_api: true statefulset_conductor: true diff --git a/masakari/Chart.yaml b/masakari/Chart.yaml index 9b8942e881..a70095c1e7 100644 --- a/masakari/Chart.yaml +++ b/masakari/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Masakari name: masakari -version: 0.1.4 +version: 0.1.5 home: https://docs.openstack.org/developer/masakari icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png sources: diff --git a/masakari/templates/secret-registry.yaml b/masakari/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/masakari/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/masakari/values.yaml b/masakari/values.yaml index 72af72ed0d..e6629e5402 100644 --- a/masakari/values.yaml +++ b/masakari/values.yaml @@ -61,6 +61,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + masakari: + username: masakari + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null instance_ha: name: masakari hosts: @@ -226,6 +241,8 @@ secrets: oslo_messaging: admin: masakari-rabbitmq-admin masakari: masakari-rabbitmq-user + oci_image_registry: + masakari: masakari-oci-image-registry dependencies: static: @@ -600,6 +617,7 @@ manifests: secret_db: true secret_rabbitmq: true secret_keystone: true + secret_registry: true job_rabbit_init: true service_api: true pdb_api: true diff --git a/mistral/Chart.yaml b/mistral/Chart.yaml index 65c35823cb..59d2f3e613 100644 --- a/mistral/Chart.yaml +++ b/mistral/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Mistral name: mistral -version: 0.2.4 +version: 0.2.5 home: https://docs.openstack.org/mistral/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Mistral/OpenStack_Project_Mistral_vertical.png sources: diff --git a/mistral/templates/secret-registry.yaml b/mistral/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/mistral/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/mistral/values.yaml b/mistral/values.yaml index 5b4451c99e..dd65149852 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -190,6 +190,8 @@ secrets: oslo_messaging: admin: mistral-rabbitmq-admin mistral: mistral-rabbitmq-user + oci_image_registry: + mistral: mistral-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -208,6 +210,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + mistral: + username: mistral + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -727,6 +744,7 @@ manifests: secret_db: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true statefulset_engine: true diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index 1c885fea45..59c59a2f86 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.2.23 +version: 0.2.24 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/templates/secret-registry.yaml b/neutron/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/neutron/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 05d3e2db55..ee417bb072 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -2230,6 +2230,8 @@ secrets: server: public: neutron-tls-public internal: neutron-tls-server + oci_image_registry: + neutron: neutron-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -2248,6 +2250,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + neutron: + username: neutron + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: auth: admin: @@ -2559,6 +2576,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_server: true service_server: true ... diff --git a/nova/Chart.yaml b/nova/Chart.yaml index 49cfd379c2..1bf65e7879 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.2.42 +version: 0.2.43 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/templates/secret-registry.yaml b/nova/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/nova/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/nova/values.yaml b/nova/values.yaml index a039a01b6d..9d9f5ef69b 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1563,6 +1563,8 @@ secrets: compute_spice_proxy: spiceproxy: internal: nova-tls-spiceproxy + oci_image_registry: + nova: nova-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -1581,6 +1583,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + nova: + username: nova + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: auth: admin: @@ -2458,6 +2475,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_metadata: true service_ingress_novncproxy: true service_ingress_osapi: true diff --git a/octavia/Chart.yaml b/octavia/Chart.yaml index 3ec4f45339..d7e3a084ce 100644 --- a/octavia/Chart.yaml +++ b/octavia/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Octavia name: octavia -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/octavia/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Octavia/OpenStack_Project_Octavia_vertical.png sources: diff --git a/octavia/templates/secret-registry.yaml b/octavia/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/octavia/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/octavia/values.yaml b/octavia/values.yaml index 8ba4e7b138..2caf8ca80a 100644 --- a/octavia/values.yaml +++ b/octavia/values.yaml @@ -350,6 +350,8 @@ secrets: load_balancer: api: public: octavia-tls-public + oci_image_registry: + octavia: octavia-oci-image-registry endpoints: cluster_domain_suffix: cluster.local @@ -365,6 +367,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + octavia: + username: octavia + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -681,6 +698,7 @@ manifests: secret_ingress_tls: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true ... diff --git a/placement/Chart.yaml b/placement/Chart.yaml index 123caf885d..715159da9e 100644 --- a/placement/Chart.yaml +++ b/placement/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Placement name: placement -version: 0.2.9 +version: 0.2.10 home: https://docs.openstack.org/placement/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png sources: diff --git a/placement/templates/secret-registry.yaml b/placement/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/placement/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/placement/values.yaml b/placement/values.yaml index d3bd052dcb..578d9478e1 100644 --- a/placement/values.yaml +++ b/placement/values.yaml @@ -227,6 +227,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + placement: + username: placement + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null oslo_db: auth: admin: @@ -434,6 +449,8 @@ secrets: api: public: placement-tls-public internal: placement-tls-api + oci_image_registry: + placement: placement-oci-image-registry dependencies: dynamic: @@ -510,6 +527,7 @@ manifests: network_policy: false secret_db: true secret_ingress_tls: true + secret_registry: true pdb: true ingress: true secret_keystone: true diff --git a/rally/Chart.yaml b/rally/Chart.yaml index 514b0a5956..8b65d2eb09 100644 --- a/rally/Chart.yaml +++ b/rally/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm rally name: rally -version: 0.2.5 +version: 0.2.6 home: https://docs.openstack.org/developer/rally icon: https://www.openstack.org/themes/openstack/images/project-mascots/rally/OpenStack_Project_rally_vertical.png sources: diff --git a/rally/templates/secret-registry.yaml b/rally/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/rally/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/rally/values.yaml b/rally/values.yaml index 1346ba0d89..476c678e9c 100644 --- a/rally/values.yaml +++ b/rally/values.yaml @@ -205,6 +205,8 @@ secrets: oslo_db: admin: rally-db-admin rally: rally-db-user + oci_image_registry: + rally: rally-oci-image-registry endpoints: cluster_domain_suffix: cluster.local @@ -220,6 +222,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + rally: + username: rally + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -4021,4 +4038,5 @@ manifests: pvc_rally: true secret_db: true secret_keystone: true + secret_registry: true ... diff --git a/releasenotes/notes/aodh.yaml b/releasenotes/notes/aodh.yaml index c05714b0e7..c47f5737b2 100644 --- a/releasenotes/notes/aodh.yaml +++ b/releasenotes/notes/aodh.yaml @@ -7,4 +7,5 @@ aodh: - 0.2.2 Update htk requirements repo - 0.2.3 Enable taint toleration for Openstack services - 0.2.4 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 + - 0.2.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/barbican.yaml b/releasenotes/notes/barbican.yaml index d8a3c73111..574a186ae3 100644 --- a/releasenotes/notes/barbican.yaml +++ b/releasenotes/notes/barbican.yaml @@ -18,4 +18,5 @@ barbican: - 0.2.12 Remove older values overrides - 0.2.13 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.14 Add Xena and Yoga values overrides + - 0.2.15 Added OCI registry authentication ... diff --git a/releasenotes/notes/ceilometer.yaml b/releasenotes/notes/ceilometer.yaml index 9c206edaf7..4b0ee540dd 100644 --- a/releasenotes/notes/ceilometer.yaml +++ b/releasenotes/notes/ceilometer.yaml @@ -8,4 +8,5 @@ ceilometer: - 0.2.3 Enable taint toleration for Openstack services - 0.2.4 Update default image values to Wallaby - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/cinder.yaml b/releasenotes/notes/cinder.yaml index aecffb03c2..5765918010 100644 --- a/releasenotes/notes/cinder.yaml +++ b/releasenotes/notes/cinder.yaml @@ -39,4 +39,5 @@ cinder: - 0.2.20 Allow cinder v1/v2 endpoint creation if needed - 0.2.21 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.22 Add Xena and Yoga values overrides + - 0.2.23 Added OCI registry authentication ... diff --git a/releasenotes/notes/cyborg.yaml b/releasenotes/notes/cyborg.yaml index 12b461c5eb..d928f35259 100644 --- a/releasenotes/notes/cyborg.yaml +++ b/releasenotes/notes/cyborg.yaml @@ -2,4 +2,5 @@ cyborg: - 0.1.0 Initial Chart - 0.1.1 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.1.2 Added OCI registry authentication ... diff --git a/releasenotes/notes/designate.yaml b/releasenotes/notes/designate.yaml index 72c6578a78..1e6542a7d5 100644 --- a/releasenotes/notes/designate.yaml +++ b/releasenotes/notes/designate.yaml @@ -9,4 +9,5 @@ designate: - 0.2.3 Fix extra volume mounts - 0.2.4 Update default image values to Wallaby - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml index 0785c0c8e6..7c15a5c8c3 100644 --- a/releasenotes/notes/glance.yaml +++ b/releasenotes/notes/glance.yaml @@ -28,4 +28,5 @@ glance: - 0.3.5 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.3.6 Add Xena and Yoga values overrides - 0.3.7 Fix glance-etc template changing due to comment and whitespace between install and first upgrade + - 0.3.8 Added OCI registry authentication ... diff --git a/releasenotes/notes/heat.yaml b/releasenotes/notes/heat.yaml index f2535ef96d..58ee190d3c 100644 --- a/releasenotes/notes/heat.yaml +++ b/releasenotes/notes/heat.yaml @@ -20,4 +20,5 @@ heat: - 0.2.11 Remove old releases values override in heat - 0.2.12 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.13 Add Xena and Yoga values overrides + - 0.2.14 Added OCI registry authentication ... diff --git a/releasenotes/notes/horizon.yaml b/releasenotes/notes/horizon.yaml index 9bdc947700..534b5db944 100644 --- a/releasenotes/notes/horizon.yaml +++ b/releasenotes/notes/horizon.yaml @@ -34,4 +34,5 @@ horizon: - 0.2.22 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.23 Add Xena and Yoga value overrides - 0.2.24 Remove blank lines in logo configmap + - 0.2.25 Added OCI registry authentication ... diff --git a/releasenotes/notes/ironic.yaml b/releasenotes/notes/ironic.yaml index 5504a60ac4..0a2c98a676 100644 --- a/releasenotes/notes/ironic.yaml +++ b/releasenotes/notes/ironic.yaml @@ -9,4 +9,5 @@ ironic: - 0.2.3 Enable taint toleration for Openstack services - 0.2.4 Update defaults to W release - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml index ea79493118..d74a67bebe 100644 --- a/releasenotes/notes/keystone.yaml +++ b/releasenotes/notes/keystone.yaml @@ -43,4 +43,5 @@ keystone: - 0.2.25 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.26 Add Xena and Yoga values overrides - 0.2.27 Use LOG.warning instead of deprecated LOG.warn + - 0.2.28 Added OCI registry authentication ... diff --git a/releasenotes/notes/magnum.yaml b/releasenotes/notes/magnum.yaml index cc11677e7b..2da90ade18 100644 --- a/releasenotes/notes/magnum.yaml +++ b/releasenotes/notes/magnum.yaml @@ -10,4 +10,5 @@ magnum: - 0.2.4 Mount empty temp_cache_dir for performance - 0.2.5 Update default image values to wallaby - 0.2.6 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/masakari.yaml b/releasenotes/notes/masakari.yaml index 0d94188bfa..d9156ba7e3 100644 --- a/releasenotes/notes/masakari.yaml +++ b/releasenotes/notes/masakari.yaml @@ -5,4 +5,5 @@ masakari: - 0.1.2 Added halm hook and fix for hostmonitors to support pacemaker remote - 0.1.3 Mount sudoers file for masakari hostmonitors - 0.1.4 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.1.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/mistral.yaml b/releasenotes/notes/mistral.yaml index d95ef50431..d59921ce86 100644 --- a/releasenotes/notes/mistral.yaml +++ b/releasenotes/notes/mistral.yaml @@ -8,4 +8,5 @@ mistral: - 0.2.2 Update htk requirements repo - 0.2.3 Update default imaage values to Wallaby - 0.2.4 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.5 Added OCI registry authentication ... diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index 81619d9b06..014e457685 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -37,4 +37,5 @@ neutron: - 0.2.21 Fix for qdhcp NS host validation for deleting wrong namespaces. - 0.2.22 Fix /run/xtables.lock may be a directory - 0.2.23 Add neutron_netns_cleanup_cron release image override, so that the respective release image is used + - 0.2.24 Added OCI registry authentication ... diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index 74b2d59a83..fd757889a8 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -63,4 +63,5 @@ nova: - 0.2.40 Updated naming for subchart compatibility - 0.2.41 Add Xena and Yoga values overrides - 0.2.42 Add missing configuration ``[vnc]/novncproxy_host`` + - 0.2.43 Added OCI registry authentication ... diff --git a/releasenotes/notes/octavia.yaml b/releasenotes/notes/octavia.yaml index 87d44b88e7..c8c5669eeb 100644 --- a/releasenotes/notes/octavia.yaml +++ b/releasenotes/notes/octavia.yaml @@ -9,4 +9,5 @@ octavia: - 0.2.3 Allow using log_config_append=null - 0.2.4 Fix transport_url - 0.2.5 Migrated PodDisruptionBudget resource to policy/v1 API version + - 0.2.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/placement.yaml b/releasenotes/notes/placement.yaml index 500bceb399..b02a2fb46a 100644 --- a/releasenotes/notes/placement.yaml +++ b/releasenotes/notes/placement.yaml @@ -18,4 +18,5 @@ placement: - 0.2.7 Add helm hook annotations for db-sync job - 0.2.8 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.9 Add Xena and Yoga values overrides + - 0.2.10 Added OCI registry authentication ... diff --git a/releasenotes/notes/rally.yaml b/releasenotes/notes/rally.yaml index 276d4b7d63..d779a8c05d 100644 --- a/releasenotes/notes/rally.yaml +++ b/releasenotes/notes/rally.yaml @@ -8,4 +8,5 @@ rally: - 0.2.3 Update default image values to Wallaby - 0.2.4 Migrated PodDisruptionBudget resource to policy/v1 API version - 0.2.5 Add helm hook for jobs + - 0.2.6 Added OCI registry authentication ... diff --git a/releasenotes/notes/senlin.yaml b/releasenotes/notes/senlin.yaml index 50472a45e9..83a63cae4f 100644 --- a/releasenotes/notes/senlin.yaml +++ b/releasenotes/notes/senlin.yaml @@ -9,4 +9,5 @@ senlin: - 0.2.4 Update default image release - 0.2.5 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1 - 0.2.6 Add helm.sh/hook annotations for Jobs + - 0.2.7 Added OCI registry authentication ... diff --git a/releasenotes/notes/tempest.yaml b/releasenotes/notes/tempest.yaml index 1bb9ad2a01..714064fd26 100644 --- a/releasenotes/notes/tempest.yaml +++ b/releasenotes/notes/tempest.yaml @@ -7,4 +7,5 @@ tempest: - 0.2.2 Add helm hook for ks job - 0.2.3 Fix logging config - 0.2.4 Update default image values to Wallaby + - 0.2.5 Added OCI registry authentication ... diff --git a/senlin/Chart.yaml b/senlin/Chart.yaml index 2ef42fc85a..a7a71e0aad 100644 --- a/senlin/Chart.yaml +++ b/senlin/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Senlin name: senlin -version: 0.2.6 +version: 0.2.7 home: https://docs.openstack.org/senlin/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Senlin/OpenStack_Project_Senlin_vertical.png sources: diff --git a/senlin/templates/secret-registry.yaml b/senlin/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/senlin/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/senlin/values.yaml b/senlin/values.yaml index b245bd32a2..a0fcb54587 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -389,6 +389,8 @@ secrets: oslo_messaging: admin: senlin-rabbitmq-admin senlin: senlin-rabbitmq-user + oci_image_registry: + senlin: senlin-oci-image-registry # typically overridden by environmental # values, but should include all endpoints @@ -407,6 +409,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + senlin: + username: senlin + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -744,6 +761,7 @@ manifests: secret_db: true secret_keystone: true secret_rabbitmq: true + secret_registry: true service_ingress_api: true service_api: true ... diff --git a/tempest/Chart.yaml b/tempest/Chart.yaml index 8e2ecdc601..b1dde92c1b 100644 --- a/tempest/Chart.yaml +++ b/tempest/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Tempest name: tempest -version: 0.2.4 +version: 0.2.5 home: https://docs.openstack.org/tempest/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/tempest/OpenStack_Project_tempest_vertical.png sources: diff --git a/tempest/templates/secret-registry.yaml b/tempest/templates/secret-registry.yaml new file mode 100644 index 0000000000..da979b3223 --- /dev/null +++ b/tempest/templates/secret-registry.yaml @@ -0,0 +1,17 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }} +{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }} +{{- end }} diff --git a/tempest/values.yaml b/tempest/values.yaml index e36fb99595..5a6a2e5de2 100644 --- a/tempest/values.yaml +++ b/tempest/values.yaml @@ -267,6 +267,8 @@ secrets: identity: admin: tempest-keystone-admin tempest: tempest-keystone-user + oci_image_registry: + tempest: tempest-oci-image-registry endpoints: cluster_domain_suffix: cluster.local @@ -282,6 +284,21 @@ endpoints: port: registry: node: 5000 + oci_image_registry: + name: oci-image-registry + namespace: oci-image-registry + auth: + enabled: false + tempest: + username: tempest + password: password + hosts: + default: localhost + host_fqdn_override: + default: null + port: + registry: + default: null identity: name: keystone auth: @@ -342,4 +359,5 @@ manifests: job_ks_user: true job_run_tests: true secret_keystone: true + secret_registry: true ...