openstack
/
openstack-helm
Code Issues Proposed changes

Merge "Fix for creation endpoins and services when v1/v2 are disabled."

This commit is contained in:
Zuul 2023-01-20 18:00:59 +00:00 committed by Gerrit Code Review
parent 9ac2d7f4fa 9216563be2
commit e199168df8
21 changed files with 184 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cinder/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Cinder description: OpenStack-Helm Cinder
name: cinder name: cinder
version: 0.3.2 version: 0.3.3
home: https://docs.openstack.org/cinder/latest/ home: https://docs.openstack.org/cinder/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
sources: sources:

2
cinder/templates/configmap-etc.yaml
View File

@ -94,7 +94,7 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.osapi_volume_listen_port -}} {{- if empty .Values.conf.cinder.DEFAULT.osapi_volume_listen_port -}}
{{- $_ := tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.cinder.DEFAULT "osapi_volume_listen_port" -}} {{- $_ := tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.cinder.DEFAULT "osapi_volume_listen_port" -}}
{{- end -}} {{- end -}}
{{- if .Values.conf.cinder.service_user.send_service_user_token -}} {{- if .Values.conf.cinder.service_user.send_service_user_token -}}

4
cinder/templates/cron-job-cinder-volume-usage-audit.yaml
View File

@ -90,7 +90,7 @@ spec:
mountPath: /tmp/volume-usage-audit.sh mountPath: /tmp/volume-usage-audit.sh
subPath: volume-usage-audit.sh subPath: volume-usage-audit.sh
readOnly: true readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }} {{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }}
@ -107,7 +107,7 @@ spec:
configMap: configMap:
name: cinder-bin name: cinder-bin
defaultMode: 0555 defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }} {{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}

14
cinder/templates/deployment-api.yaml
View File

@ -93,17 +93,17 @@ spec:
- stop - stop
ports: ports:
- name: c-api - name: c-api
containerPort: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} containerPort: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
readinessProbe: readinessProbe:
httpGet: httpGet:
scheme: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: / path: /
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
livenessProbe: livenessProbe:
httpGet: httpGet:
scheme: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: / path: /
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
initialDelaySeconds: 30 initialDelaySeconds: 30
failureThreshold: 3 failureThreshold: 3
periodSeconds: 10 periodSeconds: 10
@ -165,7 +165,7 @@ spec:
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
volumes: volumes:
@ -188,7 +188,7 @@ spec:
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }} {{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

4
cinder/templates/deployment-scheduler.yaml
View File

@ -107,7 +107,7 @@ spec:
- name: cinder-coordination - name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
@ -128,7 +128,7 @@ spec:
- name: cinder-coordination - name: cinder-coordination
emptyDir: {} emptyDir: {}
{{- end }} {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }} {{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}

6
cinder/templates/deployment-volume.yaml
View File

@ -131,7 +131,7 @@ spec:
readOnly: true readOnly: true
- name: pod-shared - name: pod-shared
mountPath: /tmp/pod-shared mountPath: /tmp/pod-shared
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env: env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@ -281,7 +281,7 @@ spec:
mountPropagation: HostToContainer mountPropagation: HostToContainer
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
@ -351,7 +351,7 @@ spec:
path: /sys path: /sys
{{- end }} {{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }} {{ if $mounts_cinder_volume.volumes }}{{ toYaml $mounts_cinder_volume.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

6
cinder/templates/ingress-api.yaml
View File

@ -14,10 +14,10 @@ limitations under the License.
{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }} {{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
{{- $envAll := . -}} {{- $envAll := . -}}
{{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "volumev3" "backendPort" "c-api" -}} {{- $ingressOpts := dict "envAll" $envAll "backendServiceType" "volume" "backendPort" "c-api" -}}
{{- $secretName := $envAll.Values.secrets.tls.volumev3.api.internal -}} {{- $secretName := $envAll.Values.secrets.tls.volume.api.internal -}}
{{- if and .Values.manifests.certificates $secretName -}} {{- if and .Values.manifests.certificates $secretName -}}
{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.volumev3.host_fqdn_override.default.tls.issuerRef.name -}} {{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.volume.host_fqdn_override.default.tls.issuerRef.name -}}
{{- end -}} {{- end -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }} {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }} {{- end }}

2
cinder/templates/job-bootstrap.yaml
View File

@ -20,7 +20,7 @@ helm.sh/hook-weight: "5"
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }} {{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "cinder" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.cinder.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}} {{- $bootstrapJob := dict "envAll" . "serviceName" "cinder" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.cinder.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}} {{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}} {{- end -}}
{{- if .Values.pod.tolerations.cinder.enabled -}} {{- if .Values.pod.tolerations.cinder.enabled -}}
{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} {{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}

4
cinder/templates/job-create-internal-tenant.yaml
View File

@ -68,7 +68,7 @@ spec:
mountPath: /tmp/create-internal-tenant.sh mountPath: /tmp/create-internal-tenant.sh
subPath: create-internal-tenant.sh subPath: create-internal-tenant.sh
readOnly: true readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
env: env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@ -97,5 +97,5 @@ spec:
configMap: configMap:
name: {{ $configMapBin | quote }} name: {{ $configMapBin | quote }}
defaultMode: 0555 defaultMode: 0555
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end -}} {{- end -}}

11
cinder/templates/job-ks-endpoints.yaml
View File

@ -17,10 +17,17 @@ helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "-2" helm.sh/hook-weight: "-2"
{{- end }} {{- end }}
{{- $volTypes := list "volumev3" -}}
{{- if .Values.conf.cinder.DEFAULT.enable_v1_api }}
{{- $volTypes = append $volTypes "volume" }}
{{- end }}
{{- if .Values.conf.cinder.DEFAULT.enable_v2_api }}
{{- $volTypes = append $volTypes "volumev2" }}
{{- end }}
{{- if .Values.manifests.job_ks_endpoints }} {{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( tuple "volumev3" ) -}} {{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( $volTypes ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}} {{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}} {{- end -}}
{{- if .Values.helm3_hook }} {{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }}

11
cinder/templates/job-ks-service.yaml
View File

@ -24,9 +24,16 @@ helm.sh/hook-weight: "-3"
{{- $serviceTypes = append $serviceTypes $v }} {{- $serviceTypes = append $serviceTypes $v }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" $serviceTypes -}} {{- $volTypes := list "volumev3" -}}
{{- if .Values.conf.cinder.DEFAULT.enable_v1_api }}
{{- $volTypes = append $volTypes "volume" }}
{{- end }}
{{- if .Values.conf.cinder.DEFAULT.enable_v2_api }}
{{- $volTypes = append $volTypes "volumev2" }}
{{- end }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "cinder" "serviceTypes" ( $volTypes ) -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}} {{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}} {{- end -}}
{{- if .Values.helm3_hook }} {{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }}

2
cinder/templates/job-ks-user.yaml
View File

@ -20,7 +20,7 @@ helm.sh/hook-weight: "-1"
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "cinder" -}} {{- $ksUserJob := dict "envAll" . "serviceName" "cinder" -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}} {{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}}
{{- end -}} {{- end -}}
{{- if .Values.helm3_hook }} {{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }}

6
cinder/templates/pod-rally-test.yaml
View File

@ -53,7 +53,7 @@ spec:
mountPath: /tmp/ks-user.sh mountPath: /tmp/ks-user.sh
subPath: ks-user.sh subPath: ks-user.sh
readOnly: true readOnly: true
{{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} {{ dict "enabled" .Values.manifests.certificates "name" $envAll.Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
env: env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }} {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
@ -93,7 +93,7 @@ spec:
readOnly: true readOnly: true
- name: rally-db - name: rally-db
mountPath: /var/lib/rally mountPath: /var/lib/rally
{{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }} {{ dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
volumes: volumes:
- name: pod-tmp - name: pod-tmp
@ -108,6 +108,6 @@ spec:
defaultMode: 0555 defaultMode: 0555
- name: rally-db - name: rally-db
emptyDir: {} emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volumev3.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }} {{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }} {{- end }}

2
cinder/templates/secret-ingress-tls.yaml
View File

@ -13,5 +13,5 @@ limitations under the License.
*/}} */}}
{{- if .Values.manifests.secret_ingress_tls }} {{- if .Values.manifests.secret_ingress_tls }}
{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "volumev3" ) }} {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "volume" ) }}
{{- end }} {{- end }}

4
cinder/templates/service-api.yaml
View File

@ -18,11 +18,11 @@ limitations under the License.
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ tuple "volumev3" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} name: {{ tuple "volume" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec: spec:
ports: ports:
- name: c-api - name: c-api
port: {{ tuple "volumev3" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }} {{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }} nodePort: {{ .Values.network.api.node_port.port }}
{{ end }} {{ end }}

2
cinder/templates/service-ingress-api.yaml
View File

@ -13,6 +13,6 @@ limitations under the License.
*/}} */}}
{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }} {{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "volumev3" -}} {{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "volume" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }} {{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }} {{- end }}

81
cinder/values.yaml
View File

@ -434,7 +434,19 @@ conf:
composite:osapi_volume: composite:osapi_volume:
use: call:cinder.api:root_app_factory use: call:cinder.api:root_app_factory
/: apiversions /: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3 /v3: openstack_volume_api_v3
composite:openstack_volume_api_v1:
use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv1
composite:openstack_volume_api_v2:
use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
keystone: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
keystone_nolimit: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken audit keystonecontext apiv2
composite:openstack_volume_api_v3: composite:openstack_volume_api_v3:
use: call:cinder.api.middleware.auth:pipeline_factory use: call:cinder.api.middleware.auth:pipeline_factory
noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3 noauth: cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
@ -455,6 +467,10 @@ conf:
paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory paste.filter_factory: cinder.api.middleware.auth:NoAuthMiddleware.factory
filter:sizelimit: filter:sizelimit:
paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
app:apiv1:
paste.app_factory: cinder.api.v1.router:APIRouter.factory
app:apiv2:
paste.app_factory: cinder.api.v2.router:APIRouter.factory
app:apiv3: app:apiv3:
paste.app_factory: cinder.api.v3.router:APIRouter.factory paste.app_factory: cinder.api.v3.router:APIRouter.factory
pipeline:apiversions: pipeline:apiversions:
@ -487,6 +503,8 @@ conf:
types: type types: type
volumes: volume volumes: volume
service_endpoints: service_endpoints:
volume: service/storage/block
volumev2: service/storage/block
volumev3: service/storage/block volumev3: service/storage/block
cinder_sudoers: | cinder_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images. # This sudoers file supports rootwrap for both Kolla and LOCI Images.
@ -774,6 +792,7 @@ conf:
use_syslog: false use_syslog: false
use_stderr: true use_stderr: true
enable_v1_api: false enable_v1_api: false
enable_v2_api: false
volume_name_template: "%s" volume_name_template: "%s"
osapi_volume_workers: 1 osapi_volume_workers: 1
glance_api_version: 2 glance_api_version: 2
@ -911,7 +930,7 @@ conf:
rados_connect_timeout: -1 rados_connect_timeout: -1
rbd_user: cinder rbd_user: cinder
rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 rbd_secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
image_volume_cache_enabled: True image_volume_cache_enabled: true
image_volume_cache_max_size_gb: 200 image_volume_cache_max_size_gb: 200
image_volume_cache_max_count: 50 image_volume_cache_max_count: 50
rally_tests: rally_tests:
@ -1029,7 +1048,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
backup_storage_init: backup_storage_init:
jobs: null jobs: null
bootstrap: bootstrap:
@ -1037,7 +1056,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
pod: pod:
- requireSameNode: false - requireSameNode: false
labels: labels:
@ -1088,7 +1107,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
storage_init: storage_init:
jobs: null jobs: null
tests: tests:
@ -1096,7 +1115,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
volume: volume:
jobs: jobs:
- cinder-db-sync - cinder-db-sync
@ -1108,7 +1127,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
volume_usage_audit: volume_usage_audit:
jobs: jobs:
- cinder-db-sync - cinder-db-sync
@ -1120,7 +1139,7 @@ dependencies:
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
service: volumev3 service: volume
image_repo_sync: image_repo_sync:
services: services:
- endpoint: internal - endpoint: internal
@ -1147,7 +1166,7 @@ secrets:
admin: cinder-rabbitmq-admin admin: cinder-rabbitmq-admin
cinder: cinder-rabbitmq-user cinder: cinder-rabbitmq-user
tls: tls:
volumev3: volume:
api: api:
public: cinder-tls-public public: cinder-tls-public
internal: cinder-tls-api internal: cinder-tls-api
@ -1240,8 +1259,52 @@ endpoints:
api: api:
default: 9292 default: 9292
public: 80 public: 80
volumev3: volume:
name: cinder name: cinder
hosts:
default: cinder-api
public: cinder
host_fqdn_override:
default: null
# NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: '/v1/%(tenant_id)s'
scheme:
default: 'http'
port:
api:
default: 8776
public: 80
volumev2:
name: cinderv2
hosts:
default: cinder-api
public: cinder
host_fqdn_override:
default: null
# NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
# endpoints using the following format:
# public:
# host: null
# tls:
# crt: null
# key: null
path:
default: '/v2/%(tenant_id)s'
scheme:
default: 'http'
port:
api:
default: 8776
public: 80
volumev3:
name: cinderv3
hosts: hosts:
default: cinder-api default: cinder-api
public: cinder public: cinder

30
cinder/values_overrides/tls.yaml
View File

@ -33,7 +33,7 @@ conf:
ThreadLimit 720 ThreadLimit 720
</IfModule> </IfModule>
wsgi_cinder: | wsgi_cinder: |
{{- $portInt := tuple "volumev3" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} {{- $portInt := tuple "volume" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }} Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}> <VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }} ServerName {{ printf "%s.%s.svc.%s" "cinder-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
@ -95,6 +95,34 @@ endpoints:
port: port:
api: api:
public: 443 public: 443
volume:
host_fqdn_override:
default:
tls:
secretName: cinder-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
internal: https
port:
api:
public: 443
volumev2:
host_fqdn_override:
default:
tls:
secretName: cinder-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
internal: https
port:
api:
public: 443
volumev3: volumev3:
host_fqdn_override: host_fqdn_override:
default: default:

2
doc/source/specs/tenant-ceph.rst
View File

@ -1019,8 +1019,10 @@ Update script overrides as following:
| ID | Name | Type | | ID | Name | Type |
+----------------------------------+----------+--------------+ +----------------------------------+----------+--------------+
| 0eddeb6af4fd43ea8f73f63a1ae01438 | swift | object-store | | 0eddeb6af4fd43ea8f73f63a1ae01438 | swift | object-store |
| 66bd0179eada4ab8899a58356fd4d508 | cinder | volume |
| 67cc6b945e934246b25d31a9374a64af | keystone | identity | | 67cc6b945e934246b25d31a9374a64af | keystone | identity |
| 81a61ec8eff74070bb3c2f0118c1bcd5 | glance | image | | 81a61ec8eff74070bb3c2f0118c1bcd5 | glance | image |
| c126046fc5ec4c52acfc8fee0e2f4dda | cinderv2 | volumev2 |
| f89b99a31a124b7790e3bb60387380b1 | cinderv3 | volumev3 | | f89b99a31a124b7790e3bb60387380b1 | cinderv3 | volumev3 |
+----------------------------------+----------+--------------+ +----------------------------------+----------+--------------+
+ sleep 30 + sleep 30

1
releasenotes/notes/cinder.yaml
View File

@ -52,4 +52,5 @@ cinder:
- 0.3.0 Remove support for Train and Ussuri - 0.3.0 Remove support for Train and Ussuri
- 0.3.1 Change ceph-config-helper image tag - 0.3.1 Change ceph-config-helper image tag
- 0.3.2 Remove default policy rules - 0.3.2 Remove default policy rules
- 0.3.3 Fix for creation endpoins and services when v1/v2 are disabled
... ...

32
tools/deployment/common/setup-certificates.sh
View File

@ -281,6 +281,38 @@ $(cat ${GLANCE_API_CRT} | sed 's/^/ /')
key: | key: |
$(cat ${GLANCE_API_KEY} | sed 's/^/ /') $(cat ${GLANCE_API_KEY} | sed 's/^/ /')
ca: | ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volume:
scheme:
public: https
port:
api:
public: 443
host_fqdn_override:
public:
host: "$(cat "${CINDER_CSR}" | jq -r '.CN')"
tls:
crt: |
$(cat ${CINDER_CRT} | sed 's/^/ /')
key: |
$(cat ${CINDER_KEY} | sed 's/^/ /')
ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volumev2:
scheme:
public: https
port:
api:
public: 443
host_fqdn_override:
public:
host: "$(cat "${CINDER_CSR}" | jq -r '.CN')"
tls:
crt: |
$(cat ${CINDER_CRT} | sed 's/^/ /')
key: |
$(cat ${CINDER_KEY} | sed 's/^/ /')
ca: |
$(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /') $(cat ${OSH_CA_ROOT}/ca.pem | sed 's/^/ /')
volumev3: volumev3:
scheme: scheme: