openstack-armada-app/openstack-helm/files/0004-Support-ingress-creation-for-keystone-admin-endpoint.patch

From db7a5422e48b963966c5e830d6f4391006a42578 Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Wed, 4 Dec 2019 13:35:44 -0500
Subject: [PATCH] Support ingress creation for keystone admin endpoint

This update added support to create ingress for custom keystone admin
endpoint. It can be used by deployment to expose keytone admin endpoint
to outside of the cluster by ingress.

Story: 2006588
Task: 37747
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 keystone/templates/ingress-api.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml
index de36571..37c3013 100644
--- a/keystone/templates/ingress-api.yaml
+++ b/keystone/templates/ingress-api.yaml
@@ -21,3 +21,11 @@ limitations under the License.
 {{- end -}}
 {{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
 {{- end }}
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.admin }}
+{{ $ingressNamePublic := tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+{{ $ingressNameAdmin := tuple "identity" "admin" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+{{- if not (eq $ingressNamePublic $ingressNameAdmin) }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "identity" "backendPort" "ks-pub" "endpoint" "admin" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
+{{- end }}
-- 
1.8.3.1
Support ingress creation for keystone admin endpoint This update patched openstack keystone helm chart to support ingress creation for custom admin endpoint. It will be used in DC subcloud deployment to expose keystone admin endpoint to System Controller. The change has been submitted to upstream openstack-helm for review: https://review.opendev.org/#/c/697525/ Change-Id: I5792f3f9031470ab97a4dea8f47eff244160f8ee Story: 2006588 Task: 37747 Signed-off-by: Andy Ning <andy.ning@windriver.com> 2019-12-04 14:17:03 -05:00			`From db7a5422e48b963966c5e830d6f4391006a42578 Mon Sep 17 00:00:00 2001`
			`From: Andy Ning <andy.ning@windriver.com>`
			`Date: Wed, 4 Dec 2019 13:35:44 -0500`
			`Subject: [PATCH] Support ingress creation for keystone admin endpoint`

			`This update added support to create ingress for custom keystone admin`
			`endpoint. It can be used by deployment to expose keytone admin endpoint`
			`to outside of the cluster by ingress.`

			`Story: 2006588`
			`Task: 37747`
			`Signed-off-by: Andy Ning <andy.ning@windriver.com>`
			`---`
			`keystone/templates/ingress-api.yaml \| 9 +++++++++`
			`1 file changed, 9 insertions(+)`

			`diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml`
			`index de36571..37c3013 100644`
			`--- a/keystone/templates/ingress-api.yaml`
			`+++ b/keystone/templates/ingress-api.yaml`
Update openstack-helm commit This commit is rebasing on upstream commit 7803000a545687ec40b0ddc41d46a6b377dea45f and also remove some patches that were already merged. This change depends on the rebase of openstack-helm-infra made at https://opendev.org/starlingx/openstack-armada-app/commit/01f6571912c9d88afcda481e64a385807bd2d4a9 Patch 0005-Nova-Add-support-for-disabling-Readiness-Liveness-pr.patch This patch was dropped because a feature that add this support was implemented in 2020. It can be found on commit https://opendev.org/openstack/openstack-helm/commit/af4e2aaadd99e8cebac4ae617e1e10c7a3e2c8b9 Patch 0007-Allow-more-generic-overrides-for-placeme.patch Changes that this patch applies were already applied on commit https://opendev.org/openstack/openstack-helm/commit/bdbea96326828f2655f6a9a4f580e01ef9db7c1a Patch 0009-Disabling-helm3_hook.patch Adding a helm3_hook in values.yaml file in case hooks needs to be disabled Patch 0011-Trust-public-ingress-certificate.patch Removed in favor of using the openstack-helm implementation of tls support. As we are dropping this patch we moved the changes to the patch where the job is created. Commits can be found on https://opendev.org/openstack/openstack-helm/commits/branch/master/search?q=feat%28tls%29 Patch 0012-Update-helm-tookit-dependencies-to-0.2.19.patch Changes that this patch applies were already applied on commit https://opendev.org/openstack/openstack-helm/commit/20b6b9a236b6358046f840c5bb1c5f793dc14ded Due to changes implemented on https://github.com/openstack/openstack-helm/commit/054affa29078ce5f5415b571300af7bbe0577995#diff-9bd79f0fd832cb30fa4f4b6242b9059fbc0c81b30541b4243ff29cdf39bce621R63 python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/cinder.py needed to be modified so the system overrides for the ceph client matches the name of the internal ceph cluster we that StarlingX creates and the deployment-cinder.yaml renders without issues. We've change the endpoints on nova-api-proxy/templates/deployment.yaml as in upstream openstack-helm deals with TLS internally, however in starlingx there is a workaround that forces public endpoint for openstack services. Although after some changes on openstack-helm that came with this rebase and using cert-manager to generate all tls internal secrets we dont need to do this anymore. The volume mounts for dev-pts at python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/nova.py were removed since this problem was fixed upstream on https://github.com/openstack/openstack-helm/commit/04d600c5b0f6f46e85c2a9b05f514a141f56fb31 Story: 2009161 Task: 43150 Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0 Signed-off-by: Arthur Luz de Avila <arthur.luzdeavila@windriver.com> Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com> Change-Id: Iaf7d4bf9aa80e1d5acacdfe24743d41d4e67a8c0 2021-09-16 17:23:10 -03:00			`@@ -21,3 +21,11 @@ limitations under the License.`
			`{{- end -}}`
Support ingress creation for keystone admin endpoint This update patched openstack keystone helm chart to support ingress creation for custom admin endpoint. It will be used in DC subcloud deployment to expose keystone admin endpoint to System Controller. The change has been submitted to upstream openstack-helm for review: https://review.opendev.org/#/c/697525/ Change-Id: I5792f3f9031470ab97a4dea8f47eff244160f8ee Story: 2006588 Task: 37747 Signed-off-by: Andy Ning <andy.ning@windriver.com> 2019-12-04 14:17:03 -05:00			`{{ $ingressOpts \| include "helm-toolkit.manifests.ingress" }}`
			`{{- end }}`
			`+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.admin }}`
			`+{{ $ingressNamePublic := tuple "identity" "public" . \| include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}`
			`+{{ $ingressNameAdmin := tuple "identity" "admin" . \| include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}`
			`+{{- if not (eq $ingressNamePublic $ingressNameAdmin) }}`
			`+{{- $ingressOpts := dict "envAll" . "backendServiceType" "identity" "backendPort" "ks-pub" "endpoint" "admin" -}}`
			`+{{ $ingressOpts \| include "helm-toolkit.manifests.ingress" }}`
			`+{{- end }}`
			`+{{- end }}`
			`--`
			`1.8.3.1`