diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst index 1133b832..460ee30e 100644 --- a/centos_tarball-dl.lst +++ b/centos_tarball-dl.lst @@ -1,2 +1,2 @@ openstack-helm-34a7533b6484a157c8725889d0d68e792e13fc8d.tar.gz#openstack-helm#https://github.com/openstack/openstack-helm/archive/34a7533b6484a157c8725889d0d68e792e13fc8d.tar.gz#http## -openstack-helm-infra-34d54f2812b7d54431d548cff08fe8da7f838124.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/34d54f2812b7d54431d548cff08fe8da7f838124.tar.gz#http## +openstack-helm-infra-8351fdd0f1228717342c2accc96977b0cdc36dc3.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/8351fdd0f1228717342c2accc96977b0cdc36dc3.tar.gz#http## diff --git a/openstack-helm-infra/centos/build_srpm.data b/openstack-helm-infra/centos/build_srpm.data index d45a415e..8ab77c9a 100644 --- a/openstack-helm-infra/centos/build_srpm.data +++ b/openstack-helm-infra/centos/build_srpm.data @@ -1,5 +1,5 @@ TAR_NAME=openstack-helm-infra -SHA=34d54f2812b7d54431d548cff08fe8da7f838124 +SHA=8351fdd0f1228717342c2accc96977b0cdc36dc3 VERSION=1.0.0 TAR="$TAR_NAME-$SHA.tar.gz" diff --git a/openstack-helm-infra/centos/openstack-helm-infra.spec b/openstack-helm-infra/centos/openstack-helm-infra.spec index 1d02aba1..1553eeb7 100644 --- a/openstack-helm-infra/centos/openstack-helm-infra.spec +++ b/openstack-helm-infra/centos/openstack-helm-infra.spec @@ -1,4 +1,4 @@ -%global sha 34d54f2812b7d54431d548cff08fe8da7f838124 +%global sha 8351fdd0f1228717342c2accc96977b0cdc36dc3 %global helm_folder /usr/lib/helm Summary: Openstack-Helm-Infra charts @@ -16,21 +16,17 @@ Source1: repositories.yaml BuildArch: noarch Patch01: 0001-Add-imagePullSecrets-in-service-account.patch -Patch02: 0002-Set-Min-NGINX-handles.patch Patch03: 0003-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch Patch04: 0004-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch Patch05: 0005-Add-io_thread_pool-for-rabbitmq.patch Patch06: 0006-Enable-override-of-rabbitmq-probe-parameters.patch -Patch07: 0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch -Patch08: 0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch Patch09: 0009-Enable-override-of-mariadb-server-probe-parameters.patch -Patch10: 0010-Mariadb-use-utf8_general_ci-collation-as-default.patch Patch11: 0011-Add-mariadb-database-config-override-to-support-ipv6.patch Patch12: 0012-enable-Values.conf.database.config_override-for-mari.patch Patch13: 0013-Allow-set-public-endpoint-url-for-all-openstack-types.patch Patch14: 0014-Add-tolerations-to-rabbitmq-chart.patch Patch15: 0015-Add-tolerations-to-mariadb-chart.patch -Patch16: 0016-Add-Trust-ingress-support-to-helm-toolkit.patch +Patch16: 0016-Disabling-helm3_hooks.patch BuildRequires: helm BuildRequires: chartmuseum @@ -41,15 +37,11 @@ Openstack Helm Infra charts %prep %setup -n openstack-helm-infra %patch01 -p1 -%patch02 -p1 %patch03 -p1 %patch04 -p1 %patch05 -p1 %patch06 -p1 -%patch07 -p1 -%patch08 -p1 %patch09 -p1 -%patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 diff --git a/openstack-helm-infra/files/0002-Set-Min-NGINX-handles.patch b/openstack-helm-infra/files/0002-Set-Min-NGINX-handles.patch deleted file mode 100644 index 196c3385..00000000 --- a/openstack-helm-infra/files/0002-Set-Min-NGINX-handles.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 93ec2454cba41bf3de1419bada1f145f1ca9dbd9 Mon Sep 17 00:00:00 2001 -From: Al Bailey -Date: Wed, 20 Feb 2019 13:56:27 -0600 -Subject: [PATCH 3/4] Set Min NGINX handles - -Signed-off-by: Robert Church ---- - mariadb/files/nginx.tmpl | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl -index 5ec3d0d..07b7cc5 100644 ---- a/mariadb/files/nginx.tmpl -+++ b/mariadb/files/nginx.tmpl -@@ -23,7 +23,9 @@ daemon off; - - worker_processes {{ $cfg.WorkerProcesses }}; - pid /run/nginx.pid; --{{ if ne .MaxOpenFiles 0 }} -+{{ if lt .MaxOpenFiles 2048 }} -+worker_rlimit_nofile 2048; -+{{else}} - worker_rlimit_nofile {{ .MaxOpenFiles }}; - {{ end }} - --- -2.16.5 - diff --git a/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch b/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch index 1922f8d9..9d34ad45 100644 --- a/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch +++ b/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch @@ -24,32 +24,32 @@ index 41dc198..e0e61e6 100644 volumeMounts: - name: pod-tmp mountPath: /tmp -@@ -191,6 +195,10 @@ spec: - value: "{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" - - name: PORT_CLUSTERING - value: "{{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}" +@@ -215,6 +219,10 @@ spec: + {{- if ne (.Values.conf.feature_flags | default "") "default" }} + - name: RABBITMQ_FEATURE_FLAGS + value: "{{ .Values.conf.feature_flags }}" ++{{- end }} +{{- if $envAll.Values.io_thread_pool.enabled }} + - name: RABBITMQ_IO_THREAD_POOL_SIZE + value: {{ $envAll.Values.io_thread_pool.size | quote }} -+{{- end }} + {{- end }} readinessProbe: initialDelaySeconds: 10 - timeoutSeconds: 10 diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 6c95787..9cd3a91 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml -@@ -334,6 +334,10 @@ volume: - class_name: general - size: 256Mi - +@@ -375,6 +375,10 @@ volume: + # Set helm3_hook to false while using helm2 + helm3_hook: true + +io_thread_pool: + enabled: false + size: 64 + manifests: + certificates: false configmap_bin: true - configmap_etc: true --- +-- 2.7.4 diff --git a/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch b/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch index bf41eb4b..e8ecf70c 100644 --- a/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch +++ b/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch @@ -17,7 +17,7 @@ diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulse index e0e61e6..f71dc3e 100644 --- a/rabbitmq/templates/statefulset.yaml +++ b/rabbitmq/templates/statefulset.yaml -@@ -200,14 +200,16 @@ spec: +@@ -225,14 +225,16 @@ spec: value: {{ $envAll.Values.io_thread_pool.size | quote }} {{- end }} readinessProbe: @@ -30,7 +30,7 @@ index e0e61e6..f71dc3e 100644 command: - /tmp/rabbitmq-readiness.sh livenessProbe: -- initialDelaySeconds: 30 +- initialDelaySeconds: 60 - timeoutSeconds: 10 + initialDelaySeconds: {{ $envAll.Values.pod.probes.liveness.initialDelaySeconds }} + periodSeconds: {{ $envAll.Values.pod.probes.liveness.periodSeconds }} diff --git a/openstack-helm-infra/files/0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch b/openstack-helm-infra/files/0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch deleted file mode 100644 index 63d368c6..00000000 --- a/openstack-helm-infra/files/0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6fccedb6743ea240d52fbe52f3129e7dc5ee29db Mon Sep 17 00:00:00 2001 -From: Zhipeng Liu -Date: Thu, 27 Feb 2020 01:01:57 +0800 -Subject: [PATCH] Fix ipv6 address issue causing mariadb ingress not ready - -Signed-off-by: Zhipeng Liu ---- - mariadb/files/nginx.tmpl | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl -index 5ec3d0d..356fad5 100644 ---- a/mariadb/files/nginx.tmpl -+++ b/mariadb/files/nginx.tmpl -@@ -473,11 +473,11 @@ stream { - {{ range $j, $endpoint := $tcpServer.Endpoints }} - {{ if eq $j 0 }} - # NOTE(portdirect): see https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/#passive-tcp-health-checks to tune passive healthchecks -- server {{ $endpoint.Address }}:{{ $endpoint.Port }}; -+ server {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }}; - {{ else if eq $j 1 }} -- server {{ $endpoint.Address }}:{{ $endpoint.Port }} backup; -+ server {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }} backup; - {{ else }} -- server {{ $endpoint.Address }}:{{ $endpoint.Port }} down; -+ server {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }} down; - {{ end }} - {{ end }} - } --- -2.7.4 - diff --git a/openstack-helm-infra/files/0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch b/openstack-helm-infra/files/0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch deleted file mode 100644 index dec1a467..00000000 --- a/openstack-helm-infra/files/0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch +++ /dev/null @@ -1,93 +0,0 @@ -From d6ed947c071d8eeaf646e42dae55fc0d0764d23c Mon Sep 17 00:00:00 2001 -From: Zhipeng Liu -Date: Fri, 20 Mar 2020 23:37:20 +0800 -Subject: [PATCH] Fix rabbitmq could not bind port to ipv6 address issue - -Signed-off-by: Zhipeng Liu ---- - rabbitmq/templates/configmap-etc.yaml | 11 ++++++++++- - rabbitmq/templates/statefulset.yaml | 10 ++++++++++ - rabbitmq/values.yaml | 7 +++++-- - 3 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/rabbitmq/templates/configmap-etc.yaml b/rabbitmq/templates/configmap-etc.yaml -index 87f25f5..ca05c8e 100644 ---- a/rabbitmq/templates/configmap-etc.yaml -+++ b/rabbitmq/templates/configmap-etc.yaml -@@ -21,7 +21,9 @@ limitations under the License. - {{- $_ := print "kubernetes.default.svc." $envAll.Values.endpoints.cluster_domain_suffix | set $envAll.Values.conf.rabbitmq.cluster_formation.k8s "host" -}} - {{- end -}} - --{{- $_ := print "0.0.0.0:" ( tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | set $envAll.Values.conf.rabbitmq.listeners.tcp "1" -}} -+{{- $_ := print ":::" ( tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | set $envAll.Values.conf.rabbitmq.listeners.tcp "1" -}} -+ -+{{- $_ := tuple "oslo_messaging" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set $envAll.Values.conf.rabbitmq "management.listener.port" -}} - - --- - apiVersion: v1 -@@ -33,4 +35,11 @@ data: - {{ tuple "etc/_enabled_plugins.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - rabbitmq.conf: | - {{ include "rabbitmq.utils.to_rabbit_config" $envAll.Values.conf.rabbitmq | indent 4 }} -+{{- if .Values.manifests.config_ipv6 }} -+ rabbitmq-env.conf: | -+ SERVER_ADDITIONAL_ERL_ARGS="+A 128 -kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist inet6_tcp" -+ CTL_ERL_ARGS="-proto_dist inet6_tcp" -+ erl_inetrc: | -+ {inet6, true}. -+{{- end }} - {{ end }} -diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml -index 96334de..4fb1f38 100644 ---- a/rabbitmq/templates/statefulset.yaml -+++ b/rabbitmq/templates/statefulset.yaml -@@ -239,6 +239,16 @@ spec: - mountPath: /etc/rabbitmq/rabbitmq.conf - subPath: rabbitmq.conf - readOnly: true -+{{- if .Values.manifests.config_ipv6 }} -+ - name: rabbitmq-etc -+ mountPath: /etc/rabbitmq/rabbitmq-env.conf -+ subPath: rabbitmq-env.conf -+ readOnly: true -+ - name: rabbitmq-etc -+ mountPath: /etc/rabbitmq/erl_inetrc -+ subPath: erl_inetrc -+ readOnly: true -+{{- end }} - volumes: - - name: pod-tmp - emptyDir: {} -diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml -index ebaf43c..0824a0e 100644 ---- a/rabbitmq/values.yaml -+++ b/rabbitmq/values.yaml -@@ -36,9 +36,9 @@ images: - prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0 - prometheus_rabbitmq_exporter_helm_tests: docker.io/openstackhelm/heat:ocata-ubuntu_xenial - rabbitmq_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial -- rabbitmq: docker.io/rabbitmq:3.7.13 -+ rabbitmq: docker.io/rabbitmq:3.7.24 - dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 -- scripted_test: docker.io/rabbitmq:3.7.13-management -+ scripted_test: docker.io/rabbitmq:3.7.24-management - image_repo_sync: docker.io/docker:17.07.0 - pull_policy: "IfNotPresent" - local_registry: -@@ -195,6 +195,8 @@ conf: - queue_master_locator: min-masters - loopback_users.guest: "false" - management.load_definitions: "/var/lib/rabbitmq/definitions.json" -+ management.listener.ip: "::" -+ management.listener.port: null - - dependencies: - dynamic: -@@ -385,3 +387,4 @@ manifests: - service_ingress_management: true - service: true - statefulset: true -+ config_ipv6: false --- -1.8.3.1 - diff --git a/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch b/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch index 89e642af..ff4f0945 100644 --- a/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch +++ b/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch @@ -29,7 +29,7 @@ index e31d4ac..83e135f 100644 exec: command: - /tmp/stop.sh --{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 -}} +-{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "startup" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "liveness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} diff --git a/openstack-helm-infra/files/0010-Mariadb-use-utf8_general_ci-collation-as-default.patch b/openstack-helm-infra/files/0010-Mariadb-use-utf8_general_ci-collation-as-default.patch deleted file mode 100644 index 3f0212ea..00000000 --- a/openstack-helm-infra/files/0010-Mariadb-use-utf8_general_ci-collation-as-default.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8e6de1efc32797f3ba1bc166b2b70992b3399022 Mon Sep 17 00:00:00 2001 -From: "Chen, Yan" -Date: Fri, 29 May 2020 05:04:30 +0000 -Subject: [PATCH] mariadb: use utf8_general_ci collation as default - -Mariadb is using utf8_general_ci as the default collation: -- https://mariadb.com/kb/en/mariadb/supported-character-sets-and-collations/ - -Thus the collation server in the helm charts should be utf8_general_ci -instead of utf8_unicode_ci. - -Signed-off-by: Chen, Yan ---- - mariadb/values.yaml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/mariadb/values.yaml b/mariadb/values.yaml -index c7a70d2..7bc4497 100755 ---- a/mariadb/values.yaml -+++ b/mariadb/values.yaml -@@ -307,7 +307,7 @@ conf: - [mysqld] - # Charset - character_set_server=utf8 -- collation_server=utf8_unicode_ci -+ collation_server=utf8_general_ci - skip-character-set-client-handshake - - # Logging --- -1.8.3.1 - diff --git a/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch b/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch index b2baac06..68620457 100644 --- a/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch +++ b/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch @@ -46,11 +46,12 @@ diff --git a/mariadb/values.yaml b/mariadb/values.yaml index 444bba3..880b31e 100644 --- a/mariadb/values.yaml +++ b/mariadb/values.yaml -@@ -550,3 +550,4 @@ manifests: +@@ -671,4 +671,5 @@ manifests: service_error: true service: true statefulset: true + config_ipv6: false + ... -- 1.8.3.1 diff --git a/openstack-helm-infra/files/0016-Add-Trust-ingress-support-to-helm-toolkit.patch b/openstack-helm-infra/files/0016-Add-Trust-ingress-support-to-helm-toolkit.patch deleted file mode 100644 index c3f03e0a..00000000 --- a/openstack-helm-infra/files/0016-Add-Trust-ingress-support-to-helm-toolkit.patch +++ /dev/null @@ -1,365 +0,0 @@ -From 77afb812d696e25e5f889a54bcedbb6a898656b8 Mon Sep 17 00:00:00 2001 -From: Lucas Cavalcante -Date: Thu, 22 Jul 2021 09:01:02 -0300 -Subject: [PATCH] Add Trust ingress support to helm-toolkit - -This patch enables the following OpenStack services to trust -public ingress certificate: keystone, horizon, glance, -cinder, heat, nova, placement and neutron. - -This patch is roughly based on -https://review.opendev.org/c/openstack/openstack-helm-infra/+/737194 - -Signed-off-by: Lucas Cavalcante ---- - .../templates/manifests/_job-bootstrap.tpl | 5 +- - .../templates/manifests/_job-ks-endpoints.tpl | 5 +- - .../templates/manifests/_job-ks-service.tpl | 5 +- - .../templates/manifests/_job-ks-user.yaml.tpl | 5 +- - .../templates/scripts/_rally_test.sh.tpl | 2 +- - .../snippets/_keystone_openrc_env_vars.tpl | 13 +++ - .../snippets/_keystone_secret_openrc.tpl | 3 + - .../_keystone_user_create_env_vars.tpl | 1 + - .../templates/snippets/_tls_volume.tpl | 47 +++++++++++ - .../templates/snippets/_tls_volume_mount.tpl | 82 +++++++++++++++++++ - 10 files changed, 163 insertions(+), 5 deletions(-) - create mode 100644 helm-toolkit/templates/snippets/_tls_volume.tpl - create mode 100644 helm-toolkit/templates/snippets/_tls_volume_mount.tpl - -diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl -index 9c1f9aae..c67a4a70 100644 ---- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl -+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl -@@ -29,6 +29,7 @@ limitations under the License. - {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} - {{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}} - {{- $logConfigFile := index . "logConfigFile" | default (printf "/etc/%s/logging.conf" $serviceName ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $keystoneUser := index . "keystoneUser" | default $serviceName -}} - {{- $openrc := index . "openrc" | default "true" -}} - {{- $secretBin := index . "secretBin" -}} -@@ -68,7 +69,7 @@ spec: - {{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - {{- if eq $openrc "true" }} - env: --{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }} -+{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - {{- end }} -@@ -93,6 +94,7 @@ spec: - mountPath: {{ $logConfigFile | quote }} - subPath: {{ base $logConfigFile | quote }} - readOnly: true -+{{ dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - {{- if $podVolMounts }} - {{ $podVolMounts | toYaml | indent 12 }} - {{- end }} -@@ -115,6 +117,7 @@ spec: - secret: - secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 -+{{- dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- if $podVols }} - {{ $podVols | toYaml | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -index 11e77335..674bb214 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -@@ -25,6 +25,7 @@ limitations under the License. - {{- $serviceTypes := index . "serviceTypes" -}} - {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $secretBin := index . "secretBin" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} -@@ -73,8 +74,9 @@ spec: - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: OS_SVC_ENDPOINT -@@ -100,4 +102,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl -index 71cc9094..f3a9503e 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-service.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl -@@ -25,6 +25,7 @@ limitations under the License. - {{- $serviceTypes := index . "serviceTypes" -}} - {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $secretBin := index . "secretBin" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} -@@ -72,8 +73,9 @@ spec: - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: OS_SERVICE_NAME -@@ -94,4 +96,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -index 1003e4f7..2fafaa16 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -@@ -26,6 +26,7 @@ limitations under the License. - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} - {{- $serviceUser := index . "serviceUser" | default $serviceName -}} - {{- $secretBin := index . "secretBin" -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} - {{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} -@@ -71,8 +72,9 @@ spec: - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: SERVICE_OS_SERVICE_NAME -@@ -100,4 +102,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end -}} -diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl -index a7b614a6..ccaf435b 100644 ---- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl -+++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl -@@ -68,7 +68,7 @@ cat > /tmp/rally-config.json << EOF - } - ], - "https_insecure": false, -- "https_cacert": "" -+ "https_cacert": "${OS_CACERT}" - } - } - EOF -diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -index d856ab21..dcbb361a 100644 ---- a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -@@ -67,9 +67,15 @@ return: | - secretKeyRef: - name: example-keystone-admin - key: OS_PASSWORD -+ - name: OS_CACERT -+ valueFrom: -+ secretKeyRef: -+ name: example-keystone-admin -+ key: OS_CACERT - */}} - - {{- define "helm-toolkit.snippets.keystone_openrc_env_vars" }} -+{{- $useCA := .useCA -}} - {{- $ksUserSecret := .ksUserSecret }} - - name: OS_IDENTITY_API_VERSION - value: "3" -@@ -118,4 +124,11 @@ return: | - secretKeyRef: - name: {{ $ksUserSecret }} - key: OS_DEFAULT_DOMAIN -+{{- if $useCA }} -+- name: OS_CACERT -+ valueFrom: -+ secretKeyRef: -+ name: {{ $ksUserSecret }} -+ key: OS_CACERT -+{{- end }} - {{- end }} -diff --git a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -index f6083b9b..e328ea4a 100644 ---- a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -@@ -28,4 +28,7 @@ OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }} - OS_USERNAME: {{ $userContext.username | b64enc }} - OS_PASSWORD: {{ $userContext.password | b64enc }} - OS_DEFAULT_DOMAIN: {{ $userContext.default_domain_id | default "default" | b64enc }} -+{{- if $userContext.cacert }} -+OS_CACERT: {{ $userContext.cacert | b64enc }} -+{{- end }} - {{- end }} -diff --git a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -index 622757bc..ff717ef3 100644 ---- a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -@@ -24,6 +24,7 @@ values: | - service_user: example-keystone-user - usage: | - {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user ) }} -+ {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user "useCA" true ) }} - return: | - - name: SERVICE_OS_REGION_NAME - valueFrom: -diff --git a/helm-toolkit/templates/snippets/_tls_volume.tpl b/helm-toolkit/templates/snippets/_tls_volume.tpl -new file mode 100644 -index 00000000..41fe3d96 ---- /dev/null -+++ b/helm-toolkit/templates/snippets/_tls_volume.tpl -@@ -0,0 +1,47 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+{{/* -+abstract: | -+ Renders a secret volume for tls. -+ -+ Dictionary Parameters: -+ enabled: boolean check if you want to conditional disable this snippet (optional) -+ name: name of the volume (required) -+ secretName: name of a kuberentes/tls secret, if not specified, use the volume name (optional) -+ -+values: | -+ manifests: -+ certificates: true -+ -+usage: | -+ {{- $opts := dict "enabled" "true" "name" "glance-tls-api" -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume" -}} -+ -+return: | -+ - name: glance-tls-api -+ secret: -+ secretName: glance-tls-api -+ defaultMode: 292 -+*/}} -+{{- define "helm-toolkit.snippets.tls_volume" }} -+{{- $enabled := index . "enabled" -}} -+{{- $name := index . "name" -}} -+{{- $secretName := index . "secretName" | default $name -}} -+{{- if and $enabled (ne $name "") }} -+- name: {{ $name }} -+ secret: -+ secretName: {{ $secretName }} -+ defaultMode: 292 -+{{- end }} -+{{- end }} -diff --git a/helm-toolkit/templates/snippets/_tls_volume_mount.tpl b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl -new file mode 100644 -index 00000000..9cfa8195 ---- /dev/null -+++ b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl -@@ -0,0 +1,82 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+{{/* -+abstract: | -+ Renders a volume mount for TLS key, cert and CA. -+ -+ Dictionary Parameters: -+ enabled: boolean check if you want to conditional disable this snippet (optional) -+ name: name that of the volume and should match the volume name (required) -+ path: path to place tls.crt tls.key ca.crt, do not suffix with '/' (required) -+ certs: a tuple containing a nonempty subset of {tls.crt, tls.key, ca.crt}. -+ the default is the full set. (optional) -+ -+values: | -+ manifests: -+ certificates: true -+ -+usage: | -+ {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "path" "/etc/glance/certs" -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}} -+ -+return: | -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/tls.crt -+ subPath: tls.crt -+ readOnly: true -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/tls.key -+ subPath: tls.key -+ readOnly: true -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/ca.crt -+ subPath: ca.crt -+ readOnly: true -+ -+abstract: | -+ This mounts a specific issuing CA only for service validation -+ -+usage: | -+ {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "ca" true -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}} -+ -+return: | -+ - name: glance-tls-api -+ mountPath: /etc/ssl/certs/openstack-helm.crt -+ subPath: ca.crt -+ readOnly: true -+*/}} -+{{- define "helm-toolkit.snippets.tls_volume_mount" }} -+{{- $enabled := index . "enabled" -}} -+{{- $name := index . "name" -}} -+{{- $path := index . "path" | default "" -}} -+{{- $certs := index . "certs" | default ( tuple "tls.crt" "tls.key" "ca.crt" ) }} -+{{- if $enabled }} -+{{- if and (eq $path "") (ne $name "") }} -+- name: {{ $name }} -+ mountPath: "/etc/ssl/certs/openstack-helm.crt" -+ subPath: ca.crt -+ readOnly: true -+{{- else }} -+{{- if ne $name "" }} -+{{- range $key, $value := $certs }} -+- name: {{ $name }} -+ mountPath: {{ printf "%s/%s" $path $value }} -+ subPath: {{ $value }} -+ readOnly: true -+{{- end }} -+{{- end }} -+{{- end }} -+{{- end }} -+{{- end }} --- -2.17.1 - diff --git a/openstack-helm-infra/files/0016-Disabling-helm3_hooks.patch b/openstack-helm-infra/files/0016-Disabling-helm3_hooks.patch new file mode 100644 index 00000000..2d2bae88 --- /dev/null +++ b/openstack-helm-infra/files/0016-Disabling-helm3_hooks.patch @@ -0,0 +1,40 @@ +From 823eadb9068287c48121b9f3e1d63fee1d941493 Mon Sep 17 00:00:00 2001 +From: Thiago Brito +Date: Fri, 24 Sep 2021 21:52:43 -0300 +Subject: [PATCH] Disabling helm3_hooks + +Signed-off-by: Thiago Brito +--- + mariadb/values.yaml | 2 +- + rabbitmq/values.yaml | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mariadb/values.yaml b/mariadb/values.yaml +index 0144f91b..be9b1f60 100644 +--- a/mariadb/values.yaml ++++ b/mariadb/values.yaml +@@ -635,7 +635,7 @@ network_policy: + + # Helm hook breaks for helm2. + # Set helm3_hook: false in case helm2 is used. +-helm3_hook: true ++helm3_hook: false + + manifests: + certificates: false +diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml +index 9f0e83d5..d16ba167 100644 +--- a/rabbitmq/values.yaml ++++ b/rabbitmq/values.yaml +@@ -382,7 +382,7 @@ volume: + + # Hook break for helm2. + # Set helm3_hook to false while using helm2 +-helm3_hook: true ++helm3_hook: false + + io_thread_pool: + enabled: false +-- +2.17.1 + diff --git a/openstack-helm-infra/files/0017-Add-Trust-ingress-support-to-helm-toolkit.patch b/openstack-helm-infra/files/0017-Add-Trust-ingress-support-to-helm-toolkit.patch deleted file mode 100644 index c3f03e0a..00000000 --- a/openstack-helm-infra/files/0017-Add-Trust-ingress-support-to-helm-toolkit.patch +++ /dev/null @@ -1,365 +0,0 @@ -From 77afb812d696e25e5f889a54bcedbb6a898656b8 Mon Sep 17 00:00:00 2001 -From: Lucas Cavalcante -Date: Thu, 22 Jul 2021 09:01:02 -0300 -Subject: [PATCH] Add Trust ingress support to helm-toolkit - -This patch enables the following OpenStack services to trust -public ingress certificate: keystone, horizon, glance, -cinder, heat, nova, placement and neutron. - -This patch is roughly based on -https://review.opendev.org/c/openstack/openstack-helm-infra/+/737194 - -Signed-off-by: Lucas Cavalcante ---- - .../templates/manifests/_job-bootstrap.tpl | 5 +- - .../templates/manifests/_job-ks-endpoints.tpl | 5 +- - .../templates/manifests/_job-ks-service.tpl | 5 +- - .../templates/manifests/_job-ks-user.yaml.tpl | 5 +- - .../templates/scripts/_rally_test.sh.tpl | 2 +- - .../snippets/_keystone_openrc_env_vars.tpl | 13 +++ - .../snippets/_keystone_secret_openrc.tpl | 3 + - .../_keystone_user_create_env_vars.tpl | 1 + - .../templates/snippets/_tls_volume.tpl | 47 +++++++++++ - .../templates/snippets/_tls_volume_mount.tpl | 82 +++++++++++++++++++ - 10 files changed, 163 insertions(+), 5 deletions(-) - create mode 100644 helm-toolkit/templates/snippets/_tls_volume.tpl - create mode 100644 helm-toolkit/templates/snippets/_tls_volume_mount.tpl - -diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl -index 9c1f9aae..c67a4a70 100644 ---- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl -+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl -@@ -29,6 +29,7 @@ limitations under the License. - {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} - {{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}} - {{- $logConfigFile := index . "logConfigFile" | default (printf "/etc/%s/logging.conf" $serviceName ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $keystoneUser := index . "keystoneUser" | default $serviceName -}} - {{- $openrc := index . "openrc" | default "true" -}} - {{- $secretBin := index . "secretBin" -}} -@@ -68,7 +69,7 @@ spec: - {{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - {{- if eq $openrc "true" }} - env: --{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }} -+{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - {{- end }} -@@ -93,6 +94,7 @@ spec: - mountPath: {{ $logConfigFile | quote }} - subPath: {{ base $logConfigFile | quote }} - readOnly: true -+{{ dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - {{- if $podVolMounts }} - {{ $podVolMounts | toYaml | indent 12 }} - {{- end }} -@@ -115,6 +117,7 @@ spec: - secret: - secretName: {{ $configMapEtc | quote }} - defaultMode: 0444 -+{{- dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- if $podVols }} - {{ $podVols | toYaml | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -index 11e77335..674bb214 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl -@@ -25,6 +25,7 @@ limitations under the License. - {{- $serviceTypes := index . "serviceTypes" -}} - {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $secretBin := index . "secretBin" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} -@@ -73,8 +74,9 @@ spec: - mountPath: /tmp/ks-endpoints.sh - subPath: ks-endpoints.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: OS_SVC_ENDPOINT -@@ -100,4 +102,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl -index 71cc9094..f3a9503e 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-service.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl -@@ -25,6 +25,7 @@ limitations under the License. - {{- $serviceTypes := index . "serviceTypes" -}} - {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $secretBin := index . "secretBin" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} -@@ -72,8 +73,9 @@ spec: - mountPath: /tmp/ks-service.sh - subPath: ks-service.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: OS_SERVICE_NAME -@@ -94,4 +96,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end }} -diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -index 1003e4f7..2fafaa16 100644 ---- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl -@@ -26,6 +26,7 @@ limitations under the License. - {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} - {{- $serviceUser := index . "serviceUser" | default $serviceName -}} - {{- $secretBin := index . "secretBin" -}} -+{{- $tlsSecret := index . "tlsSecret" | default "" -}} - {{- $backoffLimit := index . "backoffLimit" | default "1000" -}} - {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}} - {{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} -@@ -71,8 +72,9 @@ spec: - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true -+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} - env: --{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }} - {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} - {{- end }} - - name: SERVICE_OS_SERVICE_NAME -@@ -100,4 +102,5 @@ spec: - name: {{ $configMapBin | quote }} - defaultMode: 0555 - {{- end }} -+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }} - {{- end -}} -diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl -index a7b614a6..ccaf435b 100644 ---- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl -+++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl -@@ -68,7 +68,7 @@ cat > /tmp/rally-config.json << EOF - } - ], - "https_insecure": false, -- "https_cacert": "" -+ "https_cacert": "${OS_CACERT}" - } - } - EOF -diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -index d856ab21..dcbb361a 100644 ---- a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl -@@ -67,9 +67,15 @@ return: | - secretKeyRef: - name: example-keystone-admin - key: OS_PASSWORD -+ - name: OS_CACERT -+ valueFrom: -+ secretKeyRef: -+ name: example-keystone-admin -+ key: OS_CACERT - */}} - - {{- define "helm-toolkit.snippets.keystone_openrc_env_vars" }} -+{{- $useCA := .useCA -}} - {{- $ksUserSecret := .ksUserSecret }} - - name: OS_IDENTITY_API_VERSION - value: "3" -@@ -118,4 +124,11 @@ return: | - secretKeyRef: - name: {{ $ksUserSecret }} - key: OS_DEFAULT_DOMAIN -+{{- if $useCA }} -+- name: OS_CACERT -+ valueFrom: -+ secretKeyRef: -+ name: {{ $ksUserSecret }} -+ key: OS_CACERT -+{{- end }} - {{- end }} -diff --git a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -index f6083b9b..e328ea4a 100644 ---- a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl -@@ -28,4 +28,7 @@ OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }} - OS_USERNAME: {{ $userContext.username | b64enc }} - OS_PASSWORD: {{ $userContext.password | b64enc }} - OS_DEFAULT_DOMAIN: {{ $userContext.default_domain_id | default "default" | b64enc }} -+{{- if $userContext.cacert }} -+OS_CACERT: {{ $userContext.cacert | b64enc }} -+{{- end }} - {{- end }} -diff --git a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -index 622757bc..ff717ef3 100644 ---- a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -+++ b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl -@@ -24,6 +24,7 @@ values: | - service_user: example-keystone-user - usage: | - {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user ) }} -+ {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user "useCA" true ) }} - return: | - - name: SERVICE_OS_REGION_NAME - valueFrom: -diff --git a/helm-toolkit/templates/snippets/_tls_volume.tpl b/helm-toolkit/templates/snippets/_tls_volume.tpl -new file mode 100644 -index 00000000..41fe3d96 ---- /dev/null -+++ b/helm-toolkit/templates/snippets/_tls_volume.tpl -@@ -0,0 +1,47 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+{{/* -+abstract: | -+ Renders a secret volume for tls. -+ -+ Dictionary Parameters: -+ enabled: boolean check if you want to conditional disable this snippet (optional) -+ name: name of the volume (required) -+ secretName: name of a kuberentes/tls secret, if not specified, use the volume name (optional) -+ -+values: | -+ manifests: -+ certificates: true -+ -+usage: | -+ {{- $opts := dict "enabled" "true" "name" "glance-tls-api" -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume" -}} -+ -+return: | -+ - name: glance-tls-api -+ secret: -+ secretName: glance-tls-api -+ defaultMode: 292 -+*/}} -+{{- define "helm-toolkit.snippets.tls_volume" }} -+{{- $enabled := index . "enabled" -}} -+{{- $name := index . "name" -}} -+{{- $secretName := index . "secretName" | default $name -}} -+{{- if and $enabled (ne $name "") }} -+- name: {{ $name }} -+ secret: -+ secretName: {{ $secretName }} -+ defaultMode: 292 -+{{- end }} -+{{- end }} -diff --git a/helm-toolkit/templates/snippets/_tls_volume_mount.tpl b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl -new file mode 100644 -index 00000000..9cfa8195 ---- /dev/null -+++ b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl -@@ -0,0 +1,82 @@ -+{{/* -+Licensed under the Apache License, Version 2.0 (the "License"); -+you may not use this file except in compliance with the License. -+You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+Unless required by applicable law or agreed to in writing, software -+distributed under the License is distributed on an "AS IS" BASIS, -+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+See the License for the specific language governing permissions and -+limitations under the License. -+*/}} -+{{/* -+abstract: | -+ Renders a volume mount for TLS key, cert and CA. -+ -+ Dictionary Parameters: -+ enabled: boolean check if you want to conditional disable this snippet (optional) -+ name: name that of the volume and should match the volume name (required) -+ path: path to place tls.crt tls.key ca.crt, do not suffix with '/' (required) -+ certs: a tuple containing a nonempty subset of {tls.crt, tls.key, ca.crt}. -+ the default is the full set. (optional) -+ -+values: | -+ manifests: -+ certificates: true -+ -+usage: | -+ {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "path" "/etc/glance/certs" -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}} -+ -+return: | -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/tls.crt -+ subPath: tls.crt -+ readOnly: true -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/tls.key -+ subPath: tls.key -+ readOnly: true -+ - name: glance-tls-api -+ mountPath: /etc/glance/certs/ca.crt -+ subPath: ca.crt -+ readOnly: true -+ -+abstract: | -+ This mounts a specific issuing CA only for service validation -+ -+usage: | -+ {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "ca" true -}} -+ {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}} -+ -+return: | -+ - name: glance-tls-api -+ mountPath: /etc/ssl/certs/openstack-helm.crt -+ subPath: ca.crt -+ readOnly: true -+*/}} -+{{- define "helm-toolkit.snippets.tls_volume_mount" }} -+{{- $enabled := index . "enabled" -}} -+{{- $name := index . "name" -}} -+{{- $path := index . "path" | default "" -}} -+{{- $certs := index . "certs" | default ( tuple "tls.crt" "tls.key" "ca.crt" ) }} -+{{- if $enabled }} -+{{- if and (eq $path "") (ne $name "") }} -+- name: {{ $name }} -+ mountPath: "/etc/ssl/certs/openstack-helm.crt" -+ subPath: ca.crt -+ readOnly: true -+{{- else }} -+{{- if ne $name "" }} -+{{- range $key, $value := $certs }} -+- name: {{ $name }} -+ mountPath: {{ printf "%s/%s" $path $value }} -+ subPath: {{ $value }} -+ readOnly: true -+{{- end }} -+{{- end }} -+{{- end }} -+{{- end }} -+{{- end }} --- -2.17.1 - diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index c8f20cc8..51ab0ad0 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -1,6 +1,6 @@ %global sha 34a7533b6484a157c8725889d0d68e792e13fc8d %global helm_folder /usr/lib/helm -%global toolkit_version 0.1.0 +%global toolkit_version 0.2.19 %global helmchart_version 0.1.0 %global _default_patch_flags --no-backup-if-mismatch --prefix=/tmp/junk @@ -30,6 +30,7 @@ Patch08: 0008-Allow-set-public-endpoint-url-for-keystone-endpoints.patch Patch09: 0009-Wrong-usage-of-rbd_store_chunk_size.patch Patch10: 0010-Add-stx_admin-account.patch Patch11: 0011-Trust-public-ingress-certificate.patch +Patch12: 0012-Update-helm-tookit-dependencies-to-0.2.19.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -52,6 +53,7 @@ Openstack Helm charts %patch09 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build # Stage helm-toolkit in the local repo diff --git a/openstack-helm/files/0012-Update-helm-tookit-dependencies-to-0.2.19.patch b/openstack-helm/files/0012-Update-helm-tookit-dependencies-to-0.2.19.patch new file mode 100644 index 00000000..119701e5 --- /dev/null +++ b/openstack-helm/files/0012-Update-helm-tookit-dependencies-to-0.2.19.patch @@ -0,0 +1,220 @@ +From 5eafbeb89313b1bc45369720ba1b700d3cf3c609 Mon Sep 17 00:00:00 2001 +From: Thiago Brito +Date: Thu, 16 Sep 2021 11:43:02 -0300 +Subject: [PATCH] Update helm-tookit dependencies to >=0.1.0 + +Signed-off-by: Thiago Brito + +diff --git a/aodh/requirements.yaml b/aodh/requirements.yaml +index 780e525c..fbba94ae 100644 +--- a/aodh/requirements.yaml ++++ b/aodh/requirements.yaml +@@ -15,4 +15,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/barbican/requirements.yaml b/barbican/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/barbican/requirements.yaml ++++ b/barbican/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/ceilometer/requirements.yaml b/ceilometer/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/ceilometer/requirements.yaml ++++ b/ceilometer/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/cinder/requirements.yaml ++++ b/cinder/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/congress/requirements.yaml b/congress/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/congress/requirements.yaml ++++ b/congress/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/designate/requirements.yaml b/designate/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/designate/requirements.yaml ++++ b/designate/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/glance/requirements.yaml b/glance/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/glance/requirements.yaml ++++ b/glance/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/heat/requirements.yaml b/heat/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/heat/requirements.yaml ++++ b/heat/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/horizon/requirements.yaml b/horizon/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/horizon/requirements.yaml ++++ b/horizon/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/ironic/requirements.yaml b/ironic/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/ironic/requirements.yaml ++++ b/ironic/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/keystone/requirements.yaml b/keystone/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/keystone/requirements.yaml ++++ b/keystone/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/magnum/requirements.yaml b/magnum/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/magnum/requirements.yaml ++++ b/magnum/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/mistral/requirements.yaml b/mistral/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/mistral/requirements.yaml ++++ b/mistral/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/neutron/requirements.yaml b/neutron/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/neutron/requirements.yaml ++++ b/neutron/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/nova/requirements.yaml b/nova/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/nova/requirements.yaml ++++ b/nova/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/octavia/requirements.yaml b/octavia/requirements.yaml +index 35cf13c6..c09473b3 100644 +--- a/octavia/requirements.yaml ++++ b/octavia/requirements.yaml +@@ -15,4 +15,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/panko/requirements.yaml b/panko/requirements.yaml +index 780e525c..fbba94ae 100644 +--- a/panko/requirements.yaml ++++ b/panko/requirements.yaml +@@ -15,4 +15,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/placement/requirements.yaml b/placement/requirements.yaml +index 551fd91c..7efb17a3 100644 +--- a/placement/requirements.yaml ++++ b/placement/requirements.yaml +@@ -15,4 +15,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/rally/requirements.yaml b/rally/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/rally/requirements.yaml ++++ b/rally/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/senlin/requirements.yaml b/senlin/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/senlin/requirements.yaml ++++ b/senlin/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +diff --git a/tempest/requirements.yaml b/tempest/requirements.yaml +index 5669e12c..432e28c1 100644 +--- a/tempest/requirements.yaml ++++ b/tempest/requirements.yaml +@@ -13,4 +13,4 @@ + dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts +- version: 0.1.0 ++ version: ">= 0.1.0" +-- +2.17.1 + diff --git a/stx-openstack-helm/centos/stx-openstack-helm.spec b/stx-openstack-helm/centos/stx-openstack-helm.spec index 1160df0d..5152b90f 100644 --- a/stx-openstack-helm/centos/stx-openstack-helm.spec +++ b/stx-openstack-helm/centos/stx-openstack-helm.spec @@ -1,7 +1,7 @@ %global helm_folder /usr/lib/helm %global armada_folder /usr/lib/armada %global app_folder /usr/lib/application -%global toolkit_version 0.1.0 +%global toolkit_version 0.2.19 %global helmchart_version 0.1.0 Summary: StarlingX Openstack Application Helm charts diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml index bab4972f..fb76a178 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml @@ -7,4 +7,4 @@ dependencies: - name: helm-toolkit repository: http://localhost:8879/charts - version: 0.1.0 + version: ">= 0.1.0" diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml index 53782e69..c81c2135 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml @@ -15,4 +15,4 @@ dependencies: - name: helm-toolkit repository: http://localhost:8879/charts - version: 0.1.0 + version: ">= 0.1.0" diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml index bab4972f..fb76a178 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml @@ -7,4 +7,4 @@ dependencies: - name: helm-toolkit repository: http://localhost:8879/charts - version: 0.1.0 + version: ">= 0.1.0" diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml index cb3c0440..45d1c07f 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml @@ -7,4 +7,4 @@ dependencies: - name: helm-toolkit repository: http://localhost:8879/charts - version: 0.1.0 + version: ">= 0.1.0" diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index dd1a77a5..b9b34ac8 100644 --- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -40,7 +40,7 @@ data: values: {} source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/helm-toolkit-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/helm-toolkit-0.2.19.tgz subpath: helm-toolkit reference: master dependencies: [] @@ -94,7 +94,7 @@ data: bind-address: "::" source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/ingress-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/ingress-0.2.3.tgz subpath: ingress reference: master dependencies: @@ -198,7 +198,7 @@ data: operator: Exists source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/mariadb-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/mariadb-0.2.5.tgz subpath: mariadb dependencies: - helm-toolkit @@ -278,7 +278,7 @@ data: prometheus_memcached_exporter: null source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/memcached-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/memcached-0.1.4.tgz subpath: memcached reference: master dependencies: @@ -351,7 +351,7 @@ data: operator: Exists source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/rabbitmq-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/rabbitmq-0.1.13.tgz subpath: rabbitmq reference: master dependencies: @@ -691,7 +691,7 @@ data: default: requiredDuringSchedulingIgnoredDuringExecution source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/ceph-rgw-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/ceph-rgw-0.1.15.tgz subpath: ceph-rgw reference: master dependencies: @@ -920,7 +920,7 @@ data: ceph_config_helper: docker.io/starlingx/ceph-config-helper:v1.15.0 source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/libvirt-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/libvirt-0.1.7.tgz subpath: libvirt reference: master dependencies: @@ -959,7 +959,7 @@ data: openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.5.tgz subpath: openvswitch reference: master dependencies: