Merge "Update openstack-helm-infra commit"

2021-10-12 21:49:01 +00:00 · 2021-10-12 21:49:01 +00:00 · 9a86882cda
commit 9a86882cda
parent 640921bda0 01f6571912
22 changed files with 297 additions and 957 deletions
--- a/centos_tarball-dl.lst
+++ b/centos_tarball-dl.lst
@ -1,2 +1,2 @@
 openstack-helm-34a7533b6484a157c8725889d0d68e792e13fc8d.tar.gz#openstack-helm#https://github.com/openstack/openstack-helm/archive/34a7533b6484a157c8725889d0d68e792e13fc8d.tar.gz#http##
-openstack-helm-infra-34d54f2812b7d54431d548cff08fe8da7f838124.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/34d54f2812b7d54431d548cff08fe8da7f838124.tar.gz#http##
+openstack-helm-infra-8351fdd0f1228717342c2accc96977b0cdc36dc3.tar.gz#openstack-helm-infra#https://github.com/openstack/openstack-helm-infra/archive/8351fdd0f1228717342c2accc96977b0cdc36dc3.tar.gz#http##
--- a/openstack-helm-infra/centos/build_srpm.data
+++ b/openstack-helm-infra/centos/build_srpm.data
@ -1,5 +1,5 @@
 TAR_NAME=openstack-helm-infra
-SHA=34d54f2812b7d54431d548cff08fe8da7f838124
+SHA=8351fdd0f1228717342c2accc96977b0cdc36dc3
 VERSION=1.0.0
 TAR="$TAR_NAME-$SHA.tar.gz"

--- a/openstack-helm-infra/centos/openstack-helm-infra.spec
+++ b/openstack-helm-infra/centos/openstack-helm-infra.spec
@ -1,4 +1,4 @@
-%global sha 34d54f2812b7d54431d548cff08fe8da7f838124
+%global sha 8351fdd0f1228717342c2accc96977b0cdc36dc3
 %global helm_folder  /usr/lib/helm

 Summary: Openstack-Helm-Infra charts
@ -16,21 +16,17 @@ Source1: repositories.yaml
 BuildArch:     noarch

 Patch01: 0001-Add-imagePullSecrets-in-service-account.patch
-Patch02: 0002-Set-Min-NGINX-handles.patch
 Patch03: 0003-Partial-revert-of-31e3469d28858d7b5eb6355e88b6f49fd6.patch
 Patch04: 0004-Fix-pod-restarts-on-all-workers-when-worker-added-re.patch
 Patch05: 0005-Add-io_thread_pool-for-rabbitmq.patch
 Patch06: 0006-Enable-override-of-rabbitmq-probe-parameters.patch
-Patch07: 0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch
-Patch08: 0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch
 Patch09: 0009-Enable-override-of-mariadb-server-probe-parameters.patch
-Patch10: 0010-Mariadb-use-utf8_general_ci-collation-as-default.patch
 Patch11: 0011-Add-mariadb-database-config-override-to-support-ipv6.patch
 Patch12: 0012-enable-Values.conf.database.config_override-for-mari.patch
 Patch13: 0013-Allow-set-public-endpoint-url-for-all-openstack-types.patch
 Patch14: 0014-Add-tolerations-to-rabbitmq-chart.patch
 Patch15: 0015-Add-tolerations-to-mariadb-chart.patch
-Patch16: 0016-Add-Trust-ingress-support-to-helm-toolkit.patch
+Patch16: 0016-Disabling-helm3_hooks.patch

 BuildRequires: helm
 BuildRequires: chartmuseum
@ -41,15 +37,11 @@ Openstack Helm Infra charts
 %prep
 %setup -n openstack-helm-infra
 %patch01 -p1
-%patch02 -p1
 %patch03 -p1
 %patch04 -p1
 %patch05 -p1
 %patch06 -p1
-%patch07 -p1
-%patch08 -p1
 %patch09 -p1
-%patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
--- a/openstack-helm-infra/files/0002-Set-Min-NGINX-handles.patch
+++ b/openstack-helm-infra/files/0002-Set-Min-NGINX-handles.patch
@ -1,28 +0,0 @@
-From 93ec2454cba41bf3de1419bada1f145f1ca9dbd9 Mon Sep 17 00:00:00 2001
-From: Al Bailey <Al.Bailey@windriver.com>
-Date: Wed, 20 Feb 2019 13:56:27 -0600
-Subject: [PATCH 3/4] Set Min NGINX handles
-
-Signed-off-by: Robert Church <robert.church@windriver.com>
---
- mariadb/files/nginx.tmpl | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
-index 5ec3d0d..07b7cc5 100644
--- a/mariadb/files/nginx.tmpl
-+++ b/mariadb/files/nginx.tmpl
-@@ -23,7 +23,9 @@ daemon off;
- 
- worker_processes {{ $cfg.WorkerProcesses }};
- pid /run/nginx.pid;
-{{ if ne .MaxOpenFiles 0 }}
-+{{ if lt .MaxOpenFiles 2048 }}
-+worker_rlimit_nofile 2048;
-+{{else}}
- worker_rlimit_nofile {{ .MaxOpenFiles }};
- {{ end }}
- 
-- 
-2.16.5
-
--- a/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch
+++ b/openstack-helm-infra/files/0005-Add-io_thread_pool-for-rabbitmq.patch
@ -24,32 +24,32 @@ index 41dc198..e0e61e6 100644
           volumeMounts:
             - name: pod-tmp
               mountPath: /tmp
-@@ -191,6 +195,10 @@ spec:
-               value: "{{ tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
-             - name: PORT_CLUSTERING
-               value: "{{ add (tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") 20000 }}"
+@@ -215,6 +219,10 @@ spec:
+ {{- if ne (.Values.conf.feature_flags | default "") "default" }}
+             - name: RABBITMQ_FEATURE_FLAGS
+               value: "{{ .Values.conf.feature_flags }}"
+{{- end }}
 +{{- if $envAll.Values.io_thread_pool.enabled }}
 +            - name: RABBITMQ_IO_THREAD_POOL_SIZE
 +              value: {{ $envAll.Values.io_thread_pool.size | quote }}
-+{{- end }}
+ {{- end }}
           readinessProbe:
             initialDelaySeconds: 10
-             timeoutSeconds: 10
 diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
 index 6c95787..9cd3a91 100644
 --- a/rabbitmq/values.yaml
 +++ b/rabbitmq/values.yaml
-@@ -334,6 +334,10 @@ volume:
-   class_name: general
-   size: 256Mi
- 
+@@ -375,6 +375,10 @@ volume:
+ # Set helm3_hook to false while using helm2
+ helm3_hook: true
+
 +io_thread_pool:
 +  enabled: false
 +  size: 64
 +
 manifests:
+   certificates: false
   configmap_bin: true
-   configmap_etc: true
-- 
+--
 2.7.4

--- a/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch
+++ b/openstack-helm-infra/files/0006-Enable-override-of-rabbitmq-probe-parameters.patch
@ -17,7 +17,7 @@ diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulse
 index e0e61e6..f71dc3e 100644
 --- a/rabbitmq/templates/statefulset.yaml
 +++ b/rabbitmq/templates/statefulset.yaml
-@@ -200,14 +200,16 @@ spec:
+@@ -225,14 +225,16 @@ spec:
               value: {{ $envAll.Values.io_thread_pool.size | quote }}
 {{- end }}
           readinessProbe:
@ -30,7 +30,7 @@ index e0e61e6..f71dc3e 100644
               command:
               - /tmp/rabbitmq-readiness.sh
           livenessProbe:
-            initialDelaySeconds: 30
+-            initialDelaySeconds: 60
 -            timeoutSeconds: 10
 +            initialDelaySeconds: {{ $envAll.Values.pod.probes.liveness.initialDelaySeconds }}
 +            periodSeconds: {{ $envAll.Values.pod.probes.liveness.periodSeconds }}
--- a/openstack-helm-infra/files/0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch
+++ b/openstack-helm-infra/files/0007-Fix-ipv6-address-issue-causing-mariadb-ingress-not-ready.patch
@ -1,32 +0,0 @@
-From 6fccedb6743ea240d52fbe52f3129e7dc5ee29db Mon Sep 17 00:00:00 2001
-From: Zhipeng Liu <zhipengs.liu@intel.com>
-Date: Thu, 27 Feb 2020 01:01:57 +0800
-Subject: [PATCH] Fix ipv6 address issue causing mariadb ingress not ready
-
-Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
---
- mariadb/files/nginx.tmpl | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/mariadb/files/nginx.tmpl b/mariadb/files/nginx.tmpl
-index 5ec3d0d..356fad5 100644
--- a/mariadb/files/nginx.tmpl
-+++ b/mariadb/files/nginx.tmpl
-@@ -473,11 +473,11 @@ stream {
-     {{ range $j, $endpoint := $tcpServer.Endpoints }}
-     {{ if eq $j 0 }}
-         # NOTE(portdirect): see https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/#passive-tcp-health-checks to tune passive healthchecks
-        server                  {{ $endpoint.Address }}:{{ $endpoint.Port }};
-+        server                  {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }};
-     {{ else if eq $j 1 }}
-        server                  {{ $endpoint.Address }}:{{ $endpoint.Port }} backup;
-+        server                  {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }} backup;
-     {{ else }}
-        server                  {{ $endpoint.Address }}:{{ $endpoint.Port }} down;
-+        server                  {{ formatIP $endpoint.Address }}:{{ $endpoint.Port }} down;
-     {{ end }}
-     {{ end }}
-     }
-- 
-2.7.4
-
--- a/openstack-helm-infra/files/0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch
+++ b/openstack-helm-infra/files/0008-Fix-rabbitmq-could-not-bind-port-to-ipv6-address-iss.patch
@ -1,93 +0,0 @@
-From d6ed947c071d8eeaf646e42dae55fc0d0764d23c Mon Sep 17 00:00:00 2001
-From: Zhipeng Liu <zhipengs.liu@intel.com>
-Date: Fri, 20 Mar 2020 23:37:20 +0800
-Subject: [PATCH] Fix rabbitmq could not bind port to ipv6 address issue
-
-Signed-off-by: Zhipeng Liu <zhipengs.liu@intel.com>
---
- rabbitmq/templates/configmap-etc.yaml | 11 ++++++++++-
- rabbitmq/templates/statefulset.yaml   | 10 ++++++++++
- rabbitmq/values.yaml                  |  7 +++++--
- 3 files changed, 25 insertions(+), 3 deletions(-)
-
-diff --git a/rabbitmq/templates/configmap-etc.yaml b/rabbitmq/templates/configmap-etc.yaml
-index 87f25f5..ca05c8e 100644
--- a/rabbitmq/templates/configmap-etc.yaml
-+++ b/rabbitmq/templates/configmap-etc.yaml
-@@ -21,7 +21,9 @@ limitations under the License.
- {{- $_ := print "kubernetes.default.svc." $envAll.Values.endpoints.cluster_domain_suffix | set $envAll.Values.conf.rabbitmq.cluster_formation.k8s "host" -}}
- {{- end -}}
- 
-{{- $_ := print "0.0.0.0:" ( tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | set $envAll.Values.conf.rabbitmq.listeners.tcp "1" -}}
-+{{- $_ := print ":::" ( tuple "oslo_messaging" "internal" "amqp" . | include "helm-toolkit.endpoints.endpoint_port_lookup") | set $envAll.Values.conf.rabbitmq.listeners.tcp "1" -}}
-+
-+{{- $_ := tuple "oslo_messaging" "internal" "http" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set $envAll.Values.conf.rabbitmq "management.listener.port" -}}
- 
- ---
- apiVersion: v1
-@@ -33,4 +35,11 @@ data:
- {{ tuple "etc/_enabled_plugins.tpl" . | include  "helm-toolkit.utils.template" | indent 4 }}
-   rabbitmq.conf: |
- {{ include "rabbitmq.utils.to_rabbit_config" $envAll.Values.conf.rabbitmq | indent 4 }}
-+{{- if .Values.manifests.config_ipv6 }}
-+  rabbitmq-env.conf: |
-+    SERVER_ADDITIONAL_ERL_ARGS="+A 128 -kernel inetrc '/etc/rabbitmq/erl_inetrc' -proto_dist inet6_tcp"
-+    CTL_ERL_ARGS="-proto_dist inet6_tcp"
-+  erl_inetrc: |
-+    {inet6, true}.
-+{{- end }}
- {{ end }}
-diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
-index 96334de..4fb1f38 100644
--- a/rabbitmq/templates/statefulset.yaml
-+++ b/rabbitmq/templates/statefulset.yaml
-@@ -239,6 +239,16 @@ spec:
-               mountPath: /etc/rabbitmq/rabbitmq.conf
-               subPath: rabbitmq.conf
-               readOnly: true
-+{{- if .Values.manifests.config_ipv6 }}
-+            - name: rabbitmq-etc
-+              mountPath: /etc/rabbitmq/rabbitmq-env.conf
-+              subPath: rabbitmq-env.conf
-+              readOnly: true
-+            - name: rabbitmq-etc
-+              mountPath: /etc/rabbitmq/erl_inetrc
-+              subPath: erl_inetrc
-+              readOnly: true
-+{{- end }}
-       volumes:
-         - name: pod-tmp
-           emptyDir: {}
-diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
-index ebaf43c..0824a0e 100644
--- a/rabbitmq/values.yaml
-+++ b/rabbitmq/values.yaml
-@@ -36,9 +36,9 @@ images:
-     prometheus_rabbitmq_exporter: docker.io/kbudde/rabbitmq-exporter:v0.21.0
-     prometheus_rabbitmq_exporter_helm_tests: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
-     rabbitmq_init: docker.io/openstackhelm/heat:ocata-ubuntu_xenial
-    rabbitmq: docker.io/rabbitmq:3.7.13
-+    rabbitmq: docker.io/rabbitmq:3.7.24
-     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
-    scripted_test: docker.io/rabbitmq:3.7.13-management
-+    scripted_test: docker.io/rabbitmq:3.7.24-management
-     image_repo_sync: docker.io/docker:17.07.0
-   pull_policy: "IfNotPresent"
-   local_registry:
-@@ -195,6 +195,8 @@ conf:
-     queue_master_locator: min-masters
-     loopback_users.guest: "false"
-     management.load_definitions: "/var/lib/rabbitmq/definitions.json"
-+    management.listener.ip: "::"
-+    management.listener.port: null
- 
- dependencies:
-   dynamic:
-@@ -385,3 +387,4 @@ manifests:
-   service_ingress_management: true
-   service: true
-   statefulset: true
-+  config_ipv6: false
-- 
-1.8.3.1
-
--- a/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch
+++ b/openstack-helm-infra/files/0009-Enable-override-of-mariadb-server-probe-parameters.patch
@ -29,7 +29,7 @@ index e31d4ac..83e135f 100644
               exec:
                 command:
                   - /tmp/stop.sh
-{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 -}}
+-{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "readiness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "startup" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
 +{{ dict "envAll" . "component" "server" "container" "mariadb" "type" "liveness" "probeTemplate" (include "mariadbReadinessProbe" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
--- a/openstack-helm-infra/files/0010-Mariadb-use-utf8_general_ci-collation-as-default.patch
+++ b/openstack-helm-infra/files/0010-Mariadb-use-utf8_general_ci-collation-as-default.patch
@ -1,32 +0,0 @@
-From 8e6de1efc32797f3ba1bc166b2b70992b3399022 Mon Sep 17 00:00:00 2001
-From: "Chen, Yan" <yan.chen@intel.com>
-Date: Fri, 29 May 2020 05:04:30 +0000
-Subject: [PATCH] mariadb: use utf8_general_ci collation as default
-
-Mariadb is using utf8_general_ci as the default collation:
- https://mariadb.com/kb/en/mariadb/supported-character-sets-and-collations/
-
-Thus the collation server in the helm charts should be utf8_general_ci
-instead of utf8_unicode_ci.
-
-Signed-off-by: Chen, Yan <yan.chen@intel.com>
---
- mariadb/values.yaml | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mariadb/values.yaml b/mariadb/values.yaml
-index c7a70d2..7bc4497 100755
--- a/mariadb/values.yaml
-+++ b/mariadb/values.yaml
-@@ -307,7 +307,7 @@ conf:
-       [mysqld]
-       # Charset
-       character_set_server=utf8
-      collation_server=utf8_unicode_ci
-+      collation_server=utf8_general_ci
-       skip-character-set-client-handshake
- 
-       # Logging
-- 
-1.8.3.1
-
--- a/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch
+++ b/openstack-helm-infra/files/0011-Add-mariadb-database-config-override-to-support-ipv6.patch
@ -46,11 +46,12 @@ diff --git a/mariadb/values.yaml b/mariadb/values.yaml
 index 444bba3..880b31e 100644
 --- a/mariadb/values.yaml
 +++ b/mariadb/values.yaml
-@@ -550,3 +550,4 @@ manifests:
+@@ -671,4 +671,5 @@ manifests:
   service_error: true
   service: true
   statefulset: true
 +  config_ipv6: false
+ ...
 -- 
 1.8.3.1

--- a/openstack-helm-infra/files/0016-Add-Trust-ingress-support-to-helm-toolkit.patch
+++ b/openstack-helm-infra/files/0016-Add-Trust-ingress-support-to-helm-toolkit.patch
@ -1,365 +0,0 @@
-From 77afb812d696e25e5f889a54bcedbb6a898656b8 Mon Sep 17 00:00:00 2001
-From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
-Date: Thu, 22 Jul 2021 09:01:02 -0300
-Subject: [PATCH] Add Trust ingress support to helm-toolkit
-
-This patch enables the following OpenStack services to trust
-public ingress certificate: keystone, horizon, glance,
-cinder, heat, nova, placement and neutron.
-
-This patch is roughly based on
-https://review.opendev.org/c/openstack/openstack-helm-infra/+/737194
-
-Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
---
- .../templates/manifests/_job-bootstrap.tpl    |  5 +-
- .../templates/manifests/_job-ks-endpoints.tpl |  5 +-
- .../templates/manifests/_job-ks-service.tpl   |  5 +-
- .../templates/manifests/_job-ks-user.yaml.tpl |  5 +-
- .../templates/scripts/_rally_test.sh.tpl      |  2 +-
- .../snippets/_keystone_openrc_env_vars.tpl    | 13 +++
- .../snippets/_keystone_secret_openrc.tpl      |  3 +
- .../_keystone_user_create_env_vars.tpl        |  1 +
- .../templates/snippets/_tls_volume.tpl        | 47 +++++++++++
- .../templates/snippets/_tls_volume_mount.tpl  | 82 +++++++++++++++++++
- 10 files changed, 163 insertions(+), 5 deletions(-)
- create mode 100644 helm-toolkit/templates/snippets/_tls_volume.tpl
- create mode 100644 helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-
-diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-index 9c1f9aae..c67a4a70 100644
--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-@@ -29,6 +29,7 @@ limitations under the License.
- {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}}
- {{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}}
- {{- $logConfigFile := index . "logConfigFile" | default (printf "/etc/%s/logging.conf" $serviceName ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $keystoneUser := index . "keystoneUser" | default $serviceName -}}
- {{- $openrc := index . "openrc" | default "true" -}}
- {{- $secretBin := index . "secretBin" -}}
-@@ -68,7 +69,7 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{- if eq $openrc "true" }}
-           env:
-{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }}
-+{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
- {{- end }}
-@@ -93,6 +94,7 @@ spec:
-               mountPath: {{ $logConfigFile | quote }}
-               subPath: {{ base $logConfigFile | quote }}
-               readOnly: true
-+{{ dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
- {{- if $podVolMounts }}
- {{ $podVolMounts | toYaml | indent 12 }}
- {{- end }}
-@@ -115,6 +117,7 @@ spec:
-           secret:
-             secretName: {{ $configMapEtc | quote }}
-             defaultMode: 0444
-+{{- dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- if $podVols }}
- {{ $podVols | toYaml | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-index 11e77335..674bb214 100644
--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-@@ -25,6 +25,7 @@ limitations under the License.
- {{- $serviceTypes := index . "serviceTypes" -}}
- {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $secretBin := index . "secretBin" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
-@@ -73,8 +74,9 @@ spec:
-               mountPath: /tmp/ks-endpoints.sh
-               subPath: ks-endpoints.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: OS_SVC_ENDPOINT
-@@ -100,4 +102,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl
-index 71cc9094..f3a9503e 100644
--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl
-@@ -25,6 +25,7 @@ limitations under the License.
- {{- $serviceTypes := index . "serviceTypes" -}}
- {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $secretBin := index . "secretBin" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
-@@ -72,8 +73,9 @@ spec:
-               mountPath: /tmp/ks-service.sh
-               subPath: ks-service.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: OS_SERVICE_NAME
-@@ -94,4 +96,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-index 1003e4f7..2fafaa16 100644
--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-@@ -26,6 +26,7 @@ limitations under the License.
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
- {{- $serviceUser := index . "serviceUser" | default $serviceName -}}
- {{- $secretBin := index . "secretBin" -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
- {{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
-@@ -71,8 +72,9 @@ spec:
-               mountPath: /tmp/ks-user.sh
-               subPath: ks-user.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: SERVICE_OS_SERVICE_NAME
-@@ -100,4 +102,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end -}}
-diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-index a7b614a6..ccaf435b 100644
--- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-+++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-@@ -68,7 +68,7 @@ cat > /tmp/rally-config.json << EOF
-             }
-         ],
-         "https_insecure": false,
-        "https_cacert": ""
-+		"https_cacert": "${OS_CACERT}"
-     }
- }
- EOF
-diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-index d856ab21..dcbb361a 100644
--- a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-@@ -67,9 +67,15 @@ return: |
-       secretKeyRef:
-         name: example-keystone-admin
-         key: OS_PASSWORD
-+  - name: OS_CACERT
-+    valueFrom:
-+      secretKeyRef:
-+        name: example-keystone-admin
-+        key: OS_CACERT
- */}}
- 
- {{- define "helm-toolkit.snippets.keystone_openrc_env_vars" }}
-+{{- $useCA := .useCA -}}
- {{- $ksUserSecret := .ksUserSecret }}
- - name: OS_IDENTITY_API_VERSION
-   value: "3"
-@@ -118,4 +124,11 @@ return: |
-     secretKeyRef:
-       name: {{ $ksUserSecret }}
-       key: OS_DEFAULT_DOMAIN
-+{{- if $useCA }}
-+- name: OS_CACERT
-+  valueFrom:
-+    secretKeyRef:
-+      name: {{ $ksUserSecret }}
-+      key: OS_CACERT
-+{{- end }}
- {{- end }}
-diff --git a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-index f6083b9b..e328ea4a 100644
--- a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-@@ -28,4 +28,7 @@ OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }}
- OS_USERNAME: {{ $userContext.username | b64enc }}
- OS_PASSWORD: {{ $userContext.password | b64enc }}
- OS_DEFAULT_DOMAIN: {{ $userContext.default_domain_id | default "default" | b64enc }}
-+{{- if $userContext.cacert }}
-+OS_CACERT: {{ $userContext.cacert | b64enc }}
-+{{- end }}
- {{- end }}
-diff --git a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-index 622757bc..ff717ef3 100644
--- a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-@@ -24,6 +24,7 @@ values: |
-       service_user: example-keystone-user
- usage: |
-   {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user ) }}
-+  {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user "useCA" true ) }}
- return: |
-   - name: SERVICE_OS_REGION_NAME
-     valueFrom:
-diff --git a/helm-toolkit/templates/snippets/_tls_volume.tpl b/helm-toolkit/templates/snippets/_tls_volume.tpl
-new file mode 100644
-index 00000000..41fe3d96
--- /dev/null
-+++ b/helm-toolkit/templates/snippets/_tls_volume.tpl
-@@ -0,0 +1,47 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+  http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+{{/*
-+abstract: |
-+  Renders a secret volume for tls.
-+
-+  Dictionary Parameters:
-+    enabled: boolean check if you want to conditional disable this snippet (optional)
-+    name: name of the volume (required)
-+    secretName: name of a kuberentes/tls secret, if not specified, use the volume name (optional)
-+
-+values: |
-+  manifests:
-+    certificates: true
-+
-+usage: |
-+  {{- $opts := dict "enabled" "true" "name" "glance-tls-api" -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    secret:
-+      secretName: glance-tls-api
-+      defaultMode: 292
-+*/}}
-+{{- define "helm-toolkit.snippets.tls_volume" }}
-+{{- $enabled := index . "enabled" -}}
-+{{- $name := index . "name" -}}
-+{{- $secretName := index . "secretName" | default $name -}}
-+{{- if and $enabled (ne $name "") }}
-+- name: {{ $name }}
-+  secret:
-+    secretName: {{ $secretName }}
-+    defaultMode: 292
-+{{- end }}
-+{{- end }}
-diff --git a/helm-toolkit/templates/snippets/_tls_volume_mount.tpl b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-new file mode 100644
-index 00000000..9cfa8195
--- /dev/null
-+++ b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-@@ -0,0 +1,82 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+  http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+{{/*
-+abstract: |
-+  Renders a volume mount for TLS key, cert and CA.
-+
-+  Dictionary Parameters:
-+    enabled: boolean check if you want to conditional disable this snippet (optional)
-+    name: name that of the volume and should match the volume name (required)
-+    path: path to place tls.crt tls.key ca.crt, do not suffix with '/' (required)
-+    certs: a tuple containing a nonempty subset of {tls.crt, tls.key, ca.crt}.
-+          the default is the full set. (optional)
-+
-+values: |
-+  manifests:
-+    certificates: true
-+
-+usage: |
-+  {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "path" "/etc/glance/certs" -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/tls.crt
-+    subPath: tls.crt
-+    readOnly: true
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/tls.key
-+    subPath: tls.key
-+    readOnly: true
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/ca.crt
-+    subPath: ca.crt
-+    readOnly: true
-+
-+abstract: |
-+  This mounts a specific issuing CA only for service validation
-+
-+usage: |
-+  {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "ca" true -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    mountPath: /etc/ssl/certs/openstack-helm.crt
-+    subPath: ca.crt
-+    readOnly: true
-+*/}}
-+{{- define "helm-toolkit.snippets.tls_volume_mount" }}
-+{{- $enabled := index . "enabled" -}}
-+{{- $name := index . "name" -}}
-+{{- $path := index . "path" | default "" -}}
-+{{- $certs := index . "certs" | default ( tuple "tls.crt" "tls.key" "ca.crt" ) }}
-+{{- if $enabled }}
-+{{- if and (eq $path "") (ne $name "") }}
-+- name: {{ $name }}
-+  mountPath: "/etc/ssl/certs/openstack-helm.crt"
-+  subPath: ca.crt
-+  readOnly: true
-+{{- else }}
-+{{- if ne $name "" }}
-+{{- range $key, $value := $certs }}
-+- name: {{ $name }}
-+  mountPath: {{ printf "%s/%s" $path $value }}
-+  subPath: {{ $value }}
-+  readOnly: true
-+{{- end }}
-+{{- end }}
-+{{- end }}
-+{{- end }}
-+{{- end }}
-- 
-2.17.1
-
--- a/openstack-helm-infra/files/0016-Disabling-helm3_hooks.patch
+++ b/openstack-helm-infra/files/0016-Disabling-helm3_hooks.patch
@ -0,0 +1,40 @@
+From 823eadb9068287c48121b9f3e1d63fee1d941493 Mon Sep 17 00:00:00 2001
+From: Thiago Brito <thiago.brito@windriver.com>
+Date: Fri, 24 Sep 2021 21:52:43 -0300
+Subject: [PATCH] Disabling helm3_hooks
+
+Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
+---
+ mariadb/values.yaml  | 2 +-
+ rabbitmq/values.yaml | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/mariadb/values.yaml b/mariadb/values.yaml
+index 0144f91b..be9b1f60 100644
+--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
+@@ -635,7 +635,7 @@ network_policy:
+
+ # Helm hook breaks for helm2.
+ # Set helm3_hook: false in case helm2 is used.
+-helm3_hook: true
+helm3_hook: false
+
+ manifests:
+   certificates: false
+diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
+index 9f0e83d5..d16ba167 100644
+--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
+@@ -382,7 +382,7 @@ volume:
+
+ # Hook break for helm2.
+ # Set helm3_hook to false while using helm2
+-helm3_hook: true
+helm3_hook: false
+
+ io_thread_pool:
+   enabled: false
+-- 
+2.17.1
+
--- a/openstack-helm-infra/files/0017-Add-Trust-ingress-support-to-helm-toolkit.patch
+++ b/openstack-helm-infra/files/0017-Add-Trust-ingress-support-to-helm-toolkit.patch
@ -1,365 +0,0 @@
-From 77afb812d696e25e5f889a54bcedbb6a898656b8 Mon Sep 17 00:00:00 2001
-From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
-Date: Thu, 22 Jul 2021 09:01:02 -0300
-Subject: [PATCH] Add Trust ingress support to helm-toolkit
-
-This patch enables the following OpenStack services to trust
-public ingress certificate: keystone, horizon, glance,
-cinder, heat, nova, placement and neutron.
-
-This patch is roughly based on
-https://review.opendev.org/c/openstack/openstack-helm-infra/+/737194
-
-Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
---
- .../templates/manifests/_job-bootstrap.tpl    |  5 +-
- .../templates/manifests/_job-ks-endpoints.tpl |  5 +-
- .../templates/manifests/_job-ks-service.tpl   |  5 +-
- .../templates/manifests/_job-ks-user.yaml.tpl |  5 +-
- .../templates/scripts/_rally_test.sh.tpl      |  2 +-
- .../snippets/_keystone_openrc_env_vars.tpl    | 13 +++
- .../snippets/_keystone_secret_openrc.tpl      |  3 +
- .../_keystone_user_create_env_vars.tpl        |  1 +
- .../templates/snippets/_tls_volume.tpl        | 47 +++++++++++
- .../templates/snippets/_tls_volume_mount.tpl  | 82 +++++++++++++++++++
- 10 files changed, 163 insertions(+), 5 deletions(-)
- create mode 100644 helm-toolkit/templates/snippets/_tls_volume.tpl
- create mode 100644 helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-
-diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-index 9c1f9aae..c67a4a70 100644
--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
-@@ -29,6 +29,7 @@ limitations under the License.
- {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}}
- {{- $configFile := index . "configFile" | default (printf "/etc/%s/%s.conf" $serviceName $serviceName ) -}}
- {{- $logConfigFile := index . "logConfigFile" | default (printf "/etc/%s/logging.conf" $serviceName ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $keystoneUser := index . "keystoneUser" | default $serviceName -}}
- {{- $openrc := index . "openrc" | default "true" -}}
- {{- $secretBin := index . "secretBin" -}}
-@@ -68,7 +69,7 @@ spec:
- {{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{- if eq $openrc "true" }}
-           env:
-{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) }}
-+{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
- {{- end }}
-@@ -93,6 +94,7 @@ spec:
-               mountPath: {{ $logConfigFile | quote }}
-               subPath: {{ base $logConfigFile | quote }}
-               readOnly: true
-+{{ dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
- {{- if $podVolMounts }}
- {{ $podVolMounts | toYaml | indent 12 }}
- {{- end }}
-@@ -115,6 +117,7 @@ spec:
-           secret:
-             secretName: {{ $configMapEtc | quote }}
-             defaultMode: 0444
-+{{- dict "enabled" (ne $tlsSecret "") "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- if $podVols }}
- {{ $podVols | toYaml | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-index 11e77335..674bb214 100644
--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
-@@ -25,6 +25,7 @@ limitations under the License.
- {{- $serviceTypes := index . "serviceTypes" -}}
- {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $secretBin := index . "secretBin" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
-@@ -73,8 +74,9 @@ spec:
-               mountPath: /tmp/ks-endpoints.sh
-               subPath: ks-endpoints.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: OS_SVC_ENDPOINT
-@@ -100,4 +102,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl
-index 71cc9094..f3a9503e 100644
--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl
-@@ -25,6 +25,7 @@ limitations under the License.
- {{- $serviceTypes := index . "serviceTypes" -}}
- {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $secretBin := index . "secretBin" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
-@@ -72,8 +73,9 @@ spec:
-               mountPath: /tmp/ks-service.sh
-               subPath: ks-service.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: OS_SERVICE_NAME
-@@ -94,4 +96,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end }}
-diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-index 1003e4f7..2fafaa16 100644
--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
-@@ -26,6 +26,7 @@ limitations under the License.
- {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
- {{- $serviceUser := index . "serviceUser" | default $serviceName -}}
- {{- $secretBin := index . "secretBin" -}}
-+{{- $tlsSecret := index . "tlsSecret" | default "" -}}
- {{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
- {{- $activeDeadlineSeconds := index . "activeDeadlineSeconds" -}}
- {{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
-@@ -71,8 +72,9 @@ spec:
-               mountPath: /tmp/ks-user.sh
-               subPath: ks-user.sh
-               readOnly: true
-+{{ dict "enabled" true "name" $tlsSecret "ca" true | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-           env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
-+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (ne $tlsSecret "") }}
- {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
- {{- end }}
-             - name: SERVICE_OS_SERVICE_NAME
-@@ -100,4 +102,5 @@ spec:
-             name: {{ $configMapBin | quote }}
-             defaultMode: 0555
- {{- end }}
-+{{- dict "enabled" true "name" $tlsSecret | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
- {{- end -}}
-diff --git a/helm-toolkit/templates/scripts/_rally_test.sh.tpl b/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-index a7b614a6..ccaf435b 100644
--- a/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-+++ b/helm-toolkit/templates/scripts/_rally_test.sh.tpl
-@@ -68,7 +68,7 @@ cat > /tmp/rally-config.json << EOF
-             }
-         ],
-         "https_insecure": false,
-        "https_cacert": ""
-+		"https_cacert": "${OS_CACERT}"
-     }
- }
- EOF
-diff --git a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-index d856ab21..dcbb361a 100644
--- a/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_openrc_env_vars.tpl
-@@ -67,9 +67,15 @@ return: |
-       secretKeyRef:
-         name: example-keystone-admin
-         key: OS_PASSWORD
-+  - name: OS_CACERT
-+    valueFrom:
-+      secretKeyRef:
-+        name: example-keystone-admin
-+        key: OS_CACERT
- */}}
- 
- {{- define "helm-toolkit.snippets.keystone_openrc_env_vars" }}
-+{{- $useCA := .useCA -}}
- {{- $ksUserSecret := .ksUserSecret }}
- - name: OS_IDENTITY_API_VERSION
-   value: "3"
-@@ -118,4 +124,11 @@ return: |
-     secretKeyRef:
-       name: {{ $ksUserSecret }}
-       key: OS_DEFAULT_DOMAIN
-+{{- if $useCA }}
-+- name: OS_CACERT
-+  valueFrom:
-+    secretKeyRef:
-+      name: {{ $ksUserSecret }}
-+      key: OS_CACERT
-+{{- end }}
- {{- end }}
-diff --git a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-index f6083b9b..e328ea4a 100644
--- a/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_secret_openrc.tpl
-@@ -28,4 +28,7 @@ OS_USER_DOMAIN_NAME: {{ $userContext.user_domain_name | b64enc }}
- OS_USERNAME: {{ $userContext.username | b64enc }}
- OS_PASSWORD: {{ $userContext.password | b64enc }}
- OS_DEFAULT_DOMAIN: {{ $userContext.default_domain_id | default "default" | b64enc }}
-+{{- if $userContext.cacert }}
-+OS_CACERT: {{ $userContext.cacert | b64enc }}
-+{{- end }}
- {{- end }}
-diff --git a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-index 622757bc..ff717ef3 100644
--- a/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-+++ b/helm-toolkit/templates/snippets/_keystone_user_create_env_vars.tpl
-@@ -24,6 +24,7 @@ values: |
-       service_user: example-keystone-user
- usage: |
-   {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user ) }}
-+  {{ include "helm-toolkit.snippets.keystone_user_create_env_vars" ( dict "ksUserSecret" .Values.secrets.identity.service_user "useCA" true ) }}
- return: |
-   - name: SERVICE_OS_REGION_NAME
-     valueFrom:
-diff --git a/helm-toolkit/templates/snippets/_tls_volume.tpl b/helm-toolkit/templates/snippets/_tls_volume.tpl
-new file mode 100644
-index 00000000..41fe3d96
--- /dev/null
-+++ b/helm-toolkit/templates/snippets/_tls_volume.tpl
-@@ -0,0 +1,47 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+  http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+{{/*
-+abstract: |
-+  Renders a secret volume for tls.
-+
-+  Dictionary Parameters:
-+    enabled: boolean check if you want to conditional disable this snippet (optional)
-+    name: name of the volume (required)
-+    secretName: name of a kuberentes/tls secret, if not specified, use the volume name (optional)
-+
-+values: |
-+  manifests:
-+    certificates: true
-+
-+usage: |
-+  {{- $opts := dict "enabled" "true" "name" "glance-tls-api" -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    secret:
-+      secretName: glance-tls-api
-+      defaultMode: 292
-+*/}}
-+{{- define "helm-toolkit.snippets.tls_volume" }}
-+{{- $enabled := index . "enabled" -}}
-+{{- $name := index . "name" -}}
-+{{- $secretName := index . "secretName" | default $name -}}
-+{{- if and $enabled (ne $name "") }}
-+- name: {{ $name }}
-+  secret:
-+    secretName: {{ $secretName }}
-+    defaultMode: 292
-+{{- end }}
-+{{- end }}
-diff --git a/helm-toolkit/templates/snippets/_tls_volume_mount.tpl b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-new file mode 100644
-index 00000000..9cfa8195
--- /dev/null
-+++ b/helm-toolkit/templates/snippets/_tls_volume_mount.tpl
-@@ -0,0 +1,82 @@
-+{{/*
-+Licensed under the Apache License, Version 2.0 (the "License");
-+you may not use this file except in compliance with the License.
-+You may obtain a copy of the License at
-+
-+  http://www.apache.org/licenses/LICENSE-2.0
-+
-+Unless required by applicable law or agreed to in writing, software
-+distributed under the License is distributed on an "AS IS" BASIS,
-+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+See the License for the specific language governing permissions and
-+limitations under the License.
-+*/}}
-+{{/*
-+abstract: |
-+  Renders a volume mount for TLS key, cert and CA.
-+
-+  Dictionary Parameters:
-+    enabled: boolean check if you want to conditional disable this snippet (optional)
-+    name: name that of the volume and should match the volume name (required)
-+    path: path to place tls.crt tls.key ca.crt, do not suffix with '/' (required)
-+    certs: a tuple containing a nonempty subset of {tls.crt, tls.key, ca.crt}.
-+          the default is the full set. (optional)
-+
-+values: |
-+  manifests:
-+    certificates: true
-+
-+usage: |
-+  {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "path" "/etc/glance/certs" -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/tls.crt
-+    subPath: tls.crt
-+    readOnly: true
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/tls.key
-+    subPath: tls.key
-+    readOnly: true
-+  - name: glance-tls-api
-+    mountPath: /etc/glance/certs/ca.crt
-+    subPath: ca.crt
-+    readOnly: true
-+
-+abstract: |
-+  This mounts a specific issuing CA only for service validation
-+
-+usage: |
-+  {{- $opts := dict "enabled" .Values.manifests.certificates "name" "glance-tls-api" "ca" true -}}
-+  {{- $opts | include "helm-toolkit.snippets.tls_volume_mount" -}}
-+
-+return: |
-+  - name: glance-tls-api
-+    mountPath: /etc/ssl/certs/openstack-helm.crt
-+    subPath: ca.crt
-+    readOnly: true
-+*/}}
-+{{- define "helm-toolkit.snippets.tls_volume_mount" }}
-+{{- $enabled := index . "enabled" -}}
-+{{- $name := index . "name" -}}
-+{{- $path := index . "path" | default "" -}}
-+{{- $certs := index . "certs" | default ( tuple "tls.crt" "tls.key" "ca.crt" ) }}
-+{{- if $enabled }}
-+{{- if and (eq $path "") (ne $name "") }}
-+- name: {{ $name }}
-+  mountPath: "/etc/ssl/certs/openstack-helm.crt"
-+  subPath: ca.crt
-+  readOnly: true
-+{{- else }}
-+{{- if ne $name "" }}
-+{{- range $key, $value := $certs }}
-+- name: {{ $name }}
-+  mountPath: {{ printf "%s/%s" $path $value }}
-+  subPath: {{ $value }}
-+  readOnly: true
-+{{- end }}
-+{{- end }}
-+{{- end }}
-+{{- end }}
-+{{- end }}
-- 
-2.17.1
-
--- a/openstack-helm/centos/openstack-helm.spec
+++ b/openstack-helm/centos/openstack-helm.spec
@ -1,6 +1,6 @@
 %global sha 34a7533b6484a157c8725889d0d68e792e13fc8d
 %global helm_folder  /usr/lib/helm
-%global toolkit_version 0.1.0
+%global toolkit_version 0.2.19
 %global helmchart_version 0.1.0
 %global _default_patch_flags --no-backup-if-mismatch --prefix=/tmp/junk

@ -30,6 +30,7 @@ Patch08: 0008-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
 Patch09: 0009-Wrong-usage-of-rbd_store_chunk_size.patch
 Patch10: 0010-Add-stx_admin-account.patch
 Patch11: 0011-Trust-public-ingress-certificate.patch
+Patch12: 0012-Update-helm-tookit-dependencies-to-0.2.19.patch

 BuildRequires: helm
 BuildRequires: openstack-helm-infra
@ -52,6 +53,7 @@ Openstack Helm charts
 %patch09 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1

 %build
 # Stage helm-toolkit in the local repo
--- a/openstack-helm/files/0012-Update-helm-tookit-dependencies-to-0.2.19.patch
+++ b/openstack-helm/files/0012-Update-helm-tookit-dependencies-to-0.2.19.patch
@ -0,0 +1,220 @@
+From 5eafbeb89313b1bc45369720ba1b700d3cf3c609 Mon Sep 17 00:00:00 2001
+From: Thiago Brito <thiago.brito@windriver.com>
+Date: Thu, 16 Sep 2021 11:43:02 -0300
+Subject: [PATCH] Update helm-tookit dependencies to >=0.1.0
+
+Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
+
+diff --git a/aodh/requirements.yaml b/aodh/requirements.yaml
+index 780e525c..fbba94ae 100644
+--- a/aodh/requirements.yaml
+++ b/aodh/requirements.yaml
+@@ -15,4 +15,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/barbican/requirements.yaml b/barbican/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/barbican/requirements.yaml
+++ b/barbican/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/ceilometer/requirements.yaml b/ceilometer/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/ceilometer/requirements.yaml
+++ b/ceilometer/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/cinder/requirements.yaml b/cinder/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/cinder/requirements.yaml
+++ b/cinder/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/congress/requirements.yaml b/congress/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/congress/requirements.yaml
+++ b/congress/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/designate/requirements.yaml b/designate/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/designate/requirements.yaml
+++ b/designate/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/glance/requirements.yaml b/glance/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/glance/requirements.yaml
+++ b/glance/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/heat/requirements.yaml b/heat/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/heat/requirements.yaml
+++ b/heat/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/horizon/requirements.yaml b/horizon/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/horizon/requirements.yaml
+++ b/horizon/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/ironic/requirements.yaml b/ironic/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/ironic/requirements.yaml
+++ b/ironic/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/keystone/requirements.yaml b/keystone/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/keystone/requirements.yaml
+++ b/keystone/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/magnum/requirements.yaml b/magnum/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/magnum/requirements.yaml
+++ b/magnum/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/mistral/requirements.yaml b/mistral/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/mistral/requirements.yaml
+++ b/mistral/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/neutron/requirements.yaml b/neutron/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/neutron/requirements.yaml
+++ b/neutron/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/nova/requirements.yaml b/nova/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/nova/requirements.yaml
+++ b/nova/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/octavia/requirements.yaml b/octavia/requirements.yaml
+index 35cf13c6..c09473b3 100644
+--- a/octavia/requirements.yaml
+++ b/octavia/requirements.yaml
+@@ -15,4 +15,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/panko/requirements.yaml b/panko/requirements.yaml
+index 780e525c..fbba94ae 100644
+--- a/panko/requirements.yaml
+++ b/panko/requirements.yaml
+@@ -15,4 +15,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/placement/requirements.yaml b/placement/requirements.yaml
+index 551fd91c..7efb17a3 100644
+--- a/placement/requirements.yaml
+++ b/placement/requirements.yaml
+@@ -15,4 +15,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/rally/requirements.yaml b/rally/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/rally/requirements.yaml
+++ b/rally/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/senlin/requirements.yaml b/senlin/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/senlin/requirements.yaml
+++ b/senlin/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+diff --git a/tempest/requirements.yaml b/tempest/requirements.yaml
+index 5669e12c..432e28c1 100644
+--- a/tempest/requirements.yaml
+++ b/tempest/requirements.yaml
+@@ -13,4 +13,4 @@
+ dependencies:
+   - name: helm-toolkit
+     repository: http://localhost:8879/charts
+-    version: 0.1.0
+    version: ">= 0.1.0"
+--
+2.17.1
+
--- a/stx-openstack-helm/centos/stx-openstack-helm.spec
+++ b/stx-openstack-helm/centos/stx-openstack-helm.spec
@ -1,7 +1,7 @@
 %global helm_folder  /usr/lib/helm
 %global armada_folder  /usr/lib/armada
 %global app_folder  /usr/lib/application
-%global toolkit_version 0.1.0
+%global toolkit_version 0.2.19
 %global helmchart_version 0.1.0

 Summary: StarlingX Openstack Application Helm charts
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/dcdbsync/requirements.yaml
@ -7,4 +7,4 @@
 dependencies:
  - name: helm-toolkit
    repository: http://localhost:8879/charts
-    version: 0.1.0
+    version: ">= 0.1.0"
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/garbd/requirements.yaml
@ -15,4 +15,4 @@
 dependencies:
  - name: helm-toolkit
    repository: http://localhost:8879/charts
-    version: 0.1.0
+    version: ">= 0.1.0"
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/keystone-api-proxy/requirements.yaml
@ -7,4 +7,4 @@
 dependencies:
  - name: helm-toolkit
    repository: http://localhost:8879/charts
-    version: 0.1.0
+    version: ">= 0.1.0"
--- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/requirements.yaml
@ -7,4 +7,4 @@
 dependencies:
  - name: helm-toolkit
    repository: http://localhost:8879/charts
-    version: 0.1.0
+    version: ">= 0.1.0"
--- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
+++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml
@ -40,7 +40,7 @@ data:
  values: {}
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/helm-toolkit-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/helm-toolkit-0.2.19.tgz
    subpath: helm-toolkit
    reference: master
  dependencies: []
@ -94,7 +94,7 @@ data:
        bind-address: "::"
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/ingress-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/ingress-0.2.3.tgz
    subpath: ingress
    reference: master
  dependencies:
@ -198,7 +198,7 @@ data:
        operator: Exists
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/mariadb-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/mariadb-0.2.5.tgz
    subpath: mariadb
  dependencies:
    - helm-toolkit
@ -278,7 +278,7 @@ data:
        prometheus_memcached_exporter: null
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/memcached-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/memcached-0.1.4.tgz
    subpath: memcached
    reference: master
  dependencies:
@ -351,7 +351,7 @@ data:
        operator: Exists
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/rabbitmq-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/rabbitmq-0.1.13.tgz
    subpath: rabbitmq
    reference: master
  dependencies:
@ -691,7 +691,7 @@ data:
            default: requiredDuringSchedulingIgnoredDuringExecution
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/ceph-rgw-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/ceph-rgw-0.1.15.tgz
    subpath: ceph-rgw
    reference: master
  dependencies:
@ -920,7 +920,7 @@ data:
        ceph_config_helper: docker.io/starlingx/ceph-config-helper:v1.15.0
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/libvirt-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/libvirt-0.1.7.tgz
    subpath: libvirt
    reference: master
  dependencies:
@ -959,7 +959,7 @@ data:
        openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest
  source:
    type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.5.tgz
    subpath: openvswitch
    reference: master
  dependencies: