openstack/openstack-helm
Code Issues Proposed changes

Merge "Keystone: enable external access to admin endpoint"

Browse Source
This commit is contained in:
Zuul 2018-08-02 18:09:11 +00:00 committed by Gerrit Code Review
commit b282daa901
21 changed files with 82 additions and 35 deletions

3
barbican/values.yaml

@ -546,12 +546,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
key_manager:
name: barbican
hosts:

3
ceilometer/values.yaml

@ -1707,12 +1707,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:
api:
default: 80
admin: 35357
metering:
name: ceilometer
hosts:

3
ceph-client/values.yaml

@ -451,12 +451,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
object_store:
name: swift
namespace: null

3
cinder/values.yaml

@ -1070,12 +1070,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
image:
name: glance
hosts:

3
congress/values.yaml

@ -245,12 +245,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
policy:
name: congress
hosts:

3
glance/values.yaml

@ -575,12 +575,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
image:
name: glance
hosts:

3
gnocchi/values.yaml

@ -486,12 +486,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:
api:
default: 80
admin: 35357
metric:
name: gnocchi
hosts:

3
heat/values.yaml

@ -812,12 +812,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: 'http'
port:
api:
default: 80
admin: 35357
orchestration:
name: heat
hosts:

3
ironic/values.yaml

@ -400,12 +400,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
baremetal:
name: ironic
hosts:

10
keystone/templates/deployment-api.yaml

@ -65,15 +65,19 @@ spec:
- /tmp/keystone-api.sh
- stop
ports:
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ks-pub
containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
containerPort: {{ $portInt }}
{{- if not ( eq $portInt $portAdm ) }}
- name: ks-adm
containerPort: {{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
containerPort: {{ $portAdm }}
{{- end }}
readinessProbe:
httpGet:
scheme: HTTP
path: /
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
port: {{ $portInt }}
initialDelaySeconds: 15
periodSeconds: 10
volumeMounts:

29
keystone/templates/etc/_wsgi-keystone.conf.tpl

@ -14,8 +14,13 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
Listen 0.0.0.0:{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen 0.0.0.0:{{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen 0.0.0.0:{{ $portInt }}
{{- if not ( eq $portInt $portAdm ) }}
Listen 0.0.0.0:{{ $portAdm }}
{{- end }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
@ -24,7 +29,7 @@ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<VirtualHost *:{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
<VirtualHost *:{{ $portInt }}>
WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-public
@ -40,7 +45,8 @@ CustomLog /dev/stdout proxy env=forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
<VirtualHost *:{{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
{{- if not ( eq $portInt $portAdm ) }}
<VirtualHost *:{{ $portAdm }}>
WSGIDaemonProcess keystone-admin processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-admin
@ -55,6 +61,21 @@ CustomLog /dev/stdout proxy env=forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
</VirtualHost>
{{- else }}
WSGIDaemonProcess keystone-admin processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stderr
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
{{- end }}
Alias /identity /var/www/cgi-bin/keystone/keystone-wsgi-public
<Location /identity>

24
keystone/templates/service-api.yaml

@ -23,16 +23,20 @@ metadata:
name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: ks-pub
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
- name: ks-adm
port: {{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.admin.node_port.enabled }}
nodePort: {{ .Values.network.admin.node_port.port }}
{{ end }}
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $portAdm := tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ks-pub
port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.api.node_port.enabled }}
nodePort: {{ .Values.network.api.node_port.port }}
{{ end }}
{{- if not ( eq $portInt $portAdm ) }}
- name: ks-adm
port: {{ tuple "identity" "admin" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.admin.node_port.enabled }}
nodePort: {{ .Values.network.admin.node_port.port }}
{{ end }}
{{- end }}
selector:
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ if or (.Values.network.api.node_port.enabled) (.Values.network.admin.node_port.enabled) }}

4
keystone/values.yaml

@ -915,6 +915,7 @@ endpoints:
hosts:
default: keystone-api
public: keystone
admin: keystone
host_fqdn_override:
default: null
# NOTE(portdirect): this chart supports TLS for fqdn over-ridden public
@ -926,12 +927,13 @@ endpoints:
# key: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
oslo_db:
namespace: null
auth:

3
magnum/values.yaml

@ -358,12 +358,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
container_infra:
name: magnum
hosts:

3
mistral/values.yaml

@ -242,12 +242,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
workflowv2:
name: mistral
hosts:

3
neutron/values.yaml

@ -1776,12 +1776,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
network:
name: neutron
hosts:

3
nova/values.yaml

@ -1786,12 +1786,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
image:
name: glance
hosts:

3
rally/values.yaml

@ -255,12 +255,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
benchmark:
name: rally
hosts:

3
senlin/values.yaml

@ -407,12 +407,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
clustering:
name: senlin
hosts:

3
tempest/values.yaml

@ -250,12 +250,13 @@ endpoints:
default: null
path:
default: /v3
public: /identity/v3
admin: /identity_admin/v3
scheme:
default: http
port:
api:
default: 80
admin: 35357
manifests:
configmap_bin: true

2
tools/deployment/common/setup-client.sh

@ -32,7 +32,7 @@ clouds:
project_name: 'admin'
project_domain_name: 'default'
user_domain_name: 'default'
auth_url: 'http://keystone.openstack.svc.cluster.local/v3'
auth_url: 'http://keystone.openstack.svc.cluster.local/identity/v3'
EOF
#NOTE: Build charts