openstack/openstack-helm
Code Issues Proposed changes

Merge "Auth: Update credential keys to reference service specifically"

Browse Source
This commit is contained in:
Zuul 2018-01-16 06:59:37 +00:00 committed by Gerrit Code Review
commit d6dbd905e7
83 changed files with 317 additions and 334 deletions
barbican
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
ceilometer
templates
configmap-etc.yamljob-db-init-mongodb.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yamlsecret-mongodb.yaml
values.yaml
ceph
templates
job-ks-user.yamlsecret-keystone-rgw.yamlsecret-keystone.yaml
values.yaml
cinder
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
congress
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
glance
templates
configmap-etc.yaml
etc
_swift-store.conf.tpl
job-ks-user.yamljob-storage-init.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
gnocchi
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
heat
templates
configmap-etc.yamljob-ks-user.yamljob-trusts.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
horizon
templates
etc
_local_settings.tpl
job-db-drop.yamljob-db-init.yamlsecret-db.yaml
values.yaml
keystone
templates
configmap-etc.yamlsecret-db.yaml
values.yaml
magnum
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
mistral
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
neutron
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
nova
templates
configmap-etc.yamljob-ks-user.yamlsecret-db-api.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
rally
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml
senlin
templates
configmap-etc.yamljob-ks-user.yamlsecret-db.yamlsecret-keystone.yaml
values.yaml

16
barbican/templates/configmap-etc.yaml

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}} {{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}} {{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.barbican.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.barbican.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.barbican.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.username -}} {{- if empty .Values.conf.barbican.keystone_authtoken.username -}}
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.barbican.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.password -}} {{- if empty .Values.conf.barbican.keystone_authtoken.password -}}
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.barbican.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}} {{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.transport_url -}} {{- if empty .Values.conf.barbican.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "barbican" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }} {{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}

4
barbican/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "barbican" value: "barbican"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.barbican.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
barbican/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
barbican/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

10
barbican/values.yaml

@ -377,10 +377,10 @@ conf:
secrets: secrets:
identity: identity:
admin: barbican-keystone-admin admin: barbican-keystone-admin
user: barbican-keystone-user barbican: barbican-keystone-user
oslo_db: oslo_db:
admin: barbican-db-admin admin: barbican-db-admin
user: barbican-db-user barbican: barbican-db-user
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
@ -394,7 +394,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: barbican:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: barbican username: barbican
@ -436,7 +436,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: barbican:
username: barbican username: barbican
password: password password: password
hosts: hosts:
@ -450,7 +450,7 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
user: barbican:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:

36
ceilometer/templates/configmap-etc.yaml

@ -30,68 +30,68 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.database.connection -}} {{- if empty .Values.conf.ceilometer.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.database.event_connection -}} {{- if empty .Values.conf.ceilometer.database.event_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}} {{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.database.metering_connection -}} {{- if empty .Values.conf.ceilometer.database.metering_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}} {{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.DEFAULT.transport_url -}} {{- if empty .Values.conf.ceilometer.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.oslo_messaging_notifications.transport_url -}} {{- if empty .Values.conf.ceilometer.oslo_messaging_notifications.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.notification.messaging_urls -}} {{- if empty .Values.conf.ceilometer.notification.messaging_urls -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.region_name -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.region_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_name -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.project_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.username -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.username -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.password -}} {{- if empty .Values.conf.ceilometer.keystone_authtoken.password -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.auth_url -}} {{- if empty .Values.conf.ceilometer.service_credentials.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ceilometer.service_credentials "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ceilometer.service_credentials "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.region_name -}} {{- if empty .Values.conf.ceilometer.service_credentials.region_name -}}
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_name -}} {{- if empty .Values.conf.ceilometer.service_credentials.project_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_domain_name -}} {{- if empty .Values.conf.ceilometer.service_credentials.project_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.user_domain_name -}} {{- if empty .Values.conf.ceilometer.service_credentials.user_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.username -}} {{- if empty .Values.conf.ceilometer.service_credentials.username -}}
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.password -}} {{- if empty .Values.conf.ceilometer.service_credentials.password -}}
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.ceilometer.dispatcher_gnocchi.url -}} {{- if empty .Values.conf.ceilometer.dispatcher_gnocchi.url -}}

2
ceilometer/templates/job-db-init-mongodb.yaml

@ -48,7 +48,7 @@ spec:
- name: USER_DB_CONNECTION - name: USER_DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.mongodb.user }} name: {{ .Values.secrets.mongodb.ceilometer }}
key: DB_CONNECTION key: DB_CONNECTION
command: command:
- /tmp/db-init-mongodb.sh - /tmp/db-init-mongodb.sh

4
ceilometer/templates/job-ks-user.yaml

@ -52,11 +52,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "ceilometer" value: "ceilometer"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
ceilometer/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
ceilometer/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
ceilometer/templates/secret-mongodb.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_mongodb }} {{- if .Values.manifests.secret_mongodb }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.mongodb $userClass }} {{- $secretName := index $envAll.Values.secrets.mongodb $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

14
ceilometer/values.yaml

@ -1600,13 +1600,13 @@ dependencies:
secrets: secrets:
identity: identity:
admin: ceilometer-keystone-admin admin: ceilometer-keystone-admin
user: ceilometer-keystone-user ceilometer: ceilometer-keystone-user
oslo_db: oslo_db:
admin: ceilometer-db-admin admin: ceilometer-db-admin
user: ceilometer-db-user ceilometer: ceilometer-db-user
mongodb: mongodb:
admin: ceilometer-mongodb-admin admin: ceilometer-mongodb-admin
user: ceilometer-mongodb-user ceilometer: ceilometer-mongodb-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1623,7 +1623,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: ceilometer:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: ceilometer username: ceilometer
@ -1710,7 +1710,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: ceilometer:
username: ceilometer username: ceilometer
password: password password: password
hosts: hosts:
@ -1727,7 +1727,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: ceilometer:
username: ceilometer username: ceilometer
password: password password: password
hosts: hosts:
@ -1749,7 +1749,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: ceilometer:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:

4
ceph/templates/job-ks-user.yaml

@ -56,11 +56,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "ceph" value: "ceph"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.swift.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
ceph/templates/secret-keystone-rgw.yaml

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone_rgw }} {{- if .Values.manifests.secret_keystone_rgw }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.ceph }} {{- if .Values.deployment.ceph }}
{{- range $key1, $userClass := tuple "user" }} {{- range $key1, $userClass := tuple "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }} {{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
--- ---
apiVersion: v1 apiVersion: v1

2
ceph/templates/secret-keystone.yaml

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }} {{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

4
ceph/values.yaml

@ -172,7 +172,7 @@ secrets:
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
identity: identity:
admin: ceph-keystone-admin admin: ceph-keystone-admin
user: ceph-keystone-user swift: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw user_rgw: ceph-keystone-user-rgw
network: network:
@ -381,7 +381,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: swift:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: swift username: swift

26
cinder/templates/configmap-etc.yaml

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}} {{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_name -}} {{- if empty .Values.conf.cinder.keystone_authtoken.project_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.cinder.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.cinder.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.username -}} {{- if empty .Values.conf.cinder.keystone_authtoken.username -}}
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.password -}} {{- if empty .Values.conf.cinder.keystone_authtoken.password -}}
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}} {{- if empty .Values.conf.cinder.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.transport_url -}} {{- if empty .Values.conf.cinder.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "cinder" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.glance_api_servers -}} {{- if empty .Values.conf.cinder.DEFAULT.glance_api_servers -}}
@ -73,19 +73,19 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}} {{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}}
{{- set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" | quote | trunc 0 -}} {{- set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" | quote | trunc 0 -}}

4
cinder/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "cinder" value: "cinder"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.cinder.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
cinder/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
cinder/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

10
cinder/values.yaml

@ -599,10 +599,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: cinder-keystone-admin admin: cinder-keystone-admin
user: cinder-keystone-user cinder: cinder-keystone-user
oslo_db: oslo_db:
admin: cinder-db-admin admin: cinder-db-admin
user: cinder-db-user cinder: cinder-db-user
rbd: rbd:
backup: cinder-backup-rbd-keyring backup: cinder-backup-rbd-keyring
volume: cinder-volume-rbd-keyring volume: cinder-volume-rbd-keyring
@ -622,7 +622,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: cinder:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: cinder username: cinder
@ -724,7 +724,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: cinder:
username: cinder username: cinder
password: password password: password
hosts: hosts:
@ -738,7 +738,7 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
user: cinder:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:

16
congress/templates/configmap-etc.yaml

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- if empty .Values.conf.congress.DEFAULT.transport_url -}} {{- if empty .Values.conf.congress.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "congress" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.database.connection -}} {{- if empty .Values.conf.congress.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "congress" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
@ -38,22 +38,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}} {{- if empty .Values.conf.congress.keystone_authtoken.region_name -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.congress.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}} {{- if empty .Values.conf.congress.keystone_authtoken.project_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.congress.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.congress.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.congress.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.username -}} {{- if empty .Values.conf.congress.keystone_authtoken.username -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.congress.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.password -}} {{- if empty .Values.conf.congress.keystone_authtoken.password -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.congress.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}

4
congress/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "congress" value: "congress"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.congress.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
congress/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
congress/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

29
congress/values.yaml

@ -124,10 +124,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: congress-keystone-admin admin: congress-keystone-admin
user: congress-keystone-user congress: congress-keystone-user
oslo_db: oslo_db:
admin: congress-db-admin admin: congress-db-admin
user: congress-db-user congress: congress-db-user
rbd: images-rbd-keyring rbd: images-rbd-keyring
endpoints: endpoints:
@ -142,7 +142,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: congress:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: congress username: congress
@ -184,7 +184,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: congress:
username: congress username: congress
password: password password: password
hosts: hosts:
@ -206,7 +206,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: congress:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:
@ -218,25 +218,6 @@ endpoints:
port: port:
amqp: amqp:
default: 5672 default: 5672
ceph_object_store:
name: radosgw
namespace: ceph
auth:
user:
username: congress
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
policy: policy:
datasource_services: datasource_services:

32
glance/templates/configmap-etc.yaml

@ -40,41 +40,41 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.region_name -}} {{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_name -}} {{- if empty .Values.conf.glance.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.glance.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.glance.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.username -}} {{- if empty .Values.conf.glance.keystone_authtoken.username -}}
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.password -}} {{- if empty .Values.conf.glance.keystone_authtoken.password -}}
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.region_name -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_name -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.username -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.username -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.password -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.password -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.glance.keystone_authtoken.memcached_servers -}}
@ -85,17 +85,17 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.database.connection -}} {{- if empty .Values.conf.glance.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.connection -}} {{- if empty .Values.conf.glance_registry.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}} {{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance_registry.DEFAULT.transport_url -}} {{- if empty .Values.conf.glance_registry.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.registry_host -}} {{- if empty .Values.conf.glance.DEFAULT.registry_host -}}

12
glance/templates/etc/_swift-store.conf.tpl

@ -18,13 +18,13 @@ limitations under the License.
{{- if eq .Values.storage "radosgw" }} {{- if eq .Values.storage "radosgw" }}
auth_version = 1 auth_version = 1
auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user = {{ .Values.endpoints.ceph_object_store.auth.user.username }}:swift user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.user.password }} key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
{{- else }} {{- else }}
user = {{ .Values.endpoints.identity.auth.user.project_name }}:{{ .Values.endpoints.identity.auth.user.username }} user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
key = {{ .Values.endpoints.identity.auth.user.password }} key = {{ .Values.endpoints.identity.auth.glance.password }}
auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user_domain_name = {{ .Values.endpoints.identity.auth.user.user_domain_name }} user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.user.project_domain_name }} project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
auth_version = 3 auth_version = 3
{{- end -}} {{- end -}}

4
glance/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "glance" value: "glance"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.glance.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

6
glance/templates/job-storage-init.yaml

@ -108,11 +108,11 @@ spec:
{{ end }} {{ end }}
{{- if eq .Values.storage "radosgw" }} {{- if eq .Values.storage "radosgw" }}
- name: RADOSGW_USERNAME - name: RADOSGW_USERNAME
value: {{ .Values.endpoints.ceph_object_store.auth.user.username | quote }} value: {{ .Values.endpoints.ceph_object_store.auth.glance.username | quote }}
- name: RADOSGW_PASSWORD - name: RADOSGW_PASSWORD
value: {{ .Values.endpoints.ceph_object_store.auth.user.password | quote }} value: {{ .Values.endpoints.ceph_object_store.auth.glance.password | quote }}
- name: RADOSGW_TMPURL_KEY - name: RADOSGW_TMPURL_KEY
value: {{ .Values.endpoints.ceph_object_store.auth.user.tmpurlkey | quote }} value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
{{ end }} {{ end }}
command: command:
- /tmp/storage-init.sh - /tmp/storage-init.sh

2
glance/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
glance/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

12
glance/values.yaml

@ -378,10 +378,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: glance-keystone-admin admin: glance-keystone-admin
user: glance-keystone-user glance: glance-keystone-user
oslo_db: oslo_db:
admin: glance-db-admin admin: glance-db-admin
user: glance-db-user glance: glance-db-user
rbd: images-rbd-keyring rbd: images-rbd-keyring
# typically overriden by environmental # typically overriden by environmental
@ -399,7 +399,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: glance:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: glance username: glance
@ -456,7 +456,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: glance:
username: glance username: glance
password: password password: password
hosts: hosts:
@ -478,7 +478,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: glance:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:
@ -494,7 +494,7 @@ endpoints:
name: radosgw name: radosgw
namespace: ceph namespace: ceph
auth: auth:
user: glance:
username: glance username: glance
password: password password: password
tmpurlkey: supersecret tmpurlkey: supersecret

18
gnocchi/templates/configmap-etc.yaml

@ -33,33 +33,33 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.gnocchi.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_name -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.project_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.gnocchi.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.gnocchi.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.gnocchi.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.username -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.username -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.gnocchi.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.password -}} {{- if empty .Values.conf.gnocchi.keystone_authtoken.password -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.gnocchi.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.database.connection -}} {{- if empty .Values.conf.gnocchi.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.gnocchi.indexer.url -}} {{- if empty .Values.conf.gnocchi.indexer.url -}}
{{ if eq .Values.conf.gnocchi.indexer.driver "postgresql" }} {{ if eq .Values.conf.gnocchi.indexer.driver "postgresql" }}
{{- tuple "oslo_db_postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}} {{- tuple "oslo_db_postgresql" "internal" "gnocchi" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ else }} {{ else }}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ end }} {{ end }}
{{- end -}} {{- end -}}

4
gnocchi/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "gnocchi" value: "gnocchi"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
gnocchi/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
gnocchi/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }} {{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
{{ $osAuthType := $auth.os_auth_type }} {{ $osAuthType := $auth.os_auth_type }}

10
gnocchi/values.yaml

@ -342,10 +342,10 @@ conf:
secrets: secrets:
identity: identity:
admin: gnocchi-keystone-admin admin: gnocchi-keystone-admin
user: gnocchi-keystone-user gnocchi: gnocchi-keystone-user
oslo_db: oslo_db:
admin: gnocchi-db-admin admin: gnocchi-db-admin
user: gnocchi-db-user gnocchi: gnocchi-db-user
rbd: gnocchi-rbd-keyring rbd: gnocchi-rbd-keyring
# typically overriden by environmental # typically overriden by environmental
@ -365,7 +365,7 @@ endpoints:
region_name: "RegionOne" region_name: "RegionOne"
os_auth_type: "password" os_auth_type: "password"
os_tenant_name: "admin" os_tenant_name: "admin"
user: gnocchi:
username: "gnocchi" username: "gnocchi"
user_domain_name: "default" user_domain_name: "default"
role: "admin" role: "admin"
@ -409,7 +409,7 @@ endpoints:
admin: admin:
username: postgres username: postgres
password: password password: password
user: gnocchi:
username: gnocchi username: gnocchi
password: password password: password
hosts: hosts:
@ -426,7 +426,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: gnocchi:
username: gnocchi username: gnocchi
password: password password: password
hosts: hosts:

34
heat/templates/configmap-etc.yaml

@ -30,51 +30,51 @@ limitations under the License.
{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}} {{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.region_name -}} {{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_name -}} {{- if empty .Values.conf.heat.keystone_authtoken.project_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.heat.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.heat.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.heat.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.heat.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.heat.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.username -}} {{- if empty .Values.conf.heat.keystone_authtoken.username -}}
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.heat.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.password -}} {{- if empty .Values.conf.heat.keystone_authtoken.password -}}
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.heat.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.region_name -}} {{- if empty .Values.conf.heat.trustee.region_name -}}
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.heat_trustee.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.project_name -}} {{- if empty .Values.conf.heat.trustee.project_name -}}
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.heat_trustee.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.project_domain_name -}} {{- if empty .Values.conf.heat.trustee.project_domain_name -}}
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.heat_trustee.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.user_domain_name -}} {{- if empty .Values.conf.heat.trustee.user_domain_name -}}
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.heat_trustee.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.username -}} {{- if empty .Values.conf.heat.trustee.username -}}
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.heat_trustee.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.trustee.password -}} {{- if empty .Values.conf.heat.trustee.password -}}
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}} {{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.heat_trustee.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_user_domain_name -}} {{- if empty .Values.conf.heat.DEFAULT.stack_user_domain_name -}}
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.domain_name | quote | trunc 0 -}} {{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.heat_stack_user.domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin -}} {{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}} {{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.heat_stack_user.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin_password -}} {{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin_password -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}} {{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.heat_stack_user.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
@ -82,11 +82,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.database.connection -}} {{- if empty .Values.conf.heat.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}} {{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.heat_metadata_server_url -}} {{- if empty .Values.conf.heat.DEFAULT.heat_metadata_server_url -}}

18
heat/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "heat" value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.heat.role | quote }}
- name: heat-ks-trustee-user - name: heat-ks-trustee-user
image: {{ .Values.images.tags.ks_user }} image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
@ -76,11 +76,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "heat" value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }} value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }}
- name: heat-ks-domain-user - name: heat-ks-domain-user
image: {{ .Values.images.tags.ks_user }} image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
@ -100,25 +100,25 @@ spec:
- name: SERVICE_OS_REGION_NAME - name: SERVICE_OS_REGION_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }} name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_REGION_NAME key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME - name: SERVICE_OS_DOMAIN_NAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }} name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_DOMAIN_NAME key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME - name: SERVICE_OS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }} name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_USERNAME key: OS_USERNAME
- name: SERVICE_OS_PASSWORD - name: SERVICE_OS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }} name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_PASSWORD key: OS_PASSWORD
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }} value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
heat/templates/job-trusts.yaml

@ -60,7 +60,7 @@ spec:
- name: SERVICE_OS_ROLES - name: SERVICE_OS_ROLES
value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }} value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }}
- name: SERVICE_OS_TRUSTEE - name: SERVICE_OS_TRUSTEE
value: {{ .Values.endpoints.identity.auth.trustee.username }} value: {{ .Values.endpoints.identity.auth.heat_trustee.username }}
volumes: volumes:
- name: heat-bin - name: heat-bin
configMap: configMap:

2
heat/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

12
heat/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }} {{- range $key1, $userClass := tuple "admin" "heat" "heat_trustee" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1
@ -31,12 +31,12 @@ data:
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ $envAll.Values.secrets.identity.stack_user }} name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
type: Opaque type: Opaque
data: data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }} OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }} OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }} OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }} OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }} OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
{{- end }} {{- end }}

18
heat/values.yaml

@ -332,12 +332,12 @@ dependencies:
secrets: secrets:
identity: identity:
admin: heat-keystone-admin admin: heat-keystone-admin
user: heat-keystone-user heat: heat-keystone-user
trustee: heat-keystone-trustee heat_trustee: heat-keystone-trustee
stack_user: heat-keystone-stack-user heat_stack_user: heat-keystone-stack-user
oslo_db: oslo_db:
admin: heat-db-admin admin: heat-db-admin
user: heat-db-user heat: heat-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -354,7 +354,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: heat:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: heat username: heat
@ -362,7 +362,7 @@ endpoints:
project_name: service project_name: service
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
trustee: heat_trustee:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: heat-trust username: heat-trust
@ -370,7 +370,7 @@ endpoints:
project_name: service project_name: service
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
stack_user: heat_stack_user:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: heat-domain username: heat-domain
@ -442,7 +442,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: heat:
username: heat username: heat
password: password password: password
hosts: hosts:
@ -464,7 +464,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: heat:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:

4
horizon/templates/etc/_local_settings.tpl

@ -148,8 +148,8 @@ DATABASES = {
# Database configuration here # Database configuration here
'ENGINE': 'django.db.backends.mysql', 'ENGINE': 'django.db.backends.mysql',
'NAME': '{{ .Values.endpoints.oslo_db.path | base }}', 'NAME': '{{ .Values.endpoints.oslo_db.path | base }}',
'USER': '{{ .Values.endpoints.oslo_db.auth.user.username }}', 'USER': '{{ .Values.endpoints.oslo_db.auth.horizon.username }}',
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.user.password }}', 'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}', 'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
'default-character-set': 'utf8', 'default-character-set': 'utf8',
'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}' 'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'

2
horizon/templates/job-db-drop.yaml

@ -60,7 +60,7 @@ spec:
- name: DB_CONNECTION - name: DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }} name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION key: DB_CONNECTION
command: command:
- /tmp/db-drop.py - /tmp/db-drop.py

2
horizon/templates/job-db-init.yaml

@ -54,7 +54,7 @@ spec:
- name: DB_CONNECTION - name: DB_CONNECTION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }} name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION key: DB_CONNECTION
command: command:
- /tmp/db-init.py - /tmp/db-init.py

2
horizon/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "horizon" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

4
horizon/values.yaml

@ -1216,7 +1216,7 @@ pod:
secrets: secrets:
oslo_db: oslo_db:
admin: horizon-db-admin admin: horizon-db-admin
user: horizon-db-user horizon: horizon-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1266,7 +1266,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: horizon:
username: horizon username: horizon
password: password password: password
hosts: hosts:

4
keystone/templates/configmap-etc.yaml

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }} {{- $envAll := . }}
{{- if empty .Values.conf.keystone.database.connection -}} {{- if empty .Values.conf.keystone.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "keystone" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}} {{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.keystone.cache.memcache_servers -}} {{- if empty .Values.conf.keystone.cache.memcache_servers -}}

2
keystone/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

8
keystone/values.yaml

@ -516,7 +516,7 @@ secrets:
admin: keystone-keystone-admin admin: keystone-keystone-admin
oslo_db: oslo_db:
admin: keystone-db-admin admin: keystone-db-admin
user: keystone-db-user keystone: keystone-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -554,7 +554,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: keystone:
username: keystone username: keystone
password: password password: password
hosts: hosts:
@ -569,8 +569,8 @@ endpoints:
oslo_messaging: oslo_messaging:
namespace: null namespace: null
auth: auth:
user: keystone:
username: keystone username: rabbitmq
password: password password: password
hosts: hosts:
default: rabbitmq default: rabbitmq

16
magnum/templates/configmap-etc.yaml

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}} {{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_name -}} {{- if empty .Values.conf.magnum.keystone_authtoken.project_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.magnum.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.magnum.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.magnum.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.magnum.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.magnum.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.username -}} {{- if empty .Values.conf.magnum.keystone_authtoken.username -}}
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.magnum.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.password -}} {{- if empty .Values.conf.magnum.keystone_authtoken.password -}}
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.magnum.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.database.connection -}} {{- if empty .Values.conf.magnum.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.magnum.DEFAULT.transport_url -}} {{- if empty .Values.conf.magnum.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "magnum" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
--- ---

4
magnum/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "magnum" value: "magnum"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.magnum.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
magnum/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
magnum/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

20
magnum/values.yaml

@ -182,10 +182,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: magnum-keystone-admin admin: magnum-keystone-admin
user: magnum-keystone-user magnum: magnum-keystone-user
oslo_db: oslo_db:
admin: magnum-db-admin admin: magnum-db-admin
user: magnum-db-user magnum: magnum-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -202,7 +202,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: magnum:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: magnum username: magnum
@ -244,7 +244,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: magnum:
username: magnum username: magnum
password: password password: password
hosts: hosts:
@ -266,7 +266,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: magnum:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:
@ -284,11 +284,11 @@ pod:
magnum: magnum:
uid: 1000 uid: 1000
affinity: affinity:
anti: anti:
type: type:
default: preferredDuringSchedulingIgnoredDuringExecution default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey: topologyKey:
default: kubernetes.io/hostname default: kubernetes.io/hostname
mounts: mounts:
magnum_api: magnum_api:
init_container: null init_container: null

16
mistral/templates/configmap-etc.yaml

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}} {{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_name -}} {{- if empty .Values.conf.mistral.keystone_authtoken.project_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.mistral.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.mistral.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.mistral.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.mistral.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.mistral.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.username -}} {{- if empty .Values.conf.mistral.keystone_authtoken.username -}}
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.mistral.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.password -}} {{- if empty .Values.conf.mistral.keystone_authtoken.password -}}
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.mistral.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.database.connection -}} {{- if empty .Values.conf.mistral.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.mistral.DEFAULT.transport_url -}} {{- if empty .Values.conf.mistral.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "mistral" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
--- ---

4
mistral/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "mistral" value: "mistral"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.mistral.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
mistral/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
mistral/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

10
mistral/values.yaml

@ -129,10 +129,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: mistral-keystone-admin admin: mistral-keystone-admin
user: mistral-keystone-user mistral: mistral-keystone-user
oslo_db: oslo_db:
admin: mistral-db-admin admin: mistral-db-admin
user: mistral-db-user mistral: mistral-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -149,7 +149,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: mistral:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: mistral username: mistral
@ -191,7 +191,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: mistral:
username: mistral username: mistral
password: password password: password
hosts: hosts:
@ -205,7 +205,7 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
user: mistral:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:

16
neutron/templates/configmap-etc.yaml

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.username -}} {{- if empty .Values.conf.neutron.keystone_authtoken.username -}}
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.password -}} {{- if empty .Values.conf.neutron.keystone_authtoken.password -}}
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}} {{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.database.connection -}} {{- if empty .Values.conf.neutron.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.DEFAULT.transport_url -}} {{- if empty .Values.conf.neutron.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end }} {{- end }}
{{- if empty .Values.conf.neutron.nova.auth_url -}} {{- if empty .Values.conf.neutron.nova.auth_url -}}

4
neutron/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "neutron" value: "neutron"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.neutron.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
neutron/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
neutron/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

10
neutron/values.yaml

@ -1060,10 +1060,10 @@ conf:
secrets: secrets:
identity: identity:
admin: neutron-keystone-admin admin: neutron-keystone-admin
user: neutron-keystone-user neutron: neutron-keystone-user
oslo_db: oslo_db:
admin: neutron-db-admin admin: neutron-db-admin
user: neutron-db-user neutron: neutron-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1075,7 +1075,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: neutron:
username: neutron username: neutron
password: password password: password
hosts: hosts:
@ -1089,7 +1089,7 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
user: neutron:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:
@ -1151,7 +1151,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: neutron:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: neutron username: neutron

20
nova/templates/configmap-etc.yaml

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}} {{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}} {{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.username -}} {{- if empty .Values.conf.nova.keystone_authtoken.username -}}
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.password -}} {{- if empty .Values.conf.nova.keystone_authtoken.password -}}
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
@ -55,19 +55,19 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.database.connection -}} {{- if empty .Values.conf.nova.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.api_database.connection -}} {{- if empty .Values.conf.nova.api_database.connection -}}
{{- tuple "oslo_db_api" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.cell0_database.connection -}} {{- if empty .Values.conf.nova.cell0_database.connection -}}
{{- tuple "oslo_db_cell0" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}} {{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.glance.api_servers -}} {{- if empty .Values.conf.nova.glance.api_servers -}}

4
nova/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "nova" value: "nova"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.nova.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
nova/templates/secret-db-api.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db_api }} {{- if .Values.manifests.secret_db_api }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
nova/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
nova/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

20
nova/values.yaml

@ -1043,17 +1043,17 @@ conf:
secrets: secrets:
identity: identity:
admin: nova-keystone-admin admin: nova-keystone-admin
user: nova-keystone-user nova: nova-keystone-user
placement: nova-keystone-placement placement: nova-keystone-placement
oslo_db: oslo_db:
admin: nova-db-admin admin: nova-db-admin
user: nova-db-user nova: nova-db-user
oslo_db_api: oslo_db_api:
admin: nova-db-api-admin admin: nova-db-api-admin
user: nova-db-api-user nova: nova-db-api-user
oslo_db_cell0: oslo_db_cell0:
admin: nova-db-api-admin admin: nova-db-api-admin
user: nova-db-api-user nova: nova-db-api-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -1065,7 +1065,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: nova:
username: nova username: nova
password: password password: password
hosts: hosts:
@ -1082,7 +1082,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: nova:
username: nova username: nova
password: password password: password
hosts: hosts:
@ -1099,7 +1099,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: nova:
username: nova username: nova
password: password password: password
hosts: hosts:
@ -1113,7 +1113,7 @@ endpoints:
default: 3306 default: 3306
oslo_messaging: oslo_messaging:
auth: auth:
user: nova:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts:
@ -1143,7 +1143,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: nova:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: nova username: nova
@ -1151,6 +1151,8 @@ endpoints:
project_name: service project_name: service
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
#NOTE(portdirect): the neutron user is not managed by the nova chart
# these values should match those set in the neutron chart.
neutron: neutron:
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service

14
rally/templates/configmap-etc.yaml

@ -23,22 +23,22 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.rally.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.rally.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.region_name -}} {{- if empty .Values.conf.rally.keystone_authtoken.region_name -}}
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.rally.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_name -}} {{- if empty .Values.conf.rally.keystone_authtoken.project_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.rally.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.rally.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.rally.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.rally.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.rally.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.username -}} {{- if empty .Values.conf.rally.keystone_authtoken.username -}}
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.rally.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.password -}} {{- if empty .Values.conf.rally.keystone_authtoken.password -}}
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.rally.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
@ -46,7 +46,7 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.rally.database.connection -}} {{- if empty .Values.conf.rally.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
--- ---

4
rally/templates/job-ks-user.yaml

@ -54,11 +54,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "rally" value: "rally"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.rally.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
rally/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
rally/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

8
rally/values.yaml

@ -178,10 +178,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: rally-keystone-admin admin: rally-keystone-admin
user: rally-keystone-user rally: rally-keystone-user
oslo_db: oslo_db:
admin: rally-db-admin admin: rally-db-admin
user: rally-db-user rally: rally-db-user
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
@ -195,7 +195,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: rally:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: rally username: rally
@ -237,7 +237,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: rally:
username: rally username: rally
password: password password: password
hosts: hosts:

16
senlin/templates/configmap-etc.yaml

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}} {{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_name -}} {{- if empty .Values.conf.senlin.keystone_authtoken.project_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.senlin.project_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_domain_name -}} {{- if empty .Values.conf.senlin.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.senlin.project_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.user_domain_name -}} {{- if empty .Values.conf.senlin.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.senlin.user_domain_name | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.username -}} {{- if empty .Values.conf.senlin.keystone_authtoken.username -}}
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.senlin.username | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.password -}} {{- if empty .Values.conf.senlin.keystone_authtoken.password -}}
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}} {{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.senlin.password | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}} {{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
@ -55,11 +55,11 @@ limitations under the License.
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.database.connection -}} {{- if empty .Values.conf.senlin.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}} {{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.senlin.DEFAULT.transport_url -}} {{- if empty .Values.conf.senlin.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}} {{- tuple "oslo_messaging" "internal" "senlin" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}} {{- end -}}
--- ---

4
senlin/templates/job-ks-user.yaml

@ -55,11 +55,11 @@ spec:
{{- end }} {{- end }}
- name: SERVICE_OS_SERVICE_NAME - name: SERVICE_OS_SERVICE_NAME
value: "senlin" value: "senlin"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }} {{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }} {{- end }}
- name: SERVICE_OS_ROLE - name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }} value: {{ .Values.endpoints.identity.auth.senlin.role | quote }}
volumes: volumes:
- name: ks-user-sh - name: ks-user-sh
configMap: configMap:

2
senlin/templates/secret-db.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }} {{- if .Values.manifests.secret_db }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }} {{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

2
senlin/templates/secret-keystone.yaml

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }} {{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

10
senlin/values.yaml

@ -194,10 +194,10 @@ dependencies:
secrets: secrets:
identity: identity:
admin: senlin-keystone-admin admin: senlin-keystone-admin
user: senlin-keystone-user senlin: senlin-keystone-user
oslo_db: oslo_db:
admin: senlin-db-admin admin: senlin-db-admin
user: senlin-db-user senlin: senlin-db-user
# typically overriden by environmental # typically overriden by environmental
# values, but should include all endpoints # values, but should include all endpoints
@ -214,7 +214,7 @@ endpoints:
project_name: admin project_name: admin
user_domain_name: default user_domain_name: default
project_domain_name: default project_domain_name: default
user: senlin:
role: admin role: admin
region_name: RegionOne region_name: RegionOne
username: senlin username: senlin
@ -256,7 +256,7 @@ endpoints:
admin: admin:
username: root username: root
password: password password: password
user: senlin:
username: senlin username: senlin
password: password password: password
hosts: hosts:
@ -278,7 +278,7 @@ endpoints:
default: 11211 default: 11211
oslo_messaging: oslo_messaging:
auth: auth:
user: senlin:
username: rabbitmq username: rabbitmq
password: password password: password
hosts: hosts: