The existing entrypoint logic used static names to reolve dependencies.
This prevented the service names, and thus the hostnames of services
being altered. This PS resolves that issue by looking up the service name
from the endpoints specified in the values for a chart.
Partial-Implements: blueprint enhance-entrypoint-dependency-checking
External-Tracking-Id: OSH-21
Change-Id: Ib49490f332f8cd88e98c50d9335dfd314a170936
The admin_token_auth in keystone paste posts a security issue, and has
been deprecated in the M release, and removed in O release. Operators
should be using ``keystone-manage bootstrap`` to bootstrap the "admin"
user. This patch set removes the filter and its usage in the various
pipelines from the paste.ini file.
Implements: bp keystone-admin-token-disable
External-Tracking-Id: OSH-102
[0] https://blueprints.launchpad.net/openstack-helm/+spec/keystone-admin-token-disable
Change-Id: I5ae29cad4f7daa4bc8fa117b6f5ed998c2ec6cad
This PS sets the default modetype of mounts from *-bin configmaps
to 0555, and removes the then unnecessary commands from the manifests.
Change-Id: I93ce0facb06affdf362a58f8520e69ba94ea3034
This PS helps improve the Image agnosticism of the Keystone chart.
This is achieved by removing the presumed locations of the Keystone
WSGI scripts, enabling support for images that either do not use a venv
or the same venv location that Kolla uses.
Change-Id: Id04f5e485d6a421b6ac7464cbb14f0e3819b778d
With 1.6, init containers are officially part of the kubernetes
API. This changes the format of the helm template for the
entrypoint container from json to yaml, and updates the
charts accordingly.
Co-Authored-By: Pete Birley <pete@port.direct>
Change-Id: I569566ce4b031d107af2d38483040a26210bec45
This PS introduces 'helm test' functionaility to keystone and
provides the basic framwork for charts to use.
Change-Id: Ie84a6ca0ed007fb55e10d503d1c3e49788908eec
Partial-Implements: blueprint implement-helm-test-for-charts
This commit fixes some warnings shown by `keystone-manage doctor`
command that are present in Keystone installed with default chart
configuration. In particular:
* Set max_toke_size=32 as this is correct value for uuid token provider.
* Enable caching using memcache by setting [cache] memcache_servers
option correctly in configmap-etc.yaml
Change-Id: I38cc7be577e0a7cd9be715e633f3637baafcc21b
Closes-Bug: 1693806
This PS add Barbican support, and moves all potentially container
specific logic into the service start script from the api manifests.
Also fixes a permissions issue with the nova-api, which incorrectly
had the NET_ADMIN capability.
Change-Id: I18fc1ea5d7aa70ea7dabb829361a3da57e905100
This commit adds graceful termination to all existing charts.
It also adds a setting in the values.yaml file for clarity and
the ability to override if wished.
Change-Id: I42025e4be86d248be467c1d2f0980f864c4d440e
This PS updates the Keystone template to use a template generated
from the current version of the oslo-gen util.
Change-Id: Id900da732a49b2e154baf950881f0bd15ce3672e
This PS updates the way helm-toolkit functions are named to
reference the full path they are loacted at. This should make
development and debugging easier. Addtionally unused functions
have been pruned as well.
Change-Id: I03c553f1d01bccc70c86768b416b147c90d9b2f0
This is the initial pod disruption budget that will serve as the template
for all services in OpenStack-Helm.
Partially-Implements: blueprint add-pod-disruption-budgets
Change-Id: I67eeaa66257e793f77a089f3bc0dd4b700638c63
Keystone service.yaml currently has duplicate selector entries.
This patch set removes the duplicate.
Change-Id: Ic3e195e354b69683f8f3e8b6bb8f4b3a72b75cdb
This patch set moves the required keystone config files to the manifests, and
allows users to specify their own additional volume mounts if necessary.
Change-Id: I622abbba3e19390ce1003441eb9c0a3477754b82
The Keystone Chart had some extranious whitespace at the
end of lines, this commit rectifies that.
Change-Id: I4da8e4812a5aa92b85cc3baa3f76d08ba5967091
* Initial Commit of Nova Configuration Overrides
This commit is an evolution of the initial keystone configuration
overrides work
It expands upon that work by introducing many of the same concepts
into nova. It differs in that a few concepts were changed. Namely
the helm-toolkit/_oslo.tpl concept was abandoned, as there are too
many unique oslo paths for configuration elements, so dynamic oslo
setting mechanism was moved locally into configmap-etc.yaml, where
it is generally used.
Secondly, in nova the mount override effort was altered to instead
provide mount "append" capability. Keeping the manifest mounts
closer to the actual pod, and keeping values.yaml a tad smaller.
This still allows the original flexibility of operators adding
mounts, but they cannot "undo" any of the charts built in mounts.
There were several manual tweaks that needd to be done to _nova.conf.tpl
after the oslo-config-gen process this time. This is because there is a
bug in the newton version of generating this file. It does not include
the proper service authentication credentials in the [keystone_authtoken]
section. Future releases have a separate service credentials section
so future config generations will likely not need these added lines.
* Remove unused values.yaml parameters
Fix references to removed helm-toolkit oslo macro
* resolve nova feedback
* bugfix nova-etc/nova-bin swap
This commit introduces several new paradigms:
* .Values driven mounts in service containers as well as jobs.
These can be overriden at runtime by manipulating .Values.mounts.*
* Authenticated Endpoint Resolution methods in helm-toolkit
to allow the database and rabbit type endpoints to be moved
under the endpoints section. Now endpoint lookup functions exist
for openstack endpoints as well as infrastructure elements such as
the database, rabbitmq, and memcache.
* Importing of upstream "out of the box" policy.json
and keystone-paste.ini files for better or worse.
* A rendering of the keystone.conf oslo generated config
using a new helm based Values generator. This provides "known"
paths to all configuration elements in the form of
"<section>.<oslo_namespace>.<element>" so that any of these can
be targeted for override via --set or values.yaml files loaded at
run time.
* Support for appending arbitrary string data to the policy.json,
keystone-paste.ini, or keystone.conf files via --set conf.keystone.append="#
some comment", or --set conf.policy.append="\"identity:list_projects\":
\"role:fake\""
* Support for complete verbatim overrides of these three
files via --set conf.keystone.override="full file contents",
or --set conf.policy.override="full file contents" for example
* Rename common chart to helm-toolkit
* Update useage of helpers to include reference to chart they come from.
* Update helm-toolkit function naming
Also catches several functions missed in previous PS
* Update remaining requirements.yaml to use helm-toolbox
* Dep Check container fix for common -> helm-toolbox renaming
* Add resources limits and requests for each chart
* Refactor the resources limits and requests to follow a patern
* Fix some coding issues
* fix issues resulting from feedback on the resources PR
* Reset some variables to a static value in the neutron chart.
* Substituting variable entrypoint by dependency_check in the concerned files
* Few adjustments
* Update deploy-region.yaml
* Update deployment.yaml
* Add resources limits and requests for each chart
Squah all commits in one.
* Add resources limits and requests for some charts
* cleaning
* Fix indendation issue
* Update deployment.yaml
* Update daemonset-ovs-vswitchd.yaml
It also makes two other changes:
* Moves the entrypoint container manifest snippet to its own file to reduce loading on the _funcs.tpl file
* Changes dep-check-init-cont to dep_check_init_cont to match the formatting of other defines used in OpenStack Helm
* Allow glance to support using default secrets
if none are provided
* Resolve configmap mounting issue with glance
ceph secrets
* Ensure keystone wsgi workers/threads are set to
reasonable numbers for a container implementation
