openstack
/
openstack-helm
Code Issues Proposed changes

Auth: Update credential keys to reference service specifically 

This PS moves all credentials for OpenStack services from 'user' to
the service name. This allows a single yaml snippet to articulate
the credentials for a deployment.

Change-Id: Ic720109f2ba854561b23767cb480bcae91f74b6b
This commit is contained in:
portdirect 2018-01-14 19:20:34 -05:00 committed by Pete Birley
parent a72db2e8ff
commit b180d28618
83 changed files with 317 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
barbican/templates/configmap-etc.yaml
View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.barbican.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.barbican.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.barbican.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.barbican.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.username -}}
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.barbican.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.password -}}
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.barbican.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "barbican" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.barbican.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "barbican" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}

4
barbican/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "barbican"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.barbican.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
barbican/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
barbican/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "barbican" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

10
barbican/values.yaml
View File

@ -377,10 +377,10 @@ conf:
secrets:
identity:
admin: barbican-keystone-admin
user: barbican-keystone-user
barbican: barbican-keystone-user
oslo_db:
admin: barbican-db-admin
user: barbican-db-user
barbican: barbican-db-user
endpoints:
cluster_domain_suffix: cluster.local
@ -394,7 +394,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
barbican:
role: admin
region_name: RegionOne
username: barbican
@ -436,7 +436,7 @@ endpoints:
admin:
username: root
password: password
user:
barbican:
username: barbican
password: password
hosts:
@ -450,7 +450,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
barbican:
username: rabbitmq
password: password
hosts:

36
ceilometer/templates/configmap-etc.yaml
View File

@ -30,68 +30,68 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "ceilometer" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.event_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "event_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.database.metering_connection -}}
{{- tuple "mongodb" "internal" "user" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
{{- tuple "mongodb" "internal" "ceilometer" "mongodb" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ceilometer.database "metering_connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.oslo_messaging_notifications.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.oslo_messaging_notifications "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.notification.messaging_urls -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "ceilometer" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.ceilometer.notification "messaging_urls" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.region_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.username -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.keystone_authtoken.password -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.keystone_authtoken "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.auth_url -}}
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ceilometer.service_credentials "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.region_name -}}
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "region_name" .Values.endpoints.identity.auth.ceilometer.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "project_name" .Values.endpoints.identity.auth.ceilometer.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.project_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "project_domain_name" .Values.endpoints.identity.auth.ceilometer.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.user_domain_name -}}
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "user_domain_name" .Values.endpoints.identity.auth.ceilometer.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.username -}}
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "username" .Values.endpoints.identity.auth.ceilometer.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.service_credentials.password -}}
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.ceilometer.service_credentials "password" .Values.endpoints.identity.auth.ceilometer.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.ceilometer.dispatcher_gnocchi.url -}}

2
ceilometer/templates/job-db-init-mongodb.yaml
View File

@ -48,7 +48,7 @@ spec:
- name: USER_DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.mongodb.user }}
name: {{ .Values.secrets.mongodb.ceilometer }}
key: DB_CONNECTION
command:
- /tmp/db-init-mongodb.sh

4
ceilometer/templates/job-ks-user.yaml
View File

@ -52,11 +52,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceilometer"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
ceilometer/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
ceilometer/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

2
ceilometer/templates/secret-mongodb.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_mongodb }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "ceilometer" }}
{{- $secretName := index $envAll.Values.secrets.mongodb $userClass }}
---
apiVersion: v1

14
ceilometer/values.yaml
View File

@ -1600,13 +1600,13 @@ dependencies:
secrets:
identity:
admin: ceilometer-keystone-admin
user: ceilometer-keystone-user
ceilometer: ceilometer-keystone-user
oslo_db:
admin: ceilometer-db-admin
user: ceilometer-db-user
ceilometer: ceilometer-db-user
mongodb:
admin: ceilometer-mongodb-admin
user: ceilometer-mongodb-user
ceilometer: ceilometer-mongodb-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1623,7 +1623,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
ceilometer:
role: admin
region_name: RegionOne
username: ceilometer
@ -1710,7 +1710,7 @@ endpoints:
admin:
username: root
password: password
user:
ceilometer:
username: ceilometer
password: password
hosts:
@ -1727,7 +1727,7 @@ endpoints:
admin:
username: root
password: password
user:
ceilometer:
username: ceilometer
password: password
hosts:
@ -1749,7 +1749,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
ceilometer:
username: rabbitmq
password: password
hosts:

4
ceph/templates/job-ks-user.yaml
View File

@ -56,11 +56,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceph"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.swift.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
ceph/templates/secret-keystone-rgw.yaml
View File

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone_rgw }}
{{- $envAll := . }}
{{- if .Values.deployment.ceph }}
{{- range $key1, $userClass := tuple "user" }}
{{- range $key1, $userClass := tuple "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity "user_rgw" }}
---
apiVersion: v1

2
ceph/templates/secret-keystone.yaml
View File

@ -17,7 +17,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "swift" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

4
ceph/values.yaml
View File

@ -172,7 +172,7 @@ secrets:
admin: ceph-client-admin-keyring
identity:
admin: ceph-keystone-admin
user: ceph-keystone-user
swift: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw
network:
@ -381,7 +381,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
swift:
role: admin
region_name: RegionOne
username: swift

26
cinder/templates/configmap-etc.yaml
View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.region_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "region_name" .Values.endpoints.identity.auth.cinder.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_name" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.username -}}
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "username" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.password -}}
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.cinder.keystone_authtoken "password" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "cinder" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.cinder.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "cinder" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.cinder.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.glance_api_servers -}}
@ -73,19 +73,19 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.cinder.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.cinder.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.cinder.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.cinder.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.cinder.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}}
{{- set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" | quote | trunc 0 -}}

4
cinder/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "cinder"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.cinder.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
cinder/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
cinder/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "cinder" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

10
cinder/values.yaml
View File

@ -599,10 +599,10 @@ dependencies:
secrets:
identity:
admin: cinder-keystone-admin
user: cinder-keystone-user
cinder: cinder-keystone-user
oslo_db:
admin: cinder-db-admin
user: cinder-db-user
cinder: cinder-db-user
rbd:
backup: cinder-backup-rbd-keyring
volume: cinder-volume-rbd-keyring
@ -622,7 +622,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
cinder:
role: admin
region_name: RegionOne
username: cinder
@ -724,7 +724,7 @@ endpoints:
admin:
username: root
password: password
user:
cinder:
username: cinder
password: password
hosts:
@ -738,7 +738,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
cinder:
username: rabbitmq
password: password
hosts:

16
congress/templates/configmap-etc.yaml
View File

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.congress.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "congress" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.congress.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "congress" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.congress.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.memcached_servers -}}
@ -38,22 +38,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.region_name -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "region_name" .Values.endpoints.identity.auth.congress.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "project_name" .Values.endpoints.identity.auth.congress.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.congress.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.congress.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.username -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "username" .Values.endpoints.identity.auth.congress.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.congress.keystone_authtoken.password -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.congress.keystone_authtoken "password" .Values.endpoints.identity.auth.congress.password | quote | trunc 0 -}}
{{- end -}}

4
congress/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "congress"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.congress.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
congress/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
congress/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "congress" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

29
congress/values.yaml
View File

@ -124,10 +124,10 @@ dependencies:
secrets:
identity:
admin: congress-keystone-admin
user: congress-keystone-user
congress: congress-keystone-user
oslo_db:
admin: congress-db-admin
user: congress-db-user
congress: congress-db-user
rbd: images-rbd-keyring
endpoints:
@ -142,7 +142,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
congress:
role: admin
region_name: RegionOne
username: congress
@ -184,7 +184,7 @@ endpoints:
admin:
username: root
password: password
user:
congress:
username: congress
password: password
hosts:
@ -206,7 +206,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
congress:
username: rabbitmq
password: password
hosts:
@ -218,25 +218,6 @@ endpoints:
port:
amqp:
default: 5672
ceph_object_store:
name: radosgw
namespace: ceph
auth:
user:
username: congress
password: password
tmpurlkey: supersecret
hosts:
default: ceph-rgw
host_fqdn_override:
default: null
path:
default: /auth/v1.0
scheme:
default: http
port:
api:
default: 8088
policy:
datasource_services:

32
glance/templates/configmap-etc.yaml
View File

@ -40,41 +40,41 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.username -}}
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.password -}}
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.glance.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.region_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "region_name" .Values.endpoints.identity.auth.glance.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_name" .Values.endpoints.identity.auth.glance.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.username -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "username" .Values.endpoints.identity.auth.glance.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.keystone_authtoken.password -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.glance_registry.keystone_authtoken "password" .Values.endpoints.identity.auth.glance.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.keystone_authtoken.memcached_servers -}}
@ -85,17 +85,17 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.glance.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.glance_registry.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance_registry.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.glance_registry.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.glance.DEFAULT.registry_host -}}

12
glance/templates/etc/_swift-store.conf.tpl
View File

@ -18,13 +18,13 @@ limitations under the License.
{{- if eq .Values.storage "radosgw" }}
auth_version = 1
auth_address = {{ tuple "ceph_object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user = {{ .Values.endpoints.ceph_object_store.auth.user.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.user.password }}
user = {{ .Values.endpoints.ceph_object_store.auth.glance.username }}:swift
key = {{ .Values.endpoints.ceph_object_store.auth.glance.password }}
{{- else }}
user = {{ .Values.endpoints.identity.auth.user.project_name }}:{{ .Values.endpoints.identity.auth.user.username }}
key = {{ .Values.endpoints.identity.auth.user.password }}
user = {{ .Values.endpoints.identity.auth.glance.project_name }}:{{ .Values.endpoints.identity.auth.glance.username }}
key = {{ .Values.endpoints.identity.auth.glance.password }}
auth_address = {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
user_domain_name = {{ .Values.endpoints.identity.auth.user.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.user.project_domain_name }}
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
auth_version = 3
{{- end -}}

4
glance/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "glance"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.glance.role | quote }}
volumes:
- name: ks-user-sh
configMap:

6
glance/templates/job-storage-init.yaml
View File

@ -108,11 +108,11 @@ spec:
{{ end }}
{{- if eq .Values.storage "radosgw" }}
- name: RADOSGW_USERNAME
value: {{ .Values.endpoints.ceph_object_store.auth.user.username | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.username | quote }}
- name: RADOSGW_PASSWORD
value: {{ .Values.endpoints.ceph_object_store.auth.user.password | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.password | quote }}
- name: RADOSGW_TMPURL_KEY
value: {{ .Values.endpoints.ceph_object_store.auth.user.tmpurlkey | quote }}
value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
{{ end }}
command:
- /tmp/storage-init.sh

2
glance/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
glance/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "glance" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

12
glance/values.yaml
View File

@ -378,10 +378,10 @@ dependencies:
secrets:
identity:
admin: glance-keystone-admin
user: glance-keystone-user
glance: glance-keystone-user
oslo_db:
admin: glance-db-admin
user: glance-db-user
glance: glance-db-user
rbd: images-rbd-keyring
# typically overriden by environmental
@ -399,7 +399,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
glance:
role: admin
region_name: RegionOne
username: glance
@ -456,7 +456,7 @@ endpoints:
admin:
username: root
password: password
user:
glance:
username: glance
password: password
hosts:
@ -478,7 +478,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
glance:
username: rabbitmq
password: password
hosts:
@ -494,7 +494,7 @@ endpoints:
name: radosgw
namespace: ceph
auth:
user:
glance:
username: glance
password: password
tmpurlkey: supersecret

18
gnocchi/templates/configmap-etc.yaml
View File

@ -33,33 +33,33 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.region_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "region_name" .Values.endpoints.identity.auth.gnocchi.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_name" .Values.endpoints.identity.auth.gnocchi.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.gnocchi.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.gnocchi.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.username -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "username" .Values.endpoints.identity.auth.gnocchi.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.keystone_authtoken.password -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.gnocchi.keystone_authtoken "password" .Values.endpoints.identity.auth.gnocchi.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.gnocchi.indexer.url -}}
{{ if eq .Values.conf.gnocchi.indexer.driver "postgresql" }}
{{- tuple "oslo_db_postgresql" "internal" "user" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{- tuple "oslo_db_postgresql" "internal" "gnocchi" "postgresql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ else }}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "gnocchi" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.gnocchi.indexer "url" | quote | trunc 0 -}}
{{ end }}
{{- end -}}

4
gnocchi/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "gnocchi"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
gnocchi/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
gnocchi/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "gnocchi" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
{{- $auth := index $envAll.Values.endpoints.identity.auth $userClass }}
{{ $osAuthType := $auth.os_auth_type }}

10
gnocchi/values.yaml
View File

@ -342,10 +342,10 @@ conf:
secrets:
identity:
admin: gnocchi-keystone-admin
user: gnocchi-keystone-user
gnocchi: gnocchi-keystone-user
oslo_db:
admin: gnocchi-db-admin
user: gnocchi-db-user
gnocchi: gnocchi-db-user
rbd: gnocchi-rbd-keyring
# typically overriden by environmental
@ -365,7 +365,7 @@ endpoints:
region_name: "RegionOne"
os_auth_type: "password"
os_tenant_name: "admin"
user:
gnocchi:
username: "gnocchi"
user_domain_name: "default"
role: "admin"
@ -409,7 +409,7 @@ endpoints:
admin:
username: postgres
password: password
user:
gnocchi:
username: gnocchi
password: password
hosts:
@ -426,7 +426,7 @@ endpoints:
admin:
username: root
password: password
user:
gnocchi:
username: gnocchi
password: password
hosts:

34
heat/templates/configmap-etc.yaml
View File

@ -30,51 +30,51 @@ limitations under the License.
{{- randAlphaNum 64 | set .Values.conf.heat.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.region_name -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "region_name" .Values.endpoints.identity.auth.heat.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "project_name" .Values.endpoints.identity.auth.heat.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.heat.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.heat.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.username -}}
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "username" .Values.endpoints.identity.auth.heat.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.password -}}
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.keystone_authtoken "password" .Values.endpoints.identity.auth.heat.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.region_name -}}
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.trustee.region_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "region_name" .Values.endpoints.identity.auth.heat_trustee.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.project_name -}}
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.trustee.project_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "project_name" .Values.endpoints.identity.auth.heat_trustee.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.project_domain_name -}}
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.trustee.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "project_domain_name" .Values.endpoints.identity.auth.heat_trustee.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.user_domain_name -}}
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.trustee.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "user_domain_name" .Values.endpoints.identity.auth.heat_trustee.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.username -}}
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.trustee.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "username" .Values.endpoints.identity.auth.heat_trustee.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.trustee.password -}}
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.trustee.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.trustee "password" .Values.endpoints.identity.auth.heat_trustee.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_user_domain_name -}}
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.stack_user.domain_name | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_user_domain_name" .Values.endpoints.identity.auth.heat_stack_user.domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.stack_user.username | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin" .Values.endpoints.identity.auth.heat_stack_user.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.stack_domain_admin_password -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.stack_user.password | quote | trunc 0 -}}
{{- set .Values.conf.heat.DEFAULT "stack_domain_admin_password" .Values.endpoints.identity.auth.heat_stack_user.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.keystone_authtoken.memcached_servers -}}
@ -82,11 +82,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.heat.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "heat" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.heat.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.heat.DEFAULT.heat_metadata_server_url -}}

18
heat/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat.role | quote }}
- name: heat-ks-trustee-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
@ -76,11 +76,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.trustee }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.trustee.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }}
- name: heat-ks-domain-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
@ -100,25 +100,25 @@ spec:
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.stack_user }}
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.stack_user.role | quote }}
value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
heat/templates/job-trusts.yaml
View File

@ -60,7 +60,7 @@ spec:
- name: SERVICE_OS_ROLES
value: {{ .Values.conf.heat.DEFAULT.trusts_delegated_roles }}
- name: SERVICE_OS_TRUSTEE
value: {{ .Values.endpoints.identity.auth.trustee.username }}
value: {{ .Values.endpoints.identity.auth.heat_trustee.username }}
volumes:
- name: heat-bin
configMap:

2
heat/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "heat" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

12
heat/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" "trustee" }}
{{- range $key1, $userClass := tuple "admin" "heat" "heat_trustee" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
@ -31,12 +31,12 @@ data:
apiVersion: v1
kind: Secret
metadata:
name: {{ $envAll.Values.secrets.identity.stack_user }}
name: {{ $envAll.Values.secrets.identity.heat_stack_user }}
type: Opaque
data:
OS_AUTH_URL: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.stack_user.password | b64enc | indent 4 }}
OS_REGION_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.region_name | b64enc | indent 4 }}
OS_DOMAIN_NAME: {{ .Values.endpoints.identity.auth.heat_stack_user.domain_name | b64enc | indent 4 }}
OS_USERNAME: {{ .Values.endpoints.identity.auth.heat_stack_user.username | b64enc | indent 4 }}
OS_PASSWORD: {{ .Values.endpoints.identity.auth.heat_stack_user.password | b64enc | indent 4 }}
{{- end }}

18
heat/values.yaml
View File

@ -332,12 +332,12 @@ dependencies:
secrets:
identity:
admin: heat-keystone-admin
user: heat-keystone-user
trustee: heat-keystone-trustee
stack_user: heat-keystone-stack-user
heat: heat-keystone-user
heat_trustee: heat-keystone-trustee
heat_stack_user: heat-keystone-stack-user
oslo_db:
admin: heat-db-admin
user: heat-db-user
heat: heat-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -354,7 +354,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
heat:
role: admin
region_name: RegionOne
username: heat
@ -362,7 +362,7 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
trustee:
heat_trustee:
role: admin
region_name: RegionOne
username: heat-trust
@ -370,7 +370,7 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
stack_user:
heat_stack_user:
role: admin
region_name: RegionOne
username: heat-domain
@ -442,7 +442,7 @@ endpoints:
admin:
username: root
password: password
user:
heat:
username: heat
password: password
hosts:
@ -464,7 +464,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
heat:
username: rabbitmq
password: password
hosts:

4
horizon/templates/etc/_local_settings.tpl
View File

@ -148,8 +148,8 @@ DATABASES = {
# Database configuration here
'ENGINE': 'django.db.backends.mysql',
'NAME': '{{ .Values.endpoints.oslo_db.path | base }}',
'USER': '{{ .Values.endpoints.oslo_db.auth.user.username }}',
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.user.password }}',
'USER': '{{ .Values.endpoints.oslo_db.auth.horizon.username }}',
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
'default-character-set': 'utf8',
'PORT': '{{ tuple "oslo_db" "internal" "mysql" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}'

2
horizon/templates/job-db-drop.yaml
View File

@ -60,7 +60,7 @@ spec:
- name: DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }}
name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION
command:
- /tmp/db-drop.py

2
horizon/templates/job-db-init.yaml
View File

@ -54,7 +54,7 @@ spec:
- name: DB_CONNECTION
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.oslo_db.user }}
name: {{ .Values.secrets.oslo_db.horizon }}
key: DB_CONNECTION
command:
- /tmp/db-init.py

2
horizon/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "horizon" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

4
horizon/values.yaml
View File

@ -1216,7 +1216,7 @@ pod:
secrets:
oslo_db:
admin: horizon-db-admin
user: horizon-db-user
horizon: horizon-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1266,7 +1266,7 @@ endpoints:
admin:
username: root
password: password
user:
horizon:
username: horizon
password: password
hosts:

4
keystone/templates/configmap-etc.yaml
View File

@ -18,11 +18,11 @@ limitations under the License.
{{- $envAll := . }}
{{- if empty .Values.conf.keystone.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "keystone" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.keystone.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.keystone.cache.memcache_servers -}}

2
keystone/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "keystone" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

8
keystone/values.yaml
View File

@ -516,7 +516,7 @@ secrets:
admin: keystone-keystone-admin
oslo_db:
admin: keystone-db-admin
user: keystone-db-user
keystone: keystone-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -554,7 +554,7 @@ endpoints:
admin:
username: root
password: password
user:
keystone:
username: keystone
password: password
hosts:
@ -569,8 +569,8 @@ endpoints:
oslo_messaging:
namespace: null
auth:
user:
username: keystone
keystone:
username: rabbitmq
password: password
hosts:
default: rabbitmq

16
magnum/templates/configmap-etc.yaml
View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.region_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "region_name" .Values.endpoints.identity.auth.magnum.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_name" .Values.endpoints.identity.auth.magnum.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.magnum.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.magnum.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.username -}}
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "username" .Values.endpoints.identity.auth.magnum.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.password -}}
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.magnum.keystone_authtoken "password" .Values.endpoints.identity.auth.magnum.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.magnum.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "magnum" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.magnum.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.magnum.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "magnum" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.magnum.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

4
magnum/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "magnum"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.magnum.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
magnum/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
magnum/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "magnum" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

20
magnum/values.yaml
View File

@ -182,10 +182,10 @@ dependencies:
secrets:
identity:
admin: magnum-keystone-admin
user: magnum-keystone-user
magnum: magnum-keystone-user
oslo_db:
admin: magnum-db-admin
user: magnum-db-user
magnum: magnum-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -202,7 +202,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
magnum:
role: admin
region_name: RegionOne
username: magnum
@ -244,7 +244,7 @@ endpoints:
admin:
username: root
password: password
user:
magnum:
username: magnum
password: password
hosts:
@ -266,7 +266,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
magnum:
username: rabbitmq
password: password
hosts:
@ -284,11 +284,11 @@ pod:
magnum:
uid: 1000
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
mounts:
magnum_api:
init_container: null

16
mistral/templates/configmap-etc.yaml
View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.region_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "region_name" .Values.endpoints.identity.auth.mistral.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_name" .Values.endpoints.identity.auth.mistral.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.mistral.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.mistral.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.username -}}
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "username" .Values.endpoints.identity.auth.mistral.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.password -}}
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.mistral.keystone_authtoken "password" .Values.endpoints.identity.auth.mistral.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.mistral.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "mistral" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.mistral.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.mistral.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "mistral" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.mistral.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

4
mistral/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "mistral"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.mistral.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
mistral/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
mistral/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "mistral" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

10
mistral/values.yaml
View File

@ -129,10 +129,10 @@ dependencies:
secrets:
identity:
admin: mistral-keystone-admin
user: mistral-keystone-user
mistral: mistral-keystone-user
oslo_db:
admin: mistral-db-admin
user: mistral-db-user
mistral: mistral-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -149,7 +149,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
mistral:
role: admin
region_name: RegionOne
username: mistral
@ -191,7 +191,7 @@ endpoints:
admin:
username: root
password: password
user:
mistral:
username: mistral
password: password
hosts:
@ -205,7 +205,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
mistral:
username: rabbitmq
password: password
hosts:

16
neutron/templates/configmap-etc.yaml
View File

@ -31,22 +31,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.username -}}
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.password -}}
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}}
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}}
@ -54,11 +54,11 @@ limitations under the License.
{{- end }}
{{- if empty .Values.conf.neutron.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}}
{{- end }}
{{- if empty .Values.conf.neutron.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end }}
{{- if empty .Values.conf.neutron.nova.auth_url -}}

4
neutron/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "neutron"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.neutron.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
neutron/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
neutron/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "neutron" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

10
neutron/values.yaml
View File

@ -1060,10 +1060,10 @@ conf:
secrets:
identity:
admin: neutron-keystone-admin
user: neutron-keystone-user
neutron: neutron-keystone-user
oslo_db:
admin: neutron-db-admin
user: neutron-db-user
neutron: neutron-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1075,7 +1075,7 @@ endpoints:
admin:
username: root
password: password
user:
neutron:
username: neutron
password: password
hosts:
@ -1089,7 +1089,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
neutron:
username: rabbitmq
password: password
hosts:
@ -1151,7 +1151,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
neutron:
role: admin
region_name: RegionOne
username: neutron

20
nova/templates/configmap-etc.yaml
View File

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.region_name -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "project_name" .Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.username -}}
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "username" .Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.password -}}
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.nova.keystone_authtoken "password" .Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.keystone_authtoken.memcached_servers -}}
@ -55,19 +55,19 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.nova.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.api_database.connection -}}
{{- tuple "oslo_db_api" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db_api" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.api_database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.cell0_database.connection -}}
{{- tuple "oslo_db_cell0" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db_cell0" "internal" "nova" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.cell0_database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.nova.glance.api_servers -}}

4
nova/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "nova"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.nova.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
nova/templates/secret-db-api.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db_api }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db_api $userClass }}
---
apiVersion: v1

2
nova/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
nova/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "nova" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

20
nova/values.yaml
View File

@ -1043,17 +1043,17 @@ conf:
secrets:
identity:
admin: nova-keystone-admin
user: nova-keystone-user
nova: nova-keystone-user
placement: nova-keystone-placement
oslo_db:
admin: nova-db-admin
user: nova-db-user
nova: nova-db-user
oslo_db_api:
admin: nova-db-api-admin
user: nova-db-api-user
nova: nova-db-api-user
oslo_db_cell0:
admin: nova-db-api-admin
user: nova-db-api-user
nova: nova-db-api-user
# typically overriden by environmental
# values, but should include all endpoints
@ -1065,7 +1065,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1082,7 +1082,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1099,7 +1099,7 @@ endpoints:
admin:
username: root
password: password
user:
nova:
username: nova
password: password
hosts:
@ -1113,7 +1113,7 @@ endpoints:
default: 3306
oslo_messaging:
auth:
user:
nova:
username: rabbitmq
password: password
hosts:
@ -1143,7 +1143,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
nova:
role: admin
region_name: RegionOne
username: nova
@ -1151,6 +1151,8 @@ endpoints:
project_name: service
user_domain_name: default
project_domain_name: default
#NOTE(portdirect): the neutron user is not managed by the nova chart
# these values should match those set in the neutron chart.
neutron:
region_name: RegionOne
project_name: service

14
rally/templates/configmap-etc.yaml
View File

@ -23,22 +23,22 @@ limitations under the License.
{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.rally.keystone_authtoken "auth_url" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.region_name -}}
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "region_name" .Values.endpoints.identity.auth.rally.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "project_name" .Values.endpoints.identity.auth.rally.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.rally.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.rally.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.username -}}
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "username" .Values.endpoints.identity.auth.rally.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.password -}}
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.rally.keystone_authtoken "password" .Values.endpoints.identity.auth.rally.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.rally.keystone_authtoken.memcached_servers -}}
@ -46,7 +46,7 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.rally.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "rally" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.rally.database "connection" | quote | trunc 0 -}}
{{- end -}}
---

4
rally/templates/job-ks-user.yaml
View File

@ -54,11 +54,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "rally"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.rally.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
rally/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
rally/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "rally" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

8
rally/values.yaml
View File

@ -178,10 +178,10 @@ dependencies:
secrets:
identity:
admin: rally-keystone-admin
user: rally-keystone-user
rally: rally-keystone-user
oslo_db:
admin: rally-db-admin
user: rally-db-user
rally: rally-db-user
endpoints:
cluster_domain_suffix: cluster.local
@ -195,7 +195,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
rally:
role: admin
region_name: RegionOne
username: rally
@ -237,7 +237,7 @@ endpoints:
admin:
username: root
password: password
user:
rally:
username: rally
password: password
hosts:

16
senlin/templates/configmap-etc.yaml
View File

@ -32,22 +32,22 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.region_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "region_name" .Values.endpoints.identity.auth.senlin.region_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_name" .Values.endpoints.identity.auth.senlin.project_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.project_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.senlin.project_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.user_domain_name -}}
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.senlin.user_domain_name | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.username -}}
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "username" .Values.endpoints.identity.auth.senlin.username | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.password -}}
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
{{- set .Values.conf.senlin.keystone_authtoken "password" .Values.endpoints.identity.auth.senlin.password | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.keystone_authtoken.memcached_servers -}}
@ -55,11 +55,11 @@ limitations under the License.
{{- end -}}
{{- if empty .Values.conf.senlin.database.connection -}}
{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
{{- tuple "oslo_db" "internal" "senlin" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.senlin.database "connection" | quote | trunc 0 -}}
{{- end -}}
{{- if empty .Values.conf.senlin.DEFAULT.transport_url -}}
{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- tuple "oslo_messaging" "internal" "senlin" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.senlin.DEFAULT "transport_url" | quote | trunc 0 -}}
{{- end -}}
---

4
senlin/templates/job-ks-user.yaml
View File

@ -55,11 +55,11 @@ spec:
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "senlin"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.user }}
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.user.role | quote }}
value: {{ .Values.endpoints.identity.auth.senlin.role | quote }}
volumes:
- name: ks-user-sh
configMap:

2
senlin/templates/secret-db.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_db }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
---
apiVersion: v1

2
senlin/templates/secret-keystone.yaml
View File

@ -16,7 +16,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "user" }}
{{- range $key1, $userClass := tuple "admin" "senlin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

10
senlin/values.yaml
View File

@ -194,10 +194,10 @@ dependencies:
secrets:
identity:
admin: senlin-keystone-admin
user: senlin-keystone-user
senlin: senlin-keystone-user
oslo_db:
admin: senlin-db-admin
user: senlin-db-user
senlin: senlin-db-user
# typically overriden by environmental
# values, but should include all endpoints
@ -214,7 +214,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
user:
senlin:
role: admin
region_name: RegionOne
username: senlin
@ -256,7 +256,7 @@ endpoints:
admin:
username: root
password: password
user:
senlin:
username: senlin
password: password
hosts:
@ -278,7 +278,7 @@ endpoints:
default: 11211
oslo_messaging:
auth:
user:
senlin:
username: rabbitmq
password: password
hosts: