Rename mariadb backup identities
Challenge: Now remote_ks_admin and remote_rgw_user are using for user labels of backup target openstack cloud. When the backup user doesn't exist and we can enable job_ks_user manifest. But job_ks_user uses .Vaules.secrets.identity.admin and mariadb, while secret-rgw and cron-job-backup-mariadb use .Values.secrets. identity.remote_ks_admin and remote_rgw_user. It requires to use same values for admin and remote_ks_admin, and for mariadb and remote_rgw_user. Seems it isbreaking values consistency. Suggestion: Now providing 2 kinds of backup - pvc and swift. "remote_" means the swift backup. In fact, mariadb chart has no case to access to keystone except swift backup. So we can remove remote_xx_* prefix and there is no confusion. Change-Id: Ib82120611659bd36bae35f2e90054642fb8ee31f
This commit is contained in:
parent
618c064d25
commit
5db88a5fb4
@ -15,7 +15,7 @@ apiVersion: v1
|
||||
appVersion: v10.2.31
|
||||
description: OpenStack-Helm MariaDB
|
||||
name: mariadb
|
||||
version: 0.1.9
|
||||
version: 0.1.10
|
||||
home: https://mariadb.com/kb/en/
|
||||
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
|
||||
sources:
|
||||
|
@ -97,7 +97,7 @@ spec:
|
||||
value: {{ .Values.conf.backup.remote_backup.container_name | quote }}
|
||||
- name: STORAGE_POLICY
|
||||
value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.remote_rgw_user }}
|
||||
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.mariadb }}
|
||||
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -13,11 +13,11 @@ limitations under the License.
|
||||
|
||||
|
||||
This manifest results in two secrets being created:
|
||||
1) Keystone "remote_rgw_user" secret, which is needed to access the cluster
|
||||
1) Keystone "mariadb" secret, which is needed to access the cluster
|
||||
(remote or same cluster) for storing mariadb backups. If the
|
||||
cluster is remote, the auth_url would be non-null.
|
||||
2) Keystone "remote_ks_admin" secret, which is needed to create the
|
||||
"remote_rgw_user" keystone account mentioned above. This may not
|
||||
2) Keystone "admin" secret, which is needed to create the
|
||||
"mariadb" keystone account mentioned above. This may not
|
||||
be needed if the account is in a remote cluster (auth_url is non-null
|
||||
in that case).
|
||||
*/}}
|
||||
@ -25,7 +25,7 @@ This manifest results in two secrets being created:
|
||||
{{- if .Values.conf.backup.remote_backup.enabled }}
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $userClass := "remote_rgw_user" }}
|
||||
{{- $userClass := "mariadb" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
@ -50,7 +50,7 @@ data:
|
||||
OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }}
|
||||
...
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $userClass := "remote_ks_admin" }}
|
||||
{{- $userClass := "admin" }}
|
||||
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -466,8 +466,8 @@ monitoring:
|
||||
|
||||
secrets:
|
||||
identity:
|
||||
remote_ks_admin: keystone-admin-user
|
||||
remote_rgw_user: mariadb-backup-user
|
||||
admin: keystone-admin-user
|
||||
mariadb: mariadb-backup-user
|
||||
mariadb:
|
||||
backup_restore: mariadb-backup-restore
|
||||
tls:
|
||||
@ -571,7 +571,7 @@ endpoints:
|
||||
name: backup-storage-auth
|
||||
namespace: openstack
|
||||
auth:
|
||||
remote_ks_admin:
|
||||
admin:
|
||||
# Auth URL of null indicates local authentication
|
||||
# HTK will form the URL unless specified here
|
||||
auth_url: null
|
||||
@ -581,7 +581,7 @@ endpoints:
|
||||
project_name: admin
|
||||
user_domain_name: default
|
||||
project_domain_name: default
|
||||
remote_rgw_user:
|
||||
mariadb:
|
||||
# Auth URL of null indicates local authentication
|
||||
# HTK will form the URL unless specified here
|
||||
auth_url: null
|
||||
|
@ -10,4 +10,5 @@ mariadb:
|
||||
- 0.1.7 Revert - Change Issuer to ClusterIssuer
|
||||
- 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning
|
||||
- 0.1.9 Uplift Mariadb-ingress to 0.42.0
|
||||
- 0.1.10 Rename mariadb backup identities
|
||||
...
|
||||
|
Loading…
Reference in New Issue
Block a user