Rename mariadb backup identities

Challenge:
Now remote_ks_admin and remote_rgw_user are using for user labels
of backup target openstack cloud.
When the backup user doesn't exist and we can enable job_ks_user
manifest.
But job_ks_user uses .Vaules.secrets.identity.admin and mariadb,
while secret-rgw and cron-job-backup-mariadb use .Values.secrets.
identity.remote_ks_admin and remote_rgw_user.
It requires to use same values for admin and remote_ks_admin,
and for mariadb and remote_rgw_user.
Seems it isbreaking values consistency.

Suggestion:
Now providing 2 kinds of backup - pvc and swift.
"remote_" means the swift backup.
In fact, mariadb chart has no case to access to keystone except
swift backup. So we can remove remote_xx_* prefix and there is
no confusion.

Change-Id: Ib82120611659bd36bae35f2e90054642fb8ee31f
This commit is contained in:
okozachenko 2021-03-03 20:28:05 +02:00
parent 618c064d25
commit 5db88a5fb4
5 changed files with 12 additions and 11 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.2.31
description: OpenStack-Helm MariaDB
name: mariadb
version: 0.1.9
version: 0.1.10
home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources:

View File

@ -97,7 +97,7 @@ spec:
value: {{ .Values.conf.backup.remote_backup.container_name | quote }}
- name: STORAGE_POLICY
value: "{{ .Values.conf.backup.remote_backup.storage_policy }}"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.remote_rgw_user }}
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.mariadb }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 16 }}
{{- end }}
{{- end }}

View File

@ -13,11 +13,11 @@ limitations under the License.
This manifest results in two secrets being created:
1) Keystone "remote_rgw_user" secret, which is needed to access the cluster
1) Keystone "mariadb" secret, which is needed to access the cluster
(remote or same cluster) for storing mariadb backups. If the
cluster is remote, the auth_url would be non-null.
2) Keystone "remote_ks_admin" secret, which is needed to create the
"remote_rgw_user" keystone account mentioned above. This may not
2) Keystone "admin" secret, which is needed to create the
"mariadb" keystone account mentioned above. This may not
be needed if the account is in a remote cluster (auth_url is non-null
in that case).
*/}}
@ -25,7 +25,7 @@ This manifest results in two secrets being created:
{{- if .Values.conf.backup.remote_backup.enabled }}
{{- $envAll := . }}
{{- $userClass := "remote_rgw_user" }}
{{- $userClass := "mariadb" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1
@ -50,7 +50,7 @@ data:
OS_DEFAULT_DOMAIN: {{ $identityClass.default_domain_id | default "default" | b64enc }}
...
{{- if .Values.manifests.job_ks_user }}
{{- $userClass := "remote_ks_admin" }}
{{- $userClass := "admin" }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
---
apiVersion: v1

View File

@ -466,8 +466,8 @@ monitoring:
secrets:
identity:
remote_ks_admin: keystone-admin-user
remote_rgw_user: mariadb-backup-user
admin: keystone-admin-user
mariadb: mariadb-backup-user
mariadb:
backup_restore: mariadb-backup-restore
tls:
@ -571,7 +571,7 @@ endpoints:
name: backup-storage-auth
namespace: openstack
auth:
remote_ks_admin:
admin:
# Auth URL of null indicates local authentication
# HTK will form the URL unless specified here
auth_url: null
@ -581,7 +581,7 @@ endpoints:
project_name: admin
user_domain_name: default
project_domain_name: default
remote_rgw_user:
mariadb:
# Auth URL of null indicates local authentication
# HTK will form the URL unless specified here
auth_url: null

View File

@ -10,4 +10,5 @@ mariadb:
- 0.1.7 Revert - Change Issuer to ClusterIssuer
- 0.1.8 Change Issuer to ClusterIssuer with logic in place to support cert-manager versioning
- 0.1.9 Uplift Mariadb-ingress to 0.42.0
- 0.1.10 Rename mariadb backup identities
...