Distinguish between port number of internal endpoint and binding

port number in keystone

Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.

I added `service` section in endpoint items apart from admin,public
,internal and default.

Change-Id: I79b867a4e6771e07d1eebec89235352d7613e8eb

keystone/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.29
+version: 0.2.30
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:

keystone/templates/deployment-api.yaml

@@ -14,9 +14,9 @@ limitations under the License.
 
 {{- define "apiProbeTemplate" }}
 httpGet:
-  scheme: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+  scheme: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
   path: /v3/
-  port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+  port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- end }}
 
 {{- if .Values.manifests.deployment_api }}
@@ -80,7 +80,7 @@ spec:
                   - stop
           ports:
             - name: ks-pub
-              containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+              containerPort: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
           volumeMounts:

keystone/templates/service-api.yaml

@@ -21,9 +21,8 @@ metadata:
   name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-  {{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
     - name: ks-pub
-      port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+      port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
       {{ if .Values.network.api.node_port.enabled }}
       nodePort: {{ .Values.network.api.node_port.port }}
       {{ end }}

keystone/values.yaml

@@ -772,7 +772,7 @@ conf:
       ThreadLimit         720
     </IfModule>
   wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 
     Listen 0.0.0.0:{{ $portInt }}
 
@@ -972,12 +972,14 @@ endpoints:
       default: /v3
     scheme:
       default: http
+      service: http
     port:
       api:
         default: 80
         # NOTE(portdirect): to retain portability across images, and allow
         # running under a unprivileged user simply, we default to a port > 1000.
         internal: 5000
+        service: 5000
   oslo_db:
     namespace: null
     auth:

keystone/values_overrides/internal-reverse-proxy.yaml

@@ -0,0 +1,16 @@
+---
+endpoints:
+  identity:
+    host_fqdn_override:
+      public: example.com
+    scheme:
+      default: https
+      public: https
+      internal: https
+      service: http
+    port:
+      api:
+        default: 443
+        internal: 443
+        service: 5000
+...

keystone/values_overrides/tls.yaml

@@ -26,8 +26,7 @@ conf:
       ssl_cert_file: /etc/rabbitmq/certs/tls.crt
       ssl_key_file: /etc/rabbitmq/certs/tls.key
   wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-    {{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 
     Listen 0.0.0.0:{{ $portInt }}
 
@@ -38,7 +37,7 @@ conf:
     CustomLog /dev/stdout combined env=!forwarded
     CustomLog /dev/stdout proxy env=forwarded
 
-    <VirtualHost *:{{ tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+    <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
       ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
       WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
       WSGIProcessGroup keystone-public
@@ -78,6 +77,7 @@ endpoints:
     scheme:
       default: https
       public: https
+      service: https
     port:
       api:
         default: 443

releasenotes/notes/keystone.yaml

@@ -45,4 +45,5 @@ keystone:
   - 0.2.27 Use LOG.warning instead of deprecated LOG.warn
   - 0.2.28 Added OCI registry authentication
   - 0.2.29 Support TLS endpoints
+  - 0.2.30 Distinguish between port number of internal endpoint and binding port number
 ...