Distinguish between port number of internal endpoint and binding

port number in keystone Now binding ports of service and pod spec are configured using internal endpoint values. To support reverse proxy for internalUrl, need to distinguish between binding ports and internal endpoint ports. I added `service` section in endpoint items apart from admin,public ,internal and default. Change-Id: I79b867a4e6771e07d1eebec89235352d7613e8eb
2021-12-01 18:59:26 +02:00 · 2021-12-01 18:59:26 +02:00 · 94319bc926
commit 94319bc926
parent 026811c8a7
7 changed files with 28 additions and 10 deletions
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.29
+version: 0.2.30
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@ -14,9 +14,9 @@ limitations under the License.
 {{- define "apiProbeTemplate" }}
 httpGet:
-  scheme: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+  scheme: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
  path: /v3/
-  port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+  port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{- end }}
 {{- if .Values.manifests.deployment_api }}
@ -80,7 +80,7 @@ spec:
                  - stop
          ports:
            - name: ks-pub
-              containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+              containerPort: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
 {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
          volumeMounts:
--- a/keystone/templates/service-api.yaml
+++ b/keystone/templates/service-api.yaml
@ -21,9 +21,8 @@ metadata:
  name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
  ports:
  {{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
    - name: ks-pub
-      port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+      port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
      {{ if .Values.network.api.node_port.enabled }}
      nodePort: {{ .Values.network.api.node_port.port }}
      {{ end }}
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -772,7 +772,7 @@ conf:
      ThreadLimit         720
    </IfModule>
  wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
    Listen 0.0.0.0:{{ $portInt }}
@ -972,12 +972,14 @@ endpoints:
      default: /v3
    scheme:
      default: http
      service: http
    port:
      api:
        default: 80
        # NOTE(portdirect): to retain portability across images, and allow
        # running under a unprivileged user simply, we default to a port > 1000.
        internal: 5000
        service: 5000
  oslo_db:
    namespace: null
    auth:
--- a/keystone/values_overrides/internal-reverse-proxy.yaml
+++ b/keystone/values_overrides/internal-reverse-proxy.yaml
@ -0,0 +1,16 @@
 ---
 endpoints:
  identity:
    host_fqdn_override:
      public: example.com
    scheme:
      default: https
      public: https
      internal: https
      service: http
    port:
      api:
        default: 443
        internal: 443
        service: 5000
 ...
--- a/keystone/values_overrides/tls.yaml
+++ b/keystone/values_overrides/tls.yaml
@ -26,8 +26,7 @@ conf:
      ssl_cert_file: /etc/rabbitmq/certs/tls.crt
      ssl_key_file: /etc/rabbitmq/certs/tls.key
  wsgi_keystone: |
-    {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+    {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
    {{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
    Listen 0.0.0.0:{{ $portInt }}
@ -38,7 +37,7 @@ conf:
    CustomLog /dev/stdout combined env=!forwarded
    CustomLog /dev/stdout proxy env=forwarded
-    <VirtualHost *:{{ tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+    <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
      ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
      WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP}
      WSGIProcessGroup keystone-public
@ -78,6 +77,7 @@ endpoints:
    scheme:
      default: https
      public: https
      service: https
    port:
      api:
        default: 443
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@ -45,4 +45,5 @@ keystone:
  - 0.2.27 Use LOG.warning instead of deprecated LOG.warn
  - 0.2.28 Added OCI registry authentication
  - 0.2.29 Support TLS endpoints
  - 0.2.30 Distinguish between port number of internal endpoint and binding port number
 ...