diff --git a/common/templates/_endpoints.tpl b/common/templates/_endpoints.tpl
index 0170b4eb5c..68914d6dfc 100644
--- a/common/templates/_endpoints.tpl
+++ b/common/templates/_endpoints.tpl
@@ -1,9 +1,94 @@
 #-----------------------------------------
 # endpoints
 #-----------------------------------------
+
+# this should be a generic function leveraging a tuple
+# for input, e.g. { endpoint keystone internal . }
+# however, constructing this appears to be a
+# herculean effort in gotpl
+
 {{- define "endpoint_keystone_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
 {{- with .Values.endpoints.keystone -}}
-	{{.scheme}}://{{.hosts.internal | default .hosts.default}}:{{.port.public}}{{.path}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.public}}{{.path}}
 {{- end -}}
 {{- end -}}
 
+{{- define "endpoint_keystone_admin" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.keystone -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.admin}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_nova_api_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.nova -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_nova_metadata_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.nova -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.metadata}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_nova_novncproxy_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.nova -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.novncproxy}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_glance_api_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.glance -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_glance_registry_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.glance -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.registry}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+{{- define "endpoint_neutron_api_internal" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- with .Values.endpoints.neutron -}}
+	{{.scheme}}://{{.hosts.internal | default .hosts.default}}.{{ $fqdn }}:{{.port.api}}{{.path}}
+{{- end -}}
+{{- end -}}
+
+#-------------------------------
+# kolla helpers
+#-------------------------------
+{{ define "keystone_auth" }}{'auth_url':'{{ include "endpoint_keystone_internal" . }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}}
+
diff --git a/common/templates/_hosts.tpl b/common/templates/_hosts.tpl
index 6655a88710..941ece39c6 100644
--- a/common/templates/_hosts.tpl
+++ b/common/templates/_hosts.tpl
@@ -2,6 +2,14 @@
 {{- define "region"}}cluster{{- end}}
 {{- define "tld"}}local{{- end}}
 
+{{- define "fqdn" -}}
+{{- $fqdn := .Release.Namespace -}}
+{{- if .Values.endpoints.fqdn -}}
+{{- $fqdn := .Values.endpoints.fqdn -}}
+{{- end -}}
+{{- $fqdn -}}
+{{- end -}}
+
 #-----------------------------------------
 # hosts
 #-----------------------------------------
@@ -17,3 +25,14 @@
 {{- define "keystone_api_endpoint_host_internal"}}keystone-api.{{.Release.Namespace}}.svc.{{ include "region" . }}.{{ include "tld" . }}{{- end}}
 {{- define "keystone_api_endpoint_host_public"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{- end}}
 {{- define "keystone_api_endpoint_host_admin_ext"}}keystone-api.{{ include "region" . }}.{{ include "tld" . }}{{- end}}
+
+# glance defaults
+{{- define "glance_registry_host"}}glance-registry.{{ include "fqdn" . }}{{- end}}
+
+# nova defaults
+{{- define "nova_metadata_host"}}nova-api.{{ include "fqdn" . }}{{- end}}
+
+# neutron defaults
+{{- define "neutron_db_host"}}{{ include "mariadb_host" . }}{{- end}}
+{{- define "neutron_rabbit_host"}}{{- include "rabbitmq_host" .}}{{- end}}
+
diff --git a/common/values.yaml b/common/values.yaml
index da62e63235..20eb7c7c3c 100644
--- a/common/values.yaml
+++ b/common/values.yaml
@@ -7,3 +7,6 @@ global:
   region: cluster
   tld: local
 
+endpoints:
+  fqdn: null
+
diff --git a/glance/templates/_helpers.tpl b/glance/templates/_helpers.tpl
deleted file mode 100644
index 932d1900b7..0000000000
--- a/glance/templates/_helpers.tpl
+++ /dev/null
@@ -1,5 +0,0 @@
-{{- define "joinListWithColon" -}}
-{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
-{{- end -}}
-
-{{ define "keystone_auth" }}{'auth_url':'{{ .Values.keystone.auth_url }}', 'username':'{{ .Values.keystone.admin_user }}','password':'{{ .Values.keystone.admin_password }}','project_name':'{{ .Values.keystone.admin_project_name }}','domain_name':'default'}{{end}}
diff --git a/glance/templates/ceph.client.glance.keyring.yaml b/glance/templates/ceph.client.glance.keyring.yaml
index 27eeac7ed2..915324809b 100644
--- a/glance/templates/ceph.client.glance.keyring.yaml
+++ b/glance/templates/ceph.client.glance.keyring.yaml
@@ -5,5 +5,9 @@ metadata:
 data:
   ceph.client.{{ .Values.ceph.glance_user }}.keyring: |+
     [client.{{ .Values.ceph.glance_user }}]
+    {{- if .Values.ceph.glance_keyring }}
         key = {{ .Values.ceph.glance_keyring }}
-    
+    {{- else }}
+        key = {{- include "secrets/ceph-client-key" . -}}
+    {{- end }}
+
diff --git a/glance/templates/ceph.conf.yaml b/glance/templates/ceph.conf.yaml
index 28982f320e..3c3aed3074 100644
--- a/glance/templates/ceph.conf.yaml
+++ b/glance/templates/ceph.conf.yaml
@@ -7,12 +7,17 @@ data:
     [global]
     rgw_thread_pool_size = 1024
     rgw_num_rados_handles = 100
+    {{- if .Values.ceph.monitors }}
     [mon]
     {{ range .Values.ceph.monitors }}
         [mon.{{ . }}]
           host = {{ . }}
           mon_addr = {{ . }}
     {{ end }}
+    {{- else }}
+    mon_host = ceph-mon.ceph
+    {{- end }}
     [client]
       rbd_cache_enabled = true
       rbd_cache_writethrough_until_flush = true
+
diff --git a/glance/templates/glance-api.conf.yaml b/glance/templates/glance-api.conf.yaml
index b7e45d36e7..ee61d333ec 100644
--- a/glance/templates/glance-api.conf.yaml
+++ b/glance/templates/glance-api.conf.yaml
@@ -12,7 +12,7 @@ data:
     bind_port = {{ .Values.network.port.api }}
 
     workers = {{ .Values.misc.workers }}
-    registry_host = glance-registry
+    registry_host = {{ include "glance_registry_host" . }}
 
     # Enable Copy-on-Write
     show_image_direct_url = True
@@ -45,3 +45,4 @@ data:
     rbd_store_user = {{ .Values.ceph.glance_user }}
     rbd_store_ceph_conf = /etc/ceph/ceph.conf
     rbd_store_chunk_size = 8
+
diff --git a/glance/templates/post.sh.yaml b/glance/templates/post.sh.yaml
index 2415cc8e91..156b60d605 100644
--- a/glance/templates/post.sh.yaml
+++ b/glance/templates/post.sh.yaml
@@ -6,12 +6,13 @@ data:
   post.sh: |+
     #!/bin/bash
     set -ex
+    export HOME=/tmp
     
     ansible localhost -vvv -m kolla_keystone_service -a "service_name=glance \
     service_type=image \
     description='Openstack Image' \
     endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-    url='http://glance-api:{{ .Values.network.port.api }}' \
+    url='{{ include "endpoint_glance_api_internal" . }}' \
     interface=admin \
     region_name='{{ .Values.keystone.admin_region_name }}' \
     auth='{{ include "keystone_auth" . }}'" \
@@ -21,7 +22,7 @@ data:
     service_type=image \
     description='Openstack Image' \
     endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-    url='http://glance-api:{{ .Values.network.port.api }}' \
+    url='{{ include "endpoint_glance_api_internal" . }}' \
     interface=internal \
     region_name='{{ .Values.keystone.admin_region_name }}' \
     auth='{{ include "keystone_auth" . }}'" \
@@ -31,7 +32,7 @@ data:
     service_type=image \
     description='Openstack Image' \
     endpoint_region='{{ .Values.keystone.glance_region_name }}' \
-    url='http://glance-api:{{ .Values.network.port.api }}' \
+    url='{{ include "endpoint_glance_api_internal" . }}' \
     interface=public \
     region_name='{{ .Values.keystone.admin_region_name }}' \
     auth='{{ include "keystone_auth" . }}'" \
@@ -44,3 +45,4 @@ data:
     region_name={{ .Values.keystone.admin_region_name }} \
     auth='{{ include "keystone_auth" . }}'" \
     -e "{ 'openstack_glance_auth': {{ include "keystone_auth" . }} }"
+
diff --git a/glance/templates/post.yaml b/glance/templates/post.yaml
index 111f9bdcd7..4fe1c195bf 100644
--- a/glance/templates/post.yaml
+++ b/glance/templates/post.yaml
@@ -32,6 +32,8 @@ spec:
           }
         ]'
     spec:
+      nodeSelector:
+        {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
       restartPolicy: OnFailure
       containers:
         - name: glance-post
@@ -51,3 +53,4 @@ spec:
         - name: postsh
           configMap:
             name: glance-postsh
+
diff --git a/glance/values.yaml b/glance/values.yaml
index 6e2b4cd35b..a94a1bcc1c 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -33,7 +33,7 @@ network:
   port:
     api: 9292
     registry: 9191
-  ip_address: "{{ .IP }}"
+  ip_address: "0.0.0.0"
 
 database:
   address: mariadb
@@ -47,9 +47,12 @@ database:
 ceph:
   enabled: true
   monitors: []
-  glance_user: "glance"
+  glance_user: "admin"
   glance_pool: "images"
-  glance_keyring: ""
+  # a null value for the keyring will
+  # attempt to use the key from
+  # common/secrets/ceph-client-key
+  glance_keyring: null
 
 misc:
   workers: 8
@@ -97,4 +100,28 @@ dependencies:
     - mariadb
     - keystone-api
     - glance-api
-    - glance-registry
\ No newline at end of file
+    - glance-registry
+
+# typically overriden by environmental 
+# values, but should include all endpoints
+# required by this chart
+endpoints:
+  glance:
+    hosts:
+      default: glance-api
+    type: image
+    path: null
+    scheme: 'http'
+    port:
+      api: 9292
+      registry: 9191
+  keystone:
+    hosts:
+      default: keystone-api
+    path: /v3
+    type: identity
+    scheme: 'http'
+    port:
+        admin: 35357
+        public: 5000
+
diff --git a/horizon/values.yaml b/horizon/values.yaml
index f1dd9a1aa9..6de7d8e116 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -38,6 +38,6 @@ endpoints:
     type: identity
     scheme: 'http'
     port:
-        admin: 35356
+        admin: 35357
         public: 5000
 
diff --git a/keystone/templates/_helpers.tpl b/keystone/templates/_helpers.tpl
deleted file mode 100644
index d2f33bc897..0000000000
--- a/keystone/templates/_helpers.tpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- define "joinListWithColon" -}}
-{{ range $k, $v := . }}{{ if $k }},{{ end }}{{ $v }}{{ end }}
-{{- end -}}
diff --git a/keystone/templates/bin/_db-sync.sh.tpl b/keystone/templates/bin/_db-sync.sh.tpl
index b6679c7318..89c4c5de84 100644
--- a/keystone/templates/bin/_db-sync.sh.tpl
+++ b/keystone/templates/bin/_db-sync.sh.tpl
@@ -15,7 +15,8 @@ set -ex
 keystone-manage db_sync
 kolla_keystone_bootstrap {{ .Values.keystone.admin_user }} {{ .Values.keystone.admin_password }} \
   {{ .Values.keystone.admin_project_name }} admin \
-  {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_admin" . }}:{{ .Values.network.port.admin }}/{{ .Values.keystone.version }} \
-  {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_internal" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \
-  {{ .Values.keystone.scheme }}://{{ include "keystone_api_endpoint_host_public" . }}:{{ .Values.network.port.public }}/{{ .Values.keystone.version }} \
+  {{ include "endpoint_keystone_admin" . }} \
+  {{ include "endpoint_keystone_internal" . }} \
+  {{ include "endpoint_keystone_internal" . }} \
   {{ .Values.keystone.admin_region_name }}
+
diff --git a/keystone/templates/etc/_keystone.conf.tpl b/keystone/templates/etc/_keystone.conf.tpl
index c62d524516..58603001ba 100644
--- a/keystone/templates/etc/_keystone.conf.tpl
+++ b/keystone/templates/etc/_keystone.conf.tpl
@@ -9,11 +9,11 @@ connection = mysql+pymysql://{{ .Values.database.keystone_user }}:{{ .Values.dat
 max_retries = -1
 
 [memcache]
-servers = {{ include "memcached_host" . }}
+servers = {{ include "memcached_host" . }}:11211
 
 [cache]
 backend = dogpile.cache.memcached
-memcache_servers = {{ include "memcached_host" . }}
+memcache_servers = {{ include "memcached_host" . }}:11211
 config_prefix = cache.keystone
-distributed_lock = True
 enabled = True
+
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 3b7b8e67b0..80801204e7 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -17,7 +17,7 @@ images:
   pull_policy: "IfNotPresent"
 
 keystone:
-  version: v2.0
+  version: v3
   scheme: http
   admin_region_name: RegionOne
   admin_user: admin
@@ -67,3 +67,18 @@ dependencies:
     - mariadb-seed
     service:
     - mariadb
+
+# typically overriden by environmental
+# values, but should include all endpoints
+# required by this chart
+endpoints:
+  keystone:
+    hosts:
+      default: keystone-api
+    path: /v3
+    type: identity
+    scheme: 'http'
+    port:
+        admin: 35357
+        public: 5000
+