starlingx/openstack-armada-app
Code Issues Proposed changes

Upversion base OSH to Caracal-3013cbc9

Browse Source 
This task aims to Upversion base OSH to Caracal (3013cbc9)

This change upversions the base commit SHA for openstack-helm
to the Caracal version. Because upstream OSH does not track
versions the same way Openstack does, the base commit [1] was
chosen after the caracal release date and the stability of the
changes in the upstream repo.

It also ports all StarlingX specific patches on top of it,
dropping the patches that are no longer necessary and updating
what needs to be updated in order to be applied on top of the
new base SHA.

Patches 0002, 0009, 0019 and 0022 had their changes merged
on the upstream OSH repo, therefore they were dropped in this
upversion.

Patch 0003 was also removed since a similar job was created
upstream. It remains a point of attention because altough
a similar job was created upstream there are some differences
between them. Patch 0012 was dropped as it only modified the
file created by the patch 0003.

Most of patch 0020 was merged upstream, because of that the size
of the patch was significantly reduced.

All static overrides had the dep_check image added, this image
was already present on the values file upstream but was not being
exposed on the static overrides.

In the Neutron Helm chart, some additional images were added. Most
of the images that were not previously used by STX-O were set as "null"
in the static overrides. The rpc_server proved to be necessary for the
deployment. Similarly, the Nova Helm chart had some images added and
deleted. The static overrides was updated accordingly.

Test Plan:
PASS - Run downloader to get new OSH version
PASS - Run build-pkgs -c -a -l openstack to rebuild all packages
PASS - OSH is on the Caracal version
PASS - All OSH patches are applied
PASS - STX-O is built

With this change STX-Openstack will stop applying until the all
reviews in the relation chain are merged as well. Because of that,
the Test Plan does not include the apply and proper functioning of
the application. The last review of the relation chain will have a
more torough test plan. In order for the build not to be broken, all
reviews in the relation chain should be merged together.

Story: 2011303
Task: 51429

[1] - 3013cbc94a

Change-Id: I988051a73c405c0df810cd24e9dc08fa1051faac
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
This commit is contained in:
Daniel Caires 2025-01-13 09:59:36 -03:00 committed by Murillo Arantes
parent 40dc95270b
commit 5b3917befd
54 changed files with 634 additions and 1418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openstack-helm/debian/deb_folder/changelog
View File

@ -1,3 +1,9 @@
openstack-helm (1.1-0) unstable; urgency=medium
* Upversion to Caracal release.
-- Daniel Caires <DanielMarques.Caires@windriver.com> Wed, 29 Jan 2025 15:31:20 +0000
openstack-helm (1.0-1) unstable; urgency=medium
* Initial release.

4
openstack-helm/debian/deb_folder/copyright
View File

@ -3,7 +3,7 @@ Upstream-Name: openstack-helm
Source: https://opendev.org/starlingx/openstack-armada-app/
Files: *
Copyright: (c) 2013-2022 Wind River Systems, Inc
Copyright: (c) 2013-2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@ -23,7 +23,7 @@ License: Apache-2
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2021 Wind River Systems, Inc
Copyright: 2021-2025 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

66
openstack-helm/debian/deb_folder/patches/0002-Nova-console-ip-address-search-optionality.patch
View File

@ -1,66 +0,0 @@
From b5ff7217bca8b5af345a8630ce76b360022336b3 Mon Sep 17 00:00:00 2001
From: Gerry Kopec <Gerry.Kopec@windriver.com>
Date: Wed, 27 Mar 2019 00:35:57 -0400
Subject: [PATCH] Nova console/ip address search optionality
Add options to nova to enable/disable the use of:
1. the vnc or spice server proxyclient address found by the console
compute init container
2. my_ip hypervisor address found by compute init container
These options can be used to prevent cases where the found addresses
overwrite what has already been defined in nova.conf by per host nova
compute daemonset overrides.
Story: 2005259
Task: 30066
Change-Id: Idf490f8b19dcd1e71a9b5fa8934461f1198a8af8
Signed-off-by: Gerry Kopec <Gerry.Kopec@windriver.com>
(cherry picked from commit f5e8ad20e35b770e5967f75f6f93f0a4dc6e3b41)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-compute.sh.tpl | 4 ++++
nova/values.yaml | 2 ++
2 files changed, 6 insertions(+)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index 23ce3475..60b0272d 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -18,9 +18,13 @@ set -ex
exec nova-compute \
--config-file /etc/nova/nova.conf \
+{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
+{{- end }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
{{- if and ( empty .Values.conf.nova.DEFAULT.host ) ( .Values.pod.use_fqdn.compute ) }}
--config-file /tmp/pod-shared/nova-compute-fqdn.conf \
{{- end }}
+{{- if .Values.conf.hypervisor.address_search_enabled }}
--config-file /tmp/pod-shared/nova-hypervisor.conf
+{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 38f4b518..7aca42ad 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -496,6 +496,7 @@ console:
vncproxy:
# IF blank, search default routing interface
vncserver_proxyclient_interface:
+ address_search_enabled: true
ceph_client:
configmap: ceph-etc
@@ -1335,6 +1336,7 @@ conf:
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
+ address_search_enabled: true
# my_ip can be set automatically through this interface name.
host_interface:
# This list is the keys to exclude from the config file ingested by nova-compute
--
2.25.1

0
openstack-helm/debian/deb_folder/patches/0004-Support-ingress-creation-for-keystone-admin-endpoint.patch → openstack-helm/debian/deb_folder/patches/0002-Support-ingress-creation-for-keystone-admin-endpoint.patch
View File

0
openstack-helm/debian/deb_folder/patches/0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch → openstack-helm/debian/deb_folder/patches/0003-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
View File

338
openstack-helm/debian/deb_folder/patches/0003-Nova-chart-Support-ephemeral-pool-creation.patch
View File

@ -1,338 +0,0 @@
From 8d1a2f90284bc5c3a7fcfbae73f0bdb2e5b03320 Mon Sep 17 00:00:00 2001
From: Irina Mihai <irina.mihai@windriver.com>
Date: Tue, 26 Feb 2019 17:43:53 +0000
Subject: [PATCH] Nova chart: Support ephemeral pool creation
If libvirt images_type is rbd, then we need to have the
images_rbd_pool present. These changes add a new job
to make sure this pool exists.
Change-Id: Iee307cb54384d1c4583d00a8d28f7b1a0676d7d8
Story: 2004922
Task: 29285
Signed-off-by: Irina Mihai <irina.mihai@windriver.com>
(cherry picked from commit 0afcb0b37cdcf57436e44867bac9242d8684ce81)
Signed-off-by: Robert Church <robert.church@windriver.com>
---
nova/templates/bin/_nova-storage-init.sh.tpl | 73 +++++++++
nova/templates/configmap-bin.yaml | 2 +
nova/templates/job-storage-init.yaml | 156 +++++++++++++++++++
nova/values.yaml | 18 +++
4 files changed, 249 insertions(+)
create mode 100644 nova/templates/bin/_nova-storage-init.sh.tpl
create mode 100644 nova/templates/job-storage-init.yaml
diff --git a/nova/templates/bin/_nova-storage-init.sh.tpl b/nova/templates/bin/_nova-storage-init.sh.tpl
new file mode 100644
index 00000000..416297f4
--- /dev/null
+++ b/nova/templates/bin/_nova-storage-init.sh.tpl
@@ -0,0 +1,73 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ local test_version=$(ceph tell osd.* version | egrep -c "mimic|luminous" | xargs echo)
+ if [[ ${test_version} -gt 0 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "nova-ephemeral"
+
+ if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
+ echo "Cephx user client.${RBD_POOL_USER} already exist."
+ echo "Update its cephx caps"
+ ceph auth caps client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd"
+ ceph auth get client.${RBD_POOL_USER} -o ${KEYRING}
+ else
+ # NOTE: Restrict Nova permissions to what is needed.
+ # MON Read only and RBD access to the Nova ephemeral pool only.
+ ceph auth get-or-create client.${RBD_POOL_USER} \
+ mon "profile rbd" \
+ osd "profile rbd" \
+ -o ${KEYRING}
+ fi
+
+ ENCODED_KEYRING=$(sed -n 's/^[[:blank:]]*key[[:blank:]]\+=[[:blank:]]\(.*\)/\1/p' ${KEYRING} | base64 -w0)
+ cat > ${SECRET} <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "${RBD_POOL_SECRET}"
+type: kubernetes.io/rbd
+data:
+ key: $( echo ${ENCODED_KEYRING} )
+EOF
+ kubectl apply --namespace ${NAMESPACE} -f ${SECRET}
+
+fi
+
diff --git a/nova/templates/configmap-bin.yaml b/nova/templates/configmap-bin.yaml
index 90a91a93..1f7d11de 100644
--- a/nova/templates/configmap-bin.yaml
+++ b/nova/templates/configmap-bin.yaml
@@ -89,6 +89,8 @@ data:
{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-console-proxy-init-assets.sh: |
{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ nova-storage-init.sh: |
+{{ tuple "bin/_nova-storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-init.sh: |
{{ tuple "bin/_ssh-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ssh-start.sh: |
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
new file mode 100644
index 00000000..f3850b4b
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,156 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_storage_init }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: nova-storage-init
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ {{- range $ephemeralPool := .Values.conf.ceph.ephemeral_storage.rbd_pools }}
+ - name: nova-storage-init-{{- $ephemeralPool.rbd_pool_name }}
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{ if and (eq $envAll.Values.conf.ceph.ephemeral_storage.type "rbd") $envAll.Values.conf.ceph.enabled }}
+ - name: STORAGE_BACKEND
+ value: {{ $envAll.Values.conf.ceph.ephemeral_storage.type }}
+ - name: RBD_POOL_NAME
+ value: {{ $ephemeralPool.rbd_pool_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ $ephemeralPool.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ $ephemeralPool.rbd_crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ $ephemeralPool.rbd_replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ $ephemeralPool.rbd_chunk_size | quote }}
+ - name: RBD_POOL_SECRET
+ value: {{ $envAll.Values.secrets.ephemeral | quote }}
+ {{- end }}
+ command:
+ - /tmp/nova-storage-init.sh
+ volumeMounts:
+ - name: nova-bin
+ mountPath: /tmp/nova-storage-init.sh
+ subPath: nova-storage-init.sh
+ readOnly: true
+ {{ if or $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{ if or .Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
diff --git a/nova/values.yaml b/nova/values.yaml
index 7aca42ad..e1dc611f 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -79,6 +79,7 @@ images:
nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal'
nova_spiceproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
nova_spiceproxy_assets: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_storage_init: 'docker.io/port/ceph-config-helper:v1.10.3'
test: docker.io/xrally/xrally-openstack:2.0.0
image_repo_sync: docker.io/docker:17.07.0
nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
@@ -585,6 +586,14 @@ conf:
user: "cinder"
keyring: null
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
+ ephemeral_storage:
+ type: rbd
+ rbd_pools:
+ - rbd_pool_name: ephemeral
+ rbd_user: ephemeral
+ rbd_crush_rule: 0
+ rbd_replication: 3
+ rbd_chunk_size: 64
rally_tests:
run_tempest: false
clean_up: |
@@ -1556,6 +1565,7 @@ secrets:
compute_spice_proxy:
spiceproxy:
internal: nova-tls-spiceproxy
+ ephemeral: nova-ephemeral
oci_image_registry:
nova: nova-oci-image-registry
@@ -2416,6 +2426,13 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
network_policy:
nova:
@@ -2465,6 +2482,7 @@ manifests:
job_ks_service: true
job_ks_user: true
job_cell_setup: true
+ job_storage_init: true
pdb_metadata: true
pdb_osapi: true
pod_rally_test: true
--
2.25.1

0
openstack-helm/debian/deb_folder/patches/0006-Wrong-usage-of-rbd_store_chunk_size.patch → openstack-helm/debian/deb_folder/patches/0004-Wrong-usage-of-rbd_store_chunk_size.patch
View File

0
openstack-helm/debian/deb_folder/patches/0007-Add-stx_admin-account.patch → openstack-helm/debian/deb_folder/patches/0005-Add-stx_admin-account.patch
View File

21
openstack-helm/debian/deb_folder/patches/0008-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch → openstack-helm/debian/deb_folder/patches/0006-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
View File

@ -11,11 +11,11 @@ Subject: [PATCH] Add-flavor-extra-spec-hw-pci_irq_affinity_mask
4 files changed, 16 insertions(+)
diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
index 0ee26061..15d8b9e2 100644
index 5a5f1c28..a7fa0452 100644
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@@ -143,6 +143,9 @@ data:
glance-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | b64enc }}
@@ -153,6 +153,9 @@ data:
glance-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance_api_uwsgi | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+{{- range $key, $val := .Values.conf.extra_metadata }}
@ -25,10 +25,10 @@ index 0ee26061..15d8b9e2 100644
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 9c26c747..60ba98b1 100644
index bfeaf26b..b70d44ca 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -204,6 +204,12 @@ spec:
@@ -214,6 +214,12 @@ spec:
mountPath: /etc/glance/glance-api.conf
subPath: glance-api.conf
readOnly: true
@ -38,9 +38,9 @@ index 9c26c747..60ba98b1 100644
+ subPath: compute_{{ $key }}.json
+ readOnly: true
+ {{- end }}
{{- if .Values.conf.glance.DEFAULT.log_config_append }}
- name: glance-etc
mountPath: {{ .Values.conf.glance.DEFAULT.log_config_append }}
mountPath: /etc/glance/glance-api-uwsgi.ini
subPath: glance-api-uwsgi.ini
diff --git a/glance/templates/job-metadefs-load.yaml b/glance/templates/job-metadefs-load.yaml
index 1c2efaaa..ca6081fb 100644
--- a/glance/templates/job-metadefs-load.yaml
@ -59,10 +59,10 @@ index 1c2efaaa..ca6081fb 100644
mountPath: /etc/glance
- name: glance-etc
diff --git a/glance/values.yaml b/glance/values.yaml
index 88bf350e..d23674bb 100644
index 9e8468f7..1cbf4282 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -189,6 +189,7 @@ conf:
@@ -187,6 +187,7 @@ conf:
oslo_config_program: glance-api
filter:http_proxy_to_wsgi:
paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
@ -71,5 +71,4 @@ index 88bf350e..d23674bb 100644
glance_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
--
2.25.1
2.34.1

351
openstack-helm/debian/deb_folder/patches/0010-Remove-TLS-from-openstack-services.patch → openstack-helm/debian/deb_folder/patches/0007-Remove-TLS-from-openstack-services.patch
View File

@ -16,6 +16,8 @@ Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
[ Changed Horizon SSL Cert paths ]
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
[ Upversioned openstack-helm base commit to Caracal ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
---
cinder/templates/bin/_cinder-api.sh.tpl | 40 -----------
@ -33,7 +35,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
cinder/templates/job-ks-user.yaml | 2 +-
cinder/templates/pod-rally-test.yaml | 6 +-
glance/templates/certificates.yaml | 17 -----
glance/templates/deployment-api.yaml | 60 +---------------
glance/templates/deployment-api.yaml | 61 +---------------
glance/templates/ingress-api.yaml | 7 +-
glance/templates/job-bootstrap.yaml | 2 +-
glance/templates/job-ks-endpoints.yaml | 2 +-
@ -41,7 +43,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
glance/templates/job-ks-user.yaml | 2 +-
glance/templates/job-storage-init.yaml | 4 +-
glance/templates/pod-rally-test.yaml | 6 +-
heat/templates/bin/_heat-api.sh.tpl | 35 ----------
heat/templates/bin/_heat-api.sh.tpl | 36 ----------
heat/templates/bin/_heat-cfn.sh.tpl | 37 ----------
heat/templates/certificates.yaml | 18 -----
heat/templates/deployment-api.yaml | 14 +---
@ -64,7 +66,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
horizon/values.yaml | 2 +-
keystone/templates/bin/_keystone-api.sh.tpl | 4 --
keystone/templates/certificates.yaml | 17 -----
keystone/templates/deployment-api.yaml | 8 +--
keystone/templates/deployment-api.yaml | 8 ++-
keystone/templates/ingress-api.yaml | 7 +-
keystone/templates/job-bootstrap.yaml | 4 +-
keystone/templates/job-domain-manage.yaml | 14 +---
@ -81,7 +83,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
neutron/values.yaml | 1 +
nova/templates/bin/_nova-api-metadata.sh.tpl | 38 ----------
nova/templates/bin/_nova-api.sh.tpl | 39 -----------
nova/templates/certificates.yaml | 27 -------
nova/templates/certificates.yaml | 30 --------
nova/templates/cron-job-service-cleaner.yaml | 4 +-
nova/templates/daemonset-compute.yaml | 10 +--
nova/templates/deployment-api-metadata.yaml | 16 +----
@ -105,7 +107,7 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
placement/templates/job-ks-endpoints.yaml | 2 +-
placement/templates/job-ks-service.yaml | 2 +-
placement/templates/job-ks-user.yaml | 2 +-
87 files changed, 125 insertions(+), 709 deletions(-)
87 files changed, 127 insertions(+), 712 deletions(-)
delete mode 100644 cinder/templates/certificates.yaml
delete mode 100644 glance/templates/certificates.yaml
delete mode 100644 heat/templates/certificates.yaml
@ -116,10 +118,10 @@ Change-Id: Ibc0e53d95cfe43e0e04c9cc14bc81469fb919a40
delete mode 100644 placement/templates/certificates.yaml
diff --git a/cinder/templates/bin/_cinder-api.sh.tpl b/cinder/templates/bin/_cinder-api.sh.tpl
index 3b64745c..b883d007 100644
index 73ae5718..993e47e9 100644
--- a/cinder/templates/bin/_cinder-api.sh.tpl
+++ b/cinder/templates/bin/_cinder-api.sh.tpl
@@ -18,52 +18,12 @@ set -ex
@@ -18,51 +18,11 @@ set -ex
COMMAND="${@:-start}"
function start () {
@ -153,8 +155,7 @@ index 3b64745c..b883d007 100644
- # Starts Apache2
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-{{- else }}
exec cinder-api \
--config-file /etc/cinder/cinder.conf
exec uwsgi --ini /etc/cinder/cinder-api-uwsgi.ini
-{{- end }}
}
@ -196,12 +197,12 @@ index 7ccf6ca1..00000000
-{{ dict "envAll" . "service" "volumev3" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
index 5010ab96..a97310e1 100644
index 1a20ea84..1a26cc4f 100644
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@@ -169,10 +169,6 @@ data:
backends.conf: {{ include "helm-toolkit.utils.to_ini" .Values.conf.backends | b64enc }}
@@ -179,10 +179,6 @@ data:
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
cinder-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.cinder_api_uwsgi | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
-{{- if .Values.manifests.certificates }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
@ -233,10 +234,10 @@ index 897b5b63..0c2c6bac 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index 8ef57549..27e4381a 100644
index 641ed3b4..ea31f7e7 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -77,6 +77,10 @@ spec:
@@ -78,6 +78,10 @@ spec:
{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "cinder_api" "container" "cinder_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
@ -247,7 +248,7 @@ index 8ef57549..27e4381a 100644
command:
- /tmp/cinder-api.sh
- start
@@ -112,8 +116,6 @@ spec:
@@ -114,8 +118,6 @@ spec:
volumeMounts:
- name: pod-tmp
mountPath: /tmp
@ -256,7 +257,7 @@ index 8ef57549..27e4381a 100644
- name: cinder-bin
mountPath: /tmp/cinder-api.sh
subPath: cinder-api.sh
@@ -144,35 +146,17 @@ spec:
@@ -150,35 +152,17 @@ spec:
mountPath: {{ .Values.conf.cinder.DEFAULT.resource_query_filters_file }}
subPath: resource_filters.json
readOnly: true
@ -293,7 +294,7 @@ index 8ef57549..27e4381a 100644
- name: cinder-bin
configMap:
name: cinder-bin
@@ -188,7 +172,7 @@ spec:
@@ -194,7 +178,7 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -303,10 +304,10 @@ index 8ef57549..27e4381a 100644
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index cf69dd1e..8108b3e2 100644
index 03206a8d..68c6cb6d 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -107,7 +107,7 @@ spec:
@@ -108,7 +108,7 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
@ -315,7 +316,7 @@ index cf69dd1e..8108b3e2 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
@@ -128,7 +128,7 @@ spec:
@@ -129,7 +129,7 @@ spec:
- name: cinder-coordination
emptyDir: {}
{{- end }}
@ -325,10 +326,10 @@ index cf69dd1e..8108b3e2 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index 01aea233..9317f471 100755
index 93625536..65f7677f 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -131,7 +131,7 @@ spec:
@@ -132,7 +132,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
@ -337,7 +338,7 @@ index 01aea233..9317f471 100755
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
@@ -281,7 +281,7 @@ spec:
@@ -282,7 +282,7 @@ spec:
mountPropagation: HostToContainer
{{- end }}
{{- end }}
@ -346,7 +347,7 @@ index 01aea233..9317f471 100755
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
@@ -351,7 +351,7 @@ spec:
@@ -352,7 +352,7 @@ spec:
path: /sys
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -498,10 +499,45 @@ index deb2a237..00000000
-{{ dict "envAll" . "service" "image" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 60ba98b1..0e41e6b5 100644
index b70d44ca..e41e5a2e 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -102,46 +102,6 @@ spec:
@@ -13,34 +13,18 @@ limitations under the License.
*/}}
{{- define "readinessProbeTemplate" }}
-{{- if .Values.manifests.certificates }}
-exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
-{{- else }}
httpGet:
scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
-{{- end }}
{{- define "livenessProbeTemplate" }}
-{{- if .Values.manifests.certificates }}
-exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
-{{- else }}
httpGet:
scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
-{{- end }}
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
@@ -133,47 +117,6 @@ spec:
readOnly: true
{{ end }}
containers:
@ -525,6 +561,7 @@ index 60ba98b1..0e41e6b5 100644
- readinessProbe:
- tcpSocket:
- port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- initialDelaySeconds: 30
- command:
- - /tmp/nginx.sh
- - start
@ -548,37 +585,7 @@ index 60ba98b1..0e41e6b5 100644
- name: glance-api
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -160,21 +120,6 @@ spec:
command:
- /tmp/glance-api.sh
- stop
- {{- if $envAll.Values.manifests.certificates }}
- readinessProbe:
- exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
- livenessProbe:
- exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
- initialDelaySeconds: 30
- {{- else }}
ports:
- name: g-api
containerPort: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -188,7 +133,6 @@ spec:
scheme: HTTP
path: /
port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- {{- end }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
@@ -308,7 +252,7 @@ spec:
@@ -322,7 +265,7 @@ spec:
readOnly: true
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -587,7 +594,7 @@ index 60ba98b1..0e41e6b5 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -368,7 +312,7 @@ spec:
@@ -382,7 +325,7 @@ spec:
path: /sys
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -716,13 +723,14 @@ index 0ca17eb2..6732c239 100644
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}
diff --git a/heat/templates/bin/_heat-api.sh.tpl b/heat/templates/bin/_heat-api.sh.tpl
index b756d59e..e737562c 100644
index 35afabcb..90ac7c18 100644
--- a/heat/templates/bin/_heat-api.sh.tpl
+++ b/heat/templates/bin/_heat-api.sh.tpl
@@ -19,47 +19,12 @@ COMMAND="${@:-start}"
@@ -18,47 +18,11 @@ set -ex
COMMAND="${@:-start}"
function start () {
-
-{{- if .Values.manifests.certificates }}
- for WSGI_SCRIPT in heat-wsgi-api; do
- cp -a $(type -p ${WSGI_SCRIPT}) /var/www/cgi-bin/heat/
@ -753,8 +761,7 @@ index b756d59e..e737562c 100644
- # Starts Apache2
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-{{- else }}
exec heat-api \
--config-file /etc/heat/heat.conf
exec uwsgi --ini /etc/heat/heat-api-uwsgi.ini
-{{- end }}
}
@ -768,10 +775,10 @@ index b756d59e..e737562c 100644
$COMMAND
diff --git a/heat/templates/bin/_heat-cfn.sh.tpl b/heat/templates/bin/_heat-cfn.sh.tpl
index 757b59af..97f82798 100644
index ea94ce8a..338bc7f2 100644
--- a/heat/templates/bin/_heat-cfn.sh.tpl
+++ b/heat/templates/bin/_heat-cfn.sh.tpl
@@ -18,49 +18,12 @@ set -ex
@@ -18,48 +18,11 @@ set -ex
COMMAND="${@:-start}"
function start () {
@ -807,8 +814,7 @@ index 757b59af..97f82798 100644
- # Starts Apache2
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-{{- else }}
exec heat-api-cfn \
--config-file /etc/heat/heat.conf
exec uwsgi --ini /etc/heat/heat-api-cfn-uwsgi.ini
-{{- end }}
}
@ -846,10 +852,10 @@ index 353dfd69..00000000
-{{ dict "envAll" . "service" "cloudformation" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index 0bed310b..4a02d56b 100644
index 05f8feae..cf1876d0 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -123,17 +123,7 @@ spec:
@@ -129,17 +129,7 @@ spec:
mountPath: /etc/heat/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
@ -868,7 +874,7 @@ index 0bed310b..4a02d56b 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_heat_api.volumeMounts }}{{ toYaml $mounts_heat_api.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -151,7 +141,7 @@ spec:
@@ -157,7 +147,7 @@ spec:
secret:
secretName: heat-etc
defaultMode: 0444
@ -878,10 +884,10 @@ index 0bed310b..4a02d56b 100644
{{ if $mounts_heat_api.volumes }}{{ toYaml $mounts_heat_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml
index 94ddd067..2f2be024 100644
index 773972ba..00647372 100644
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@@ -123,17 +123,7 @@ spec:
@@ -128,17 +128,7 @@ spec:
mountPath: /etc/heat/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
@ -900,7 +906,7 @@ index 94ddd067..2f2be024 100644
{{ if $mounts_heat_cfn.volumeMounts }}{{ toYaml $mounts_heat_cfn.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -150,6 +140,6 @@ spec:
@@ -155,6 +145,6 @@ spec:
secret:
secretName: heat-etc
defaultMode: 0444
@ -909,10 +915,10 @@ index 94ddd067..2f2be024 100644
{{ if $mounts_heat_cfn.volumes }}{{ toYaml $mounts_heat_cfn.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml
index 7b7b8adf..ad048ecf 100644
index fa463f02..ec705374 100644
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@@ -108,7 +108,7 @@ spec:
@@ -109,7 +109,7 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -921,7 +927,7 @@ index 7b7b8adf..ad048ecf 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_heat_engine.volumeMounts }}{{ toYaml $mounts_heat_engine.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -125,7 +125,7 @@ spec:
@@ -126,7 +126,7 @@ spec:
secretName: heat-etc
defaultMode: 0444
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1117,10 +1123,10 @@ index 8dbb884a..00000000
-{{ dict "envAll" . "service" "dashboard" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index 33398760..4f58341f 100644
index fab84924..32013af7 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -72,7 +72,7 @@ spec:
@@ -76,7 +76,7 @@ spec:
fieldPath: status.podIP
{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
@ -1129,7 +1135,7 @@ index 33398760..4f58341f 100644
{{- end }}
lifecycle:
preStop:
@@ -162,7 +162,7 @@ spec:
@@ -173,7 +173,7 @@ spec:
mountPath: /tmp/favicon.ico
subPath: favicon.ico
{{- end }}
@ -1138,7 +1144,7 @@ index 33398760..4f58341f 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -186,6 +186,6 @@ spec:
@@ -197,6 +197,6 @@ spec:
name: horizon-logo
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1182,10 +1188,10 @@ index 7d163039..979402a7 100644
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 73b0d465..54a75cac 100644
index 024e57ce..a4033a5c 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -466,7 +466,7 @@ conf:
@@ -478,7 +478,7 @@ conf:
{{- if .Values.manifests.certificates }}
# The CA certificate to use to verify SSL connections
@ -1233,31 +1239,31 @@ index f8a73c4b..00000000
-{{ dict "envAll" . "service" "identity" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index c9e8d0f9..619203f0 100644
index cff233b8..7130ecaf 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -153,8 +153,8 @@ spec:
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
-{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal "path" "/etc/keystone/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@@ -152,7 +152,9 @@ spec:
- name: keystone-credential-keys
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.identity.api.internal "path" "/etc/keystone/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@@ -195,8 +195,8 @@ spec:
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
-{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- end }}
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }}
@@ -189,7 +191,9 @@ spec:
secret:
secretName: keystone-credential-keys
{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- end }}
{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }}
diff --git a/keystone/templates/ingress-api.yaml b/keystone/templates/ingress-api.yaml
index 525c2121..b7b0e238 100644
--- a/keystone/templates/ingress-api.yaml
@ -1292,10 +1298,10 @@ index b1336b1c..37ce4a48 100644
{{- if .Values.pod.tolerations.keystone.enabled -}}
{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml
index 8acd192e..679a009c 100644
index a783423c..50e76b8d 100644
--- a/keystone/templates/job-domain-manage.yaml
+++ b/keystone/templates/job-domain-manage.yaml
@@ -56,7 +56,7 @@ spec:
@@ -57,7 +57,7 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "domain_manage" "container" "keystone_domain_manage_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
@ -1304,7 +1310,7 @@ index 8acd192e..679a009c 100644
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command:
@@ -68,18 +68,12 @@ spec:
@@ -69,18 +69,12 @@ spec:
mountPath: /tmp/domain-manage-init.sh
subPath: domain-manage-init.sh
readOnly: true
@ -1323,7 +1329,7 @@ index 8acd192e..679a009c 100644
command:
- /tmp/domain-manage.sh
volumeMounts:
@@ -119,9 +113,6 @@ spec:
@@ -120,9 +114,6 @@ spec:
{{- end }}
- name: keystone-credential-keys
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
@ -1333,7 +1339,7 @@ index 8acd192e..679a009c 100644
{{ if $mounts_keystone_domain_manage.volumeMounts }}{{ toYaml $mounts_keystone_domain_manage.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -146,8 +137,5 @@ spec:
@@ -147,8 +138,5 @@ spec:
- name: keystone-credential-keys
secret:
secretName: keystone-credential-keys
@ -1416,10 +1422,10 @@ index f65396d0..00000000
-{{ dict "envAll" . "service" "network" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index edfa0a10..8474ff38 100644
index fc9a75ee..4625765a 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -192,7 +192,7 @@ spec:
@@ -193,7 +193,7 @@ spec:
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
@ -1428,7 +1434,7 @@ index edfa0a10..8474ff38 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -216,7 +216,7 @@ spec:
@@ -217,7 +217,7 @@ spec:
hostPath:
path: /run/netns
{{- end }}
@ -1438,7 +1444,7 @@ index edfa0a10..8474ff38 100644
{{ if $mounts_neutron_metadata_agent.volumes }}{{ toYaml $mounts_neutron_metadata_agent.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 91d9793e..05391a43 100644
index b6b634d2..6b236a33 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -13,35 +13,17 @@ limitations under the License.
@ -1477,7 +1483,7 @@ index 91d9793e..05391a43 100644
{{- if .Values.manifests.deployment_server }}
{{- $envAll := . }}
@@ -129,50 +111,6 @@ spec:
@@ -120,50 +102,6 @@ spec:
mountPath: /opt/plugin
{{- end }}
containers:
@ -1528,7 +1534,7 @@ index 91d9793e..05391a43 100644
- name: neutron-server
{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -277,7 +215,7 @@ spec:
@@ -272,7 +210,7 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -1537,7 +1543,7 @@ index 91d9793e..05391a43 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -285,10 +223,6 @@ spec:
@@ -280,10 +218,6 @@ spec:
emptyDir: {}
- name: pod-shared
emptyDir: {}
@ -1548,7 +1554,7 @@ index 91d9793e..05391a43 100644
- name: pod-var-neutron
emptyDir: {}
- name: neutron-bin
@@ -304,7 +238,7 @@ spec:
@@ -299,7 +233,7 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1663,10 +1669,10 @@ index 5ef57fa3..8f289bf7 100644
{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
{{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 9d88bb4a..0a84322d 100644
index 8333a90b..db4a6bf0 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -2108,6 +2108,7 @@ secrets:
@@ -2303,6 +2303,7 @@ secrets:
compute_metadata:
metadata:
internal: metadata-tls-metadata
@ -1675,10 +1681,10 @@ index 9d88bb4a..0a84322d 100644
server:
public: neutron-tls-public
diff --git a/nova/templates/bin/_nova-api-metadata.sh.tpl b/nova/templates/bin/_nova-api-metadata.sh.tpl
index 18195f26..246a11c6 100644
index e7602e8a..c3ea248b 100644
--- a/nova/templates/bin/_nova-api-metadata.sh.tpl
+++ b/nova/templates/bin/_nova-api-metadata.sh.tpl
@@ -18,51 +18,13 @@ set -ex
@@ -18,49 +18,11 @@ set -ex
COMMAND="${@:-start}"
function start () {
@ -1712,9 +1718,7 @@ index 18195f26..246a11c6 100644
- # Starts Apache2
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-{{- else }}
exec nova-api-metadata \
--config-file /etc/nova/nova.conf \
--config-file /tmp/pod-shared/nova-api-metadata.ini
exec uwsgi --ini /etc/nova/nova-metadata-uwsgi.ini
-{{- end }}
}
@ -1731,10 +1735,10 @@ index 18195f26..246a11c6 100644
$COMMAND
diff --git a/nova/templates/bin/_nova-api.sh.tpl b/nova/templates/bin/_nova-api.sh.tpl
index c62de9a6..95fcb130 100644
index 10843865..03d6654e 100644
--- a/nova/templates/bin/_nova-api.sh.tpl
+++ b/nova/templates/bin/_nova-api.sh.tpl
@@ -18,51 +18,12 @@ set -ex
@@ -18,50 +18,11 @@ set -ex
COMMAND="${@:-start}"
function start () {
@ -1769,8 +1773,7 @@ index c62de9a6..95fcb130 100644
- # Starts Apache2
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-{{- else }}
exec nova-api-os-compute \
--config-file /etc/nova/nova.conf
exec uwsgi --ini /etc/nova/nova-api-uwsgi.ini
-{{- end }}
}
@ -1788,10 +1791,10 @@ index c62de9a6..95fcb130 100644
$COMMAND
diff --git a/nova/templates/certificates.yaml b/nova/templates/certificates.yaml
deleted file mode 100644
index 3bf6c8db..00000000
index a1385e3b..00000000
--- a/nova/templates/certificates.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
@@ -1,30 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
@ -1806,6 +1809,9 @@ index 3bf6c8db..00000000
-limitations under the License.
-*/}}
-
-{{- if (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) -}}
-{{ dict "envAll" . "service" "compute_novnc_vencrypt" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end }}
-{{- if .Values.manifests.certificates -}}
-{{ dict "envAll" . "service" "compute" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- if .Values.manifests.deployment_novncproxy }}
@ -1840,10 +1846,10 @@ index dd61db79..0da8c5e1 100644
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index f6bab517..e8545f00 100644
index 3ad00ff2..5b52745f 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -278,7 +278,7 @@ spec:
@@ -294,7 +294,7 @@ spec:
value: "{{ .Values.pod.probes.rpc_retries }}"
{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
@ -1852,7 +1858,7 @@ index f6bab517..e8545f00 100644
{{- end }}
{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "liveness" "probeTemplate" (include "novaComputeLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "readiness" "probeTemplate" (include "novaComputeReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
@@ -431,7 +431,7 @@ spec:
@@ -448,7 +448,7 @@ spec:
subPath: tf-plugin.pth
readOnly: true
{{- end }}
@ -1861,7 +1867,7 @@ index f6bab517..e8545f00 100644
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.network.ssh.enabled }}
@@ -446,7 +446,7 @@ spec:
@@ -463,7 +463,7 @@ spec:
value: {{ .Values.network.ssh.port | quote }}
{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
@ -1870,7 +1876,7 @@ index f6bab517..e8545f00 100644
{{- end }}
ports:
- containerPort: {{ .Values.network.ssh.port }}
@@ -460,7 +460,7 @@ spec:
@@ -477,7 +477,7 @@ spec:
mountPath: /tmp/ssh-start.sh
subPath: ssh-start.sh
readOnly: true
@ -1879,7 +1885,7 @@ index f6bab517..e8545f00 100644
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
volumes:
@@ -546,7 +546,7 @@ spec:
@@ -563,7 +563,7 @@ spec:
- name: tf-plugin-bin
emptyDir: {}
{{- end }}
@ -1889,10 +1895,10 @@ index f6bab517..e8545f00 100644
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
index e7039f56..f3820a6b 100644
index 51e30c9d..ee5e38ea 100644
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@@ -178,20 +178,8 @@ spec:
@@ -183,20 +183,8 @@ spec:
- name: pod-shared
mountPath: /tmp/pod-shared
readOnly: true
@ -1914,7 +1920,7 @@ index e7039f56..f3820a6b 100644
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -211,6 +199,6 @@ spec:
@@ -216,6 +204,6 @@ spec:
- name: pod-shared
emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1923,10 +1929,10 @@ index e7039f56..f3820a6b 100644
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
index 4cb6744e..984204a2 100644
index b203ba6c..04d70533 100644
--- a/nova/templates/deployment-api-osapi.yaml
+++ b/nova/templates/deployment-api-osapi.yaml
@@ -126,20 +126,8 @@ spec:
@@ -131,20 +131,8 @@ spec:
mountPath: /etc/nova/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
@ -1948,7 +1954,7 @@ index 4cb6744e..984204a2 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -160,7 +148,7 @@ spec:
@@ -165,7 +153,7 @@ spec:
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1958,10 +1964,10 @@ index 4cb6744e..984204a2 100644
{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index df07583d..32bba2be 100644
index b58b3855..44ed2858 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -93,7 +93,7 @@ spec:
@@ -94,7 +94,7 @@ spec:
value: "{{ .Values.pod.probes.rpc_retries }}"
{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
@ -1970,7 +1976,7 @@ index df07583d..32bba2be 100644
{{- end }}
command:
- /tmp/nova-conductor.sh
@@ -122,7 +122,7 @@ spec:
@@ -123,7 +123,7 @@ spec:
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
@ -1979,7 +1985,7 @@ index df07583d..32bba2be 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
@@ -137,7 +137,7 @@ spec:
@@ -138,7 +138,7 @@ spec:
secret:
secretName: nova-etc
defaultMode: 0444
@ -1989,21 +1995,21 @@ index df07583d..32bba2be 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index 517005d9..c9aae286 100644
index f4c1d8ba..aa547263 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -143,7 +143,7 @@ spec:
- name: pod-shared
mountPath: /tmp/pod-shared
@@ -152,7 +152,7 @@ spec:
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -162,7 +162,7 @@ spec:
- name: pod-shared
emptyDir: {}
@@ -177,7 +177,7 @@ spec:
defaultMode: 0444
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -2011,10 +2017,10 @@ index 517005d9..c9aae286 100644
{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index e8a63a24..cd37ce99 100644
index bba444c9..d3f4095c 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -93,7 +93,7 @@ spec:
@@ -94,7 +94,7 @@ spec:
value: "{{ .Values.pod.probes.rpc_retries }}"
{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
@ -2023,7 +2029,7 @@ index e8a63a24..cd37ce99 100644
{{- end }}
command:
- /tmp/nova-scheduler.sh
@@ -123,7 +123,7 @@ spec:
@@ -124,7 +124,7 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -2032,7 +2038,7 @@ index e8a63a24..cd37ce99 100644
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -138,7 +138,7 @@ spec:
@@ -139,7 +139,7 @@ spec:
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -2042,10 +2048,10 @@ index e8a63a24..cd37ce99 100644
{{ if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index 2c654016..94d957d8 100644
index eca1628e..a7b45eca 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -141,7 +141,7 @@ spec:
@@ -142,7 +142,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
@ -2054,7 +2060,7 @@ index 2c654016..94d957d8 100644
{{ if $mounts_nova_spiceproxy.volumeMounts }}{{ toYaml $mounts_nova_spiceproxy.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -158,6 +158,6 @@ spec:
@@ -159,6 +159,6 @@ spec:
emptyDir: {}
- name: pod-shared
emptyDir: {}
@ -2077,11 +2083,11 @@ index 36eb8647..8c88cfdc 100644
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
diff --git a/nova/templates/ingress-novncproxy.yaml b/nova/templates/ingress-novncproxy.yaml
index cad53cf3..04643569 100644
index ec68fb60..189e07e8 100644
--- a/nova/templates/ingress-novncproxy.yaml
+++ b/nova/templates/ingress-novncproxy.yaml
@@ -15,9 +15,5 @@ limitations under the License.
{{- if and .Values.manifests.ingress_novncproxy .Values.network.novncproxy.ingress.public }}
{{- if and .Values.manifests.ingress_novncproxy .Values.network.novncproxy.ingress.public (eq .Values.console.console_kind "novnc") }}
{{- $envAll := . }}
{{- $ingressOpts := dict "envAll" $envAll "backendService" "novncproxy" "backendServiceType" "compute_novnc_proxy" "backendPort" "n-novnc" -}}
-{{- $secretName := $envAll.Values.secrets.tls.compute_novnc_proxy.novncproxy.internal -}}
@ -2105,19 +2111,19 @@ index b78f80f4..6f9a4f74 100644
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
{{- end }}
diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml
index eb5e6029..7de7444a 100644
index de8812dd..2aa62d21 100644
--- a/nova/templates/job-bootstrap.yaml
+++ b/nova/templates/job-bootstrap.yaml
@@ -101,7 +101,7 @@ spec:
mountPath: {{ $logConfigFile | quote }}
subPath: {{ base $logConfigFile | quote }}
@@ -102,7 +102,7 @@ spec:
subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append | quote }}
readOnly: true
{{- end }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -115,7 +115,7 @@ spec:
@@ -116,7 +116,7 @@ spec:
secret:
secretName: {{ $configMapEtc | quote }}
defaultMode: 0444
@ -2250,21 +2256,21 @@ index ada7fde1..00000000
-{{ dict "envAll" . "service" "placement" "type" "internal" | include "helm-toolkit.manifests.certificates" }}
-{{- end -}}
diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
index 605f9520..359d20f1 100644
index 08450f36..72800a05 100644
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@@ -123,7 +123,7 @@ spec:
subPath: wsgi-placement.conf
readOnly: true
@@ -141,7 +141,7 @@ spec:
mountPath: {{ .Values.conf.placement.DEFAULT.log_dir }}
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.internal "path" "/etc/placement/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_placement.volumeMounts }}{{ toYaml $mounts_placement.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -139,6 +139,6 @@ spec:
secretName: placement-etc
defaultMode: 0444
@@ -163,6 +163,6 @@ spec:
type: DirectoryOrCreate
{{- end }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -2324,5 +2330,4 @@ index 056938bd..02602c15 100644
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
--
2.25.1
2.34.1

336
openstack-helm/debian/deb_folder/patches/0011-Remove-mariadb-and-rabbit-tls.patch → openstack-helm/debian/deb_folder/patches/0008-Remove-mariadb-and-rabbit-tls.patch
View File

@ -10,6 +10,8 @@ such connections
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
[ upversioned openstack-helm base commit ]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Upversioned openstack-helm base commit to Caracal ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
---
cinder/templates/configmap-etc.yaml | 4 ----
@ -23,7 +25,7 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
cinder/templates/job-db-sync.yaml | 3 ---
cinder/templates/job-rabbit-init.yaml | 3 ---
cinder/templates/secret-db.yaml | 4 ----
cinder/templates/secret_rabbitmq.yaml | 3 ---
cinder/templates/secret-rabbitmq.yaml | 3 ---
glance/templates/configmap-etc.yaml | 4 ----
glance/templates/deployment-api.yaml | 4 ----
glance/templates/job-db-drop.yaml | 3 ---
@ -52,7 +54,7 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
horizon/values.yaml | 9 ---------
keystone/templates/bin/_cred-clean.py.tpl | 11 ++---------
keystone/templates/configmap-etc.yaml | 4 ----
keystone/templates/deployment-api.yaml | 12 ------------
keystone/templates/deployment-api.yaml | 4 ----
keystone/templates/job-credential-cleanup.yaml | 10 ----------
keystone/templates/job-db-drop.yaml | 3 ---
keystone/templates/job-db-init.yaml | 3 ---
@ -75,7 +77,7 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
neutron/templates/job-db-sync.yaml | 3 ---
neutron/templates/job-rabbit-init.yaml | 3 ---
neutron/templates/secret-db.yaml | 4 ----
neutron/templates/secret_rabbitmq.yaml | 3 ---
neutron/templates/secret-rabbitmq.yaml | 3 ---
nova/templates/configmap-etc.yaml | 17 -----------------
.../cron-job-archive-deleted-rows.yaml | 2 --
nova/templates/cron-job-cell-setup.yaml | 2 --
@ -93,17 +95,17 @@ Change-Id: Ic5d6461985e16dd41d51511caeefd5a0e95283f8
nova/templates/secret-db-api.yaml | 4 ----
nova/templates/secret-db-cell0.yaml | 4 ----
nova/templates/secret-db.yaml | 4 ----
nova/templates/secret_rabbitmq.yaml | 3 ---
nova/templates/secret-rabbitmq.yaml | 3 ---
placement/templates/configmap-etc.yaml | 4 ----
placement/templates/deployment.yaml | 2 --
placement/templates/job-db-drop.yaml | 3 ---
placement/templates/job-db-init.yaml | 3 ---
placement/templates/job-db-sync.yaml | 5 +----
placement/templates/secret-db.yaml | 4 ----
88 files changed, 3 insertions(+), 323 deletions(-)
88 files changed, 3 insertions(+), 315 deletions(-)
diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml
index a97310e1..1b1b4f02 100644
index 1a26cc4f..2e83f374 100644
--- a/cinder/templates/configmap-etc.yaml
+++ b/cinder/templates/configmap-etc.yaml
@@ -74,12 +74,8 @@ limitations under the License.
@ -141,10 +143,10 @@ index 0c2c6bac..89ac96c7 100644
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index 27e4381a..59d8a53c 100644
index ea31f7e7..ef203335 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -150,9 +150,7 @@ spec:
@@ -156,9 +156,7 @@ spec:
- name: cinder-coordination
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
@ -154,7 +156,7 @@ index 27e4381a..59d8a53c 100644
{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -171,8 +169,6 @@ spec:
@@ -177,8 +175,6 @@ spec:
- name: cinder-coordination
emptyDir: {}
{{- end }}
@ -164,10 +166,10 @@ index 27e4381a..59d8a53c 100644
{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index 47fac408..f29ae13a 100755
index 36574466..ae1d21fc 100644
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -282,8 +282,6 @@ spec:
@@ -283,8 +283,6 @@ spec:
mountPath: /usr/local/sbin/iscsiadm
subPath: iscsiadm
{{- end }}
@ -176,7 +178,7 @@ index 47fac408..f29ae13a 100755
{{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -360,7 +358,5 @@ spec:
@@ -361,7 +359,5 @@ spec:
- name: usrlocalsbin
emptyDir: {}
{{- end }}
@ -185,10 +187,10 @@ index 47fac408..f29ae13a 100755
{{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index 8108b3e2..17f379e3 100644
index 68c6cb6d..008561c2 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -108,8 +108,6 @@ spec:
@@ -109,8 +109,6 @@ spec:
mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -197,7 +199,7 @@ index 8108b3e2..17f379e3 100644
{{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -129,7 +127,5 @@ spec:
@@ -130,7 +128,5 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -206,10 +208,10 @@ index 8108b3e2..17f379e3 100644
{{ if $mounts_cinder_scheduler.volumes }}{{ toYaml $mounts_cinder_scheduler.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index 9317f471..9b06e892 100755
index 65f7677f..fe0b3321 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -282,8 +282,6 @@ spec:
@@ -283,8 +283,6 @@ spec:
{{- end }}
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.volume.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -218,7 +220,7 @@ index 9317f471..9b06e892 100755
{{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -350,8 +348,6 @@ spec:
@@ -351,8 +349,6 @@ spec:
hostPath:
path: /sys
{{- end }}
@ -284,11 +286,11 @@ index 43d23922..85b49514 100644
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/cinder/templates/secret-db.yaml b/cinder/templates/secret-db.yaml
index a5cee90b..a129534e 100644
index ce8cfbc8..1291f34a 100644
--- a/cinder/templates/secret-db.yaml
+++ b/cinder/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -298,10 +300,10 @@ index a5cee90b..a129534e 100644
{{- end }}
{{- end }}
-{{- end }}
diff --git a/cinder/templates/secret_rabbitmq.yaml b/cinder/templates/secret_rabbitmq.yaml
index 2c4403e2..bce1b6d1 100644
--- a/cinder/templates/secret_rabbitmq.yaml
+++ b/cinder/templates/secret_rabbitmq.yaml
diff --git a/cinder/templates/secret-rabbitmq.yaml b/cinder/templates/secret-rabbitmq.yaml
index 776e0193..73063493 100644
--- a/cinder/templates/secret-rabbitmq.yaml
+++ b/cinder/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
@ -313,7 +315,7 @@ index 2c4403e2..bce1b6d1 100644
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml
index 15d8b9e2..1fee2645 100644
index a7fa0452..63c530c7 100644
--- a/glance/templates/configmap-etc.yaml
+++ b/glance/templates/configmap-etc.yaml
@@ -57,12 +57,8 @@ limitations under the License.
@ -330,10 +332,10 @@ index 15d8b9e2..1fee2645 100644
{{- if empty .Values.conf.glance.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "glance" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.glance.DEFAULT "transport_url" -}}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 0e41e6b5..27df2730 100644
index e41e5a2e..3b285b16 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -251,9 +251,7 @@ spec:
@@ -264,9 +264,7 @@ spec:
subPath: key
readOnly: true
{{- end }}
@ -343,7 +345,7 @@ index 0e41e6b5..27df2730 100644
{{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -311,8 +309,6 @@ spec:
@@ -324,8 +322,6 @@ spec:
hostPath:
path: /sys
{{- end }}
@ -427,11 +429,11 @@ index 6bd14d6e..5e1d0e57 100644
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/glance/templates/secret-db.yaml b/glance/templates/secret-db.yaml
index 0a1085d3..09be8498 100644
index f8962ea9..e7ebda47 100644
--- a/glance/templates/secret-db.yaml
+++ b/glance/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -442,7 +444,7 @@ index 0a1085d3..09be8498 100644
{{- end }}
-{{- end }}
diff --git a/glance/templates/secret-rabbitmq.yaml b/glance/templates/secret-rabbitmq.yaml
index aba76397..48c8006f 100644
index ae34930a..1120f512 100644
--- a/glance/templates/secret-rabbitmq.yaml
+++ b/glance/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
@ -456,7 +458,7 @@ index aba76397..48c8006f 100644
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml
index b49edcd1..07ff13d0 100644
index a14d087a..b90bba6e 100644
--- a/heat/templates/configmap-etc.yaml
+++ b/heat/templates/configmap-etc.yaml
@@ -80,12 +80,8 @@ limitations under the License.
@ -473,7 +475,7 @@ index b49edcd1..07ff13d0 100644
{{- if empty .Values.conf.heat.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "heat" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.heat.DEFAULT "transport_url" -}}
diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml
index a7eded42..fb3e97ce 100644
index 51b5b281..5e425167 100644
--- a/heat/templates/cron-job-engine-cleaner.yaml
+++ b/heat/templates/cron-job-engine-cleaner.yaml
@@ -94,7 +94,6 @@ spec:
@ -493,7 +495,7 @@ index a7eded42..fb3e97ce 100644
configMap:
name: heat-bin
diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml
index 4d83c294..ffc93a8d 100644
index 1c6226b3..9e3be164 100644
--- a/heat/templates/cron-job-purge-deleted.yaml
+++ b/heat/templates/cron-job-purge-deleted.yaml
@@ -88,7 +88,6 @@ spec:
@ -513,10 +515,10 @@ index 4d83c294..ffc93a8d 100644
configMap:
name: heat-bin
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index 4a02d56b..ad7bdaff 100644
index cf1876d0..e4c6b1de 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -124,7 +124,6 @@ spec:
@@ -130,7 +130,6 @@ spec:
subPath: api_audit_map.conf
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -525,10 +527,10 @@ index 4a02d56b..ad7bdaff 100644
volumes:
- name: pod-tmp
diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml
index ad048ecf..3401f06f 100644
index ec705374..cee5d4f7 100644
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@@ -107,9 +107,7 @@ spec:
@@ -108,9 +108,7 @@ spec:
mountPath: /etc/heat/policy.yaml
subPath: policy.yaml
readOnly: true
@ -538,7 +540,7 @@ index ad048ecf..3401f06f 100644
{{ if $mounts_heat_engine.volumeMounts }}{{ toYaml $mounts_heat_engine.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -124,8 +122,6 @@ spec:
@@ -125,8 +123,6 @@ spec:
secret:
secretName: heat-etc
defaultMode: 0444
@ -604,11 +606,11 @@ index bd6b228c..161a5aaa 100644
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/heat/templates/secret-db.yaml b/heat/templates/secret-db.yaml
index ef020d16..39ba92ae 100644
index 2a89ab8c..fbf368af 100644
--- a/heat/templates/secret-db.yaml
+++ b/heat/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -619,7 +621,7 @@ index ef020d16..39ba92ae 100644
{{- end }}
-{{- end }}
diff --git a/heat/templates/secret-rabbitmq.yaml b/heat/templates/secret-rabbitmq.yaml
index ca1ea8c3..71bde15d 100644
index 7aa12371..91627ac9 100644
--- a/heat/templates/secret-rabbitmq.yaml
+++ b/heat/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
@ -633,10 +635,10 @@ index ca1ea8c3..71bde15d 100644
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index 8d251745..b53a051d 100644
index 32013af7..bd6db03b 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -163,7 +163,6 @@ spec:
@@ -174,7 +174,6 @@ spec:
subPath: favicon.ico
{{- end }}
{{- dict "enabled" (or $envAll.Values.manifests.certificates $envAll.Values.tls.identity) "name" $envAll.Values.secrets.tls.dashboard.dashboard.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -644,7 +646,7 @@ index 8d251745..b53a051d 100644
{{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -185,7 +184,6 @@ spec:
@@ -196,7 +195,6 @@ spec:
configMap:
name: horizon-logo
{{- end }}
@ -700,11 +702,11 @@ index c2229cdd..6805bfa9 100644
{{ if $mounts_horizon_db_sync.volumes }}{{ toYaml $mounts_horizon_db_sync.volumes | indent 6 }}{{ end }}
{{- end }}
diff --git a/horizon/templates/secret-db.yaml b/horizon/templates/secret-db.yaml
index cfc7dac0..e05d140a 100644
index cd4d3107..7f99c555 100644
--- a/horizon/templates/secret-db.yaml
+++ b/horizon/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -715,10 +717,10 @@ index cfc7dac0..e05d140a 100644
{{- end }}
-{{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 73b0d465..e564859c 100644
index a4033a5c..cc45777b 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -395,15 +395,6 @@ conf:
@@ -407,15 +407,6 @@ conf:
'PASSWORD': '{{ .Values.endpoints.oslo_db.auth.horizon.password }}',
'HOST': '{{ tuple "oslo_db" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }}',
'default-character-set': 'utf8',
@ -788,45 +790,38 @@ index cde64386..0c2e9e38 100644
{{- if empty .Values.conf.keystone.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "keystone" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.keystone.DEFAULT "transport_url" -}}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 619203f0..882eff33 100644
index 7130ecaf..86eb0dce 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -150,15 +150,9 @@ spec:
@@ -151,11 +151,9 @@ spec:
{{- end }}
- name: keystone-credential-keys
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- end }}
-{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- end }}
-{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -192,14 +186,8 @@ spec:
@@ -190,11 +188,9 @@ spec:
- name: keystone-credential-keys
secret:
secretName: keystone-credential-keys
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- end }}
-{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- if and $envAll.Values.manifests.certificates .Values.secrets.tls.identity.api.public }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- end }}
-{{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- end }}
-{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml
index fcd7f11f..097b4450 100644
index 9f268027..37a161ef 100644
--- a/keystone/templates/job-credential-cleanup.yaml
+++ b/keystone/templates/job-credential-cleanup.yaml
@@ -72,10 +72,6 @@ spec:
@@ -73,10 +73,6 @@ spec:
value: {{ $dbToClean.configDbSection | quote }}
- name: OPENSTACK_CONFIG_DB_KEY
value: {{ $dbToClean.configDbKey | quote }}
@ -837,7 +832,7 @@ index fcd7f11f..097b4450 100644
{{- end }}
command:
- python
@@ -98,9 +94,6 @@ spec:
@@ -99,9 +95,6 @@ spec:
mountPath: {{ $dbToClean.logConfigFile | quote }}
subPath: {{ base $dbToClean.logConfigFile | quote }}
readOnly: true
@ -847,7 +842,7 @@ index fcd7f11f..097b4450 100644
{{- end }}
volumes:
- name: pod-tmp
@@ -109,9 +102,6 @@ spec:
@@ -110,9 +103,6 @@ spec:
configMap:
name: "keystone-bin"
defaultMode: 0555
@ -886,10 +881,10 @@ index 757b705e..42f25c6f 100644
{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
index 08e82d78..c61861e3 100644
index 37db4464..a813e299 100644
--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@@ -53,12 +53,6 @@ volumeMounts:
@@ -57,12 +57,6 @@ volumeMounts:
- name: keystone-fernet-keys
mountPath: {{ $envAll.Values.conf.keystone.fernet_tokens.key_repository }}
readOnly: true
@ -902,7 +897,7 @@ index 08e82d78..c61861e3 100644
{{- end }}
{{- define "keystone.templates._job_db_sync.pod_vols" -}}
@@ -67,12 +61,6 @@ volumes:
@@ -71,12 +65,6 @@ volumes:
- name: keystone-fernet-keys
secret:
secretName: keystone-fernet-keys
@ -916,25 +911,25 @@ index 08e82d78..c61861e3 100644
{{- if .Values.manifests.job_db_sync }}
diff --git a/keystone/templates/job-rabbit-init.yaml b/keystone/templates/job-rabbit-init.yaml
index 02390adf..64234cc0 100644
index e07bd1e4..64234cc0 100644
--- a/keystone/templates/job-rabbit-init.yaml
+++ b/keystone/templates/job-rabbit-init.yaml
@@ -19,9 +19,6 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
-{{- if and .Values.manifests.certificates .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- if and .Values.tls.oslo_messaging .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
-{{- end -}}
{{- if .Values.pod.tolerations.keystone.enabled -}}
{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
{{- end -}}
diff --git a/keystone/templates/secret-db.yaml b/keystone/templates/secret-db.yaml
index 55ff5937..16d6d4aa 100644
index 3a11383a..be035966 100644
--- a/keystone/templates/secret-db.yaml
+++ b/keystone/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -945,7 +940,7 @@ index 55ff5937..16d6d4aa 100644
{{- end }}
-{{- end }}
diff --git a/keystone/templates/secret-rabbitmq.yaml b/keystone/templates/secret-rabbitmq.yaml
index fb7c7041..37cb70ac 100644
index fe5cad4b..162ae4d4 100644
--- a/keystone/templates/secret-rabbitmq.yaml
+++ b/keystone/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
@ -959,7 +954,7 @@ index fb7c7041..37cb70ac 100644
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml
index c8c37ed8..6c5615ea 100644
index 0fd7aa3a..cdd97729 100644
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@@ -59,11 +59,7 @@ limitations under the License.
@ -975,10 +970,10 @@ index c8c37ed8..6c5615ea 100644
{{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}}
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index f2a5a856..7971c22e 100644
index 17e15f8e..4a586673 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -244,7 +244,6 @@ spec:
@@ -245,7 +245,6 @@ spec:
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
@ -986,7 +981,7 @@ index f2a5a856..7971c22e 100644
{{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -273,7 +272,6 @@ spec:
@@ -274,7 +273,6 @@ spec:
hostPath:
path: /run/netns
{{- end }}
@ -995,10 +990,10 @@ index f2a5a856..7971c22e 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml
index 2bb2fdcd..1be06d83 100644
index e9481981..95447074 100644
--- a/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/neutron/templates/daemonset-l2gw-agent.yaml
@@ -135,7 +135,6 @@ spec:
@@ -136,7 +136,6 @@ spec:
mountPath: /etc/neutron/l2gw_agent.ini
subPath: l2gw_agent.ini
readOnly: true
@ -1006,7 +1001,7 @@ index 2bb2fdcd..1be06d83 100644
{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -150,7 +149,6 @@ spec:
@@ -151,7 +150,6 @@ spec:
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
@ -1015,10 +1010,10 @@ index 2bb2fdcd..1be06d83 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 65cfe093..87ae948d 100644
index b4bbd096..5bddd62b 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -244,7 +244,6 @@ spec:
@@ -245,7 +245,6 @@ spec:
mountPath: /run/netns
mountPropagation: Bidirectional
{{- end }}
@ -1026,7 +1021,7 @@ index 65cfe093..87ae948d 100644
{{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -276,7 +275,6 @@ spec:
@@ -277,7 +276,6 @@ spec:
hostPath:
path: /run/netns
{{- end }}
@ -1035,10 +1030,10 @@ index 65cfe093..87ae948d 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index 7cb86372..6bacfdfa 100644
index 35ff8fe0..a7437b37 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -198,7 +198,6 @@ spec:
@@ -199,7 +199,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
@ -1046,7 +1041,7 @@ index 7cb86372..6bacfdfa 100644
{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -221,7 +220,6 @@ spec:
@@ -222,7 +221,6 @@ spec:
- name: host-rootfs
hostPath:
path: /
@ -1055,10 +1050,10 @@ index 7cb86372..6bacfdfa 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 8474ff38..4fd75da9 100644
index 4625765a..4319886c 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -193,7 +193,6 @@ spec:
@@ -194,7 +194,6 @@ spec:
mountPropagation: Bidirectional
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -1066,7 +1061,7 @@ index 8474ff38..4fd75da9 100644
{{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -217,7 +216,6 @@ spec:
@@ -218,7 +217,6 @@ spec:
path: /run/netns
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1075,10 +1070,10 @@ index 8474ff38..4fd75da9 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 5a2d0370..e4d29a43 100644
index 0ea60f58..a5ed5345 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -258,7 +258,6 @@ spec:
@@ -279,7 +279,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
@ -1086,7 +1081,7 @@ index 5a2d0370..e4d29a43 100644
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -289,7 +288,6 @@ spec:
@@ -310,7 +309,6 @@ spec:
path: /sys/bus/pci/devices
type: Directory
{{- end }}
@ -1095,10 +1090,10 @@ index 5a2d0370..e4d29a43 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index 4bf00216..539e3239 100644
index 5b96cd7c..07f5931c 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -212,7 +212,6 @@ spec:
@@ -213,7 +213,6 @@ spec:
{{- end }}
- name: run
mountPath: /run
@ -1106,7 +1101,7 @@ index 4bf00216..539e3239 100644
{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: host-sys-class-net
@@ -238,7 +237,6 @@ spec:
@@ -239,7 +238,6 @@ spec:
- name: run
hostPath:
path: /run
@ -1115,10 +1110,10 @@ index 4bf00216..539e3239 100644
{{- end }}
{{- end }}
diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
index 431225f0..95666069 100644
index 014c9adf..90d95d19 100644
--- a/neutron/templates/deployment-ironic-agent.yaml
+++ b/neutron/templates/deployment-ironic-agent.yaml
@@ -96,7 +96,6 @@ spec:
@@ -97,7 +97,6 @@ spec:
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
@ -1126,7 +1121,7 @@ index 431225f0..95666069 100644
{{ if $mounts_neutron_ironic_agent.volumeMounts }}{{ toYaml $mounts_neutron_ironic_agent.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -111,6 +110,5 @@ spec:
@@ -112,6 +111,5 @@ spec:
secret:
secretName: neutron-etc
defaultMode: 0444
@ -1134,10 +1129,10 @@ index 431225f0..95666069 100644
{{ if $mounts_neutron_ironic_agent.volumes }}{{ toYaml $mounts_neutron_ironic_agent.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 05391a43..6f56ef71 100644
index 6b236a33..f8a2492b 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -214,9 +214,7 @@ spec:
@@ -209,9 +209,7 @@ spec:
mountPath: /etc/neutron/policy.yaml
subPath: policy.yaml
readOnly: true
@ -1147,7 +1142,7 @@ index 05391a43..6f56ef71 100644
{{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -237,8 +235,6 @@ spec:
@@ -232,8 +230,6 @@ spec:
- name: neutron-plugin-shared
emptyDir: {}
{{- end }}
@ -1213,11 +1208,11 @@ index 0d08170d..685ee774 100644
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/neutron/templates/secret-db.yaml b/neutron/templates/secret-db.yaml
index 47d956fa..f9883908 100644
index 59d6d9c5..5e42748c 100644
--- a/neutron/templates/secret-db.yaml
+++ b/neutron/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -1227,10 +1222,10 @@ index 47d956fa..f9883908 100644
{{- end }}
{{- end }}
-{{- end }}
diff --git a/neutron/templates/secret_rabbitmq.yaml b/neutron/templates/secret_rabbitmq.yaml
index 16c70e4b..f6484145 100644
--- a/neutron/templates/secret_rabbitmq.yaml
+++ b/neutron/templates/secret_rabbitmq.yaml
diff --git a/neutron/templates/secret-rabbitmq.yaml b/neutron/templates/secret-rabbitmq.yaml
index fd3e24fb..aa7266a1 100644
--- a/neutron/templates/secret-rabbitmq.yaml
+++ b/neutron/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
@ -1242,7 +1237,7 @@ index 16c70e4b..f6484145 100644
{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
---
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 12ad86c7..5e3b61d3 100644
index 6f00a1ce..f1bba9c3 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -83,30 +83,18 @@ limitations under the License.
@ -1276,10 +1271,10 @@ index 12ad86c7..5e3b61d3 100644
{{- if empty .Values.conf.nova.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "nova" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.nova.DEFAULT "transport_url" -}}
@@ -283,11 +271,6 @@ data:
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
@@ -344,11 +332,6 @@ data:
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
nova-api-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_api_uwsgi | b64enc }}
nova-metadata-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_metadata_uwsgi | b64enc }}
-{{- if .Values.manifests.certificates }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_nova_api "key" "wsgi-api.conf" "format" "Secret" ) | indent 2 }}
@ -1326,10 +1321,10 @@ index b90b84e8..cb4e58c2 100644
{{- end }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index e8545f00..ebb3390b 100644
index 5b52745f..e4a6a506 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -432,7 +432,6 @@ spec:
@@ -449,7 +449,6 @@ spec:
readOnly: true
{{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -1337,7 +1332,7 @@ index e8545f00..ebb3390b 100644
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.network.ssh.enabled }}
- name: nova-compute-ssh
@@ -547,7 +546,6 @@ spec:
@@ -564,7 +563,6 @@ spec:
emptyDir: {}
{{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1346,10 +1341,10 @@ index e8545f00..ebb3390b 100644
{{- end }}
{{- end }}
diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
index f3820a6b..5b3505a3 100644
index ee5e38ea..066ef7ba 100644
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@@ -178,7 +178,6 @@ spec:
@@ -183,7 +183,6 @@ spec:
- name: pod-shared
mountPath: /tmp/pod-shared
readOnly: true
@ -1357,7 +1352,7 @@ index f3820a6b..5b3505a3 100644
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -198,7 +197,6 @@ spec:
@@ -203,7 +202,6 @@ spec:
defaultMode: 0444
- name: pod-shared
emptyDir: {}
@ -1366,10 +1361,10 @@ index f3820a6b..5b3505a3 100644
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
index 984204a2..d9f1c5f9 100644
index 04d70533..7aceeca1 100644
--- a/nova/templates/deployment-api-osapi.yaml
+++ b/nova/templates/deployment-api-osapi.yaml
@@ -126,9 +126,7 @@ spec:
@@ -131,9 +131,7 @@ spec:
mountPath: /etc/nova/api_audit_map.conf
subPath: api_audit_map.conf
readOnly: true
@ -1379,7 +1374,7 @@ index 984204a2..d9f1c5f9 100644
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -147,8 +145,6 @@ spec:
@@ -152,8 +150,6 @@ spec:
secret:
secretName: nova-etc
defaultMode: 0444
@ -1389,10 +1384,10 @@ index 984204a2..d9f1c5f9 100644
{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index 32bba2be..e7a0be61 100644
index 44ed2858..7cffbcc2 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -123,8 +123,6 @@ spec:
@@ -124,8 +124,6 @@ spec:
subPath: policy.yaml
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@ -1401,7 +1396,7 @@ index 32bba2be..e7a0be61 100644
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -138,7 +136,5 @@ spec:
@@ -139,7 +137,5 @@ spec:
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
@ -1410,33 +1405,33 @@ index 32bba2be..e7a0be61 100644
{{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index c9aae286..3a080926 100644
index aa547263..1491bffe 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -142,9 +142,7 @@ spec:
@@ -151,9 +151,7 @@ spec:
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -161,8 +159,6 @@ spec:
emptyDir: {}
- name: pod-shared
emptyDir: {}
@@ -176,8 +174,6 @@ spec:
secretName: {{ .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal }}
defaultMode: 0444
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index cd37ce99..b5220d5d 100644
index d3f4095c..ebc627af 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -122,9 +122,7 @@ spec:
@@ -123,9 +123,7 @@ spec:
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
@ -1446,7 +1441,7 @@ index cd37ce99..b5220d5d 100644
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -137,8 +135,6 @@ spec:
@@ -138,8 +136,6 @@ spec:
secret:
secretName: nova-etc
defaultMode: 0444
@ -1532,11 +1527,11 @@ index b5133d30..021801f8 100644
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
diff --git a/nova/templates/secret-db-api.yaml b/nova/templates/secret-db-api.yaml
index baf75b1e..120a68bb 100644
index de537031..6eba7f5b 100644
--- a/nova/templates/secret-db-api.yaml
+++ b/nova/templates/secret-db-api.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db_api" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -1547,11 +1542,11 @@ index baf75b1e..120a68bb 100644
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret-db-cell0.yaml b/nova/templates/secret-db-cell0.yaml
index 100b57fc..b6d34834 100644
index ac74bf94..ce97fedc 100644
--- a/nova/templates/secret-db-cell0.yaml
+++ b/nova/templates/secret-db-cell0.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db_cell0" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -1562,11 +1557,11 @@ index 100b57fc..b6d34834 100644
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret-db.yaml b/nova/templates/secret-db.yaml
index d9cbf8f4..c02bd8da 100644
index 885cae19..2bc0471c 100644
--- a/nova/templates/secret-db.yaml
+++ b/nova/templates/secret-db.yaml
@@ -24,10 +24,6 @@ metadata:
name: {{ $secretName }}
@@ -26,10 +26,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -1576,10 +1571,10 @@ index d9cbf8f4..c02bd8da 100644
{{- end }}
{{- end }}
-{{- end }}
diff --git a/nova/templates/secret_rabbitmq.yaml b/nova/templates/secret_rabbitmq.yaml
index b49f84ea..66451a05 100644
--- a/nova/templates/secret_rabbitmq.yaml
+++ b/nova/templates/secret_rabbitmq.yaml
diff --git a/nova/templates/secret-rabbitmq.yaml b/nova/templates/secret-rabbitmq.yaml
index 32f21690..87f0072c 100644
--- a/nova/templates/secret-rabbitmq.yaml
+++ b/nova/templates/secret-rabbitmq.yaml
@@ -15,9 +15,6 @@ limitations under the License.
{{- if .Values.manifests.secret_rabbitmq }}
{{- $envAll := . }}
@ -1608,21 +1603,21 @@ index c5880af2..e0053dde 100644
{{- if empty .Values.conf.placement.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_uri" -}}
diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
index 359d20f1..bf1920d1 100644
index 72800a05..de666892 100644
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@@ -122,7 +122,6 @@ spec:
mountPath: /etc/apache2/conf-enabled/wsgi-placement.conf
subPath: wsgi-placement.conf
readOnly: true
@@ -140,7 +140,6 @@ spec:
- name: log
mountPath: {{ .Values.conf.placement.DEFAULT.log_dir }}
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_placement.volumeMounts }}{{ toYaml $mounts_placement.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -138,7 +137,6 @@ spec:
secret:
secretName: placement-etc
defaultMode: 0444
@@ -162,7 +161,6 @@ spec:
path: {{ .Values.conf.placement.DEFAULT.log_dir }}
type: DirectoryOrCreate
{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.placement.api.public | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_placement.volumes }}{{ toYaml $mounts_placement.volumes | indent 8 }}{{ end }}
@ -1677,11 +1672,11 @@ index fea53d97..53807502 100644
\ No newline at end of file
+{{- end }}
diff --git a/placement/templates/secret-db.yaml b/placement/templates/secret-db.yaml
index 91beb970..45247e71 100644
index 0e9214c4..44797b85 100644
--- a/placement/templates/secret-db.yaml
+++ b/placement/templates/secret-db.yaml
@@ -26,10 +26,6 @@ metadata:
name: {{ $secretName }}
@@ -28,10 +28,6 @@ metadata:
{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
-{{- if $envAll.Values.manifests.certificates }}
@ -1692,5 +1687,4 @@ index 91beb970..45247e71 100644
{{- end }}
-{{- end }}
--
2.25.1
2.34.1

0
openstack-helm/debian/deb_folder/patches/0013-Fixing-cinder-helm-release-hooks-weights-helmv3.patch → openstack-helm/debian/deb_folder/patches/0009-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
View File

40
openstack-helm/debian/deb_folder/patches/0009-Replace-deprecated-Nova-VNC-configurations.patch
View File

@ -1,40 +0,0 @@
From 1cf04aef5dcfec540b71f5ccb2b9702d81ca0184 Mon Sep 17 00:00:00 2001
From: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
Date: Wed, 12 Jan 2022 17:46:10 -0300
Subject: [PATCH] Replace deprecated Nova VNC configurations
Replace deprecated opts of Nova VNC Server configurations.
Signed-off-by: Iago Estrela <IagoFilipe.EstrelaBarros@windriver.com>
[ upversioned openstack-helm base commit ]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I7103d2ae77bec442790a0bbed3aac53fe1e7641e
---
nova/templates/bin/_nova-console-proxy-init.sh.tpl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nova/templates/bin/_nova-console-proxy-init.sh.tpl b/nova/templates/bin/_nova-console-proxy-init.sh.tpl
index f3eb9f31..f3522c9c 100644
--- a/nova/templates/bin/_nova-console-proxy-init.sh.tpl
+++ b/nova/templates/bin/_nova-console-proxy-init.sh.tpl
@@ -19,7 +19,7 @@ set -ex
console_kind="{{- .Values.console.console_kind -}}"
if [ "${console_kind}" == "novnc" ] ; then
- client_address="{{- .Values.conf.nova.vnc.vncserver_proxyclient_address -}}"
+ client_address="{{- .Values.conf.nova.vnc.server_proxyclient_address -}}"
client_interface="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_interface -}}"
listen_ip="{{- .Values.conf.nova.vnc.server_listen -}}"
elif [ "${console_kind}" == "spice" ] ; then
@@ -49,7 +49,7 @@ fi
if [ "${console_kind}" == "novnc" ] ; then
cat <<EOF>/tmp/pod-shared/nova-vnc.ini
[vnc]
-vncserver_proxyclient_address = $client_address
+server_proxyclient_address = $client_address
server_listen = $listen_ip
novncproxy_host = $listen_ip
EOF
--
2.25.1

0
openstack-helm/debian/deb_folder/patches/0014-Fixing-nova-helm-release-hooks-and-weights.patch → openstack-helm/debian/deb_folder/patches/0010-Fixing-nova-helm-release-hooks-and-weights.patch
View File

0
openstack-helm/debian/deb_folder/patches/0015-Fixing-keystone-helm-release-hooks-and-weights.patch → openstack-helm/debian/deb_folder/patches/0011-Fixing-keystone-helm-release-hooks-and-weights.patch
View File

49
openstack-helm/debian/deb_folder/patches/0012-Update-RBAC-authorization-api-to-v1.patch
View File

@ -1,49 +0,0 @@
From 9d324a8f04154ad5f2a5f0271b62d6a6f6f5686b Mon Sep 17 00:00:00 2001
From: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Date: Mon, 18 Jul 2022 11:26:46 -0300
Subject: [PATCH] Update RBAC authorization api to v1
This change patches the correct apiVersion for RBAC authorization resources
to work correctly when stx-openstack is applied on stx with kubernetes 1.22+
running [1]. This fix is part of the solution of the problem described in [2].
Test Plan:
PASS - Build stx-openstack armada tarball (CentOS)
PASS - Upload stx-openstack on Stx7.0/master build
PASS - Apply stx-openstck on a Stx7.0/master build
PASS - Ensure that nova related pods are up
[1] https://kubernetes.io/docs/reference/using-api/deprecation-guide/#rbac-resources-v122
[2] https://bugs.launchpad.net/starlingx/+bug/1980397
Signed-off-by: Rafael Falcao <rafael.vieirafalcao@windriver.com>
Change-Id: I1c62e24d6baf34953770336f18b4f185cdf33139
---
nova/templates/job-storage-init.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/nova/templates/job-storage-init.yaml b/nova/templates/job-storage-init.yaml
index f3850b4b..e79b05ea 100644
--- a/nova/templates/job-storage-init.yaml
+++ b/nova/templates/job-storage-init.yaml
@@ -18,7 +18,7 @@ limitations under the License.
{{- $serviceAccountName := "nova-storage-init" }}
{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $serviceAccountName }}
@@ -33,7 +33,7 @@ rules:
- update
- patch
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ $serviceAccountName }}
--
2.25.1

0
openstack-helm/debian/deb_folder/patches/0016-Update-user-in-cinder-related-pods.patch → openstack-helm/debian/deb_folder/patches/0012-Update-user-in-cinder-related-pods.patch
View File

0
openstack-helm/debian/deb_folder/patches/0017-Support-ceph-dev-version-during-pool-creation.patch → openstack-helm/debian/deb_folder/patches/0013-Support-ceph-dev-version-during-pool-creation.patch
View File

0
openstack-helm/debian/deb_folder/patches/0018-Update-charts-requirements-to-use-local-server.patch → openstack-helm/debian/deb_folder/patches/0014-Update-charts-requirements-to-use-local-server.patch
View File

40
openstack-helm/debian/deb_folder/patches/0015-Add-service-tokens-for-Cinder-auth.patch Normal file
View File

@ -0,0 +1,40 @@
From b327cf3e379dd1a28e9e1491774c11e1209a1476 Mon Sep 17 00:00:00 2001
From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
Date: Tue, 26 Sep 2023 16:16:04 -0300
Subject: [PATCH] Add service tokens for Cinder auth
Since version 22.1.0 of Cinder, it requires Nova to configure service
tokens in order to manipulate volumes [1], meaning that if that's not
configured, Nova will not be able to create VMs by volume. The commit
configured for StarlingX's openstack-helm package does not include this
configuration, which was done later by [2] and [3].
This patch includes commits [2] and [3] in order to allow Nova to create
VMs by volumes.
[1] https://docs.openstack.org/releasenotes/cinder/2023.1.html#upgrade-notes
[2] https://opendev.org/openstack/openstack-helm/commit/91c8a5baf2cf2f0dddded57d88f00ea11dd4ff4a
[3] https://opendev.org/openstack/openstack-helm/commit/7d39af25fddbf5fc67e15c92a9265f28567a214e
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
[ Upversioned openstack-helm-infra base commit to Caracal ]
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>
---
nova/values.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/nova/values.yaml b/nova/values.yaml
index e5baeba0..5cc60057 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -1441,6 +1441,8 @@ conf:
auth_version: v3
cinder:
catalog_info: volumev3::internalURL
+ auth_url: null
+ auth_type: password
database:
max_retries: -1
api_database:
--
2.34.1

243
openstack-helm/debian/deb_folder/patches/0021-Add-app.starlingx.io-component-label-to-pods.patch → openstack-helm/debian/deb_folder/patches/0016-Add-app.starlingx.io-component-label-to-pods.patch
View File

@ -133,7 +133,7 @@ index ec0b58f7..6a984840 100644
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
diff --git a/aodh/templates/deployment-api.yaml b/aodh/templates/deployment-api.yaml
index 8c4f86cb..9e957f2e 100644
index 76919551..d795f214 100644
--- a/aodh/templates/deployment-api.yaml
+++ b/aodh/templates/deployment-api.yaml
@@ -40,11 +40,13 @@ spec:
@ -147,11 +147,11 @@ index 8c4f86cb..9e957f2e 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "aodh_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/aodh/templates/deployment-evaluator.yaml b/aodh/templates/deployment-evaluator.yaml
index 8363332d..2c40bd8c 100644
index 2f6b8861..83e9e26d 100644
--- a/aodh/templates/deployment-evaluator.yaml
+++ b/aodh/templates/deployment-evaluator.yaml
@@ -40,11 +40,13 @@ spec:
@ -165,11 +165,11 @@ index 8363332d..2c40bd8c 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "aodh_evaluator" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/aodh/templates/deployment-listener.yaml b/aodh/templates/deployment-listener.yaml
index 0a95a66a..c2fa5dfc 100644
index cca9fb16..e28641b7 100644
--- a/aodh/templates/deployment-listener.yaml
+++ b/aodh/templates/deployment-listener.yaml
@@ -40,11 +40,13 @@ spec:
@ -183,11 +183,11 @@ index 0a95a66a..c2fa5dfc 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "aodh_listener" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/aodh/templates/deployment-notifier.yaml b/aodh/templates/deployment-notifier.yaml
index 2c114e01..e1974264 100644
index eed5d80b..0eb4a44d 100644
--- a/aodh/templates/deployment-notifier.yaml
+++ b/aodh/templates/deployment-notifier.yaml
@@ -40,11 +40,13 @@ spec:
@ -201,9 +201,9 @@ index 2c114e01..e1974264 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "aodh_notifier" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "aodh" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/aodh/templates/pod-aodh-test.yaml b/aodh/templates/pod-aodh-test.yaml
index dc4b816d..2d26dc0a 100644
--- a/aodh/templates/pod-aodh-test.yaml
@ -220,7 +220,7 @@ index dc4b816d..2d26dc0a 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
diff --git a/aodh/values.yaml b/aodh/values.yaml
index 660bc26f..5da6eb61 100644
index fa655590..c33795e2 100644
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@@ -21,6 +21,7 @@
@ -232,7 +232,7 @@ index 660bc26f..5da6eb61 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
index 4e281d91..34b40cd2 100644
index 8ae9ea42..7a8ec605 100644
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@@ -38,11 +38,13 @@ spec:
@ -246,9 +246,9 @@ index 4e281d91..34b40cd2 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "barbican_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml
index f4143564..183f9766 100644
--- a/barbican/templates/pod-test.yaml
@ -265,7 +265,7 @@ index f4143564..183f9766 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 09e21983..9bea5035 100644
index c5c8495f..b3ed693c 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -17,6 +17,7 @@
@ -277,7 +277,7 @@ index 09e21983..9bea5035 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/ceilometer/templates/daemonset-compute.yaml b/ceilometer/templates/daemonset-compute.yaml
index 983833c5..630b0f34 100644
index 07536d44..a1323f66 100644
--- a/ceilometer/templates/daemonset-compute.yaml
+++ b/ceilometer/templates/daemonset-compute.yaml
@@ -37,11 +37,13 @@ spec:
@ -291,11 +291,11 @@ index 983833c5..630b0f34 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/daemonset-ipmi.yaml b/ceilometer/templates/daemonset-ipmi.yaml
index a5b254ed..8c0b4f3f 100644
index 619a2168..7ec95e36 100644
--- a/ceilometer/templates/daemonset-ipmi.yaml
+++ b/ceilometer/templates/daemonset-ipmi.yaml
@@ -37,11 +37,13 @@ spec:
@ -309,11 +309,11 @@ index a5b254ed..8c0b4f3f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_ipmi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/deployment-api.yaml b/ceilometer/templates/deployment-api.yaml
index 2300f4cf..5c0ec377 100644
index d82478ab..2c9ef26a 100644
--- a/ceilometer/templates/deployment-api.yaml
+++ b/ceilometer/templates/deployment-api.yaml
@@ -38,11 +38,13 @@ spec:
@ -327,11 +327,11 @@ index 2300f4cf..5c0ec377 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/deployment-central.yaml b/ceilometer/templates/deployment-central.yaml
index b38870a4..85ffb014 100644
index 15fae959..607c9c98 100644
--- a/ceilometer/templates/deployment-central.yaml
+++ b/ceilometer/templates/deployment-central.yaml
@@ -38,11 +38,13 @@ spec:
@ -345,11 +345,11 @@ index b38870a4..85ffb014 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_central" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/deployment-collector.yaml b/ceilometer/templates/deployment-collector.yaml
index 25a4e3e9..046a9bdc 100644
index 5a10a0b0..5a187832 100644
--- a/ceilometer/templates/deployment-collector.yaml
+++ b/ceilometer/templates/deployment-collector.yaml
@@ -38,11 +38,13 @@ spec:
@ -363,11 +363,11 @@ index 25a4e3e9..046a9bdc 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_collector" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/deployment-notification.yaml b/ceilometer/templates/deployment-notification.yaml
index 15594311..f7b782a3 100644
index 33b2c382..bdb3719f 100644
--- a/ceilometer/templates/deployment-notification.yaml
+++ b/ceilometer/templates/deployment-notification.yaml
@@ -38,11 +38,13 @@ spec:
@ -381,9 +381,9 @@ index 15594311..f7b782a3 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ceilometer_notification" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ceilometer/templates/job-db-init-mongodb.yaml b/ceilometer/templates/job-db-init-mongodb.yaml
index c8fdda99..669bcba0 100644
--- a/ceilometer/templates/job-db-init-mongodb.yaml
@ -416,7 +416,7 @@ index 040836e5..b3136dbb 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index 23df30e2..3e8d477b 100644
index 3bc5bd0e..d50722cf 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -19,6 +19,7 @@
@ -443,7 +443,7 @@ index 89ac96c7..b0dd6498 100644
spec:
{{ dict "envAll" $envAll "application" "volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index e5ba5137..3f4e941a 100644
index aef5bf36..2fbe775e 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -42,11 +42,13 @@ spec:
@ -457,11 +457,11 @@ index e5ba5137..3f4e941a 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "cinder_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "cinder-api" "containerNames" (list "cinder-api" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
index f29ae13a..6499019f 100755
index ae1d21fc..4d94a2e1 100644
--- a/cinder/templates/deployment-backup.yaml
+++ b/cinder/templates/deployment-backup.yaml
@@ -40,11 +40,13 @@ spec:
@ -475,11 +475,11 @@ index f29ae13a..6499019f 100755
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "cinder_backup" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "cinder-backup" "containerNames" (list "cinder-backup" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
index 9a3d4764..7519091f 100644
index 78469274..29cad115 100644
--- a/cinder/templates/deployment-scheduler.yaml
+++ b/cinder/templates/deployment-scheduler.yaml
@@ -42,11 +42,13 @@ spec:
@ -493,11 +493,11 @@ index 9a3d4764..7519091f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "cinder_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "cinder-scheduler" "containerNames" (list "cinder-scheduler" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
index e1295a55..63eb2422 100755
index b2523591..3b1d1411 100644
--- a/cinder/templates/deployment-volume.yaml
+++ b/cinder/templates/deployment-volume.yaml
@@ -44,11 +44,13 @@ spec:
@ -511,9 +511,9 @@ index e1295a55..63eb2422 100755
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "cinder_volume" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "cinder-volume" "containerNames" (list "cinder-volume" "ceph-coordination-volume-perms" "init-cinder-conf" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml
index 62db734b..1f1fa3fa 100644
--- a/cinder/templates/job-backup-storage-init.yaml
@ -590,7 +590,7 @@ index 14b83620..ae44826e 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "cinder-test" "containerNames" (list "init" "cinder-test" "cinder-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index ddc5d632..0496c2cc 100644
index f47e178c..16516491 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -19,6 +19,7 @@
@ -602,10 +602,10 @@ index ddc5d632..0496c2cc 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 27df2730..956639dc 100644
index 3b285b16..3ba5f17a 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -38,11 +38,13 @@ spec:
@@ -52,11 +52,13 @@ spec:
template:
metadata:
labels:
@ -616,9 +616,9 @@ index 27df2730..956639dc 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "glance_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "glance-api" "containerNames" ( list "glance-perms" "glance-api" "init" "nginx" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/glance/templates/job-clean.yaml b/glance/templates/job-clean.yaml
index 26977c08..198a1557 100644
--- a/glance/templates/job-clean.yaml
@ -680,7 +680,7 @@ index 6732c239..f2779caf 100644
{{ dict "envAll" $envAll "podName" "glance-test" "containerNames" (list "init" "glance-test" "glance-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
diff --git a/glance/values.yaml b/glance/values.yaml
index d15b77ac..ed8fd754 100644
index 1cbf4282..3a6a14f9 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -20,6 +20,7 @@
@ -692,7 +692,7 @@ index d15b77ac..ed8fd754 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml
index fb3e97ce..88ac6113 100644
index 5e425167..dff13028 100644
--- a/heat/templates/cron-job-engine-cleaner.yaml
+++ b/heat/templates/cron-job-engine-cleaner.yaml
@@ -45,6 +45,7 @@ spec:
@ -704,7 +704,7 @@ index fb3e97ce..88ac6113 100644
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 12 }}
diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml
index ffc93a8d..489fbf9f 100644
index 9e3be164..6ce7278a 100644
--- a/heat/templates/cron-job-purge-deleted.yaml
+++ b/heat/templates/cron-job-purge-deleted.yaml
@@ -42,8 +42,10 @@ spec:
@ -716,10 +716,10 @@ index ffc93a8d..489fbf9f 100644
annotations:
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 12 }}
{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 12 }}
spec:
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index ad7bdaff..178bedda 100644
index e4c6b1de..d2c14651 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -38,11 +38,13 @@ spec:
@ -733,11 +733,11 @@ index ad7bdaff..178bedda 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "heat_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "heat-api" "containerNames" (list "heat-api" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml
index 2f2be024..abc0f59d 100644
index 00647372..22f037eb 100644
--- a/heat/templates/deployment-cfn.yaml
+++ b/heat/templates/deployment-cfn.yaml
@@ -38,11 +38,13 @@ spec:
@ -751,11 +751,11 @@ index 2f2be024..abc0f59d 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "heat_cfn" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "heat-cfn" "containerNames" (list "heat-cfn" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml
index f1f73535..0abe6b5a 100644
index f9cc2407..222bd8ca 100644
--- a/heat/templates/deployment-cloudwatch.yaml
+++ b/heat/templates/deployment-cloudwatch.yaml
@@ -38,11 +38,13 @@ spec:
@ -769,11 +769,11 @@ index f1f73535..0abe6b5a 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "heat_cloudwatch" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml
index 3401f06f..08af1501 100644
index cee5d4f7..39ec4678 100644
--- a/heat/templates/deployment-engine.yaml
+++ b/heat/templates/deployment-engine.yaml
@@ -44,12 +44,14 @@ spec:
@ -788,9 +788,9 @@ index 3401f06f..08af1501 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "heat_engine" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "heat-engine" "containerNames" (list "heat-engine" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
{{- end }}
spec:
diff --git a/heat/templates/job-ks-user-domain.yaml b/heat/templates/job-ks-user-domain.yaml
index 16ba3d3c..410f8f7e 100644
--- a/heat/templates/job-ks-user-domain.yaml
@ -843,7 +843,7 @@ index 4dc8154b..36714701 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
diff --git a/heat/values.yaml b/heat/values.yaml
index ce61e7dd..5a0e4cba 100644
index 1808e981..24dc69d5 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -19,6 +19,7 @@
@ -855,7 +855,7 @@ index ce61e7dd..5a0e4cba 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
index 6f4ffe8e..cb44ca8f 100644
index bd6db03b..76d64b38 100644
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@@ -38,11 +38,13 @@ spec:
@ -869,9 +869,9 @@ index 6f4ffe8e..cb44ca8f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ dict "envAll" $envAll "podName" "horizon" "containerNames" (list "horizon" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ tuple "horizon" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{- if .Values.manifests.configmap_logo }}
configmap-logo-hash: {{ tuple "configmap-logo.yaml" . | include "helm-toolkit.utils.hash" }}
diff --git a/horizon/templates/job-db-sync.yaml b/horizon/templates/job-db-sync.yaml
index 6805bfa9..b14ecfe6 100644
--- a/horizon/templates/job-db-sync.yaml
@ -903,10 +903,10 @@ index 979402a7..868bac82 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "horizon-test" "containerNames" (list "init" "horizon-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 1ca7c365..7aa8519d 100644
index cc45777b..3a722c6a 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -35,6 +35,7 @@ images:
@@ -38,6 +38,7 @@ selenium_v4: true
release_group: null
labels:
@ -915,7 +915,7 @@ index 1ca7c365..7aa8519d 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml
index 52dd785b..62acfc6e 100644
index 7d4b8387..cdc6629e 100644
--- a/ironic/templates/deployment-api.yaml
+++ b/ironic/templates/deployment-api.yaml
@@ -38,11 +38,13 @@ spec:
@ -929,14 +929,14 @@ index 52dd785b..62acfc6e 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "ironic_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ironic/templates/job-manage-cleaning-network.yaml b/ironic/templates/job-manage-cleaning-network.yaml
index 18e94769..abc6f339 100644
index 48e8d729..400bec5b 100644
--- a/ironic/templates/job-manage-cleaning-network.yaml
+++ b/ironic/templates/job-manage-cleaning-network.yaml
@@ -32,7 +32,10 @@ spec:
@@ -33,7 +33,10 @@ spec:
template:
metadata:
labels:
@ -948,7 +948,7 @@ index 18e94769..abc6f339 100644
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml
index 43be9776..de7a1890 100644
index cb46b9ed..e28d48a4 100644
--- a/ironic/templates/statefulset-conductor.yaml
+++ b/ironic/templates/statefulset-conductor.yaml
@@ -38,11 +38,13 @@ spec:
@ -966,7 +966,7 @@ index 43be9776..de7a1890 100644
serviceAccountName: {{ $serviceAccountName }}
affinity:
diff --git a/ironic/values.yaml b/ironic/values.yaml
index 89fe1aec..39643ae8 100644
index 25a26880..6a857bb9 100644
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@@ -21,6 +21,7 @@ release_group: null
@ -1008,7 +1008,7 @@ index a059f929..39c53972 100644
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "fernet_rotate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 882eff33..4790d6cb 100644
index 86eb0dce..f8b5d91a 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -45,11 +45,13 @@ spec:
@ -1022,14 +1022,14 @@ index 882eff33..4790d6cb 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "keystone_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "keystone-api" "containerNames" (list "keystone-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml
index 097b4450..cd84747c 100644
index 37a161ef..b249476d 100644
--- a/keystone/templates/job-credential-cleanup.yaml
+++ b/keystone/templates/job-credential-cleanup.yaml
@@ -37,11 +37,13 @@ spec:
@@ -38,11 +38,13 @@ spec:
template:
metadata:
labels:
@ -1044,10 +1044,10 @@ index 097b4450..cd84747c 100644
spec:
serviceAccountName: {{ $serviceName }}
diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml
index 5e6edc6f..93938169 100644
index 38ff3c8b..a97fe27d 100644
--- a/keystone/templates/job-credential-setup.yaml
+++ b/keystone/templates/job-credential-setup.yaml
@@ -66,11 +66,13 @@ spec:
@@ -67,11 +67,13 @@ spec:
template:
metadata:
labels:
@ -1062,10 +1062,10 @@ index 5e6edc6f..93938169 100644
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml
index 679a009c..93322646 100644
index 50e76b8d..4282757f 100644
--- a/keystone/templates/job-domain-manage.yaml
+++ b/keystone/templates/job-domain-manage.yaml
@@ -34,11 +34,13 @@ spec:
@@ -35,11 +35,13 @@ spec:
template:
metadata:
labels:
@ -1080,10 +1080,10 @@ index 679a009c..93322646 100644
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml
index 1505ffad..7bcad337 100644
index d52aa6ce..ee64d6a2 100644
--- a/keystone/templates/job-fernet-setup.yaml
+++ b/keystone/templates/job-fernet-setup.yaml
@@ -66,11 +66,13 @@ spec:
@@ -67,11 +67,13 @@ spec:
template:
metadata:
labels:
@ -1113,7 +1113,7 @@ index 2d5e9528..5e5517c0 100644
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "keystone-test" "containerNames" (list "init" "keystone-test" "keystone-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index ace7e976..2eea531d 100644
index 2d3f8aaf..d0a7a901 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -17,6 +17,7 @@
@ -1125,7 +1125,7 @@ index ace7e976..2eea531d 100644
node_selector_key: openstack-control-plane
node_selector_value: enabled
diff --git a/neutron/templates/daemonset-bagpipe-bgp.yaml b/neutron/templates/daemonset-bagpipe-bgp.yaml
index 9e6393ef..02c6ae74 100644
index b6d2157e..96fe11e4 100644
--- a/neutron/templates/daemonset-bagpipe-bgp.yaml
+++ b/neutron/templates/daemonset-bagpipe-bgp.yaml
@@ -49,11 +49,13 @@ spec:
@ -1139,11 +1139,11 @@ index 9e6393ef..02c6ae74 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_bagpipe_bgp" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_bagpipe_bgp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
index 7971c22e..beb1a09f 100644
index 4a586673..71b57e26 100644
--- a/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/neutron/templates/daemonset-dhcp-agent.yaml
@@ -70,11 +70,13 @@ spec:
@ -1157,11 +1157,11 @@ index 7971c22e..beb1a09f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_dhcp_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-dhcp-agent-default" "containerNames" (list "neutron-dhcp-agent" "neutron-dhcp-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml
index 1be06d83..5a1a7ca9 100644
index 95447074..01679ac8 100644
--- a/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/neutron/templates/daemonset-l2gw-agent.yaml
@@ -72,11 +72,13 @@ spec:
@ -1175,11 +1175,11 @@ index 1be06d83..5a1a7ca9 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_l2gw_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
index 87ae948d..56c8d57d 100644
index 5bddd62b..5f62f6cb 100644
--- a/neutron/templates/daemonset-l3-agent.yaml
+++ b/neutron/templates/daemonset-l3-agent.yaml
@@ -71,11 +71,13 @@ spec:
@ -1193,11 +1193,11 @@ index 87ae948d..56c8d57d 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_l3_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-l3-agent-default" "containerNames" (list "neutron-l3-agent" "init" "neutron-l3-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
index 6bacfdfa..3046fe5f 100644
index a7437b37..754e692f 100644
--- a/neutron/templates/daemonset-lb-agent.yaml
+++ b/neutron/templates/daemonset-lb-agent.yaml
@@ -47,11 +47,13 @@ spec:
@ -1211,11 +1211,11 @@ index 6bacfdfa..3046fe5f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_lb_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_lb_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
index 4fd75da9..1d4c0466 100644
index 4319886c..22b89402 100644
--- a/neutron/templates/daemonset-metadata-agent.yaml
+++ b/neutron/templates/daemonset-metadata-agent.yaml
@@ -67,11 +67,13 @@ spec:
@ -1229,11 +1229,11 @@ index 4fd75da9..1d4c0466 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_metadata_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-metadata-agent-default" "containerNames" (list "neutron-metadata-agent" "neutron-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-netns-cleanup-cron.yaml b/neutron/templates/daemonset-netns-cleanup-cron.yaml
index c512d17a..4a05fc3e 100644
index d43c5950..a91a1ade 100644
--- a/neutron/templates/daemonset-netns-cleanup-cron.yaml
+++ b/neutron/templates/daemonset-netns-cleanup-cron.yaml
@@ -39,11 +39,13 @@ spec:
@ -1247,11 +1247,11 @@ index c512d17a..4a05fc3e 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_netns_cleanup_cron" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-netns-cleanup-cron-default" "containerNames" (list "neutron-netns-cleanup-cron" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_netns_cleanup_cron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml
index 511eb260..b733b86a 100644
index 47e12567..4f2a44fe 100644
--- a/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -67,11 +67,13 @@ spec:
@ -1265,11 +1265,11 @@ index 511eb260..b733b86a 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_ovn_metadata_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index e4d29a43..b493fe85 100644
index a5ed5345..13841f80 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -50,11 +50,13 @@ spec:
@ -1283,11 +1283,11 @@ index e4d29a43..b493fe85 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_ovs_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "$configMapName" "containerNames" (list "neutron-ovs-agent" "init" "neutron-openvswitch-agent-kernel-modules" "neutron-ovs-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ovs_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
index 539e3239..a7c00e42 100644
index 07f5931c..d8977e69 100644
--- a/neutron/templates/daemonset-sriov-agent.yaml
+++ b/neutron/templates/daemonset-sriov-agent.yaml
@@ -53,11 +53,13 @@ spec:
@ -1301,11 +1301,11 @@ index 539e3239..a7c00e42 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_sriov_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-sriov-agent-default" "containerNames" (list "neutron-sriov-agent-init" "init" "neutron-sriov-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
index 95666069..80ca488e 100644
index 90d95d19..8b9abf18 100644
--- a/neutron/templates/deployment-ironic-agent.yaml
+++ b/neutron/templates/deployment-ironic-agent.yaml
@@ -41,11 +41,13 @@ spec:
@ -1319,11 +1319,11 @@ index 95666069..80ca488e 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_ironic_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
index 6f56ef71..50940593 100644
index f8a2492b..b2fdd452 100644
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@@ -54,11 +54,13 @@ spec:
@ -1337,9 +1337,9 @@ index 6f56ef71..50940593 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "neutron_server" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "neutron-server" "containerNames" (list "neutron-server" "init" "nginx") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml
index 8f289bf7..300658e9 100644
--- a/neutron/templates/pod-rally-test.yaml
@ -1357,10 +1357,10 @@ index 8f289bf7..300658e9 100644
{{ dict "envAll" $envAll "podName" "neutron-test" "containerNames" (list "init" "neutron-test" "neutron-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
diff --git a/neutron/values.yaml b/neutron/values.yaml
index c71a40cf..9f8666fc 100644
index db4a6bf0..2c7d8233 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -53,6 +53,7 @@ images:
@@ -57,6 +57,7 @@ images:
- image_repo_sync
labels:
@ -1414,10 +1414,10 @@ index 0da8c5e1..c5a9e55b 100644
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "service_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
index ebb3390b..1a117456 100644
index e4a6a506..f795eece 100644
--- a/nova/templates/daemonset-compute.yaml
+++ b/nova/templates/daemonset-compute.yaml
@@ -68,8 +68,10 @@ spec:
@@ -83,8 +83,10 @@ spec:
template:
metadata:
labels:
@ -1427,9 +1427,9 @@ index ebb3390b..1a117456 100644
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
{{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
index 5b3505a3..0afa28a8 100644
index 066ef7ba..691c1840 100644
--- a/nova/templates/deployment-api-metadata.yaml
+++ b/nova/templates/deployment-api-metadata.yaml
@@ -52,11 +52,13 @@ spec:
@ -1443,11 +1443,11 @@ index 5b3505a3..0afa28a8 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_api_metadata" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
index d9f1c5f9..8b412f3f 100644
index 7aceeca1..8e12ceaa 100644
--- a/nova/templates/deployment-api-osapi.yaml
+++ b/nova/templates/deployment-api-osapi.yaml
@@ -52,11 +52,13 @@ spec:
@ -1461,11 +1461,11 @@ index d9f1c5f9..8b412f3f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
index e7a0be61..dc07dcf5 100644
index 7cffbcc2..b9943c04 100644
--- a/nova/templates/deployment-conductor.yaml
+++ b/nova/templates/deployment-conductor.yaml
@@ -61,11 +61,13 @@ spec:
@ -1479,14 +1479,14 @@ index e7a0be61..dc07dcf5 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_conductor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-conductor" "containerNames" (list "nova-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
index 3a080926..f7da8971 100644
index 1491bffe..15a7ca47 100644
--- a/nova/templates/deployment-novncproxy.yaml
+++ b/nova/templates/deployment-novncproxy.yaml
@@ -48,11 +48,13 @@ spec:
@@ -50,11 +50,13 @@ spec:
template:
metadata:
labels:
@ -1497,11 +1497,11 @@ index 3a080926..f7da8971 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_novncproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-novncproxy" "containerNames" (list "nova-novncproxy" "nova-novncproxy-init-assets" "nova-novncproxy-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
index b5220d5d..d6f6940d 100644
index ebc627af..c1ae4fb0 100644
--- a/nova/templates/deployment-scheduler.yaml
+++ b/nova/templates/deployment-scheduler.yaml
@@ -61,11 +61,13 @@ spec:
@ -1515,11 +1515,11 @@ index b5220d5d..d6f6940d 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-scheduler" "containerNames" (list "nova-scheduler" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
index 94d957d8..2a682e7f 100644
index a7b45eca..8dd9bc52 100644
--- a/nova/templates/deployment-spiceproxy.yaml
+++ b/nova/templates/deployment-spiceproxy.yaml
@@ -48,11 +48,13 @@ spec:
@ -1533,14 +1533,14 @@ index 94d957d8..2a682e7f 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "nova_spiceproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml
index 3e2bfafd..4c7366ae 100644
index cddc7443..749eb29b 100644
--- a/nova/templates/job-bootstrap.yaml
+++ b/nova/templates/job-bootstrap.yaml
@@ -41,8 +41,10 @@ spec:
@@ -40,8 +40,10 @@ spec:
template:
metadata:
labels:
@ -1600,7 +1600,7 @@ index 377555d6..4079ec81 100644
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/nova/values.yaml b/nova/values.yaml
index 63b8d02f..0d964c53 100644
index 5cc60057..44bd9a74 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -19,6 +19,7 @@
@ -1612,7 +1612,7 @@ index 63b8d02f..0d964c53 100644
compute:
node_selector_key: openstack-compute-node
diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
index bf1920d1..beb46a47 100644
index de666892..cd1a9d94 100644
--- a/placement/templates/deployment.yaml
+++ b/placement/templates/deployment.yaml
@@ -40,11 +40,13 @@ spec:
@ -1626,11 +1626,11 @@ index bf1920d1..beb46a47 100644
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ configchecksum: {{ toYaml .Values.labels.isApplication | sha256sum | trunc 63 }}
{{ tuple "placement" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "placement-api" "containerNames" (list "placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/placement/values.yaml b/placement/values.yaml
index 4a702ace..35f4849c 100644
index a411250c..9d2dddfd 100644
--- a/placement/values.yaml
+++ b/placement/values.yaml
@@ -20,6 +20,7 @@
@ -1643,4 +1643,3 @@ index 4a702ace..35f4849c 100644
node_selector_value: enabled
--
2.34.1

71
openstack-helm/debian/deb_folder/patches/0023-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch → openstack-helm/debian/deb_folder/patches/0017-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
View File

@ -82,7 +82,7 @@ index 00000000..ba0f0df3
+{{- end }}
\ No newline at end of file
diff --git a/aodh/values.yaml b/aodh/values.yaml
index 5da6eb61..e990a5f8 100644
index c33795e2..9661d734 100644
--- a/aodh/values.yaml
+++ b/aodh/values.yaml
@@ -59,6 +59,7 @@ images:
@ -127,18 +127,18 @@ index 00000000..5755d4ec
+{{- end }}
\ No newline at end of file
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 9bea5035..57758455 100644
index b3ed693c..aa9df4f0 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -48,6 +48,7 @@ images:
barbican_api: docker.io/openstackhelm/barbican:wallaby-ubuntu_focal
rabbit_init: docker.io/rabbitmq:3.7-management
barbican_api: docker.io/openstackhelm/barbican:2024.1-ubuntu_jammy
rabbit_init: docker.io/rabbitmq:3.13-management
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -693,6 +694,7 @@ manifests:
@@ -703,6 +704,7 @@ manifests:
configmap_etc: true
deployment_api: true
ingress_api: true
@ -172,7 +172,7 @@ index 00000000..1900b9d8
+{{- end }}
\ No newline at end of file
diff --git a/ceilometer/values.yaml b/ceilometer/values.yaml
index 3e8d477b..d93c6793 100644
index d50722cf..9f55de78 100644
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@@ -63,6 +63,7 @@ images:
@ -217,18 +217,18 @@ index 00000000..db570af6
+{{- end }}
\ No newline at end of file
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 0496c2cc..ba1189e3 100644
index 16516491..ef0d9615 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -61,6 +61,7 @@ images:
cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal
cinder_backup_storage_init: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -1460,6 +1461,7 @@ manifests:
@@ -1477,6 +1478,7 @@ manifests:
deployment_scheduler: true
deployment_volume: true
ingress_api: true
@ -262,18 +262,18 @@ index 00000000..2e4f2e11
+{{- end }}
\ No newline at end of file
diff --git a/glance/values.yaml b/glance/values.yaml
index ed8fd754..4a656275 100644
index 3a6a14f9..c902bcab 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -50,6 +50,7 @@ images:
bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -991,6 +992,7 @@ manifests:
@@ -1019,6 +1020,7 @@ manifests:
configmap_etc: true
deployment_api: true
ingress_api: true
@ -307,18 +307,18 @@ index 00000000..be97d27d
+{{- end }}
\ No newline at end of file
diff --git a/heat/values.yaml b/heat/values.yaml
index 5a0e4cba..d034da9c 100644
index 24dc69d5..933d6763 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -58,6 +58,7 @@ images:
heat_purge_deleted: docker.io/openstackhelm/heat:stein-ubuntu_bionic
heat_purge_deleted: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -1261,6 +1262,7 @@ manifests:
@@ -1293,6 +1294,7 @@ manifests:
ingress_api: true
ingress_cfn: true
ingress_cloudwatch: false
@ -352,18 +352,18 @@ index 00000000..258ad6f3
+{{- end }}
\ No newline at end of file
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 7aa8519d..f7d44f4c 100644
index 3a722c6a..98f8ede2 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -25,6 +25,7 @@ images:
test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_bionic
test: docker.io/openstackhelm/osh-selenium:latest-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -1381,6 +1382,7 @@ manifests:
@@ -1393,6 +1394,7 @@ manifests:
configmap_logo: false
deployment: true
ingress_api: true
@ -397,7 +397,7 @@ index 00000000..34c6af54
+{{- end }}
\ No newline at end of file
diff --git a/ironic/values.yaml b/ironic/values.yaml
index 39643ae8..511d0de1 100644
index 6a857bb9..d21ad6c7 100644
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@@ -53,6 +53,7 @@ images:
@ -408,7 +408,7 @@ index 39643ae8..511d0de1 100644
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -717,6 +718,7 @@ manifests:
@@ -790,6 +791,7 @@ manifests:
configmap_etc: true
deployment_api: true
ingress_api: true
@ -442,11 +442,11 @@ index 00000000..259ef91f
+{{- end }}
\ No newline at end of file
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 2eea531d..57f18611 100644
index d0a7a901..7e262d5f 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -52,6 +52,7 @@ images:
keystone_domain_manage: docker.io/openstackhelm/keystone:wallaby-ubuntu_focal
keystone_domain_manage: docker.io/openstackhelm/keystone:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
@ -487,20 +487,20 @@ index 00000000..6fd7c757
+{{- end }}
\ No newline at end of file
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 9f8666fc..eb155da3 100644
index 2c7d8233..b7a5560d 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -45,6 +45,7 @@ images:
neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
@@ -49,6 +49,7 @@ images:
neutron_netns_cleanup_cron: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
pull_policy: "IfNotPresent"
local_registry:
active: false
@@ -2460,6 +2461,7 @@ manifests:
deployment_ironic_agent: false
@@ -2655,6 +2656,7 @@ manifests:
deployment_server: true
deployment_rpc_server: true
ingress_server: true
+ job_pre_apply_cleanup: true
job_bootstrap: true
@ -532,10 +532,10 @@ index 00000000..0eb2fbaa
+{{- end }}
\ No newline at end of file
diff --git a/nova/values.yaml b/nova/values.yaml
index 0d964c53..1b17f510 100644
index 44bd9a74..2e748db9 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -84,6 +84,7 @@ images:
@@ -85,6 +85,7 @@ images:
test: docker.io/xrally/xrally-openstack:2.0.0
image_repo_sync: docker.io/docker:17.07.0
nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
@ -543,14 +543,14 @@ index 0d964c53..1b17f510 100644
local_registry:
active: false
exclude:
@@ -2489,6 +2490,7 @@ manifests:
ingress_metadata: true
@@ -2586,6 +2587,7 @@ manifests:
ingress_novncproxy: true
ingress_spiceproxy: true
ingress_osapi: true
+ job_pre_apply_cleanup: true
job_bootstrap: true
job_storage_init: true
job_db_init: true
job_db_sync: true
diff --git a/placement/templates/job-pre-apply-cleanup.yaml b/placement/templates/job-pre-apply-cleanup.yaml
new file mode 100644
index 00000000..6cbf5c84
@ -577,11 +577,11 @@ index 00000000..6cbf5c84
+{{- end }}
\ No newline at end of file
diff --git a/placement/values.yaml b/placement/values.yaml
index 35f4849c..020691e1 100644
index 9d2dddfd..adf7cc98 100644
--- a/placement/values.yaml
+++ b/placement/values.yaml
@@ -40,6 +40,7 @@ images:
placement_db_sync: docker.io/openstackhelm/placement:stein-ubuntu_bionic
placement_db_sync: docker.io/openstackhelm/placement:2024.1-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/docker:17.07.0
+ pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
@ -597,5 +597,4 @@ index 35f4849c..020691e1 100644
job_db_init: true
job_db_sync: true
--
2.46.0
2.34.1

0
openstack-helm/debian/deb_folder/patches/0024-Define-values-for-NetApp-volume-backend.patch → openstack-helm/debian/deb_folder/patches/0018-Define-values-for-NetApp-volume-backend.patch
View File

0
openstack-helm/debian/deb_folder/patches/0025-Add-cluster-host-ip-env-var-to-nova.patch → openstack-helm/debian/deb_folder/patches/0019-Add-cluster-host-ip-env-var-to-nova.patch
View File

84
openstack-helm/debian/deb_folder/patches/0019-Make-nova-address-search-optional.patch
View File

@ -1,84 +0,0 @@
From 66120483da2c8e39a65d14ace0adba96008c615c Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Fri, 22 Sep 2023 13:38:49 -0300
Subject: [PATCH] Nova: Make address search optional
The recent openstack-helm base commit update [1] brought a recent
change [2] that modifies the nova-compute-init.sh script behavior in
a way that is now affecting anyone that is not actually using it.
When this script was originally introduced [3] it was mainly relying
on a Values specific configuration for libvirt and would add
information to the extra conf file "nova-libvirt.conf" only if this
value was defined. It was used to set the name of the live migration
interface, and since it is delivered through a ConfigMap consumed by
a DaemonSet, it is a "global" config and not something that can be
defined per host.
It was never a problem to stx-openstack, because we were not using the
Value and therefore not populating the nova-libvirt.conf.
Now, after this new merge [2], when this value is not defined a
conditional triggers the IP resolution through the default gateway.
So, even if not using the migration interface Value, we end up having
an extra config file that will overwrite anything that was already
defined to nova.conf per host.
We can not rely on default gateway IP resolution since we want our
live migration traffic to go through an specific network and we also
do not want to define a global name for the related interface, since
this can (although probably will not) differ between hosts.
The solution is similar to what was done in the past for VNC spice
server proxyclient and the hypervisor addresses [4].
This configurable address search was proposed upstream [5].
[1] https://opendev.org/starlingx/openstack-armada-app/
commit/8254cd31bb1f12eebc48b712b33f75b2fc0aa571
[2] https://github.com/openstack/openstack-helm
/commit/31be86079d711c698b2560b4bed654e23373a596
[3] https://github.com/openstack/openstack-helm
/commit/31be86079d711c698b2560b4bed654e23373a596
[4] https://opendev.org/starlingx/openstack-armada-app/src/commit/
7190f7fb5048d014ed46112aeedd4e8622031881/openstack-helm/debian/
deb_folder/patches/0002-Nova-console-ip-address-search-optionality.patch
[5] https://review.opendev.org/c/openstack/openstack-helm/+/896461
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I1f84006f71baded82f39d864b1fa38351b3642cf
---
nova/templates/bin/_nova-compute.sh.tpl | 2 ++
nova/values.yaml | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/nova/templates/bin/_nova-compute.sh.tpl b/nova/templates/bin/_nova-compute.sh.tpl
index 60b0272d..702e3b92 100644
--- a/nova/templates/bin/_nova-compute.sh.tpl
+++ b/nova/templates/bin/_nova-compute.sh.tpl
@@ -21,7 +21,9 @@ exec nova-compute \
{{- if .Values.console.address_search_enabled }}
--config-file /tmp/pod-shared/nova-console.conf \
{{- end }}
+{{- if .Values.conf.libvirt.address_search_enabled }}
--config-file /tmp/pod-shared/nova-libvirt.conf \
+{{- end }}
{{- if and ( empty .Values.conf.nova.DEFAULT.host ) ( .Values.pod.use_fqdn.compute ) }}
--config-file /tmp/pod-shared/nova-compute-fqdn.conf \
{{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index e1dc611f..882470c6 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -1341,7 +1341,9 @@ conf:
cpu_allocation_ratio: 1.0
reserved_host_memory_mb: 0
libvirt:
- # Get the IP address to be used as the target for live migration traffic using interface name.
+ address_search_enabled: true
+ # When "address_search_enabled", get the IP address to be used as the target for live migration
+ # traffic using interface name.
# If this option is set to None, the hostname of the migration target compute node will be used.
live_migration_interface:
hypervisor:
--
2.25.1

192
openstack-helm/debian/deb_folder/patches/0020-Add-service-tokens-for-Cinder-auth.patch
View File

@ -1,192 +0,0 @@
From b327cf3e379dd1a28e9e1491774c11e1209a1476 Mon Sep 17 00:00:00 2001
From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
Date: Tue, 26 Sep 2023 16:16:04 -0300
Subject: [PATCH] Add service tokens for Cinder auth
Since version 22.1.0 of Cinder, it requires Nova to configure service
tokens in order to manipulate volumes [1], meaning that if that's not
configured, Nova will not be able to create VMs by volume. The commit
configured for StarlingX's openstack-helm package does not include this
configuration, which was done later by [2] and [3].
This patch includes commits [2] and [3] in order to allow Nova to create
VMs by volumes.
[1] https://docs.openstack.org/releasenotes/cinder/2023.1.html#upgrade-notes
[2] https://opendev.org/openstack/openstack-helm/commit/91c8a5baf2cf2f0dddded57d88f00ea11dd4ff4a
[3] https://opendev.org/openstack/openstack-helm/commit/7d39af25fddbf5fc67e15c92a9265f28567a214e
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
---
cinder/values.yaml | 6 ++++--
glance/values.yaml | 2 ++
neutron/values.yaml | 2 ++
nova/templates/configmap-etc.yaml | 23 +++++++++++++++++++++++
nova/values.yaml | 18 ++++++++++++++++--
placement/values.yaml | 2 ++
6 files changed, 49 insertions(+), 4 deletions(-)
diff --git a/cinder/values.yaml b/cinder/values.yaml
index b95bd618..ddc5d632 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -826,6 +826,8 @@ conf:
database:
max_retries: -1
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
@@ -848,7 +850,7 @@ conf:
backend_url: file:///var/lib/cinder/coordination
service_user:
auth_type: password
- send_service_user_token: false
+ send_service_user_token: true
logging:
loggers:
keys:
@@ -1224,7 +1226,7 @@ endpoints:
user_domain_name: default
project_domain_name: default
cinder:
- role: admin
+ role: admin,service
region_name: RegionOne
username: cinder
password: password
diff --git a/glance/values.yaml b/glance/values.yaml
index d23674bb..d15b77ac 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -256,6 +256,8 @@ conf:
oslo_middleware:
enable_proxy_headers_parsing: true
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 0a84322d..c71a40cf 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -1809,6 +1809,8 @@ conf:
ironic:
endpoint_type: internal
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
memcache_security_strategy: ENCRYPT
auth_type: password
auth_version: v3
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 5e3b61d3..1d8fbd97 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -228,6 +228,29 @@ limitations under the License.
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.ironic "memcache_servers" -}}
{{- end -}}
+{{- if empty .Values.conf.nova.cinder.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.cinder "auth_url" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.nova.cinder.os_region_name -}}
+{{- $_ := set .Values.conf.nova.cinder "os_region_name" .Values.endpoints.identity.auth.cinder.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_name" .Values.endpoints.identity.auth.cinder.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.project_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.user_domain_name -}}
+{{- $_ := set .Values.conf.nova.cinder "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.username -}}
+{{- $_ := set .Values.conf.nova.cinder "username" .Values.endpoints.identity.auth.cinder.username -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.cinder.password -}}
+{{- $_ := set .Values.conf.nova.cinder "password" .Values.endpoints.identity.auth.cinder.password -}}
+{{- end -}}
+
{{- if empty .Values.conf.nova.DEFAULT.osapi_compute_listen_port -}}
{{- $_ := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
{{- end -}}
diff --git a/nova/values.yaml b/nova/values.yaml
index 882470c6..63b8d02f 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -1402,6 +1402,10 @@ conf:
service_metadata_proxy: True
auth_type: password
auth_version: v3
+ cinder:
+ catalog_info: volumev3::internalURL
+ auth_url: null
+ auth_type: password
database:
max_retries: -1
api_database:
@@ -1409,6 +1413,8 @@ conf:
cell0_database:
max_retries: -1
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
@@ -1417,7 +1423,7 @@ conf:
notify_on_state_change: vm_and_task_state
service_user:
auth_type: password
- send_service_user_token: false
+ send_service_user_token: true
libvirt:
connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
images_type: qcow2
@@ -1708,7 +1714,7 @@ endpoints:
user_domain_name: default
project_domain_name: default
nova:
- role: admin
+ role: admin,service
region_name: RegionOne
username: nova
password: password
@@ -1743,6 +1749,14 @@ endpoints:
project_name: service
user_domain_name: service
project_domain_name: service
+ cinder:
+ role: admin,service
+ region_name: RegionOne
+ username: cinder
+ password: password
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
test:
role: admin
region_name: RegionOne
diff --git a/placement/values.yaml b/placement/values.yaml
index aa864620..4a702ace 100644
--- a/placement/values.yaml
+++ b/placement/values.yaml
@@ -82,6 +82,8 @@ conf:
placement_database:
connection: null
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_version: v3
auth_type: password
memcache_security_strategy: ENCRYPT
--
2.25.1

65
openstack-helm/debian/deb_folder/patches/0022-Add-missing-initial-delay-in-readiness-probes.patch
View File

@ -1,65 +0,0 @@
From b7c9f8d5326ad4722ef74ef4477bc9014a278e6f Mon Sep 17 00:00:00 2001
From: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
Date: Mon, 4 Mar 2024 12:09:40 -0300
Subject: [PATCH] Add missing initial delay in readiness probes
After applying STX-Openstack, some API pods are failing to pass the
readiness probe. This change adds a initialDelaySeconds value to the
deployment files of the services that are having this warning.
The liveness probe for these deployments already have a
initialDelaySeconds of 30 seconds, adding this value to the readiness
probe supresses this issue.
Signed-off-by: Lucas de Ataides <lucas.deataidesbarreto@windriver.com>
---
cinder/templates/deployment-api.yaml | 1 +
glance/templates/deployment-api.yaml | 2 ++
heat/templates/deployment-api.yaml | 1 +
3 files changed, 4 insertions(+)
diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
index 3f4e941a..2f747db0 100644
--- a/cinder/templates/deployment-api.yaml
+++ b/cinder/templates/deployment-api.yaml
@@ -109,6 +109,7 @@ spec:
scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ initialDelaySeconds: 30
livenessProbe:
httpGet:
scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
index 956639dc..a3405526 100644
--- a/glance/templates/deployment-api.yaml
+++ b/glance/templates/deployment-api.yaml
@@ -130,11 +130,13 @@ spec:
scheme: HTTP
path: /
port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ initialDelaySeconds: 30
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ initialDelaySeconds: 30
volumeMounts:
- name: pod-tmp
mountPath: /tmp
diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
index 178bedda..8f621e0e 100644
--- a/heat/templates/deployment-api.yaml
+++ b/heat/templates/deployment-api.yaml
@@ -86,6 +86,7 @@ spec:
scheme: {{ tuple "orchestration" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
path: /
port: {{ tuple "orchestration" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ initialDelaySeconds: 30
livenessProbe:
httpGet:
scheme: {{ tuple "orchestration" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
--
2.25.1

42
openstack-helm/debian/deb_folder/patches/series
View File

@ -1,25 +1,19 @@
0001-Remove-stale-Apache2-service-pids-when-a-POD-starts.patch
0002-Nova-console-ip-address-search-optionality.patch
0003-Nova-chart-Support-ephemeral-pool-creation.patch
0004-Support-ingress-creation-for-keystone-admin-endpoint.patch
0005-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
0006-Wrong-usage-of-rbd_store_chunk_size.patch
0007-Add-stx_admin-account.patch
0008-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
0009-Replace-deprecated-Nova-VNC-configurations.patch
0010-Remove-TLS-from-openstack-services.patch
0011-Remove-mariadb-and-rabbit-tls.patch
0012-Update-RBAC-authorization-api-to-v1.patch
0013-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
0014-Fixing-nova-helm-release-hooks-and-weights.patch
0015-Fixing-keystone-helm-release-hooks-and-weights.patch
0016-Update-user-in-cinder-related-pods.patch
0017-Support-ceph-dev-version-during-pool-creation.patch
0018-Update-charts-requirements-to-use-local-server.patch
0019-Make-nova-address-search-optional.patch
0020-Add-service-tokens-for-Cinder-auth.patch
0021-Add-app.starlingx.io-component-label-to-pods.patch
0022-Add-missing-initial-delay-in-readiness-probes.patch
0023-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
0024-Define-values-for-NetApp-volume-backend.patch
0025-Add-cluster-host-ip-env-var-to-nova.patch
0002-Support-ingress-creation-for-keystone-admin-endpoint.patch
0003-Allow-set-public-endpoint-url-for-keystone-endpoints.patch
0004-Wrong-usage-of-rbd_store_chunk_size.patch
0005-Add-stx_admin-account.patch
0006-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
0007-Remove-TLS-from-openstack-services.patch
0008-Remove-mariadb-and-rabbit-tls.patch
0009-Fixing-cinder-helm-release-hooks-weights-helmv3.patch
0010-Fixing-nova-helm-release-hooks-and-weights.patch
0011-Fixing-keystone-helm-release-hooks-and-weights.patch
0012-Update-user-in-cinder-related-pods.patch
0013-Support-ceph-dev-version-during-pool-creation.patch
0014-Update-charts-requirements-to-use-local-server.patch
0015-Add-service-tokens-for-Cinder-auth.patch
0016-Add-app.starlingx.io-component-label-to-pods.patch
0017-Add-pre-apply-cleanup-Job-to-STX-O-Helm-charts.patch
0018-Define-values-for-NetApp-volume-backend.patch
0019-Add-cluster-host-ip-env-var-to-nova.patch

10
openstack-helm/debian/meta_data.yaml
View File

@ -1,11 +1,11 @@
---
debname: openstack-helm
debver: 1.0-1
debver: 1.1-0
dl_path:
name: openstack-helm-0a02cb8f4bd954c8373591a4c9ab558858bb9d5c.tar.gz
url: https://github.com/openstack/openstack-helm/archive/0a02cb8f4bd954c8373591a4c9ab558858bb9d5c.tar.gz
md5sum: 25ad89572b7bcf29f05934565400182f
sha256sum: 7524e763c5456dab88069621af1905d9b432bfb213532c10e258cd83ede9f5b2
name: openstack-helm-3013cbc94a201b48bf5b3e0bced9297ae924a133.tar.gz
url: https://github.com/openstack/openstack-helm/archive/3013cbc94a201b48bf5b3e0bced9297ae924a133.tar.gz
md5sum: dc1e3b4a42007c5c2c3a0c305a6f684e
sha256sum: 91ad30be701bcf7388c0b763635bfecfd39b771a771af779bb1864daf9175891
src_files:
- files/index.yaml
- files/repositories.yaml

3
python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/neutron.py
View File

@ -50,7 +50,8 @@ class NeutronHelm(openstack.OpenstackBaseHelm):
common.HELM_NS_OPENSTACK: {
'pod': {
'replicas': {
'server': self._num_provisioned_controllers()
'server': self._num_provisioned_controllers(),
'rpc_server': self._num_provisioned_controllers(),
},
},
'conf': self._get_conf_overrides(),

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/aodh/aodh-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -19,6 +19,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/aodh/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: aodh
version: 0.2.8
version: 0.2.11
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/barbican/barbican-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -21,6 +21,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/barbican/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: barbican
version: 0.3.3
version: 0.3.13
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ceilometer/ceilometer-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -19,6 +19,7 @@ images:
ceilometer_notification: docker.io/starlingx/stx-ceilometer:master-debian-stable-latest
db_init: docker.io/starlingx/stx-ceilometer:master-debian-stable-latest
db_init_mongodb: docker.io/starlingx/stx-ceilometer:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ceilometer/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: ceilometer
version: 0.2.8
version: 0.2.11
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/cinder-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -36,6 +36,7 @@ images:
cinder_volume_usage_audit: docker.io/starlingx/stx-cinder:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/cinder/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: cinder
version: 0.3.11
version: 0.3.22
sourceRef:
kind: HelmRepository
name: starlingx

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/glance/glance-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -22,10 +22,10 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
glance_api: docker.io/starlingx/stx-glance:master-debian-stable-latest
glance_db_sync: docker.io/starlingx/stx-glance:master-debian-stable-latest
glance_metadefs_load: docker.io/starlingx/stx-glance:master-debian-stable-latest
glance_registry: docker.io/starlingx/stx-glance:master-debian-stable-latest
glance_storage_init: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/glance/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: glance
version: 0.4.7
version: 0.4.23
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/heat/heat-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -37,6 +37,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
heat_api: docker.io/starlingx/stx-heat:master-debian-stable-latest
heat_cfn: docker.io/starlingx/stx-heat:master-debian-stable-latest
heat_cloudwatch: docker.io/starlingx/stx-heat:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/heat/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: heat
version: 0.3.4
version: 0.3.14
sourceRef:
kind: HelmRepository
name: starlingx

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/horizon/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: horizon
version: 0.3.9
version: 0.3.22
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/horizon/horizon-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -12,6 +12,7 @@ images:
tags:
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
horizon: docker.io/starlingx/stx-horizon:master-debian-stable-latest
horizon_db_sync: docker.io/starlingx/stx-horizon:master-debian-stable-latest
image_repo_sync: null

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ironic/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: ironic
version: 0.2.9
version: 0.2.15
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ironic/ironic-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -46,6 +46,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ironic_api: docker.io/starlingx/stx-ironic:master-debian-stable-latest
ironic_conductor: docker.io/starlingx/stx-ironic:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/keystone/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: keystone
version: 0.3.2
version: 0.3.13
sourceRef:
kind: HelmRepository
name: starlingx

3
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/keystone/keystone-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -29,6 +29,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
keystone_api: docker.io/starlingx/stx-keystone:master-debian-stable-latest
keystone_credential_cleanup: null

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: neutron
version: 0.3.12
version: 0.3.44
sourceRef:
kind: HelmRepository
name: starlingx

7
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/neutron/neutron-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2023-2024 Wind River Systems, Inc.
# Copyright (c) 2023-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -141,11 +141,14 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_user: docker.io/starlingx/stx-heat:master-debian-stable-latest
netoffload: null
neutron_bagpipe_bgp: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_bgp_dragent: null
neutron_db_sync: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_dhcp: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_ironic_agent: docker.io/starlingx/stx-neutron:master-debian-stable-latest
@ -156,6 +159,8 @@ images:
neutron_netns_cleanup_cron: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_openvswitch_agent: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_ovn_metadata: null
neutron_ovn_vpn: null
neutron_rpc_server: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_server: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_sriov_agent: docker.io/starlingx/stx-neutron:master-debian-stable-latest
neutron_sriov_agent_init: docker.io/starlingx/stx-neutron:master-debian-stable-latest

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: nova
version: 0.3.13
version: 0.3.42
sourceRef:
kind: HelmRepository
name: starlingx

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/nova/nova-static-overrides.yaml
View File

@ -71,6 +71,7 @@ images:
bootstrap: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
image_repo_sync: null
ks_endpoints: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest
@ -83,16 +84,15 @@ images:
nova_compute_ironic: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_compute_ssh: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_conductor: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_consoleauth: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_db_sync: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_novncproxy: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_novncproxy_assets: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_placement: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_scheduler: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_service_cleaner: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
nova_spiceproxy: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_spiceproxy_assets: docker.io/starlingx/stx-nova:master-debian-stable-latest
nova_storage_init: docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20201223
nova_wait_for_computes_init: null
pre_apply_cleanup: docker.io/starlingx/stx-vault-manager:master-debian-stable-latest
rabbit_init: docker.io/rabbitmq:3.9.0-management
test: null

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/helmrelease.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -16,7 +16,7 @@ spec:
chart:
spec:
chart: placement
version: 0.3.5
version: 0.3.14
sourceRef:
kind: HelmRepository
name: starlingx

4
stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/placement/placement-static-overrides.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2022-2024 Wind River Systems, Inc.
# Copyright (c) 2022-2025 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -21,7 +21,7 @@ images:
tags:
db_drop: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_init: docker.io/starlingx/stx-heat:master-debian-stable-latest
db_migrate: quay.io/airshipit/porthole-mysqlclient-utility:179e19a91fc75052da2f5d1de5c1a273d5407c3b-ubuntu_bionic
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: null
ks_user: docker.io/starlingx/stx-heat:master-debian-stable-latest
ks_service: docker.io/starlingx/stx-heat:master-debian-stable-latest