Merge "Distinguish between port number of internal endpoint and binding port number in keystone"
This commit is contained in:
		| @@ -14,7 +14,7 @@ apiVersion: v1 | ||||
| appVersion: v1.0.0 | ||||
| description: OpenStack-Helm Keystone | ||||
| name: keystone | ||||
| version: 0.2.29 | ||||
| version: 0.2.30 | ||||
| home: https://docs.openstack.org/keystone/latest/ | ||||
| icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png | ||||
| sources: | ||||
|   | ||||
| @@ -14,9 +14,9 @@ limitations under the License. | ||||
|  | ||||
| {{- define "apiProbeTemplate" }} | ||||
| httpGet: | ||||
|   scheme: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} | ||||
|   scheme: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }} | ||||
|   path: /v3/ | ||||
|   port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|   port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
| {{- end }} | ||||
|  | ||||
| {{- if .Values.manifests.deployment_api }} | ||||
| @@ -80,7 +80,7 @@ spec: | ||||
|                   - stop | ||||
|           ports: | ||||
|             - name: ks-pub | ||||
|               containerPort: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|               containerPort: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
| {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "readiness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }} | ||||
| {{ dict "envAll" $envAll "component" "api" "container" "api" "type" "liveness" "probeTemplate" (include "apiProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }} | ||||
|           volumeMounts: | ||||
|   | ||||
| @@ -21,9 +21,8 @@ metadata: | ||||
|   name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} | ||||
| spec: | ||||
|   ports: | ||||
|   {{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|     - name: ks-pub | ||||
|       port: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|       port: {{ tuple "identity" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|       {{ if .Values.network.api.node_port.enabled }} | ||||
|       nodePort: {{ .Values.network.api.node_port.port }} | ||||
|       {{ end }} | ||||
|   | ||||
| @@ -772,7 +772,7 @@ conf: | ||||
|       ThreadLimit         720 | ||||
|     </IfModule> | ||||
|   wsgi_keystone: | | ||||
|     {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|     {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|  | ||||
|     Listen 0.0.0.0:{{ $portInt }} | ||||
|  | ||||
| @@ -972,12 +972,14 @@ endpoints: | ||||
|       default: /v3 | ||||
|     scheme: | ||||
|       default: http | ||||
|       service: http | ||||
|     port: | ||||
|       api: | ||||
|         default: 80 | ||||
|         # NOTE(portdirect): to retain portability across images, and allow | ||||
|         # running under a unprivileged user simply, we default to a port > 1000. | ||||
|         internal: 5000 | ||||
|         service: 5000 | ||||
|   oslo_db: | ||||
|     namespace: null | ||||
|     auth: | ||||
|   | ||||
							
								
								
									
										16
									
								
								keystone/values_overrides/internal-reverse-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								keystone/values_overrides/internal-reverse-proxy.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,16 @@ | ||||
| --- | ||||
| endpoints: | ||||
|   identity: | ||||
|     host_fqdn_override: | ||||
|       public: example.com | ||||
|     scheme: | ||||
|       default: https | ||||
|       public: https | ||||
|       internal: https | ||||
|       service: http | ||||
|     port: | ||||
|       api: | ||||
|         default: 443 | ||||
|         internal: 443 | ||||
|         service: 5000 | ||||
| ... | ||||
| @@ -26,8 +26,7 @@ conf: | ||||
|       ssl_cert_file: /etc/rabbitmq/certs/tls.crt | ||||
|       ssl_key_file: /etc/rabbitmq/certs/tls.key | ||||
|   wsgi_keystone: | | ||||
|     {{- $portInt := tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|     {{- $vh := tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} | ||||
|     {{- $portInt := tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }} | ||||
|  | ||||
|     Listen 0.0.0.0:{{ $portInt }} | ||||
|  | ||||
| @@ -38,7 +37,7 @@ conf: | ||||
|     CustomLog /dev/stdout combined env=!forwarded | ||||
|     CustomLog /dev/stdout proxy env=forwarded | ||||
|  | ||||
|     <VirtualHost *:{{ tuple "identity" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}> | ||||
|     <VirtualHost *:{{ tuple "identity" "service" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}> | ||||
|       ServerName {{ printf "%s.%s.svc.%s" "keystone-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }} | ||||
|       WSGIDaemonProcess keystone-public processes=1 threads=1 user=keystone group=keystone display-name=%{GROUP} | ||||
|       WSGIProcessGroup keystone-public | ||||
| @@ -78,6 +77,7 @@ endpoints: | ||||
|     scheme: | ||||
|       default: https | ||||
|       public: https | ||||
|       service: https | ||||
|     port: | ||||
|       api: | ||||
|         default: 443 | ||||
|   | ||||
| @@ -45,4 +45,5 @@ keystone: | ||||
|   - 0.2.27 Use LOG.warning instead of deprecated LOG.warn | ||||
|   - 0.2.28 Added OCI registry authentication | ||||
|   - 0.2.29 Support TLS endpoints | ||||
|   - 0.2.30 Distinguish between port number of internal endpoint and binding port number | ||||
| ... | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Zuul
					Zuul