Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

various fixes in several systems #389

Merged
merged 4 commits into from
Aug 2, 2024
Merged

various fixes in several systems #389

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
28d822c
fix: add missing top-level key for pods
LukeRepko Aug 2, 2024
3847c1c
fix: use keystone endpoint instead of pw
LukeRepko Aug 2, 2024
35d522b
fix: remove redirect loop
LukeRepko Aug 2, 2024
192f05b
docs: cite region param for create secrets script
LukeRepko Aug 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions base-helm-configs/cinder/cinder-helm-overrides.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ jobs:
history:
success: 3
failed: 1

pod:
security_context:
volume_usage_audit:
pod:
Expand Down
35 changes: 33 additions & 2 deletions bin/create-secrets.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,37 @@
#!/bin/bash
# shellcheck disable=SC2086

usage() {
echo "Usage: $0 [--region <region> default: RegionOne]"
exit 1
}

region="RegionOne"

while [[ "$#" -gt 0 ]]; do
case $1 in
--help)
usage
;;
-h)
usage
;;
--region)
region="$2"
shift 2
;;
*)
echo "Unknown parameter passed: $1"
usage
;;
esac
done

# Check if the region argument is provided
if [ -z "$region" ]; then
usage
fi

generate_password() {
< /dev/urandom tr -dc _A-Za-z0-9 | head -c${1:-32}
}
Expand Down Expand Up @@ -354,9 +385,9 @@ data:
db-username: $(echo -n "skyline" | base64)
db-password: $(echo -n $skyline_db_password | base64 -w0)
secret-key: $(echo -n $skyline_secret_key_password | base64 -w0)
keystone-endpoint: $(echo -n $keystone_admin_password | base64 -w0) # Using the generated keystone-keystone-admin password
keystone-endpoint: $(echo -n "http://keystone-api.openstack.svc.cluster.local:5000/v3" | base64 -w0)
keystone-username: $(echo -n "skyline" | base64)
default-region: $(echo -n "RegionOne" | base64)
default-region: $(echo -n "$region" | base64)
prometheus_basic_auth_password: $(echo -n "" | base64)
prometheus_basic_auth_user: $(echo -n "" | base64)
prometheus_enable_basic_auth: $(echo -n "false" | base64)
Expand Down
3 changes: 2 additions & 1 deletion docs/infrastructure-namespace.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ kubectl apply -k /opt/genestack/base-kustomize/openstack
Then you can create all needed secrets by running the create-secrets.sh command located in /opt/genestack/bin

``` shell
/opt/genestack/bin/create-secrets.sh
/opt/genestack/bin/create-secrets.sh -h
Usage: ./create-secrets.sh [--region <region> default: RegionOne]
```

That will create a kubesecrets.yaml file located in /etc/genestack
Expand Down
113 changes: 20 additions & 93 deletions etc/gateway-api/gateway-routes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,39 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: custom-barbican-gateway-route
name: http2https-route
namespace: openstack
labels:
application: gateway-api
service: HTTPRoute
route: http2https
spec:
parentRefs:
- name: flex-gateway
sectionName: barbican-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "barbican.your.domain.tld"
- "*.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: custom-barbican-gateway-route
namespace: openstack
spec:
parentRefs:
- name: flex-gateway
sectionName: barbican-https
namespace: nginx-gateway
hostnames:
- "barbican.your.domain.tld"
rules:
- backendRefs:
- name: barbican-api
port: 9311
Expand All @@ -38,17 +53,9 @@ spec:
- name: flex-gateway
sectionName: cinder-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "cinder.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: cinder-api
port: 8776
Expand All @@ -67,17 +74,9 @@ spec:
- name: flex-gateway
sectionName: glance-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "glance.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: glance-api
port: 9292
Expand All @@ -96,17 +95,9 @@ spec:
- name: flex-gateway
sectionName: cloudformation-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "cloudformation.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: heat-cfn
port: 8000
Expand All @@ -125,17 +116,9 @@ spec:
- name: flex-gateway
sectionName: heat-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "heat.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: heat-api
port: 8004
Expand All @@ -150,17 +133,9 @@ spec:
- name: flex-gateway
sectionName: keystone-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "keystone.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: keystone-api
port: 5000
Expand All @@ -179,17 +154,9 @@ spec:
- name: flex-gateway
sectionName: neutron-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "neutron.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: neutron-server
port: 9696
Expand Down Expand Up @@ -237,17 +204,9 @@ spec:
- name: flex-gateway
sectionName: placement-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "placement.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: placement-api
port: 8778
Expand All @@ -266,17 +225,9 @@ spec:
- name: flex-gateway
sectionName: metadata-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "metadata.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: nova-metadata
port: 8775
Expand All @@ -295,17 +246,9 @@ spec:
- name: flex-gateway
sectionName: nova-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "nova.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: nova-api
port: 8774
Expand All @@ -324,17 +267,9 @@ spec:
- name: flex-gateway
sectionName: novnc-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "novnc.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: nova-novncproxy
port: 6080
Expand All @@ -353,17 +288,9 @@ spec:
- name: flex-gateway
sectionName: skyline-https
namespace: nginx-gateway
- name: flex-gateway
sectionName: http-wildcard-listener
namespace: nginx-gateway
hostnames:
- "skyline.your.domain.tld"
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
- backendRefs:
- name: skyline-apiserver
port: 9999
Loading