Merge branch 'main' into PUC-535

rackerlabs · Oct 25, 2024 · 5bbd517 · 5bbd517
2 parents 3913a50 + d5f6800
commit 5bbd517
Show file tree

Hide file tree

Showing 26 changed files with 258 additions and 80 deletions.
diff --git a/.github/workflows/code-test.yaml b/.github/workflows/code-test.yaml
@@ -41,7 +41,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - run: pipx install poetry==1.7.1 && poetry self add 'poetry-dynamic-versioning[plugin]'
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
         with:
           python-version-file: python/${{ matrix.project }}/pyproject.toml
           cache: "poetry"

diff --git a/.github/workflows/mkdocs.yaml b/.github/workflows/mkdocs.yaml
@@ -34,7 +34,7 @@ jobs:
         with:
           files: docs
           config_file: .markdownlint.yml
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
         with:
           python-version: 3.x
           cache: pip

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
         id: setup-python
         with:
           python-version: '3.11'

diff --git a/.github/workflows/typos.yaml b/.github/workflows/typos.yaml
@@ -15,6 +15,6 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Typos Spell Checker
-        uses: crate-ci/typos@master
+        uses: crate-ci/typos@0d9e0c2c1bd7f770f6eb90f87780848ca02fc12c # v1.26.8
         with:
           config: ./.typos.toml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,11 +8,17 @@ repos:
         exclude: '^docs/overrides'
       - id: fix-byte-order-marker
       - id: mixed-line-ending
+      - id: check-merge-conflict
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+        exclude: mkdocs.yml
       - id: check-yaml
         name: check-yaml-mkdocs
         # --unsafe is a workaround for the use of !! in mkdocs.yml
         args: [--unsafe]
         files: mkdocs.yml
+      - id: check-symlinks
   - repo: https://github.com/adrienverge/yamllint
     rev: v1.33.0
     hooks:
@@ -28,16 +34,16 @@ repos:
           - schema/argo-workflows.json
         files: "workflows/argo-events/workflowtemplates/.*.(yml|yaml)$"
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.37.0
+    rev: v0.42.0
     hooks:
       - id: markdownlint
         files: '^docs/'
   - repo: https://github.com/crate-ci/typos
-    rev: v1.22.8
+    rev: v1.26.8
     hooks:
       - id: typos
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.5.4
+    rev: v0.7.1
     hooks:
       - id: ruff
         args: [--fix]

diff --git a/apps/appsets/components.yaml b/apps/appsets/components.yaml
@@ -50,9 +50,6 @@ spec:
                               - op: replace
                                 path: /spec/tls/0/hosts/0
                                 value: dex.{{index .metadata.annotations "dns_zone" }}
-                              - op: replace
-                                path: '/metadata/annotations/cert-manager.io~1cluster-issuer'
-                                value: 'understack-cluster-issuer'
                     - repoURL: '{{index .metadata.annotations "uc_deploy_git_url"}}'
                       targetRevision: '{{index .metadata.annotations "uc_deploy_ref"}}'
                       ref: deploy
@@ -85,9 +82,6 @@ spec:
                         releaseName: nautobot
                         valuesObject:
                           ingress:
-                            annotations:
-                              cert-manager.io/cluster-issuer: 'understack-cluster-issuer'
-                              nginx.ingress.kubernetes.io/backend-protocol: HTTPS
                             hostname: 'nautobot.{{index .metadata.annotations "dns_zone" }}'
                         valueFiles:
                           - $understack/components/nautobot/nautobot-values.yaml
@@ -158,9 +152,6 @@ spec:
                             - op: replace
                               path: /spec/tls/0/hosts/0
                               value: workflows.{{index .metadata.annotations "dns_zone" }}
-                            - op: replace
-                              path: '/metadata/annotations/cert-manager.io~1cluster-issuer'
-                              value: 'understack-cluster-issuer'
                 - component: argo-events
                   skipComponent: '{{has "argo-events" ((default "[]" (index .metadata.annotations "uc_skip_components") | fromJson))}}'
                   sources:

diff --git a/components/argo/ingress.yaml b/components/argo/ingress.yaml
@@ -3,7 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
-    cert-manager.io/cluster-issuer: selfsigned-cluster-issuer
+    cert-manager.io/cluster-issuer: understack-cluster-issuer
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
   name: argo-workflows

diff --git a/components/dex/ingress.yaml b/components/dex/ingress.yaml
@@ -3,7 +3,7 @@ kind: Ingress
 metadata:
   name: dex
   annotations:
-    cert-manager.io/cluster-issuer: selfsigned-cluster-issuer
+    cert-manager.io/cluster-issuer: understack-cluster-issuer
     nginx.ingress.kubernetes.io/backend-protocol: HTTP
 spec:
   ingressClassName: nginx

diff --git a/components/glance/aio-values.yaml b/components/glance/aio-values.yaml
@@ -11,12 +11,31 @@ endpoints:
       name: rabbitmq-server
     hosts:
       default: rabbitmq-nodes
+  image:
+    port:
+      api:
+        public: 443
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: glance-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
 
 network:
   # configure OpenStack Helm to use Undercloud's ingress
   # instead of expecting the ingress controller provided
   # by OpenStack Helm
   use_external_ingress_controller: true
+  api:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
 
 # Glance storage backend
 # we'll switch to radosgw in the future

diff --git a/components/horizon/aio-values.yaml b/components/horizon/aio-values.yaml
@@ -14,11 +14,27 @@ conf:
         allowed_hosts:
           - '*'
 
+endpoints:
+  dashboard:
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: keystone-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
+
 network:
   # configure OpenStack Helm to use Undercloud's ingress
   # instead of expecting the ingress controller provided
   # by OpenStack Helm
   use_external_ingress_controller: true
+  dashboard:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
 
 # (nicholas.kuechler) updating the jobs list to remove the 'horizon-db-init' job.
 dependencies:

diff --git a/components/ironic/aio-values.yaml b/components/ironic/aio-values.yaml
@@ -76,6 +76,19 @@ endpoints:
       name: rabbitmq-server
     hosts:
       default: rabbitmq-nodes
+  baremetal:
+    port:
+      api:
+        public: 443
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: ironic-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
 
 network:
   api:
@@ -86,6 +99,8 @@ network:
         cluster: "nginx-openstack"
       annotations:
         nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
     external_policy_local: false
     node_port:
       enabled: false

diff --git a/components/keystone/aio-values.yaml b/components/keystone/aio-values.yaml
@@ -98,6 +98,12 @@ network:
   # instead of expecting the ingress controller provided
   # by OpenStack Helm
   use_external_ingress_controller: true
+  api:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
 
 dependencies:
   static:
@@ -312,6 +318,18 @@ endpoints:
     # which is wired back to keystone-api via the service_ingress_api manifest. just
     # go direct to the service
     default: keystone-api
+    scheme:
+      public: https
+    port:
+      api:
+        public: 443
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: keystone-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
 
 manifests:
   job_credential_cleanup: false

diff --git a/components/nautobot/nautobot-values.yaml b/components/nautobot/nautobot-values.yaml
@@ -66,5 +66,5 @@ ingress:
   tls: true
   secretName: "nautobot-ingress-tls"
   annotations:
-    cert-manager.io/cluster-issuer: selfsigned-cluster-issuer
+    cert-manager.io/cluster-issuer: understack-cluster-issuer
     nginx.ingress.kubernetes.io/backend-protocol: HTTPS
diff --git a/components/neutron/aio-values.yaml b/components/neutron/aio-values.yaml
@@ -11,6 +11,20 @@ endpoints:
       name: rabbitmq-server
     hosts:
       default: rabbitmq-nodes
+  network:
+    port:
+      api:
+        public: 443
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: neutron-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
+
 
 network:
   # we're using ironic and actual switches
@@ -21,6 +35,12 @@ network:
   # instead of expecting the ingress controller provided
   # by OpenStack Helm
   use_external_ingress_controller: true
+  server:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
 
 conf:
   plugins:

diff --git a/components/nova/aio-values.yaml b/components/nova/aio-values.yaml
@@ -18,6 +18,19 @@ endpoints:
       name: rabbitmq-server
     hosts:
       default: rabbitmq-nodes
+  compute:
+    port:
+      api:
+        public: 443
+    scheme:
+      public: https
+    host_fqdn_override:
+      public:
+        tls:
+          secretName: nova-tls-public
+          issuerRef:
+            name: understack-cluster-issuer
+            kind: ClusterIssuer
 
 network:
   # we're using ironic and actual switches
@@ -28,6 +41,12 @@ network:
   # instead of expecting the ingress controller provided
   # by OpenStack Helm
   use_external_ingress_controller: true
+  osapi:
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/rewrite-target: /
+        # set our default issuer
+        cert-manager.io/cluster-issuer: understack-cluster-issuer
 
 conf:
   ceph: