Add an extraObjects list to every chart which will allow
user to extend each Helm chart with other data they need.
It utilizes Helm's built in templating so they are able
to include references to other variables like the conf
to include data in their objects.
Change-Id: I33431d50068bf135b28f6cbfc329ede9274d4bc9
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
This change removes the helm3_hook value across all charts.
It is no longer possible to set helm3_hook to False to support Helm 2.
Change-Id: I22b38b9ae336a49dfaf93c7605ecbf6cedcfc1c1
Signed-off-by: Mathieu Gagné <mgagne@calavera.ca>
Allow users to provide additional projected volumes to be mounted into
the various deployments, statefulsets, and jobs that the keystone chart has
in the /etc/keystone/keystone.conf.d/ path. This allows for users to provide
service account or database secrets via different operators as well as
provide ways to use the chart to define common deployments while being
able to have site specific overrides.
Change-Id: I94425d2003cfc2d133249df79b196a1e8dca4370
Signed-off-by: Mathieu Gagné <mgagne@calavera.ca>
Ingress-nginx is deprecated and is going to become
unmaintained after Feb/2026.
See details here https://www.kubernetes.dev/blog/2025/11/12/ingress-nginx-retirement/
This PS adds support for HAProxy-ingress but does not
remove the ingress-nginx support.
Also default ingress class name and annotations are updated
to make them more implementation agnostic.
Change-Id: I1cbcd2ce0534bf865e484370297ca17c1b1af4e0
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>
Provide a WSGI script for Apache to use to start up Keystone since Keystone
stopped shipping their own entrypoint. This is done in a way that users can
override it and the container has less moving pieces at startup.
Change-Id: Id32f8eb5bacea389d388d2483454d4a01ef608be
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
This ensures all errors go to the kubernetes logs and not to a file in
the container when something happens outside of the virtualhost.
Change-Id: If2ceef3591eeb2f735b26bb8b115b18467f98c22
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Wherever we use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu-focal
let's use latest-ubuntu_jammy tag.
Change-Id: I20dd389f6d8c948ae2a3f77a59a3efd0ffb2cd7d
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>
Also update default image tags on the most recent
SLURP release 2025.1
Change-Id: Idb6d7de2c1d35a1fdb0df6eeb17dd07309c90b29
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>
apache 2.4 was released long time ago and is now available in recent
operating systems.
Change-Id: I7a2bdaf7f0105d444f598581f1b3d5d493a8acfe
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
Ensure that we do not delete credentials and fernet keys when deploying
an upgrade of the chart.
Change-Id: I89f5e2fa5f3e1a436ea747a0ab1472159f637e90
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Also update chart_version.sh script which
counts the number of commits since the BASE_VERSION
if BASE_VERSION tag is found. If the tag
doesn't exist it counts the number of commits since the
beginning. So when we use for example 2025.1.0 as
the BASE_VERSION but the tag 2025.1.0 is not yet created
the version of the e.g. nova chart will be calculated as
like 2025.1.563+<sha> and then when we create tag the nova version
will be 2025.1.0+<sha> which is undesired.
Lets use BASE_VERSION-<sha> if the tag is not found.
Change-Id: I032e8269ab17b490898d190adaec5c282e96fa88
This PR updates the yaml linter configuration
to align it with what we have in the osh-infra
repo.
Change-Id: I3585fdc6663b2ae7bfb5c1d8a13672ac3055bf86
Instead of hardcoding the liveness and readiness checks against the v3
endpoint, use the oslo.middlware healthcheck endpoint instead.
Change-Id: I0a8b6e0fb195dff8c7cfe8ccd2484cfcc980c791
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
As services are configured to use ServiceToken auth, the formula to calculate the max_active_keys is max_active_keys = ((token_expiration + allow_expired_window) / rotation_frequency) + 2
Change-Id: I4794e11fe307b16f3a1dca65ec2feb619661142f
Loci builds Openstack images nightly and publishes
them to both Docker Hub registry and to Quay registry.
Quay registry has much more tolerant rate limits, so
for users it is more convenient to use quay.
Change-Id: Id5c8776202a8c10a7aebccdae174880743dbdd09
This is the action item to implement the spec:
doc/source/specs/2025.1/chart_versioning.rst
Depends-On: I327103c18fc0e10e989a17f69b3bff9995c45eb4
Depends-On: I7bfdef3ea2128bbb4e26e3a00161fe30ce29b8e7
Change-Id: I4974785c904cf7c8730279854e3ad9b6b7c35498
Use quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
by default instead of 1.0.0 which is v1 formatted and
not supported any more by docker.
Change-Id: Idf43d229d1c81c506653980b5e8cd6463550bc5f
- In some charts third party images are used.
Need inspection which of them can be updated.
- For some charts we don't build images.
For this case let's build images for active
projects and probably retire charts for retired
or inactive projects.
Change-Id: Ic9e634806d40595992d68c1fc3cd54b655ca5d02
In multi-region environment, endpoints of other regions are also changed.
So, if we add the region option to endpoint-update file,
it changes endpoints only for the current region.
story: 2010965
task: 49081
Change-Id: Ia678b6737871dec8f6979924de7f2ba53153e7bf
- Also run last two test scripts in compute-kit job
sequentially. This is handy since it allows to see
what is happening during the test run. Both these
test scripts usually take just few minutes. But if
we run them using ansible async feature and one of
the scripts fails then we are forced to wait for
a long timeout.
Change-Id: I75b8fde3ec4e3355319b1c3f257e2d76c36f6aa4
Also a new nodeset was temporarily added.
The aio compute-kit jobs for recent releases require
a huge node to work reliably. We'll remove the temporary nodeset
once this is merged
https://review.opendev.org/c/openstack/openstack-helm-infra/+/884989
Change-Id: I7572fc39a8f6248ff7dac44f20076ba74a3499fc
We dropped train support a long time ago now, and our latest efforts
are to drop ussuri/bionic images. This change removes any leftover
train overrides as well as any ussuri overrides. This also changes
any image defaults to use wallaby.
Change-Id: I818a3a79faa631ec1b7de625f2113c6f19610760
port number in keystone
Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.
I added `service` section in endpoint items apart from admin,public
,internal and default.
Change-Id: I79b867a4e6771e07d1eebec89235352d7613e8eb
