diff --git a/components/openstack/templates/mariadb-instance.yaml.tpl b/components/openstack/templates/mariadb-instance.yaml.tpl index 5e6d4ed39..e904e35ca 100644 --- a/components/openstack/templates/mariadb-instance.yaml.tpl +++ b/components/openstack/templates/mariadb-instance.yaml.tpl @@ -7,14 +7,16 @@ metadata: # do not allow ArgoCD to delete our DB argocd.argoproj.io/sync-options: Delete=false spec: - rootPasswordSecretKeyRef: {{ .Values.mariadb.rootPasswordSecretKeyRef | toJson }} + rootPasswordSecretKeyRef: +{{ toYaml .Values.mariadb.rootPasswordSecretKeyRef | indent 4 }} # renovate: datasource=docker image: docker-registry1.mariadb.com/library/mariadb:11.4.4 imagePullPolicy: IfNotPresent port: 3306 - storage: {{ .Values.mariadb.storage | toJson }} + storage: +{{ toYaml .Values.mariadb.storage | indent 4 }} replicas: {{ .Values.mariadb.replicas }} service: type: ClusterIP diff --git a/components/openstack/values.schema.json b/components/openstack/values.schema.json new file mode 100644 index 000000000..8ca4fb7a0 --- /dev/null +++ b/components/openstack/values.schema.json @@ -0,0 +1,144 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "OpenStack Helm Chart Values", + "description": "Schema for OpenStack component values.yaml configuration", + "type": "object", + "properties": { + "mariadb": { + "type": "object", + "description": "OpenStack mariadb instance settings", + "properties": { + "rootPasswordSecretKeyRef": { + "type": "object", + "description": "Root password settings", + "properties": { + "name": { + "type": "string", + "description": "Secret name containing the root password" + }, + "key": { + "type": "string", + "description": "Key within the secret containing the password" + }, + "generate": { + "type": "boolean", + "description": "Whether to generate the password if it doesn't exist" + } + }, + "required": ["name", "key"], + "additionalProperties": false + }, + "storage": { + "type": "object", + "description": "Storage settings", + "properties": { + "size": { + "type": "string", + "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$", + "description": "Storage size (e.g., 10Gi)" + }, + "resizeInUseVolumes": { + "type": "boolean", + "description": "Enable resizing volumes while in use" + }, + "waitForVolumeResize": { + "type": "boolean", + "description": "Wait for volume resize to complete" + }, + "volumeClaimTemplate": { + "type": "object", + "description": "Volume claim template configuration", + "properties": { + "storageClassName": { + "type": "string", + "description": "Storage class name for the volume" + }, + "accessModes": { + "type": "array", + "items": { + "type": "string", + "enum": ["ReadWriteOnce", "ReadOnlyMany", "ReadWriteMany"] + }, + "description": "Access modes for the volume" + }, + "resources": { + "type": "object", + "properties": { + "requests": { + "type": "object", + "properties": { + "storage": { + "type": "string", + "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$", + "description": "Storage request size" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "replicas": { + "type": "integer", + "minimum": 1, + "description": "Number of MariaDB replicas (Galera cluster size)" + } + }, + "additionalProperties": false + }, + "rabbitmq": { + "type": "object", + "description": "OpenStack RabbitMQ instance settings", + "properties": { + "persistence": { + "type": "object", + "description": "Storage persistence settings", + "additionalProperties": true + } + }, + "additionalProperties": false + }, + "extraObjects": { + "type": "array", + "description": "Array of extra Kubernetes manifests to deploy", + "items": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "description": "Kubernetes API version" + }, + "kind": { + "type": "string", + "description": "Kubernetes resource kind" + }, + "metadata": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "additionalProperties": true + }, + "spec": { + "type": "object", + "additionalProperties": true + } + }, + "required": ["apiVersion", "kind"], + "additionalProperties": true + } + } + }, + "additionalProperties": false +} diff --git a/docs/deploy-guide/config-openstack.md b/docs/deploy-guide/config-openstack.md new file mode 100644 index 000000000..c448a37fa --- /dev/null +++ b/docs/deploy-guide/config-openstack.md @@ -0,0 +1,171 @@ +# Configuring OpenStack (Shared) + +The `openstack` component provides shared infrastructure and prerequisites for all OpenStack services in UnderStack. This includes database, messaging, and common resources needed by individual OpenStack services like Keystone, Nova, Neutron, and Ironic. + +## Overview + +The OpenStack component is a Helm chart that creates: + +- **MariaDB cluster** - Primary database for OpenStack services +- **RabbitMQ cluster** - Message broker for OpenStack communication +- **Shared secrets and credentials** - Common authentication resources +- **Kubernetes Service accounts** - Kubernetes RBAC for workflow automation +- **External secret stores** - Integration with external secret management + +## Configuration + +Configure the OpenStack component by editing `$DEPLOY_NAME/helm-configs/openstack.yaml` in your deployment repository. + +### MariaDB Database Configuration + +The MariaDB cluster provides the primary database for OpenStack services: + +```yaml +mariadb: + # Root password configuration + rootPasswordSecretKeyRef: + name: mariadb + key: root-password + generate: true # Auto-generate if not provided + + # Storage configuration + storage: + size: 10Gi + resizeInUseVolumes: true + waitForVolumeResize: true + volumeClaimTemplate: + storageClassName: ceph-block-single + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + + # Enable Galera cluster with 3 replicas for HA + replicas: 3 +``` + +#### Storage Considerations + +- **Size**: Start with 10Gi minimum, scale based on your deployment size +- **Storage Class**: Use your cluster's high-performance storage class +- **Replicas**: 3 replicas provide high availability via Galera clustering +- **Resize**: Enable volume resizing for future scaling needs + +### RabbitMQ Message Broker Configuration + +RabbitMQ handles inter-service communication for OpenStack: + +```yaml +rabbitmq: + # Configure persistent storage for message queues + persistence: + enabled: true + size: 8Gi + storageClassName: ceph-block-single +``` + +### Additional Kubernetes Resources + +Use `extraObjects` to deploy additional Kubernetes manifests alongside the OpenStack component: + +```yaml +extraObjects: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: openstack-credentials + spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: openstack-admin-credentials + dataFrom: + - extract: + key: openstack/admin +``` + +## Integration with OpenStack Services + +Individual OpenStack services (Keystone, Nova, Neutron, etc.) depend on resources created by this component: + +- **Database**: Each service gets dedicated MariaDB databases +- **Messaging**: Services connect to the shared RabbitMQ cluster +- **Secrets**: Common credentials are managed centrally +- **Kubernetes Service Accounts**: Argo Workflows automation uses shared service accounts + +## Security Considerations + +### Secret Management + +- Use External Secrets Operator for production deployments +- Rotate database and RabbitMQ credentials regularly +- Ensure proper RBAC for service accounts + +### Network Security + +- Configure network policies to restrict inter-pod communication +- Use TLS for all database and message broker connections +- Isolate OpenStack traffic using Kubernetes namespaces + +## Monitoring and Observability + +The OpenStack component integrates with cluster monitoring: + +```yaml +# Enable monitoring for MariaDB +mariadb: + metrics: + enabled: true + serviceMonitor: + enabled: true + +# Enable monitoring for RabbitMQ +rabbitmq: + metrics: + enabled: true + serviceMonitor: + enabled: true +``` + +## Troubleshooting + +### Database Connection Issues + +If OpenStack services can't connect to MariaDB: + +1. Check MariaDB pod status: `kubectl get pods -l app=mariadb` +2. Verify service endpoints: `kubectl get endpoints mariadb` +3. Test connectivity from a service pod: `kubectl exec -it -- mysql -h mariadb -u root -p` + +### Message Queue Problems + +For RabbitMQ connectivity issues: + +1. Check RabbitMQ cluster status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl cluster_status` +2. Verify queue status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl list_queues` +3. Check service connectivity: `kubectl get svc rabbitmq` + +### Resource Scaling + +To scale the database cluster: + +```yaml +mariadb: + replicas: 5 # Scale to 5 nodes + storage: + size: 50Gi # Increase storage per node +``` + +Apply changes and monitor the scaling process: + +```bash +kubectl get pods -l app=mariadb -w +``` + +## Related Documentation + +- [Component Configuration](./component-config.md) - General component configuration patterns +- [Override OpenStack Service Config](./override-openstack-svc-config.md) - Service-specific configuration overrides +- [Deploy Repo](./deploy-repo.md) - Deployment repository structure diff --git a/docs/schema/component-openstack.schema.json b/docs/schema/component-openstack.schema.json new file mode 120000 index 000000000..344b318b0 --- /dev/null +++ b/docs/schema/component-openstack.schema.json @@ -0,0 +1 @@ +../../components/openstack/values.schema.json \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index fc4d79398..686b2d21f 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -130,6 +130,7 @@ nav: - deploy-guide/deploy-repo.md - deploy-guide/component-config.md - deploy-guide/config-dex.md + - deploy-guide/config-openstack.md - deploy-guide/auth.md - deploy-guide/config-argo-workflows.md - Starting the Deployment: