chore(openstack): create schema and document configuration

components/openstack/templates/mariadb-instance.yaml.tpl

@@ -7,14 +7,16 @@ metadata:
     # do not allow ArgoCD to delete our DB
     argocd.argoproj.io/sync-options: Delete=false
 spec:
-  rootPasswordSecretKeyRef: {{ .Values.mariadb.rootPasswordSecretKeyRef | toJson }}
+  rootPasswordSecretKeyRef:
+{{ toYaml .Values.mariadb.rootPasswordSecretKeyRef | indent 4 }}
 
   # renovate: datasource=docker
   image: docker-registry1.mariadb.com/library/mariadb:11.4.4
   imagePullPolicy: IfNotPresent
 
   port: 3306
-  storage: {{ .Values.mariadb.storage | toJson }}
+  storage:
+{{ toYaml .Values.mariadb.storage | indent 4 }}
   replicas: {{ .Values.mariadb.replicas }}
   service:
     type: ClusterIP

components/openstack/values.schema.json

@@ -0,0 +1,144 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "OpenStack Helm Chart Values",
+  "description": "Schema for OpenStack component values.yaml configuration",
+  "type": "object",
+  "properties": {
+    "mariadb": {
+      "type": "object",
+      "description": "OpenStack mariadb instance settings",
+      "properties": {
+        "rootPasswordSecretKeyRef": {
+          "type": "object",
+          "description": "Root password settings",
+          "properties": {
+            "name": {
+              "type": "string",
+              "description": "Secret name containing the root password"
+            },
+            "key": {
+              "type": "string",
+              "description": "Key within the secret containing the password"
+            },
+            "generate": {
+              "type": "boolean",
+              "description": "Whether to generate the password if it doesn't exist"
+            }
+          },
+          "required": ["name", "key"],
+          "additionalProperties": false
+        },
+        "storage": {
+          "type": "object",
+          "description": "Storage settings",
+          "properties": {
+            "size": {
+              "type": "string",
+              "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$",
+              "description": "Storage size (e.g., 10Gi)"
+            },
+            "resizeInUseVolumes": {
+              "type": "boolean",
+              "description": "Enable resizing volumes while in use"
+            },
+            "waitForVolumeResize": {
+              "type": "boolean",
+              "description": "Wait for volume resize to complete"
+            },
+            "volumeClaimTemplate": {
+              "type": "object",
+              "description": "Volume claim template configuration",
+              "properties": {
+                "storageClassName": {
+                  "type": "string",
+                  "description": "Storage class name for the volume"
+                },
+                "accessModes": {
+                  "type": "array",
+                  "items": {
+                    "type": "string",
+                    "enum": ["ReadWriteOnce", "ReadOnlyMany", "ReadWriteMany"]
+                  },
+                  "description": "Access modes for the volume"
+                },
+                "resources": {
+                  "type": "object",
+                  "properties": {
+                    "requests": {
+                      "type": "object",
+                      "properties": {
+                        "storage": {
+                          "type": "string",
+                          "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$",
+                          "description": "Storage request size"
+                        }
+                      },
+                      "additionalProperties": false
+                    }
+                  },
+                  "additionalProperties": false
+                }
+              },
+              "additionalProperties": false
+            }
+          },
+          "additionalProperties": false
+        },
+        "replicas": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Number of MariaDB replicas (Galera cluster size)"
+        }
+      },
+      "additionalProperties": false
+    },
+    "rabbitmq": {
+      "type": "object",
+      "description": "OpenStack RabbitMQ instance settings",
+      "properties": {
+        "persistence": {
+          "type": "object",
+          "description": "Storage persistence settings",
+          "additionalProperties": true
+        }
+      },
+      "additionalProperties": false
+    },
+    "extraObjects": {
+      "type": "array",
+      "description": "Array of extra Kubernetes manifests to deploy",
+      "items": {
+        "type": "object",
+        "properties": {
+          "apiVersion": {
+            "type": "string",
+            "description": "Kubernetes API version"
+          },
+          "kind": {
+            "type": "string",
+            "description": "Kubernetes resource kind"
+          },
+          "metadata": {
+            "type": "object",
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "namespace": {
+                "type": "string"
+              }
+            },
+            "additionalProperties": true
+          },
+          "spec": {
+            "type": "object",
+            "additionalProperties": true
+          }
+        },
+        "required": ["apiVersion", "kind"],
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": false
+}

docs/deploy-guide/config-openstack.md

@@ -0,0 +1,171 @@
+# Configuring OpenStack (Shared)
+
+The `openstack` component provides shared infrastructure and prerequisites for all OpenStack services in UnderStack. This includes database, messaging, and common resources needed by individual OpenStack services like Keystone, Nova, Neutron, and Ironic.
+
+## Overview
+
+The OpenStack component is a Helm chart that creates:
+
+- **MariaDB cluster** - Primary database for OpenStack services
+- **RabbitMQ cluster** - Message broker for OpenStack communication
+- **Shared secrets and credentials** - Common authentication resources
+- **Kubernetes Service accounts** - Kubernetes RBAC for workflow automation
+- **External secret stores** - Integration with external secret management
+
+## Configuration
+
+Configure the OpenStack component by editing `$DEPLOY_NAME/helm-configs/openstack.yaml` in your deployment repository.
+
+### MariaDB Database Configuration
+
+The MariaDB cluster provides the primary database for OpenStack services:
+
+```yaml
+mariadb:
+  # Root password configuration
+  rootPasswordSecretKeyRef:
+    name: mariadb
+    key: root-password
+    generate: true  # Auto-generate if not provided
+
+  # Storage configuration
+  storage:
+    size: 10Gi
+    resizeInUseVolumes: true
+    waitForVolumeResize: true
+    volumeClaimTemplate:
+      storageClassName: ceph-block-single
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+
+  # Enable Galera cluster with 3 replicas for HA
+  replicas: 3
+```
+
+#### Storage Considerations
+
+- **Size**: Start with 10Gi minimum, scale based on your deployment size
+- **Storage Class**: Use your cluster's high-performance storage class
+- **Replicas**: 3 replicas provide high availability via Galera clustering
+- **Resize**: Enable volume resizing for future scaling needs
+
+### RabbitMQ Message Broker Configuration
+
+RabbitMQ handles inter-service communication for OpenStack:
+
+```yaml
+rabbitmq:
+  # Configure persistent storage for message queues
+  persistence:
+    enabled: true
+    size: 8Gi
+    storageClassName: ceph-block-single
+```
+
+### Additional Kubernetes Resources
+
+Use `extraObjects` to deploy additional Kubernetes manifests alongside the OpenStack component:
+
+```yaml
+extraObjects:
+  - apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+      name: openstack-credentials
+    spec:
+      secretStoreRef:
+        kind: ClusterSecretStore
+        name: vault-backend
+      target:
+        name: openstack-admin-credentials
+      dataFrom:
+        - extract:
+            key: openstack/admin
+```
+
+## Integration with OpenStack Services
+
+Individual OpenStack services (Keystone, Nova, Neutron, etc.) depend on resources created by this component:
+
+- **Database**: Each service gets dedicated MariaDB databases
+- **Messaging**: Services connect to the shared RabbitMQ cluster
+- **Secrets**: Common credentials are managed centrally
+- **Kubernetes Service Accounts**: Argo Workflows automation uses shared service accounts
+
+## Security Considerations
+
+### Secret Management
+
+- Use External Secrets Operator for production deployments
+- Rotate database and RabbitMQ credentials regularly
+- Ensure proper RBAC for service accounts
+
+### Network Security
+
+- Configure network policies to restrict inter-pod communication
+- Use TLS for all database and message broker connections
+- Isolate OpenStack traffic using Kubernetes namespaces
+
+## Monitoring and Observability
+
+The OpenStack component integrates with cluster monitoring:
+
+```yaml
+# Enable monitoring for MariaDB
+mariadb:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+
+# Enable monitoring for RabbitMQ
+rabbitmq:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+```
+
+## Troubleshooting
+
+### Database Connection Issues
+
+If OpenStack services can't connect to MariaDB:
+
+1. Check MariaDB pod status: `kubectl get pods -l app=mariadb`
+2. Verify service endpoints: `kubectl get endpoints mariadb`
+3. Test connectivity from a service pod: `kubectl exec -it <pod> -- mysql -h mariadb -u root -p`
+
+### Message Queue Problems
+
+For RabbitMQ connectivity issues:
+
+1. Check RabbitMQ cluster status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl cluster_status`
+2. Verify queue status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl list_queues`
+3. Check service connectivity: `kubectl get svc rabbitmq`
+
+### Resource Scaling
+
+To scale the database cluster:
+
+```yaml
+mariadb:
+  replicas: 5  # Scale to 5 nodes
+  storage:
+    size: 50Gi  # Increase storage per node
+```
+
+Apply changes and monitor the scaling process:
+
+```bash
+kubectl get pods -l app=mariadb -w
+```
+
+## Related Documentation
+
+- [Component Configuration](./component-config.md) - General component configuration patterns
+- [Override OpenStack Service Config](./override-openstack-svc-config.md) - Service-specific configuration overrides
+- [Deploy Repo](./deploy-repo.md) - Deployment repository structure

docs/schema/component-openstack.schema.json

@@ -0,0 +1 @@
+../../components/openstack/values.schema.json

mkdocs.yml

@@ -130,6 +130,7 @@ nav:
       - deploy-guide/deploy-repo.md
       - deploy-guide/component-config.md
       - deploy-guide/config-dex.md
+      - deploy-guide/config-openstack.md
       - deploy-guide/auth.md
       - deploy-guide/config-argo-workflows.md
     - Starting the Deployment: