From fc613d5997ad778d906cb2f6851ac5099964235a Mon Sep 17 00:00:00 2001 From: Nicholas Kuechler Date: Wed, 30 Apr 2025 12:18:51 -0500 Subject: [PATCH] feat: Adds OpenStack Skyline dashboard to Understack --- apps/appsets/openstack.yaml | 3 + components/skyline/README.md | 1 + components/skyline/kustomization.yaml | 6 ++ components/skyline/skyline-mariadb-db.yaml | 52 +++++++++++++++++ components/skyline/values.yaml | 65 ++++++++++++++++++++++ scripts/gitops-secrets-gen.sh | 19 +++++++ 6 files changed, 146 insertions(+) create mode 100644 components/skyline/README.md create mode 100644 components/skyline/kustomization.yaml create mode 100644 components/skyline/skyline-mariadb-db.yaml create mode 100644 components/skyline/values.yaml diff --git a/apps/appsets/openstack.yaml b/apps/appsets/openstack.yaml index 2046d1d2a..1247b66d8 100644 --- a/apps/appsets/openstack.yaml +++ b/apps/appsets/openstack.yaml @@ -43,6 +43,9 @@ spec: - component: horizon repoURL: https://tarballs.opendev.org/openstack/openstack-helm chartVersion: 2024.2.1+34d1672a-93ed069c + - component: skyline + repoURL: https://tarballs.opendev.org/openstack/openstack-helm + chartVersion: 2025.1.1+12830ffa1 template: metadata: name: '{{.name}}-{{.component}}' diff --git a/components/skyline/README.md b/components/skyline/README.md new file mode 100644 index 000000000..b21eec861 --- /dev/null +++ b/components/skyline/README.md @@ -0,0 +1 @@ +# OpenStack Skyline diff --git a/components/skyline/kustomization.yaml b/components/skyline/kustomization.yaml new file mode 100644 index 000000000..8d4a9ca73 --- /dev/null +++ b/components/skyline/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - skyline-mariadb-db.yaml diff --git a/components/skyline/skyline-mariadb-db.yaml b/components/skyline/skyline-mariadb-db.yaml new file mode 100644 index 000000000..24577b4d7 --- /dev/null +++ b/components/skyline/skyline-mariadb-db.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: skyline + namespace: openstack +spec: + # If you want the database to be created with a different name than the resource name + # name: data-custom + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + characterSet: utf8 + collate: utf8_general_ci + retryInterval: 5s +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: skyline + namespace: openstack +spec: + # If you want the user to be created with a different name than the resource name + # name: user-custom + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + passwordSecretKeyRef: + name: skyline-db-password + key: password + # This field is immutable and defaults to 10, 0 means unlimited. + maxUserConnections: 0 + host: "%" + retryInterval: 5s +--- +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: skyline-grant + namespace: openstack +spec: + mariaDbRef: + name: mariadb # name of the MariaDB kind + waitForIt: true + privileges: + - "ALL" + database: "skyline" + table: "*" + username: skyline + grantOption: true + host: "%" + retryInterval: 5s diff --git a/components/skyline/values.yaml b/components/skyline/values.yaml new file mode 100644 index 000000000..87f91fe21 --- /dev/null +++ b/components/skyline/values.yaml @@ -0,0 +1,65 @@ +--- +endpoints: + skyline: + host_fqdn_override: + public: + tls: + secretName: skyline-tls-public + issuerRef: + name: understack-cluster-issuer + kind: ClusterIssuer + +network: + # configure OpenStack Helm to use Undercloud's ingress + # instead of expecting the ingress controller provided + # by OpenStack Helm + use_external_ingress_controller: true + skyline: + ingress: + annotations: + nginx.ingress.kubernetes.io/rewrite-target: / + # set our default issuer + cert-manager.io/cluster-issuer: understack-cluster-issuer + +# (nicholas.kuechler) updating the jobs list to remove the 'skyline-db-init' job. +dependencies: + dynamic: + common: + local_image_registry: + jobs: null + static: + db_sync: + jobs: + +manifests: + job_db_init: false + secret_db: false + service_ingress: false + +pod: + lifecycle: + disruption_budget: + skyline: + # this should be set to no more than (pod.replicas.skyline - 1) + # usually set on per-deployment basis. + min_available: 0 + +# We don't want to enable OpenStack Helm's +# helm.sh/hooks because they set them as +# post-install,post-upgrade which in ArgoCD +# maps to PostSync. However the deployments +# and statefulsets in OpenStack Helm +# depend on the jobs to complete to become +# healthy. Which they cannot because they are in +# the post step and not in the main step. +# Turning this on results in the keys jobs +# editing the annotation which deletes the item +# and wipes our keys. +helm3_hook: false + +annotations: + job: + skyline_db_sync: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + argocd.argoproj.io/sync-options: Replace=true diff --git a/scripts/gitops-secrets-gen.sh b/scripts/gitops-secrets-gen.sh index f3068a644..6c613775a 100755 --- a/scripts/gitops-secrets-gen.sh +++ b/scripts/gitops-secrets-gen.sh @@ -342,6 +342,25 @@ load_or_gen_os_secret "${VARNAME_DB_PASSWORD}" "${SECRET_DB_PASSWORD}" && \ # export the variable for templating into the openstack secret / values.yaml export HORIZON_DB_PASSWORD +echo "Checking skyline" +# horizon credentials +mkdir -p "${DEST_DIR}/skyline" +# skyline user password for database +VARNAME_DB_PASSWORD="SKYLINE_DB_PASSWORD" +SECRET_DB_PASSWORD="skyline-db-password" +load_or_gen_os_secret "${VARNAME_DB_PASSWORD}" "${SECRET_DB_PASSWORD}" && \ + create_os_secret "DB_PASSWORD" "skyline" "skyline" +# export the variable for templating into the openstack secret / values.yaml +export SKYLINE_DB_PASSWORD + +VARNAME_KEYSTONE_PASSWORD="$(convert_to_var_name "skyline" "KEYSTONE_PASSWORD")" +SECRET_KEYSTONE_PASSWORD="$(convert_to_secret_name "${VARNAME_KEYSTONE_PASSWORD}")" +load_or_gen_os_secret "${VARNAME_KEYSTONE_PASSWORD}" "${SECRET_KEYSTONE_PASSWORD}" && \ + create_os_secret "KEYSTONE_PASSWORD" "skyline" "skyline" + +export "${VARNAME_KEYSTONE_PASSWORD?}" + + # generate the secret-openstack.yaml file every time from our secrets data # this is a helm values.yaml but it contains secrets because of the lack # of secrets references in OpenStack Helm