diff --git a/openstack/keystone/Chart.lock b/openstack/keystone/Chart.lock index 66cf3476878..577566bece5 100644 --- a/openstack/keystone/Chart.lock +++ b/openstack/keystone/Chart.lock @@ -2,26 +2,26 @@ dependencies: - name: mariadb repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm version: 0.14.2 -- name: mariadb-galera +- name: pxc-db repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.29.3 + version: 0.2.0 - name: memcached repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm version: 0.5.3 - name: mysql_metrics repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.3.5 + version: 0.4.1 - name: owner-info repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.2.3 + version: 1.0.0 - name: percona_cluster repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 1.1.7 + version: 1.1.9 - name: utils repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.15.0 + version: 0.21.0 - name: linkerd-support repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.1.4 -digest: sha256:7f3e9665e9e649af94735fe7b6233667353fe5aca639dc86e295def90a56f4b7 -generated: "2024-09-30T20:42:46.060829+05:30" + version: 1.1.0 +digest: sha256:5b96192207a4b1db506ca740ba0d812d5e98eb5865c628b10086e19d38694e71 +generated: "2024-12-20T15:22:39.713091+02:00" diff --git a/openstack/keystone/Chart.yaml b/openstack/keystone/Chart.yaml index fb66fcaacd9..3c0374ccd9a 100644 --- a/openstack/keystone/Chart.yaml +++ b/openstack/keystone/Chart.yaml @@ -9,34 +9,34 @@ maintainers: name: keystone sources: - https://github.com/sapcc/keystone -version: 0.8.0 +version: 0.9.0 dependencies: - condition: mariadb.enabled name: mariadb repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm version: 0.14.2 - - condition: mariadb_galera.enabled - name: mariadb-galera - alias: mariadb_galera + - condition: pxc_db.enabled + name: pxc-db + alias: pxc_db repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.29.3 + version: 0.2.0 - name: memcached repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm version: 0.5.3 - condition: mysql_metrics.enabled name: mysql_metrics repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.3.5 + version: 0.4.1 - name: owner-info repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.2.3 + version: 1.0.0 - condition: percona_cluster.enabled name: percona_cluster repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 1.1.7 + version: 1.1.9 - name: utils repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.15.0 + version: 0.21.0 - name: linkerd-support repository: oci://keppel.eu-de-1.cloud.sap/ccloud-helm - version: 0.1.4 + version: 1.1.0 diff --git a/openstack/keystone/ci/test-values.yaml b/openstack/keystone/ci/test-values.yaml index 9661d8e48a5..10ce471919c 100644 --- a/openstack/keystone/ci/test-values.yaml +++ b/openstack/keystone/ci/test-values.yaml @@ -3,7 +3,7 @@ global: db_region: local region: test master_password: test - registryAlternateRegion: test + registryAlternateRegion: test dockerHubMirror: mirror0 dockerHubMirrorAlternateRegion: test2 osprofiler: @@ -23,6 +23,21 @@ osprofiler: jager: enabled: true +mariadb: + root_password: topSecret! + backup_v2: + enabled: false + users: + keystone: + name: keystone + password: topSecret! + backup: + name: backup + password: topSecret! + +mysql_metrics: + db_password: topSecret! + rabbitmq: users: default: diff --git a/openstack/keystone/templates/_helpers.tpl b/openstack/keystone/templates/_helpers.tpl index bef21c946a3..98da3368e10 100644 --- a/openstack/keystone/templates/_helpers.tpl +++ b/openstack/keystone/templates/_helpers.tpl @@ -15,16 +15,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | replace "_" "-" | trimSuffix "-" -}} {{- end -}} -{{- define "db_host" -}} -{{- if .Values.global.clusterDomain -}} -{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}} -{{- else if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}} -{{.Release.Name}}-mariadb.{{.Release.Namespace}} -{{- else -}} -{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}} -{{- end -}} -{{- end -}} - {{- define "memcached_host" -}} {{- if .Values.global.clusterDomain -}} {{.Release.Name}}-memcached.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}} @@ -45,13 +35,6 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{- end -}} -{{/* -To satisfy common/mysql_metrics :( -*/}} - -{{define "keystone_db_host"}}{{- if .Values.global.clusterDomain }}{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}{{ else }}{{.Release.Name}}-mariadb.{{.Release.Namespace}}.svc.kubernetes.{{.Values.global.region}}.{{.Values.global.tld}}{{- end -}}{{end}} - - {{- define "2faproxy.selectorLabels" -}} app.kubernetes.io/name: 2faproxy app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/openstack/keystone/templates/etc/_secrets.conf.tpl b/openstack/keystone/templates/etc/_secrets.conf.tpl index 88e88321c0d..9b5be96e011 100644 --- a/openstack/keystone/templates/etc/_secrets.conf.tpl +++ b/openstack/keystone/templates/etc/_secrets.conf.tpl @@ -1,17 +1,10 @@ [database] # Database connection string - MariaDB for regional setup # and Percona Cluster for inter-regional setup: -{{ if .Values.percona_cluster.enabled -}} - {{/* in caase percona is active and we need to switch the connection string to mariadb-galera cluster without removing the percona cluster objects */}} - {{- if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}} -connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8 - {{- else }} +{{- if or .Values.percona_cluster.enabled (eq .Values.dbType "pxc-global") }} connection = {{ include "db_url_pxc" . }} - {{- end }} -{{- else if .Values.global.clusterDomain -}} -connection = mysql+pymysql://{{ default .Release.Name .Values.global.dbUser }}:{{.Values.global.dbPassword }}@{{include "db_host" .}}/{{ default .Release.Name .Values.mariadb.name }}?charset=utf8 -{{- else if and .Values.mariadb_galera.enabled .Values.databaseKind (eq .Values.databaseKind "galera") -}} -connection = mysql+pymysql://{{ .Values.mariadb_galera.mariadb.users.keystone.username }}:{{.Values.mariadb_galera.mariadb.users.keystone.password }}@{{include "db_host" .}}/{{ .Values.mariadb_galera.mariadb.database_name_to_connect }}?charset=utf8 +{{- else if .Values.dbType }} +connection = {{ include "utils.db_url" . }} {{- else }} connection = {{ include "db_url_mysql" . }} {{- end }} diff --git a/openstack/keystone/values.yaml b/openstack/keystone/values.yaml index d89900ae76a..250ecef95fa 100644 --- a/openstack/keystone/values.yaml +++ b/openstack/keystone/values.yaml @@ -296,10 +296,36 @@ mariadb: # Annotate the Deployment, StatefulSet or DaemonSet with vpa-butler.cloud.sap/main-container=$MAIN_CONTAINER. That will distribute 75% of the maximum available capacity to the main container and the rest evenly across all others set_main_container: true -# MariaDB Galera cluster as database backend -# mariadb.enabled has to be false if Galera is enabled -mariadb_galera: +pxc_db: enabled: false + name: keystone + initdb_job: true + alerts: + support_group: identity + databases: + - keystone + users: + keystone: + name: keystone + grants: + - "ALL PRIVILEGES on keystone.*" + pxc: + resources: + requests: + memory: 1Gi + persistence: + size: 10Gi + backup: + enabled: false + s3: + secrets: + aws_access_key_id: null + aws_secret_access_key: null + config: + region: DEFINED-IN-SECRETS + endpointUrl: DEFINED-IN-SECRETS + pitr: + enabled: false mysql_metrics: enabled: true