chore: Abandon 892704 patch
diff --git a/charts/glance/Chart.yaml b/charts/glance/Chart.yaml
index c0837b8..4d8a381 100644
--- a/charts/glance/Chart.yaml
+++ b/charts/glance/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/glance
- https://opendev.org/openstack/openstack-helm
-version: 0.4.6
+version: 0.4.12
diff --git a/charts/glance/charts/helm-toolkit/Chart.yaml b/charts/glance/charts/helm-toolkit/Chart.yaml
index 7d3703e..e6aec81 100644
--- a/charts/glance/charts/helm-toolkit/Chart.yaml
+++ b/charts/glance/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.53
+version: 0.2.54
diff --git a/charts/glance/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl b/charts/glance/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
index b99c00d..4a88dd8 100644
--- a/charts/glance/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/utils/_dependency_resolver.tpl
@@ -27,10 +27,12 @@
{{- else if kindIs "slice" $dependencyMixinParam }}
{{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}
{{- range $k, $v := $dependencyMixinParam -}}
+{{- if ( index $envAll.Values.dependencies.dynamic.targeted $v ) }}
{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}}
{{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}}
{{- end }}
{{- end }}
+{{- end }}
{{- else -}}
{{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}}
{{- end -}}
diff --git a/charts/glance/requirements.lock b/charts/glance/requirements.lock
index 6f6d186..111851c 100644
--- a/charts/glance/requirements.lock
+++ b/charts/glance/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.53
-digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
-generated: "2023-05-28T07:16:28.255092886Z"
+ version: 0.2.54
+digest: sha256:337a0f1ffb3eae591150b305c22293d85fb8c18abec78f56672de4f3ada2faae
+generated: "2023-09-01T14:09:24.947846739Z"
diff --git a/charts/glance/templates/configmap-etc.yaml b/charts/glance/templates/configmap-etc.yaml
index 277cea4..0ee2606 100644
--- a/charts/glance/templates/configmap-etc.yaml
+++ b/charts/glance/templates/configmap-etc.yaml
@@ -55,10 +55,6 @@
{{- $_ := set .Values.conf.glance.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
-{{- if not .Values.conf.paste }}
-{{- $_ := set $envAll.Values.conf.glance.paste_deploy "config_file" "/var/lib/openstack/etc/glance/glance-api-paste.ini" -}}
-{{- end }}
-
{{- if empty .Values.conf.glance.database.connection -}}
{{- $connection := tuple "oslo_db" "internal" "glance" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" -}}
{{- if .Values.manifests.certificates -}}
@@ -146,9 +142,7 @@
rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
glance-api.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.glance | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
- {{- if .Values.conf.paste }}
glance-api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
- {{- end }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
glance_sudoers: {{ $envAll.Values.conf.glance_sudoers | b64enc }}
diff --git a/charts/glance/templates/deployment-api.yaml b/charts/glance/templates/deployment-api.yaml
index dc641c5..bfe0049 100644
--- a/charts/glance/templates/deployment-api.yaml
+++ b/charts/glance/templates/deployment-api.yaml
@@ -12,6 +12,36 @@
limitations under the License.
*/}}
+{{- define "readinessProbeTemplate" }}
+{{- if .Values.manifests.certificates }}
+exec:
+ command:
+ - python
+ - -c
+ - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
+{{- else }}
+httpGet:
+ scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
+ port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- end }}
+{{- end }}
+
+{{- define "livenessProbeTemplate" }}
+{{- if .Values.manifests.certificates }}
+exec:
+ command:
+ - python
+ - -c
+ - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
+{{- else }}
+httpGet:
+ scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
+ port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- end }}
+{{- end }}
+
{{- if .Values.manifests.deployment_api }}
{{- $envAll := . }}
@@ -146,6 +176,8 @@
{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "glance" "container" "glance_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "component" "api" "container" "glance-api" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" $envAll "component" "api" "container" "glance-api" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/glance-api.sh
- start
@@ -160,34 +192,10 @@
command:
- /tmp/glance-api.sh
- stop
- {{- if $envAll.Values.manifests.certificates }}
- readinessProbe:
- exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
- livenessProbe:
- exec:
- command:
- - python
- - -c
- - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
- initialDelaySeconds: 30
- {{- else }}
+ {{- if not $envAll.Values.manifests.certificates }}
ports:
- name: g-api
containerPort: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- readinessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- livenessProbe:
- httpGet:
- scheme: HTTP
- path: /
- port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
volumeMounts:
- name: pod-tmp
@@ -210,12 +218,10 @@
subPath: {{ base .Values.conf.glance.DEFAULT.log_config_append }}
readOnly: true
{{- end }}
- {{- if .Values.conf.paste }}
- name: glance-etc
mountPath: /etc/glance/glance-api-paste.ini
subPath: glance-api-paste.ini
readOnly: true
- {{- end }}
- name: glance-etc
mountPath: /etc/glance/policy.yaml
subPath: policy.yaml
diff --git a/charts/glance/templates/pvc-images.yaml b/charts/glance/templates/pvc-images.yaml
index 0e09925..21ea961 100644
--- a/charts/glance/templates/pvc-images.yaml
+++ b/charts/glance/templates/pvc-images.yaml
@@ -20,8 +20,10 @@
apiVersion: v1
metadata:
name: glance-images
+ {{- if .Values.keep_pvc }}
annotations:
helm.sh/resource-policy: keep
+ {{- end }}
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
diff --git a/charts/glance/values.yaml b/charts/glance/values.yaml
index cea5248..2406a35 100644
--- a/charts/glance/values.yaml
+++ b/charts/glance/values.yaml
@@ -129,7 +129,66 @@
ceph_client:
override:
append:
- paste: {}
+ paste:
+ pipeline:glance-api:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context rootapp
+ pipeline:glance-api-caching:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache rootapp
+ pipeline:glance-api-cachemanagement:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler unauthenticated-context cache cachemanage rootapp
+ pipeline:glance-api-keystone:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context rootapp
+ pipeline:glance-api-keystone+caching:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache rootapp
+ pipeline:glance-api-keystone+cachemanagement:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler authtoken audit context cache cachemanage rootapp
+ pipeline:glance-api-trusted-auth:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context rootapp
+ pipeline:glance-api-trusted-auth+cachemanagement:
+ pipeline: cors healthcheck http_proxy_to_wsgi versionnegotiation osprofiler context cache cachemanage rootapp
+ composite:rootapp:
+ paste.composite_factory: glance.api:root_app_factory
+ /: apiversions
+ /v1: apiv1app
+ /v2: apiv2app
+ app:apiversions:
+ paste.app_factory: glance.api.versions:create_resource
+ app:apiv1app:
+ paste.app_factory: glance.api.v1.router:API.factory
+ app:apiv2app:
+ paste.app_factory: glance.api.v2.router:API.factory
+ filter:healthcheck:
+ paste.filter_factory: oslo_middleware:Healthcheck.factory
+ backends: disable_by_file
+ disable_by_file_path: /etc/glance/healthcheck_disable
+ filter:versionnegotiation:
+ paste.filter_factory: glance.api.middleware.version_negotiation:VersionNegotiationFilter.factory
+ filter:cache:
+ paste.filter_factory: glance.api.middleware.cache:CacheFilter.factory
+ filter:cachemanage:
+ paste.filter_factory: glance.api.middleware.cache_manage:CacheManageFilter.factory
+ filter:context:
+ paste.filter_factory: glance.api.middleware.context:ContextMiddleware.factory
+ filter:unauthenticated-context:
+ paste.filter_factory: glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+ filter:authtoken:
+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ delay_auth_decision: true
+ filter:audit:
+ paste.filter_factory: keystonemiddleware.audit:filter_factory
+ audit_map_file: /etc/glance/api_audit_map.conf
+ filter:gzip:
+ paste.filter_factory: glance.api.middleware.gzip:GzipMiddleware.factory
+ filter:osprofiler:
+ paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ hmac_keys: SECRET_KEY # DEPRECATED
+ enabled: yes # DEPRECATED
+ filter:cors:
+ paste.filter_factory: oslo_middleware.cors:filter_factory
+ oslo_config_project: glance
+ oslo_config_program: glance-api
+ filter:http_proxy_to_wsgi:
+ paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
policy: {}
glance_sudoers: |
# This sudoers file supports rootwrap for both Kolla and LOCI Images.
@@ -196,6 +255,8 @@
oslo_middleware:
enable_proxy_headers_parsing: true
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
@@ -818,6 +879,20 @@
termination_grace_period:
api:
timeout: 30
+ probes:
+ api:
+ glance-api:
+ readiness:
+ enabled: true
+ params:
+ periodSeconds: 15
+ timeoutSeconds: 10
+ liveness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 10
resources:
enabled: false
api:
@@ -951,4 +1026,11 @@
secret_registry: true
service_ingress_api: true
service_api: true
+
+# NOTE: This is for enable helm resource-policy to keep glance-images PVC.
+# set keep_pvc: true when allow helm resource-policy to keep for PVC.
+# This will requires mannual delete for PVC.
+# set keep_pvc: false when disallow helm resource-policy to keep for PVC.
+# This will allow helm to delete the PVC.
+keep_pvc: true
...