It also makes two other changes:
* Moves the entrypoint container manifest snippet to its own file to reduce loading on the _funcs.tpl file
* Changes dep-check-init-cont to dep_check_init_cont to match the formatting of other defines used in OpenStack Helm
* Allow glance to support using default secrets
if none are provided
* Resolve configmap mounting issue with glance
ceph secrets
* Ensure keystone wsgi workers/threads are set to
reasonable numbers for a container implementation
This PS loads all the required keystone configuration files into a container for an apache based deployment.
It allows OpenStack-Helm to be image agnosic, meaning operators can use any Apache based Keystone image they want.
two templates, because i don't how to pass two variables to template.
PR also adjust layout of configuration files in Nova.
Signed-off-by: DTadrzak <daniel.tadrzak@intel.com>
The new default for mitaka+ is fernet tokens which not all
container images support. This allows the operator to
specify the token provider, allowing uuid token usage in
images which is required until the infrastructure to setup
and distribute fernet keys is created.
* Add imagePullPolicy to ceph with default
* Add imagePullPolicy to mariadb with default
* Add missing imagePullPolicies to nova with defaults
* Remove malfunctioning daemonset dependency from nova
* Add missing neutron endpoint definition to nova values
* Force v4 networking in ceph. Repeated bootstrapping
is unreliable without this.
* Update cinder dependencies based on testing
* Optonal Horizon NodePort
* Revert iptables stub for nova-api-osapi because
we lack permississions to overwrite /sbin/iptables. We
will continue to run in a privileged security context
until we have a working solution.
The configuration of ``worker`` can be removed for two reasons:
* In Mitaka (and onward), it is two separate parameters:
``public_workers`` and ``admin_workers`` under section
[eventlet_server], as shown in [1]. In master (Ocata),
these options were removed.
* In the preferred keystone deployment of using u/wsgi, and not
eventlet server, this setting does not really take effect - as
Apache will manage this instead of keystone.
These options can be removed. Also, removed extra EOL spaces.
[1] https://github.com/openstack/keystone/blob/stable/mitaka/etc/keystone.conf.sample#L678-L696
