diff --git a/apis/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/apis/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml index 1fd33c64b..455eae05e 100644 --- a/apis/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml +++ b/apis/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml @@ -285,6 +285,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -295,6 +296,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -304,6 +306,7 @@ spec: type: array type: object ansibleSSHPrivateKeySecret: + maxLength: 253 type: string extraMounts: items: @@ -1109,6 +1112,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -1119,6 +1123,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean diff --git a/apis/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/apis/bases/dataplane.openstack.org_openstackdataplaneservices.yaml index 5172854ac..85330b265 100644 --- a/apis/bases/dataplane.openstack.org_openstackdataplaneservices.yaml +++ b/apis/bases/dataplane.openstack.org_openstackdataplaneservices.yaml @@ -35,6 +35,7 @@ spec: default: false type: boolean caCerts: + maxLength: 253 type: string certsFrom: type: string @@ -48,6 +49,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -58,6 +60,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean diff --git a/apis/dataplane/v1beta1/common.go b/apis/dataplane/v1beta1/common.go index b7a7e9a5f..38c7ab888 100644 --- a/apis/dataplane/v1beta1/common.go +++ b/apis/dataplane/v1beta1/common.go @@ -32,6 +32,7 @@ type LocalObjectReference struct { // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names // TODO: Add other useful fields. apiVersion, kind, uid? // +optional + // +kubebuilder:validation:MaxLength:=253 Name string `json:"name,omitempty" yaml:"name,omitempty"` } @@ -155,6 +156,7 @@ type NodeTemplate struct { // Secret.data.ssh-privatekey: // // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=253 // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"} AnsibleSSHPrivateKeySecret string `json:"ansibleSSHPrivateKeySecret"` // ManagementNetwork - Name of network to use for management (SSH/Ansible) diff --git a/apis/dataplane/v1beta1/openstackdataplaneservice_types.go b/apis/dataplane/v1beta1/openstackdataplaneservice_types.go index 62c55c30c..f0518af0a 100644 --- a/apis/dataplane/v1beta1/openstackdataplaneservice_types.go +++ b/apis/dataplane/v1beta1/openstackdataplaneservice_types.go @@ -74,6 +74,7 @@ type OpenStackDataPlaneServiceSpec struct { // CACerts - Secret containing the CA certificate chain // +kubebuilder:validation:Optional + // +kubebuilder:validation:MaxLength:=253 CACerts string `json:"caCerts,omitempty" yaml:"caCerts,omitempty"` // OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml index 1fd33c64b..455eae05e 100644 --- a/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml +++ b/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml @@ -285,6 +285,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -295,6 +296,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -304,6 +306,7 @@ spec: type: array type: object ansibleSSHPrivateKeySecret: + maxLength: 253 type: string extraMounts: items: @@ -1109,6 +1112,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -1119,6 +1123,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml index 5172854ac..85330b265 100644 --- a/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml +++ b/config/crd/bases/dataplane.openstack.org_openstackdataplaneservices.yaml @@ -35,6 +35,7 @@ spec: default: false type: boolean caCerts: + maxLength: 253 type: string certsFrom: type: string @@ -48,6 +49,7 @@ spec: configMapRef: properties: name: + maxLength: 253 type: string optional: type: boolean @@ -58,6 +60,7 @@ spec: secretRef: properties: name: + maxLength: 253 type: string optional: type: boolean diff --git a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml index 229bc6ab0..bba502698 100644 --- a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml @@ -167,6 +167,11 @@ spec: - description: TLS - overrides tls parameters for public endpoint displayName: TLS path: horizon.apiOverride.tls + - description: Enabled - Whether Horizon services should be deployed and managed + displayName: Enabled + path: horizon.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch - description: Template - Overrides to use when creating the Horizon services displayName: Template path: horizon.template @@ -518,6 +523,11 @@ spec: path: conditions x-descriptors: - urn:alm:descriptor:io.kubernetes.conditions + - description: Deployed + displayName: Deployed + path: deployed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch version: v1beta1 - description: OpenStackDataPlaneNodeSet is the Schema for the openstackdataplanenodesets API OpenStackDataPlaneNodeSet name must be a valid RFC1123 as it is used in @@ -573,6 +583,13 @@ spec: path: addCertMounts x-descriptors: - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: DeployOnAllNodeSets - should the service be deploy across all + nodesets This will override default target of a service play, setting it + to 'all'. + displayName: Deploy On All Node Sets + path: deployOnAllNodeSets + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch statusDescriptors: - description: Conditions displayName: Conditions diff --git a/docs/assemblies/ctlplane_resources.adoc b/docs/assemblies/ctlplane_resources.adoc index 2b44bba49..20e3720ff 100644 --- a/docs/assemblies/ctlplane_resources.adoc +++ b/docs/assemblies/ctlplane_resources.adoc @@ -382,6 +382,12 @@ * <> * <> * <> +* <> +* <> +* <> +* <> +* <> +* <> * <> * <> * <> @@ -2129,6 +2135,26 @@ ContainerTemplate - struct that contains container image URLs for each service i | | *string | false + +| testTempestImage +| +| *string +| false + +| testTobikoImage +| +| *string +| false + +| testHorizontestImage +| +| *string +| false + +| testAnsibletestImage +| +| *string +| false |=== <> @@ -4068,7 +4094,7 @@ DesignateTemplate defines common input parameters used by all Designate services | <> | true -| None +| backendType | BackendType - Defines the backend service/configuration we are using, i.e. bind9, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup | string | true @@ -4257,9 +4283,9 @@ DesignateSpecBase - | passwordSelectors | PasswordSelectors - Selectors to identify the DB and AdminUser password from the Secret | <> -| false +| true -| None +| backendType | BackendType - Defines the backend service/configuration we are using, i.e. bind9, unhbound, PowerDNS, BYO, etc.. Helps maintain a single init container/init.sh to do container setup | string | true @@ -4372,7 +4398,7 @@ DesignateStatus defines the observed state of Designate | false | databaseHostname -| Designate Database Hostname +| DatabaseHostname - Designate Database Hostname | string | false @@ -12152,6 +12178,11 @@ OctaviaSpec defines the desired state of Octavia | OctaviaHousekeeping - Spec definition for the Octavia Housekeeping agent for the Octavia deployment | <> | true + +| octaviaRsyslog +| OctaviaRsyslog - Spec definition for the Octavia Rsyslog agent for the Octavia deployment +| <> +| true |=== <> @@ -12294,6 +12325,11 @@ OctaviaSpecCore - this version has no containerImages and is used by OpenStackCo | OctaviaHousekeeping - Spec definition for the Octavia Housekeeping agent for the Octavia deployment | <> | true + +| octaviaRsyslog +| OctaviaRsyslog - Spec definition for the Octavia Rsyslog agent for the Octavia deployment +| <> +| true |=== <> @@ -12346,6 +12382,11 @@ OctaviaStatus defines the observed state of Octavia | int32 | false +| rsyslogreadyCount +| ReadyCount of octavia Rsyslog instances +| int32 +| false + | observedGeneration | ObservedGeneration - the most recent generation observed for this service. If the observed generation is less than the spec generation, then the controller has not processed the latest changes injected by the opentack-operator in the top-level CR (e.g. the ContainerImage) | int64 @@ -12610,6 +12651,185 @@ OctaviaAPIStatus defines the observed state of OctaviaAPI <> +[#octaviarsyslog] +==== OctaviaRsyslog + +OctaviaRsyslog is the Schema for the octaviaworkers API + +|=== +| Field | Description | Scheme | Required + +| metadata +| +| metav1.ObjectMeta +| false + +| spec +| +| <> +| false + +| status +| +| <> +| false +|=== + +<> + +[#octaviarsysloglist] +==== OctaviaRsyslogList + +OctaviaRsyslogList contains a list of OctaviaWorker + +|=== +| Field | Description | Scheme | Required + +| metadata +| +| metav1.ListMeta +| false + +| items +| +| []<> +| true +|=== + +<> + +[#octaviarsyslogspec] +==== OctaviaRsyslogSpec + +OctaviaRsyslogSpec defines common state for all Octavia Amphora Controllers + +|=== +| Field | Description | Scheme | Required + +| containerImage +| ContainerImage - Amphora Controller Container Image URL +| string +| false +|=== + +<> + +[#octaviarsyslogspeccore] +==== OctaviaRsyslogSpecCore + +OctaviaRsyslogSpecCore - + +|=== +| Field | Description | Scheme | Required + +| serviceUser +| ServiceUser - service user name (TODO: beagles, do we need this at all) +| string +| true + +| serviceAccount +| ServiceAccount - service account name used internally to provide Octavia services the default SA name +| string +| true + +| nodeSelector +| NodeSelector to target subset of worker nodes running this service +| map[string]string +| false + +| defaultConfigOverwrite +| ConfigOverwrite - interface to overwrite default config files like e.g. logging.conf or policy.json. But can also be used to add additional files. Those get added to the service config dir in /etc/++++++.++++++ +| map[string]string +| false + +| resources +| Resources - Compute Resources required by this service (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| corev1.ResourceRequirements +| false + +| networkAttachments +| NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network +| []string +| false + +| adminLogTargets +| AdminLogTargets is a list of OctaviaRsyslogTarget, the admin logs are forwarded to those targets. Use only when forwarding to an external Rsyslog server. +| []<> +| false + +| tenantLogTargets +| TenantLogTargets is a list of OctaviaRsyslogTarget, the tenant logs are forwarded to those targets. Use only when forwarding to an external Rsyslog server. +| []<> +| false +|=== + +<> + +[#octaviarsyslogstatus] +==== OctaviaRsyslogStatus + +OctaviaRsyslogStatus defines the observed state of the Octavia Amphora Controller + +|=== +| Field | Description | Scheme | Required + +| readyCount +| ReadyCount of Octavia Amphora Controllers +| int32 +| false + +| desiredNumberScheduled +| DesiredNumberScheduled - total number of the nodes which should be running Daemon +| int32 +| false + +| hash +| Map of hashes to track e.g. job status +| map[string]string +| false + +| conditions +| Conditions +| condition.Conditions +| false + +| networkAttachments +| NetworkAttachment status of the deployment pods +| map[string][]string +| false + +| observedGeneration +| ObservedGeneration - the most recent generation observed for this service. If the observed generation is less than the spec generation, then the controller has not processed the latest changes injected by the opentack-operator in the top-level CR (e.g. the ContainerImage) +| int64 +| false +|=== + +<> + +[#octaviarsyslogtarget] +==== OctaviaRsyslogTarget + +|=== +| Field | Description | Scheme | Required + +| host +| +| string +| true + +| port +| +| int +| true + +| protocol +| +| string +| true +|=== + +<> + [#cpucountreq] ==== CPUCountReq @@ -14751,6 +14971,11 @@ Aodh defines the aodh component spec | bool | true +| memcachedInstance +| Memcached instance name. +| string +| true + | tls | TLS - Parameters related to the TLS | tls.API @@ -15301,7 +15526,7 @@ MetricStorageSpec defines the desired state of MetricStorage | dataplaneNetwork | DataplaneNetwork defines the network that will be used to scrape dataplane node_exporter endpoints -| infranetworkv1.NetNameStr +| *infranetworkv1.NetNameStr | true | monitoringStack diff --git a/docs/assemblies/dataplane_resources.adoc b/docs/assemblies/dataplane_resources.adoc index 5e6c40049..8732e2376 100644 --- a/docs/assemblies/dataplane_resources.adoc +++ b/docs/assemblies/dataplane_resources.adoc @@ -698,11 +698,6 @@ NodeSection defines the top level attributes inherited by nodes in the CR. |=== | Field | Description | Scheme | Required -| extraMounts -| ExtraMounts containing files which can be mounted into an Ansible Execution Pod -| []storage.VolMounts -| false - | networks | Networks - Instance networks | []infranetworkv1.IPSetNetwork diff --git a/pkg/dataplane/cert.go b/pkg/dataplane/cert.go index afc9b22ca..ee33f8b0d 100644 --- a/pkg/dataplane/cert.go +++ b/pkg/dataplane/cert.go @@ -18,6 +18,8 @@ package deployment import ( "context" + "crypto/sha256" + "encoding/hex" "fmt" "sort" "strconv" @@ -28,6 +30,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -284,5 +287,10 @@ func GetTLSNodeCert(ctx context.Context, helper *helper.Helper, // openstack-epdm-nova-default-certs-0. func GetServiceCertsSecretName(instance *dataplanev1.OpenStackDataPlaneNodeSet, serviceName string, certKey string, index int) string { - return fmt.Sprintf("%s-%s-%s-certs-%s", instance.Name, serviceName, certKey, strconv.Itoa(index)) + name := fmt.Sprintf("%s-%s-%s-certs-%s", instance.Name, serviceName, certKey, strconv.Itoa(index)) + if len(name) > apimachineryvalidation.DNS1123SubdomainMaxLength { + hash := sha256.Sum224([]byte(name)) + name = "cert-" + hex.EncodeToString(hash[:]) + } + return name }