Skip to content

Commit

Permalink
Merge pull request #619 from fmount/samples
Browse files Browse the repository at this point in the history
Update glance samples to use OpenStackControlPlane
  • Loading branch information
openshift-merge-bot[bot] authored Sep 9, 2024
2 parents 6faca68 + 2841a25 commit 33fe3c0
Show file tree
Hide file tree
Showing 20 changed files with 234 additions and 170 deletions.
2 changes: 1 addition & 1 deletion config/samples/copy_image/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
resources:
- ../backend/multistore
- ../backends/multistore

patches:
- target:
Expand Down
34 changes: 26 additions & 8 deletions config/samples/disk_formats/disk_format.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,28 @@
# Inject inject_metadata config
apiVersion: glance.openstack.org/v1beta1
kind: Glance
apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
name: glance
name: openstack
spec:
serviceUser: glance
customServiceConfig: |
[image_format]
disk_formats=raw,iso
glance:
template:
databaseInstance: openstack
customServiceConfig: |
[DEFAULT]
enabled_backends = default_backend:swift
[glance_store]
default_backend = default_backend
[default_backend]
swift_store_create_container_on_put = True
swift_store_auth_version = 3
swift_store_auth_address = {{ .KeystoneInternalURL }}
swift_store_endpoint_type = internalURL
swift_store_user = service:glance
swift_store_key = {{ .ServicePassword }}
[image_format]
disk_formats=raw,iso
glanceAPIs:
default:
replicas: 1
secret: osp-secret
storage:
storageRequest: 1G
5 changes: 3 additions & 2 deletions config/samples/disk_formats/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
resources:
- ../layout/base
- ../backends/base/openstack

patches:
- path: ./disk_format.yaml
- path: disk_format.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
29 changes: 13 additions & 16 deletions config/samples/image_cache/image-cache.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ spec:
template:
databaseInstance: openstack
serviceUser: glance
containerImage: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified
customServiceConfig: |
[DEFAULT]
enabled_backends = default_backend:rbd
Expand All @@ -32,18 +31,16 @@ spec:
storageRequest: 1G
imageCache:
size: 2G
extraMounts:
- name: v1
region: r1
extraVol:
- propagation:
- Glance
extraVolType: Ceph
volumes:
- name: ceph
secret:
secretName: ceph-conf-files
mounts:
- name: ceph
mountPath: "/etc/ceph"
readOnly: true
extraMounts:
- name: v1
region: r1
extraVol:
- extraVolType: Ceph
volumes:
- name: ceph
secret:
secretName: ceph-conf-files
mounts:
- name: ceph
mountPath: "/etc/ceph"
readOnly: true
3 changes: 3 additions & 0 deletions config/samples/image_cache/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ resources:

patches:
- path: image-cache.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
9 changes: 5 additions & 4 deletions config/samples/import_plugins/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,12 @@ The plugin will not decompress images whose container_format is set to
'compressed' to maintain the original intent of the image creator. If Image
Conversion is used together, decompression must happen first, this is ensured
by ordering the plugins.
Make sure to properly plan storage for the Glance Pod when this feature is
enabled, especially if is enabled in combination with other image plugins.

As we can't image decompression happened in a path that lives
within the POD space, we need to define a [PVC](image_decompression/image_decompression_pvc.yaml)
that will be used to mount the Glance path used by image decompression plugin.
You can find more information about storage planning in the design assumptions
[section](../../../docs/dev/design-decisions.md).

You can find more abut plugin configuration options
You can find more about plugin configuration options
in [upstream](https://docs.openstack.org/glance/latest/admin/interoperable-image-import.html#the-image-decompression)
documentation.
Original file line number Diff line number Diff line change
@@ -1,55 +1,46 @@
# Sample using Ceph as a glance backend with image decompression plugin
# Requires a running Ceph cluster and its `/etc/ceph` files in secret `ceph-conf-files`
# This can be achieved with the `ceph` target of `install_yamls`
apiVersion: glance.openstack.org/v1beta1
kind: Glance
apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
name: glance
name: openstack
spec:
serviceUser: glance
containerImage: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified
customServiceConfig: |
[DEFAULT]
enabled_backends = default_backend:rbd
[glance_store]
default_backend = default_backend
[default_backend]
rbd_store_ceph_conf = /etc/ceph/ceph.conf
store_description = "RBD backend"
rbd_store_pool = images
rbd_store_user = openstack
[image_import_opts]
image_import_plugins = [image_decompression]
databaseInstance: openstack
databaseAccount: glance
glanceAPI:
preserveJobs: false
replicas: 1
secret: osp-secret
storage:
storageClass: ""
storageRequest: 1G
extraMounts:
- name: v1
region: r1
extraVol:
- propagation:
- Glance
extraVolType: Ceph
volumes:
- name: ceph
projected:
sources:
- secret:
glance:
template:
databaseInstance: openstack
serviceUser: glance
customServiceConfig: |
[DEFAULT]
enabled_backends = default_backend:rbd
[glance_store]
default_backend = default_backend
[default_backend]
rbd_store_ceph_conf = /etc/ceph/ceph.conf
store_description = "RBD backend"
rbd_store_pool = images
rbd_store_user = openstack
[image_import_opts]
image_import_plugins = [image_decompression]
databaseAccount: glance
glanceAPIs:
default:
preserveJobs: false
replicas: 1
secret: osp-secret
storage:
storageClass: ""
storageRequest: 1G
extraMounts:
- name: v1
region: r1
extraVol:
- extraVolType: Ceph
volumes:
- name: ceph
secret:
name: ceph-conf-files
- name: image-import-staging-workspace
persistentVolumeClaim:
claimName: image-import-staging-workspace
readOnly: false
mounts:
- name: ceph
mountPath: "/etc/ceph"
readOnly: true
- name: image-import-staging-workspace
mountPath: /var/lib/glance/os_glance_staging_store/
readOnly: false
mounts:
- name: ceph
mountPath: "/etc/ceph"
readOnly: true

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
resources:
- ../../backends/base/openstack

patches:
- path: image_decompression.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
39 changes: 29 additions & 10 deletions config/samples/import_plugins/inject_metadata/inject_metadata.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,32 @@
# Inject inject_metadata config
apiVersion: glance.openstack.org/v1beta1
kind: Glance
apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
name: glance
name: openstack
spec:
serviceUser: glance
customServiceConfig: |
[image_import_opts]
image_import_plugins = [inject_image_metadata]
[inject_metadata_properties]
ignore_user_roles = admin,user1
inject = "property1":"value1","property2":"value2"
glance:
template:
databaseInstance: openstack
customServiceConfig: |
[DEFAULT]
enabled_backends = default_backend:swift
[glance_store]
default_backend = default_backend
[default_backend]
swift_store_create_container_on_put = True
swift_store_auth_version = 3
swift_store_auth_address = {{ .KeystoneInternalURL }}
swift_store_endpoint_type = internalURL
swift_store_user = service:glance
swift_store_key = {{ .ServicePassword }}
[image_import_opts]
image_import_plugins = [inject_image_metadata]
[inject_metadata_properties]
ignore_user_roles = admin,user1
inject = "property1":"value1","property2":"value2"
glanceAPIs:
default:
replicas: 1
secret: osp-secret
storage:
storageRequest: 1G
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
resources:
- ../../layout/base
- ../../backends/base/openstack

patches:
- path: ./inject_metadata.yaml
- path: inject_metadata.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
2 changes: 1 addition & 1 deletion config/samples/openstackclient/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ Once everything is ready, the `openstackclient` `Pod` can be deployed with the
following command:

```bash
oc -n <namespace> kustomize --load-restrictor LoadRestrictionsNone $pwd/openstackclient | oc apply -f -
oc -n <namespace> kustomize --load-restrictor LoadRestrictionsNone ../openstackclient | oc apply -f -
```

**Note:**
Expand Down
13 changes: 12 additions & 1 deletion config/samples/policy/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
This directory includes an example of `policy.yaml` that can be injected to the
`GlanceAPI` service and overrides the default behavior. As the example shows,
a `policy.yaml` can be added to the Pod via `extraMounts`, which is valid
even when the volume is provided via the `OpenStackControlPlane` CR.
both locally and when the volume is provided via the global `OpenStackControlPlane`
CR.

## Create the ConfigMap where policy.yaml is stored

Expand All @@ -16,6 +17,9 @@ When the file is ready, create a `ConfigMap` with the following command:
oc -n <namespace> create configmap glance-policy --from-file=path/to/policy.yaml
```

This step can be skipped in the example provided, as the ConfigMap is automatically
created with the OpenStackControlPlane CR.

## Enable the oslo setting via customServiceConfig

As per the
Expand Down Expand Up @@ -55,6 +59,13 @@ and the mountpoint should match the `customServiceConfig` override definition:
...
```

It is possible to create the `glance-policy` configMap along with the `OpenStackControlPlane` CR.
To deploy the `policy.yaml` sample provided, run the following command:

```bash
oc -n <namespace> kustomize --load-restrictor LoadRestrictionsNone ../policy | oc apply -f -
```

## Test Glance policies

Glance's public API calls may be restricted to certain sets of users using a
Expand Down
33 changes: 33 additions & 0 deletions config/samples/policy/glance_policy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
apiVersion: core.openstack.org/v1beta1
kind: OpenStackControlPlane
metadata:
name: openstack
spec:
glance:
template:
serviceUser: glance
customServiceConfig: |
[oslo_policy]
policy_file=/etc/glance/policy.d/policy.yaml
enforce_scope=true
enforce_new_defaults=true
databaseInstance: openstack
databaseAccount: glance
glanceAPIs:
replicas: 1
secret: osp-secret
storage:
storageRequest: 10G
extraMounts:
- name: v1
region: r1
extraVol:
- extraVolType: Policy
volumes:
- name: glance-policy
configMap:
name: glance-policy
mounts:
- name: glance-policy
mountPath: /etc/glance/policy.d/
readOnly: true
Loading

0 comments on commit 33fe3c0

Please sign in to comment.