From 2841a2511a89c466a5eef821a519be3c5e770a15 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Mon, 9 Sep 2024 17:07:26 +0200 Subject: [PATCH] Update glance samples to use OpenStackControlPlane We previously based our current samples on "Kind: Glance". However, it's easier to apply/patch the different configurations using "Kind: OpenStackControlPlane". This patch updates the existing samples to use the top-level control plane and make them consistent. Signed-off-by: Francesco Pantano --- config/samples/copy_image/kustomization.yaml | 2 +- config/samples/disk_formats/disk_format.yaml | 34 +++++-- .../samples/disk_formats/kustomization.yaml | 5 +- config/samples/image_cache/image-cache.yaml | 29 +++--- config/samples/image_cache/kustomization.yaml | 3 + config/samples/import_plugins/README.md | 9 +- .../image_decompression.yaml | 89 +++++++++---------- .../image_decompression_pvc.yaml | 11 --- .../image_decompression/kustomization.yaml | 8 ++ .../inject_metadata/inject_metadata.yaml | 39 +++++--- .../inject_metadata/kustomization.yaml | 5 +- config/samples/openstackclient/README.md | 2 +- config/samples/policy/README.md | 13 ++- config/samples/policy/glance_policy.yaml | 33 +++++++ .../glance_v1beta_glance_apply_policy.yaml | 35 -------- config/samples/policy/kustomization.yaml | 13 +++ config/samples/quotas/glance_quota.yaml | 36 ++++++++ .../quotas/glance_v1beta1_glance_quota.yaml | 24 ----- config/samples/quotas/kustomization.yaml | 8 ++ test/functional/sample_test.go | 6 -- 20 files changed, 234 insertions(+), 170 deletions(-) delete mode 100644 config/samples/import_plugins/image_decompression/image_decompression_pvc.yaml create mode 100644 config/samples/import_plugins/image_decompression/kustomization.yaml create mode 100644 config/samples/policy/glance_policy.yaml delete mode 100644 config/samples/policy/glance_v1beta_glance_apply_policy.yaml create mode 100644 config/samples/policy/kustomization.yaml create mode 100644 config/samples/quotas/glance_quota.yaml delete mode 100644 config/samples/quotas/glance_v1beta1_glance_quota.yaml create mode 100644 config/samples/quotas/kustomization.yaml diff --git a/config/samples/copy_image/kustomization.yaml b/config/samples/copy_image/kustomization.yaml index 2b95ba20..24967c8b 100644 --- a/config/samples/copy_image/kustomization.yaml +++ b/config/samples/copy_image/kustomization.yaml @@ -1,5 +1,5 @@ resources: -- ../backend/multistore +- ../backends/multistore patches: - target: diff --git a/config/samples/disk_formats/disk_format.yaml b/config/samples/disk_formats/disk_format.yaml index acbbc582..83f3b7d3 100644 --- a/config/samples/disk_formats/disk_format.yaml +++ b/config/samples/disk_formats/disk_format.yaml @@ -1,10 +1,28 @@ -# Inject inject_metadata config -apiVersion: glance.openstack.org/v1beta1 -kind: Glance +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane metadata: - name: glance + name: openstack spec: - serviceUser: glance - customServiceConfig: | - [image_format] - disk_formats=raw,iso + glance: + template: + databaseInstance: openstack + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:swift + [glance_store] + default_backend = default_backend + [default_backend] + swift_store_create_container_on_put = True + swift_store_auth_version = 3 + swift_store_auth_address = {{ .KeystoneInternalURL }} + swift_store_endpoint_type = internalURL + swift_store_user = service:glance + swift_store_key = {{ .ServicePassword }} + [image_format] + disk_formats=raw,iso + glanceAPIs: + default: + replicas: 1 + secret: osp-secret + storage: + storageRequest: 1G diff --git a/config/samples/disk_formats/kustomization.yaml b/config/samples/disk_formats/kustomization.yaml index 8c3bc063..7b3d9ef8 100644 --- a/config/samples/disk_formats/kustomization.yaml +++ b/config/samples/disk_formats/kustomization.yaml @@ -1,7 +1,8 @@ resources: -- ../layout/base +- ../backends/base/openstack patches: -- path: ./disk_format.yaml +- path: disk_format.yaml + apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/config/samples/image_cache/image-cache.yaml b/config/samples/image_cache/image-cache.yaml index 088f9b77..ba335a55 100644 --- a/config/samples/image_cache/image-cache.yaml +++ b/config/samples/image_cache/image-cache.yaml @@ -10,7 +10,6 @@ spec: template: databaseInstance: openstack serviceUser: glance - containerImage: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified customServiceConfig: | [DEFAULT] enabled_backends = default_backend:rbd @@ -32,18 +31,16 @@ spec: storageRequest: 1G imageCache: size: 2G - extraMounts: - - name: v1 - region: r1 - extraVol: - - propagation: - - Glance - extraVolType: Ceph - volumes: - - name: ceph - secret: - secretName: ceph-conf-files - mounts: - - name: ceph - mountPath: "/etc/ceph" - readOnly: true + extraMounts: + - name: v1 + region: r1 + extraVol: + - extraVolType: Ceph + volumes: + - name: ceph + secret: + secretName: ceph-conf-files + mounts: + - name: ceph + mountPath: "/etc/ceph" + readOnly: true diff --git a/config/samples/image_cache/kustomization.yaml b/config/samples/image_cache/kustomization.yaml index 0d9fcd80..3764a5a2 100644 --- a/config/samples/image_cache/kustomization.yaml +++ b/config/samples/image_cache/kustomization.yaml @@ -3,3 +3,6 @@ resources: patches: - path: image-cache.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/config/samples/import_plugins/README.md b/config/samples/import_plugins/README.md index 12d14d20..0cc15a75 100644 --- a/config/samples/import_plugins/README.md +++ b/config/samples/import_plugins/README.md @@ -60,11 +60,12 @@ The plugin will not decompress images whose container_format is set to 'compressed' to maintain the original intent of the image creator. If Image Conversion is used together, decompression must happen first, this is ensured by ordering the plugins. +Make sure to properly plan storage for the Glance Pod when this feature is +enabled, especially if is enabled in combination with other image plugins. -As we can't image decompression happened in a path that lives -within the POD space, we need to define a [PVC](image_decompression/image_decompression_pvc.yaml) -that will be used to mount the Glance path used by image decompression plugin. +You can find more information about storage planning in the design assumptions +[section](../../../docs/dev/design-decisions.md). -You can find more abut plugin configuration options +You can find more about plugin configuration options in [upstream](https://docs.openstack.org/glance/latest/admin/interoperable-image-import.html#the-image-decompression) documentation. diff --git a/config/samples/import_plugins/image_decompression/image_decompression.yaml b/config/samples/import_plugins/image_decompression/image_decompression.yaml index 5430caee..3ea58191 100644 --- a/config/samples/import_plugins/image_decompression/image_decompression.yaml +++ b/config/samples/import_plugins/image_decompression/image_decompression.yaml @@ -1,55 +1,46 @@ # Sample using Ceph as a glance backend with image decompression plugin # Requires a running Ceph cluster and its `/etc/ceph` files in secret `ceph-conf-files` # This can be achieved with the `ceph` target of `install_yamls` -apiVersion: glance.openstack.org/v1beta1 -kind: Glance +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane metadata: - name: glance + name: openstack spec: - serviceUser: glance - containerImage: quay.io/podified-antelope-centos9/openstack-glance-api:current-podified - customServiceConfig: | - [DEFAULT] - enabled_backends = default_backend:rbd - [glance_store] - default_backend = default_backend - [default_backend] - rbd_store_ceph_conf = /etc/ceph/ceph.conf - store_description = "RBD backend" - rbd_store_pool = images - rbd_store_user = openstack - [image_import_opts] - image_import_plugins = [image_decompression] - databaseInstance: openstack - databaseAccount: glance - glanceAPI: - preserveJobs: false - replicas: 1 - secret: osp-secret - storage: - storageClass: "" - storageRequest: 1G - extraMounts: - - name: v1 - region: r1 - extraVol: - - propagation: - - Glance - extraVolType: Ceph - volumes: - - name: ceph - projected: - sources: - - secret: + glance: + template: + databaseInstance: openstack + serviceUser: glance + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:rbd + [glance_store] + default_backend = default_backend + [default_backend] + rbd_store_ceph_conf = /etc/ceph/ceph.conf + store_description = "RBD backend" + rbd_store_pool = images + rbd_store_user = openstack + [image_import_opts] + image_import_plugins = [image_decompression] + databaseAccount: glance + glanceAPIs: + default: + preserveJobs: false + replicas: 1 + secret: osp-secret + storage: + storageClass: "" + storageRequest: 1G + extraMounts: + - name: v1 + region: r1 + extraVol: + - extraVolType: Ceph + volumes: + - name: ceph + secret: name: ceph-conf-files - - name: image-import-staging-workspace - persistentVolumeClaim: - claimName: image-import-staging-workspace - readOnly: false - mounts: - - name: ceph - mountPath: "/etc/ceph" - readOnly: true - - name: image-import-staging-workspace - mountPath: /var/lib/glance/os_glance_staging_store/ - readOnly: false + mounts: + - name: ceph + mountPath: "/etc/ceph" + readOnly: true diff --git a/config/samples/import_plugins/image_decompression/image_decompression_pvc.yaml b/config/samples/import_plugins/image_decompression/image_decompression_pvc.yaml deleted file mode 100644 index eae37771..00000000 --- a/config/samples/import_plugins/image_decompression/image_decompression_pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: image-import-staging-workspace -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: local-storage diff --git a/config/samples/import_plugins/image_decompression/kustomization.yaml b/config/samples/import_plugins/image_decompression/kustomization.yaml new file mode 100644 index 00000000..9c7346a4 --- /dev/null +++ b/config/samples/import_plugins/image_decompression/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- ../../backends/base/openstack + +patches: +- path: image_decompression.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/config/samples/import_plugins/inject_metadata/inject_metadata.yaml b/config/samples/import_plugins/inject_metadata/inject_metadata.yaml index ad88e2cb..70bafe4f 100644 --- a/config/samples/import_plugins/inject_metadata/inject_metadata.yaml +++ b/config/samples/import_plugins/inject_metadata/inject_metadata.yaml @@ -1,13 +1,32 @@ # Inject inject_metadata config -apiVersion: glance.openstack.org/v1beta1 -kind: Glance +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane metadata: - name: glance + name: openstack spec: - serviceUser: glance - customServiceConfig: | - [image_import_opts] - image_import_plugins = [inject_image_metadata] - [inject_metadata_properties] - ignore_user_roles = admin,user1 - inject = "property1":"value1","property2":"value2" + glance: + template: + databaseInstance: openstack + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:swift + [glance_store] + default_backend = default_backend + [default_backend] + swift_store_create_container_on_put = True + swift_store_auth_version = 3 + swift_store_auth_address = {{ .KeystoneInternalURL }} + swift_store_endpoint_type = internalURL + swift_store_user = service:glance + swift_store_key = {{ .ServicePassword }} + [image_import_opts] + image_import_plugins = [inject_image_metadata] + [inject_metadata_properties] + ignore_user_roles = admin,user1 + inject = "property1":"value1","property2":"value2" + glanceAPIs: + default: + replicas: 1 + secret: osp-secret + storage: + storageRequest: 1G diff --git a/config/samples/import_plugins/inject_metadata/kustomization.yaml b/config/samples/import_plugins/inject_metadata/kustomization.yaml index d9705ade..73c0a230 100644 --- a/config/samples/import_plugins/inject_metadata/kustomization.yaml +++ b/config/samples/import_plugins/inject_metadata/kustomization.yaml @@ -1,7 +1,8 @@ resources: -- ../../layout/base +- ../../backends/base/openstack patches: -- path: ./inject_metadata.yaml +- path: inject_metadata.yaml + apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/config/samples/openstackclient/README.md b/config/samples/openstackclient/README.md index abc6909a..fd81adc3 100644 --- a/config/samples/openstackclient/README.md +++ b/config/samples/openstackclient/README.md @@ -64,7 +64,7 @@ Once everything is ready, the `openstackclient` `Pod` can be deployed with the following command: ```bash -oc -n kustomize --load-restrictor LoadRestrictionsNone $pwd/openstackclient | oc apply -f - +oc -n kustomize --load-restrictor LoadRestrictionsNone ../openstackclient | oc apply -f - ``` **Note:** diff --git a/config/samples/policy/README.md b/config/samples/policy/README.md index cd8ecb3d..13249706 100644 --- a/config/samples/policy/README.md +++ b/config/samples/policy/README.md @@ -3,7 +3,8 @@ This directory includes an example of `policy.yaml` that can be injected to the `GlanceAPI` service and overrides the default behavior. As the example shows, a `policy.yaml` can be added to the Pod via `extraMounts`, which is valid -even when the volume is provided via the `OpenStackControlPlane` CR. +both locally and when the volume is provided via the global `OpenStackControlPlane` +CR. ## Create the ConfigMap where policy.yaml is stored @@ -16,6 +17,9 @@ When the file is ready, create a `ConfigMap` with the following command: oc -n create configmap glance-policy --from-file=path/to/policy.yaml ``` +This step can be skipped in the example provided, as the ConfigMap is automatically +created with the OpenStackControlPlane CR. + ## Enable the oslo setting via customServiceConfig As per the @@ -55,6 +59,13 @@ and the mountpoint should match the `customServiceConfig` override definition: ... ``` +It is possible to create the `glance-policy` configMap along with the `OpenStackControlPlane` CR. +To deploy the `policy.yaml` sample provided, run the following command: + +```bash +oc -n kustomize --load-restrictor LoadRestrictionsNone ../policy | oc apply -f - +``` + ## Test Glance policies Glance's public API calls may be restricted to certain sets of users using a diff --git a/config/samples/policy/glance_policy.yaml b/config/samples/policy/glance_policy.yaml new file mode 100644 index 00000000..f9496e3e --- /dev/null +++ b/config/samples/policy/glance_policy.yaml @@ -0,0 +1,33 @@ +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack +spec: + glance: + template: + serviceUser: glance + customServiceConfig: | + [oslo_policy] + policy_file=/etc/glance/policy.d/policy.yaml + enforce_scope=true + enforce_new_defaults=true + databaseInstance: openstack + databaseAccount: glance + glanceAPIs: + replicas: 1 + secret: osp-secret + storage: + storageRequest: 10G + extraMounts: + - name: v1 + region: r1 + extraVol: + - extraVolType: Policy + volumes: + - name: glance-policy + configMap: + name: glance-policy + mounts: + - name: glance-policy + mountPath: /etc/glance/policy.d/ + readOnly: true diff --git a/config/samples/policy/glance_v1beta_glance_apply_policy.yaml b/config/samples/policy/glance_v1beta_glance_apply_policy.yaml deleted file mode 100644 index 8bda1aa1..00000000 --- a/config/samples/policy/glance_v1beta_glance_apply_policy.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: glance.openstack.org/v1beta1 -kind: Glance -metadata: - name: glance -spec: - serviceUser: glance - customServiceConfig: | - [oslo_policy] - policy_file=/etc/glance/policy.d/policy.yaml - enforce_scope=true - enforce_new_defaults=true - databaseInstance: openstack - databaseAccount: glance - glanceAPI: - preserveJobs: false - replicas: 1 - secret: osp-secret - storage: - storageClass: "" - storageRequest: 10G - extraMounts: - - name: v1 - region: r1 - extraVol: - - propagation: - - GlanceAPI - extraVolType: Policy - volumes: - - name: glance-policy - configMap: - name: glance-policy - mounts: - - name: glance-policy - mountPath: /etc/glance/policy.d/ - readOnly: true diff --git a/config/samples/policy/kustomization.yaml b/config/samples/policy/kustomization.yaml new file mode 100644 index 00000000..38738bab --- /dev/null +++ b/config/samples/policy/kustomization.yaml @@ -0,0 +1,13 @@ +resources: +- ../backends/base/openstack + +patches: +- path: glance_policy.yaml + +configMapGenerator: +- files: + - ./policy.yaml + name: glance-policy + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/config/samples/quotas/glance_quota.yaml b/config/samples/quotas/glance_quota.yaml new file mode 100644 index 00000000..d855586b --- /dev/null +++ b/config/samples/quotas/glance_quota.yaml @@ -0,0 +1,36 @@ +# Sample of a Glance CR where quotas are customized +apiVersion: core.openstack.org/v1beta1 +kind: OpenStackControlPlane +metadata: + name: openstack +spec: + glance: + template: + serviceUser: glance + databaseInstance: openstack + databaseAccount: glance + keystoneEndpoint: default + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:swift + [glance_store] + default_backend = default_backend + [default_backend] + swift_store_create_container_on_put = True + swift_store_auth_version = 3 + swift_store_auth_address = {{ .KeystoneInternalURL }} + swift_store_endpoint_type = internalURL + swift_store_user = service:glance + swift_store_key = {{ .ServicePassword }} + glanceAPIs: + default: + replicas: 1 + type: split + secret: osp-secret + storage: + storageRequest: 10G + quotas: + imageSizeTotal: 1000 + imageStageTotal: 1000 + imageCountUpload: 100 + imageCountTotal: 100 diff --git a/config/samples/quotas/glance_v1beta1_glance_quota.yaml b/config/samples/quotas/glance_v1beta1_glance_quota.yaml deleted file mode 100644 index 7d3744fd..00000000 --- a/config/samples/quotas/glance_v1beta1_glance_quota.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Sample of a Glance CR where quotas are customized -apiVersion: glance.openstack.org/v1beta1 -kind: Glance -metadata: - name: glance -spec: - serviceUser: glance - databaseInstance: openstack - databaseAccount: glance - keystoneEndpoint: default - glanceAPIs: - default: - preserveJobs: false - replicas: 1 - type: single - secret: osp-secret - storage: - storageClass: "" - storageRequest: 1G - quotas: - imageSizeTotal: 1000 - imageStageTotal: 1000 - imageCountUpload: 100 - imageCountTotal: 100 diff --git a/config/samples/quotas/kustomization.yaml b/config/samples/quotas/kustomization.yaml new file mode 100644 index 00000000..9cb38d26 --- /dev/null +++ b/config/samples/quotas/kustomization.yaml @@ -0,0 +1,8 @@ +resources: +- ../backends/base/openstack + +patches: +- path: glance_quota.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/test/functional/sample_test.go b/test/functional/sample_test.go index 0bdcadf0..81ec9237 100644 --- a/test/functional/sample_test.go +++ b/test/functional/sample_test.go @@ -73,12 +73,6 @@ var _ = Describe("Samples", func() { GetGlance(name) }) }) - When("glance_v1beta1_glance_quota.yaml sample is applied", func() { - It("Glance Sample is created - Quota", func() { - name := CreateGlanceFromSample("quotas/glance_v1beta1_glance_quota.yaml", glanceTest.Instance) - GetGlance(name) - }) - }) When("layout/base/glance_v1beta1_glance.yaml sample is applied", func() { It("Glance Sample is created - Base", func() { name := CreateGlanceFromSample("layout/base/glance_v1beta1_glance.yaml", glanceTest.Instance)