mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #39784 from micmro/keystone-v3-support-for-openstack-heat
Automatic merge from submit-queue Add support of Keystone v3 'domain-name' to 'openstack-heat' cluster setup **What this PR does / why we need it**: Keystone v3 authentication by user name [requires the domain (name or ID)](http://developer.openstack.org/api-ref/identity/v3/index.html?expanded=password-authentication-with-scoped-authorization-detail). If `domain-name` is not provided kubelet fails as seen below: ``` kubelet: error: failed to run Kubelet: could not init cloud provider "openstack": You must provide exactly one of DomainID or DomainName to authenticate by Username systemd: kubelet.service: main process exited, code=exited, status=1/FAILURE systemd: Unit kubelet.service entered failed state. systemd: kubelet.service failed. ``` To solve this I pass a new`OS_USER_DOMAIN_NAME` environment variable through openstack-heat's heat-templates to write it as `domain-name` in `/srv/kubernetes/openstack.conf`. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #39783 **Special notes for your reviewer**: **Release note**: ``` domain-name support for Keystone v3 added to openstack-heat cluster setup ```
This commit is contained in:
commit
52aa408aac
@ -34,6 +34,7 @@ write_files:
|
||||
password=$OS_PASSWORD
|
||||
region=$OS_REGION_NAME
|
||||
tenant-name=$OS_TENANT_NAME
|
||||
domain-name=$OS_USER_DOMAIN_NAME
|
||||
[LoadBalancer]
|
||||
lb-version=$LBAAS_VERSION
|
||||
subnet-id=$SUBNET_ID
|
||||
|
@ -128,6 +128,10 @@ parameters:
|
||||
description: OpenStack Tenant Name
|
||||
default: false
|
||||
|
||||
os_user_domain_name:
|
||||
type: string
|
||||
description: OpenStack User Domain Name (Domain-level authorization scope for keystone v3)
|
||||
|
||||
enable_proxy:
|
||||
type: string
|
||||
description: Whether or not to enable proxy settings
|
||||
@ -314,6 +318,7 @@ resources:
|
||||
"$OS_PASSWORD": {get_param: os_password}
|
||||
"$OS_REGION_NAME": {get_param: os_region_name}
|
||||
"$OS_TENANT_NAME": {get_param: os_tenant_name}
|
||||
"$OS_USER_DOMAIN_NAME": {get_param: os_user_domain_name}
|
||||
"$LBAAS_VERSION": {get_param: lbaas_version}
|
||||
"$SUBNET_ID": {get_resource: fixed_subnet}
|
||||
"$FLOATING_NETWORK_ID": {get_attr: [kube_master_floating, floating_network_id]}
|
||||
@ -423,6 +428,7 @@ resources:
|
||||
os_password: {get_param: os_password}
|
||||
os_region_name: {get_param: os_region_name}
|
||||
os_tenant_name: {get_param: os_tenant_name}
|
||||
os_user_domain_name: {get_param: os_user_domain_name}
|
||||
enable_proxy: {get_param: enable_proxy }
|
||||
ftp_proxy: {get_param: ftp_proxy }
|
||||
http_proxy: {get_param: http_proxy }
|
||||
|
@ -66,6 +66,10 @@ parameters:
|
||||
description: OpenStack Tenant Name
|
||||
default: false
|
||||
|
||||
os_user_domain_name:
|
||||
type: string
|
||||
description: OpenStack User Domain Name (Domain-level authorization scope for keystone v3)
|
||||
|
||||
enable_proxy:
|
||||
type: string
|
||||
description: Whether or not to enable proxy settings
|
||||
@ -217,6 +221,7 @@ resources:
|
||||
"$OS_PASSWORD": {get_param: os_password}
|
||||
"$OS_REGION_NAME": {get_param: os_region_name}
|
||||
"$OS_TENANT_NAME": {get_param: os_tenant_name}
|
||||
"$OS_USER_DOMAIN_NAME": {get_param: os_user_domain_name}
|
||||
"$role": "kubernetes-pool"
|
||||
"$cluster_cidr": {get_param: cluster_cidr}
|
||||
|
||||
|
@ -22,4 +22,5 @@ export OS_USERNAME=${OS_USERNAME:-admin}
|
||||
export OS_PASSWORD=${OS_PASSWORD:-secretsecret}
|
||||
export OS_AUTH_URL=${OS_AUTH_URL:-http://192.168.123.100:5000/v2.0}
|
||||
export OS_TENANT_NAME=${OS_TENANT_NAME:-admin}
|
||||
export OS_USER_DOMAIN_NAME=${OS_USER_DOMAIN_NAME:-}
|
||||
export OS_REGION_NAME=${OS_REGION_NAME:-RegionOne}
|
||||
|
@ -23,4 +23,5 @@ export OS_USERNAME=${OS_USERNAME:-admin}
|
||||
export OS_PASSWORD=${OS_PASSWORD:-secretsecret}
|
||||
export OS_AUTH_URL=${OS_AUTH_URL:-http://192.168.123.100:5000/v2.0}
|
||||
export OS_TENANT_NAME=${OS_TENANT_NAME:-admin}
|
||||
export OS_USER_DOMAIN_NAME=${OS_USER_DOMAIN_NAME:-}
|
||||
export OS_REGION_NAME=${OS_REGION_NAME:-RegionOne}
|
||||
|
@ -226,6 +226,7 @@ function run-heat-script() {
|
||||
--parameter os_password=${OS_PASSWORD} \
|
||||
--parameter os_region_name=${OS_REGION_NAME} \
|
||||
--parameter os_tenant_name=${OS_TENANT_NAME} \
|
||||
--parameter os_user_domain_name=${OS_USER_DOMAIN_NAME} \
|
||||
--parameter enable_proxy=${ENABLE_PROXY} \
|
||||
--parameter ftp_proxy="${FTP_PROXY}" \
|
||||
--parameter http_proxy="${HTTP_PROXY}" \
|
||||
|
Loading…
Reference in New Issue
Block a user