Add skupper for BKL and keystone to SKMO job#3836
Add skupper for BKL and keystone to SKMO job#3836vakwetu wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
e91b57c to
74abdbd
Compare
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
74abdbd to
f87154f
Compare
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
f87154f to
64dea66
Compare
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
64dea66 to
d3f6a8e
Compare
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
d3f6a8e to
6368ac0
Compare
…uting Add hook playbooks and configuration to establish Skupper virtual services for RabbitMQ and Keystone internal endpoints, enabling cross-region connectivity in the multi-namespace SKMO scenario. skupper-connector.yaml: query the RabbitMQ TLS secret from the correct CRD - rabbitmq.openstack.org/v1beta1 (RabbitMq) as used by the OpenStack infra-operator, not the community rabbitmq.com/v1beta1 (RabbitmqCluster). Add retries to wait for spec.tls.secretName to be populated before creating the Skupper Connector. skupper-keystone-connector.yaml: add retries to the KeystoneAPI CR lookup to wait for spec.tls.api.internal.secretName to be available, since that field is not populated until Keystone completes TLS setup. configure-leaf-keystone-internal.yaml: after patching the leaf OSCP to use the Skupper Keystone virtual service, also create a MetalLB LoadBalancer Service (keystone-regionone-lb) and a DNSData CR (keystone-skupper) so that EDPM compute nodes outside the OCP cluster can resolve and connect to the Keystone auth_url. The Skupper Listener creates a ClusterIP-only Service that is unreachable from EDPM nodes; the LoadBalancer Service obtains a MetalLB IP on the leaf internalapi network and the DNSData entry registers both the short (.svc) and fully-qualified (.svc.cluster.local) names in the dnsmasq instance serving those nodes. Signed-off-by: Ade Lee <alee@redhat.com> Co-authored-by: Claude <noreply@anthropic.com> Made-with: Cursor
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/451747df4e864222b9ec4411ae75617d ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 42m 53s |
vakwetu
force-pushed
the
skmo-skupper-keystone
branch
from
6368ac0 to
a00d682
Compare
1 participant
[skmo] Add Skupper for cross-region RabbitMQ and Keystone internal routing
Add hook playbooks and configuration to establish Skupper virtual
services for RabbitMQ and Keystone internal endpoints, enabling
cross-region connectivity in the multi-namespace SKMO scenario.
skupper-connector.yaml: query the RabbitMQ TLS secret from the correct
CRD - rabbitmq.openstack.org/v1beta1 (RabbitMq) as used by the
OpenStack infra-operator, not the community rabbitmq.com/v1beta1
(RabbitmqCluster). Add retries to wait for spec.tls.secretName to
be populated before creating the Skupper Connector.
skupper-keystone-connector.yaml: add retries to the KeystoneAPI CR
lookup to wait for spec.tls.api.internal.secretName to be available,
since that field is not populated until Keystone completes TLS setup.
configure-leaf-keystone-internal.yaml: after patching the leaf OSCP
to use the Skupper Keystone virtual service, also create a MetalLB
LoadBalancer Service (keystone-regionone-lb) and a DNSData CR
(keystone-skupper) so that EDPM compute nodes outside the OCP cluster
can resolve and connect to the Keystone auth_url. The Skupper Listener
creates a ClusterIP-only Service that is unreachable from EDPM nodes;
the LoadBalancer Service obtains a MetalLB IP on the leaf internalapi
network and the DNSData entry registers both the short (.svc) and
fully-qualified (.svc.cluster.local) names in the dnsmasq instance
serving those nodes.