Skip to content

feat: Added Freezer helm overrides, kustomize and other files #1183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 31 commits into
base: main
Choose a base branch
from
+434 −0
Open

feat: Added Freezer helm overrides, kustomize and other files #1183

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
7d92d76
fix: (docs) move mariadb tempauth restore procedure under mariadb page
anande Sep 9, 2025
bacdd96
fix: (docs) move mariadb tempauth restore procedure under mariadb ope…
anande Sep 9, 2025
ea98ee0
feat: Added Freezer helm overrides, kustomize and other files
anande Sep 9, 2025
ae687e3
Merge branch 'rackerlabs:main' into main
anande Sep 9, 2025
0d77b8c
Merge branch 'main' into main
anande Sep 10, 2025
c5f326a
Update helm-chart-versions.yaml
anande Sep 12, 2025
3c0dcdb
Merge branch 'main' into main
anande Sep 12, 2025
a1598ba
Update freezer-helm-overrides.yaml
anande Sep 12, 2025
8588a09
Update hyperconverged-lab.sh
anande Sep 12, 2025
d43b8c8
Update install-freezer.sh
anande Sep 12, 2025
653815f
Update hyperconverged-lab.sh
anande Sep 12, 2025
ee7e4c9
Update create-secrets.sh
anande Sep 12, 2025
d891682
Update install-freezer.sh
anande Sep 12, 2025
106b337
Update hyperconverged-lab.sh
anande Sep 12, 2025
2f55a37
Update create-secrets.sh
anande Sep 12, 2025
3008516
Update hyperconverged-lab.sh
anande Sep 12, 2025
3f34a98
Update install-freezer.sh
anande Sep 12, 2025
8efe74c
Update install-freezer.sh
anande Sep 12, 2025
8165505
Update openstack-freezer.md
anande Sep 12, 2025
deb5919
Update hyperconverged-lab.sh
anande Sep 15, 2025
ace75dd
Update freezer-helm-overrides.yaml
anande Sep 15, 2025
4cac555
Adding exec bit on install-freezer.sh
anande Sep 15, 2025
7c5e393
removed commented lines
anande Sep 15, 2025
3764f6a
removed commented lines
anande Sep 15, 2025
5d329d7
Merge branch 'main' of https://github.com/anande/genestack
anande Sep 15, 2025
90aae09
Added email to GPG key for making commit as verified
anande Sep 15, 2025
01569fd
Merge branch 'main' of https://github.com/anande/genestack
anande Sep 15, 2025
a511f11
Adding exec bit on install-freezer.sh
anande Sep 15, 2025
c8555f1
Merge branch 'main' of https://github.com/anande/genestack
anande Sep 15, 2025
a1d790f
Added exec bit on install-freezer.sh
anande Sep 15, 2025
6c50013
Merge branch 'main' of https://github.com/anande/genestack
anande Sep 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions .github/workflows/helm-freezer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
name: Helm GitHub Actions for Freezer

on:
pull_request:
paths:
- base-helm-configs/freezer/**
- base-kustomize/freezer/**
- .github/workflows/helm-freezer.yaml
jobs:
helm:
strategy:
matrix:
overlays:
- base
- aio
name: Helm
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: azure/setup-helm@v3
with:
version: latest
token: "${{ secrets.GITHUB_TOKEN }}"
id: helm
- name: Kubectl Install
working-directory: /usr/local/bin/
run: |
if [ ! -f /usr/local/bin/kubectl ]; then
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
fi
- name: Pull OSH repositories
run: |
helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm
helm repo update
- name: Run Helm Template
run: |
${{ steps.helm.outputs.helm-path }} template freezer openstack-helm/freezer \
--namespace=openstack \
--wait \
--timeout 120m \
-f ${{ github.workspace }}/base-helm-configs/freezer/freezer-helm-overrides.yaml \
--post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \
--post-renderer-args freezer/${{ matrix.overlays }} > /tmp/rendered.yaml
- name: Return helm Build
uses: actions/upload-artifact@v4
with:
name: helm-freezer-artifact-${{ matrix.overlays }}
path: /tmp/rendered.yaml
64 changes: 64 additions & 0 deletions base-helm-configs/freezer/freezer-helm-overrides.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
endpoints:
backup:
hosts:
public: freezer-api
oslo_db:
host_fqdn_override:
default: mariadb-cluster-primary.openstack.svc.cluster.local
hosts:
default: mariadb-cluster-primary
oslo_messaging:
hosts:
default: rabbitmq-nodes
host_fqdn_override:
default: rabbitmq.openstack.svc.cluster.local
oslo_cache:
hosts:
default: memcached
host_fqdn_override:
default: memcached.openstack.svc.cluster.local
fluentd:
namespace: fluentbit

dependencies:
static:
api:
jobs:
- freezer-db-sync
- freezer-ks-user
- freezer-ks-endpoints
db_sync:
jobs: null

conf:
freezer:
DEFAULT:
host_href: "http://freezer-api.openstack.svc.cluster.local:9090"
database:
connection_debug: 0
connection_recycle_time: 600
connection_trace: true
idle_timeout: 3600
mysql_sql_mode: {}
use_db_reconnect: true
pool_timeout: 60
max_retries: -1
keystone_authtoken:
service_token_roles: service
service_token_roles_required: true
auth_type: password
auth_version: v3
memcache_security_strategy: ENCRYPT
service_type: backup
logging:
logger_root:
handlers:
- stdout
level: INFO

manifests:
ingress_api: false
job_rabbit_init: false
service_ingress_api: false
job_db_init: false
5 changes: 5 additions & 0 deletions base-kustomize/freezer/aio/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
sortOptions:
order: fifo
resources:
- ../base
62 changes: 62 additions & 0 deletions base-kustomize/freezer/base/freezer-mariadb-database.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: Database
metadata:
name: freezer
namespace: openstack
labels:
app.kubernetes.io/managed-by: "Helm"
annotations:
helm.sh/resource-policy: keep
meta.helm.sh/release-name: "freezer"
meta.helm.sh/release-namespace: "openstack"
spec:
mariaDbRef:
name: mariadb-cluster
characterSet: utf8
collate: utf8_general_ci
retryInterval: 5s
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: User
metadata:
name: freezer
namespace: openstack
labels:
app.kubernetes.io/managed-by: "Helm"
annotations:
helm.sh/resource-policy: keep
meta.helm.sh/release-name: "freezer"
meta.helm.sh/release-namespace: "openstack"
spec:
mariaDbRef:
name: mariadb-cluster
passwordSecretKeyRef:
name: freezer-db-password
key: password
maxUserConnections: 0
host: "%"
retryInterval: 5s
---
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
name: freezer-grant
namespace: openstack
labels:
app.kubernetes.io/managed-by: "Helm"
annotations:
helm.sh/resource-policy: keep
meta.helm.sh/release-name: "freezer"
meta.helm.sh/release-namespace: "openstack"
spec:
mariaDbRef:
name: mariadb-cluster
privileges:
- "ALL"
database: "freezer"
table: "*"
username: freezer
grantOption: true
host: "%"
retryInterval: 5s
26 changes: 26 additions & 0 deletions base-kustomize/freezer/base/hpa-freezer-api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: freezer-api
namespace: openstack
spec:
maxReplicas: 9
minReplicas: 2
metrics:
- resource:
name: cpu
target:
averageUtilization: 80
type: Utilization
type: Resource
- resource:
name: memory
target:
averageUtilization: 80
type: Utilization
type: Resource
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: freezer-api
7 changes: 7 additions & 0 deletions base-kustomize/freezer/base/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
sortOptions:
order: fifo
resources:
- freezer-mariadb-database.yaml
- hpa-freezer-api.yaml
- all.yaml
40 changes: 40 additions & 0 deletions bin/create-secrets.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,10 @@ blazar_rabbitmq_password=$(generate_password 64)
blazar_db_password=$(generate_password 32)
blazar_admin_password=$(generate_password 32)
blazar_keystone_test_password=$(generate_password 32)
freezer_db_password=$(generate_password 32)
freezer_admin_password=$(generate_password 32)
freezer_keystone_test_password=$(generate_password 32)
freezer_keystone_service_password=$(generate_password 32)

OUTPUT_FILE="/etc/genestack/kubesecrets.yaml"

Expand Down Expand Up @@ -731,6 +735,42 @@ metadata:
type: Opaque
data:
password: $(echo -n $blazar_keystone_test_password | base64 -w0)
---
apiVersion: v1
kind: Secret
metadata:
name: freezer-db-password
namespace: openstack
type: Opaque
data:
password: $(echo -n $freezer_db_password | base64 -w0)
---
apiVersion: v1
kind: Secret
metadata:
name: freezer-admin
namespace: openstack
type: Opaque
data:
password: $(echo -n $freezer_admin_password | base64 -w0)
---
apiVersion: v1
kind: Secret
metadata:
name: freezer-keystone-test-password
namespace: openstack
type: Opaque
data:
password: $(echo -n $freezer_keystone_test_password | base64 -w0)
---
apiVersion: v1
kind: Secret
metadata:
name: freezer-keystone-service-password
namespace: openstack
type: Opaque
data:
password: $(echo -n $freezer_keystone_service_password=$ | base64 -w0)
EOF

rm nova_ssh_key nova_ssh_key.pub
Expand Down
57 changes: 57 additions & 0 deletions bin/install-freezer.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
#!/bin/bash

GLOBAL_OVERRIDES_DIR="/etc/genestack/helm-configs/global_overrides"
SERVICE_CONFIG_DIR="/etc/genestack/helm-configs/freezer"
BASE_OVERRIDES="/opt/genestack/base-helm-configs/freezer/freezer-helm-overrides.yaml"

# Read freezer version from helm-chart-versions.yaml
VERSION_FILE="/etc/genestack/helm-chart-versions.yaml"
if [ ! -f "$VERSION_FILE" ]; then
echo "Error: helm-chart-versions.yaml not found at $VERSION_FILE"
exit 1
fi

# Extract freezer version using grep and sed
FREEZER_VERSION=$(grep 'freezer:' "$VERSION_FILE" | sed 's/.*freezer: *//')

if [ -z "$FREEZER_VERSION" ]; then
echo "Error: Could not extract freezer version from $VERSION_FILE"
exit 1
fi

HELM_CMD="helm upgrade --install freezer openstack-helm/freezer --version ${FREEZER_VERSION} \
--namespace=openstack \
--timeout 120m"

HELM_CMD+=" -f ${BASE_OVERRIDES}"

# Append YAML files from the directories
for dir in "$GLOBAL_OVERRIDES_DIR" "$SERVICE_CONFIG_DIR"; do
if compgen -G "${dir}/*.yaml" > /dev/null; then
for yaml_file in "${dir}"/*.yaml; do
HELM_CMD+=" -f ${yaml_file}"
done
fi
done

HELM_CMD+=" --set endpoints.identity.auth.admin.password=\"$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.identity.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-admin -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.identity.auth.service.password=\"$(kubectl --namespace openstack get secret freezer-keystone-service-password -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.identity.auth.test.password=\"$(kubectl --namespace openstack get secret freezer-keystone-test-password -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_db.auth.admin.password=\"$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_db.auth.freezer.password=\"$(kubectl --namespace openstack get secret freezer-db-password -o jsonpath='{.data.password}' | base64 -d)\""
HELM_CMD+=" --set endpoints.oslo_cache.auth.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\""
HELM_CMD+=" --set conf.freezer.keystone_authtoken.memcache_secret_key=\"$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)\""


HELM_CMD+=" --post-renderer /etc/genestack/kustomize/kustomize.sh"
HELM_CMD+=" --post-renderer-args freezer/overlay"

helm repo add openstack-helm https://tarballs.opendev.org/openstack/openstack-helm
helm repo update

HELM_CMD+=" $@"

echo "Executing Helm command:"
echo "${HELM_CMD}"
eval "${HELM_CMD}"
2 changes: 2 additions & 0 deletions bin/setup-openstack.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ EOF
prompt_component "ceilometer" "Ceilometer (Telemetry)"
prompt_component "gnocchi" "Gnocchi (Time Series Database)"
prompt_component "skyline" "Skyline (Dashboard)"
prompt_component "freezer" "Freezer (Backup Restore)"
fi

# Block on Keystone
Expand All @@ -80,6 +81,7 @@ is_component_enabled "octavia" && runTrackErator /opt/genestack/bin/install-octa
is_component_enabled "masakari" && runTrackErator /opt/genestack/bin/install-masakari.sh
is_component_enabled "ceilometer" && runTrackErator /opt/genestack/bin/install-ceilometer.sh
is_component_enabled "gnocchi" && runTrackErator /opt/genestack/bin/install-gnocchi.sh
is_component_enabled "freezer" && runTrackErator /opt/genestack/bin/install-freezer.sh

waitErator

Expand Down
1 change: 1 addition & 0 deletions docs/genestack-components.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ and largely deployed with Helm+Kustomize against the K8s API (v1.28 and up).
| OpenStack | Magnum (Helm) | Optional |
| OpenStack | Masakari (Helm) | Optional |
| OpenStack | Blazar (Helm) | Optional |
| OpenStack | Freezer (Helm) | Optional |
| OpenStack | metal3.io | Planned |
| OpenStack | PostgreSQL (Operator) | Included |
| OpenStack | Consul | Planned |
Expand Down
Loading