Skip to content

WIP: Add support for External Keystone Service #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dmendiza wants to merge 4 commits into
base: main
Choose a base branch
from
Open

WIP: Add support for External Keystone Service #653

dmendiza wants to merge 4 commits into from
+265 −63

Conversation

@dmendiza
Copy link
Contributor

@dmendiza dmendiza commented Dec 8, 2025
edited by vakwetu
Loading

This patch adds a new ExternalKeystoneAPI property to KeystoneAPI to enable the use of an existing Keystone Service that is external to the OpenShift environment used to run this operator.

For example, a multi-region deployment where one region is running a centralized Keystone service can use this to deploy additional regions that can use the centralized Keystone service without the need to run their own instance of Keystone.

Assisted-by: Cursor (Auto Model)

The following dependencies are not strictly necessary, but it is useful to include them here for testing the setting for region:
Depends-On: openstack-k8s-operators/octavia-operator#558
Depends-On: openstack-k8s-operators/telemetry-operator#825
Depends-On: openstack-k8s-operators/barbican-operator#321
Depends-On: openstack-k8s-operators/manila-operator#513
Depends-On: openstack-k8s-operators/nova-operator#1054
Depends-On: openstack-k8s-operators/cinder-operator#589
Depends-On: openstack-k8s-operators/glance-operator#852
Depends-On: openstack-k8s-operators/neutron-operator#588

@dmendiza dmendiza requested a review from vakwetu December 8, 2025 18:31
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 8, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dmendiza

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Dec 8, 2025
dmendiza
dmendiza commented Dec 8, 2025
View reviewed changes
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 8, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0636e0d41791487589955f58fe17b071

openstack-k8s-operators-content-provider FAILURE in 8m 57s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 12, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/aac4c90d99a04ad1beac31fb4502f812

openstack-k8s-operators-content-provider FAILURE in 9m 33s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 16, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/13d740041bf24217a22f1de016ce4efa

openstack-k8s-operators-content-provider FAILURE in 9m 05s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@dmendiza
Add support for External Keystone Service
0e4e747 
This patch adds a new `ExternalKeystoneAPI` property to KeystoneAPI to
enable the use of an existing Keystone Service that is external to the
OpenShift environment used to run this operator.

For example, a multi-region deployment where one region is running a
centralized Keystone service can use this to deploy additional regions
that can use the centralized Keystone service without the need to run
their own instance of Keystone.

Assisted-by: Cursor (Auto Model)
dmendiza
dmendiza commented Dec 16, 2025
View reviewed changes
api/v1beta1/keystoneapi_types.go
)

var (
// interfaceBundleKeys maps endpoint winterfaces to their corresponding key in the CA bundle secret
Copy link
Contributor Author

@dmendiza dmendiza Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/winterfaces/interfaces/

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 16, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/ef704189ca0d4a08ac566e2756bb91c0

openstack-k8s-operators-content-provider FAILURE in 8m 57s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 17, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/b5471949529848f0aae25cd0855f98aa

openstack-k8s-operators-content-provider FAILURE in 9m 21s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@vakwetu
Copy link
Contributor

vakwetu commented Dec 17, 2025

recheck

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 17, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/8e97f5c52be1434c822b2bc4304b1a95

openstack-k8s-operators-content-provider FAILURE in 9m 16s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@dmendiza
Copy link
Contributor Author

dmendiza commented Dec 17, 2025

/recheck

@vakwetu
Copy link
Contributor

vakwetu commented Dec 17, 2025

/test keystone-operator-build-deploy-kuttl

@dmendiza
Generate OpenStackClientConfig for External API
d2f5f27 
Generate the clouds.yaml for the External Keystone API.
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 18, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/15db4974754f4f8dbeab5a62c88255c3

openstack-k8s-operators-content-provider FAILURE in 10m 02s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@dmendiza
Remove interface from GetAdminServiceClient
9b6ca98 
Refactor the change added in this branch to pick the right bundle
internally based on KeystoneAPI spec instead of making callers of
GetAdminServiceClient figure that out.

The client will continue to default to the internal interface, but use
the public interface when using an external Keytone API.
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 18, 2025

@dmendiza: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/functional 9b6ca98 link true /test functional

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 18, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/63d602ef9db54a5e850cc9eac9415232

openstack-k8s-operators-content-provider FAILURE in 11m 38s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@vakwetu
Copy link
Contributor

vakwetu commented Dec 22, 2025

recheck

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 22, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/2385a873c8954c189a1fdf321f50559f

openstack-k8s-operators-content-provider FAILURE in 9m 22s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

@vakwetu
Copy link
Contributor

vakwetu commented Dec 23, 2025

recheck

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Dec 23, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5b01fa6733d54721be36fcdf0bd1d8ae

openstack-k8s-operators-content-provider FAILURE in 12m 58s
⚠️ keystone-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ keystone-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vakwetu vakwetu Awaiting requested review from vakwetu

@d34dh0r53 d34dh0r53 Awaiting requested review from d34dh0r53

@olliewalsh olliewalsh Awaiting requested review from olliewalsh

Assignees

No one assigned

Labels

approved do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmendiza @vakwetu