Glance

# NOTE: This file serves as an example only!
# It demonstrates a subset of the API features which are available and
# is NOT FIT FOR PRODUCTIVE USE. You need to adapt them to your
# specific environment, needs and scale.
# DO NOT DEPLOY THIS FILE WITH THE EXPECTATION THAT YOU WILL GET A
# YAOOK DEPLOYMENT FIT FOR ANY USE EXCEPT LOOKING AT IT.
apiVersion: yaook.cloud/v1
kind: GlanceDeployment
metadata:
  name: glance
spec:
  keystoneRef:
    name: keystone
  database:
    replicas: 1
    timeoutClient: 300
    proxy:
      replicas: 1
    backup:
      schedule: "0 * * * *"
  memcached: {}
  api:
    replicas: 1
    ingress:
      fqdn: "glance.yaook.cloud"
      port: 32443
  glanceConfig:
    glance_store:
      default_store: "rbd"
    database:
      # (optional) connection_recycle_time hould always be ~10%
      # smaller than the haproxy timeoutClient
      connection_recycle_time: 280
  backends:
    ceph:
      keyringReference: rook-ceph-client-glance
      keyringUsername: glance
      keyringPoolname: glance-pool
#      cephConfig:
#        global:
#          "mon_host": "rook-ceph-mon-a.rook-ceph:6789,rook-ceph-mon-b.rook-ceph:6789,rook-ceph-mon-c.rook-ceph:6789"
  region:
    name: MyRegion
  policy:
    "context_is_admin": "role:admin"
  issuerRef:
    name: ca-issuer
  targetRelease: 2023.1

Glance using a file based backend

Note that your selected Storageclass muss support ReadWriteMany Volumes

# NOTE: This file serves as an example only!
# It demonstrates a subset of the API features which are available and
# is NOT FIT FOR PRODUCTIVE USE. You need to adapt them to your
# specific environment, needs and scale.
# DO NOT DEPLOY THIS FILE WITH THE EXPECTATION THAT YOU WILL GET A
# YAOOK DEPLOYMENT FIT FOR ANY USE EXCEPT LOOKING AT IT.
apiVersion: yaook.cloud/v1
kind: GlanceDeployment
metadata:
  name: glance
spec:
  keystoneRef:
    name: keystone
  database:
    replicas: 1
    proxy:
      replicas: 1
    backup:
      schedule: "0 * * * *"
  memcached: {}
  api:
    replicas: 1
    ingress:
      fqdn: "glance.yaook.cloud"
      port: 32443
  glanceConfig:
    glance_store:
      default_store: "file"
  backends:
    file:
      storageSize: 150G
      storageClassName: mycoolstorageclass
  region:
    name: MyRegion
  policy:
    "context_is_admin": "role:admin"
  issuerRef:
    name: ca-issuer
  targetRelease: 2023.1

Glance using a s3 based backend

Supported starting with the Ussuri release.

credentialRef points to a external created secret containing the keys access and secret. The secret needs to be within the same namespace as the glancedeployment.

# NOTE: This file serves as an example only!
# It demonstrates a subset of the API features which are available and
# is NOT FIT FOR PRODUCTIVE USE. You need to adapt them to your
# specific environment, needs and scale.
# DO NOT DEPLOY THIS FILE WITH THE EXPECTATION THAT YOU WILL GET A
# YAOOK DEPLOYMENT FIT FOR ANY USE EXCEPT LOOKING AT IT.
apiVersion: v1
kind: Secret
metadata:
  name: creds
data:
  access: "s3accesskey"
  secret: "s3secretkey"
---
apiVersion: yaook.cloud/v1
kind: GlanceDeployment
metadata:
  name: glance
spec:
  keystoneRef:
    name: keystone
  database:
    replicas: 1
    proxy:
      replicas: 1
    backup:
      schedule: "0 * * * *"
  memcached: {}
  api:
    replicas: 1
    ingress:
      fqdn: "glance.yaook.cloud"
      port: 32443
  glanceConfig:
    glance_store:
      default_store: "s3"
  backends:
    s3:
      endpoint: "https://s3.generic.endpoint"
      bucket: "tekcub"
      addressingStyle: "virtual"
      credentialRef:
        name: "creds"
  region:
    name: MyRegion
  policy:
    "context_is_admin": "role:admin"
  issuerRef:
    name: ca-issuer
  targetRelease: 2023.1

Specifying secrets in the configuration

To include confidential values in the configuration you can use glanceSecrets. This allows use to reference an external secret which is included at a specific path in the configuration

# NOTE: This file serves as an example only!
# It demonstrates a subset of the API features which are available and
# is NOT FIT FOR PRODUCTIVE USE. You need to adapt them to your
# specific environment, needs and scale.
# DO NOT DEPLOY THIS FILE WITH THE EXPECTATION THAT YOU WILL GET A
# YAOOK DEPLOYMENT FIT FOR ANY USE EXCEPT LOOKING AT IT.
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
data:
  mykey: "SomeValueAsBase64"
---
apiVersion: yaook.cloud/v1
kind: GlanceDeployment
metadata:
  name: glance
spec:
  keystoneRef:
    name: keystone
  database:
    replicas: 1
    proxy:
      replicas: 1
    backup:
      schedule: "0 * * * *"
  memcached: {}
  api:
    replicas: 1
    ingress:
      fqdn: "glance.yaook.cloud"
      port: 32443
  glanceConfig:
    glance_store:
      default_store: "rbd"
  glanceSecrets:
    - secretName: mysecret
      items:
        - key: mykey
          path: /DEFAULT/transport_url
  backends:
    ceph:
      keyringReference: glance-client-key
      keyringUsername: glance
      keyringPoolname: glance-pool
#      cephConfig:
#        global:
#          "mon_host": "rook-ceph-mon-a.rook-ceph:6789,rook-ceph-mon-b.rook-ceph:6789,rook-ceph-mon-c.rook-ceph:6789"
  region:
    name: MyRegion
  policy:
    "context_is_admin": "role:admin"
  targetRelease: 2023.1