update README.md,refactor and add screenshots

Author: pratik705

.DS_Store

@@ -135,4 +135,9 @@ kubectl --namespace openstack get horizontalpodautoscaler.autoscaling memcached
 ### Deploy Horizon
 - Follow the detailed installation instructions [here](https://github.com/pratik705/trinity/blob/main/osh/openstack/15-horizon/README.md).
 
----
+---
+![openstack](../screenshots/openstack_argocd.jpg?raw=true)
+
+ArgoCD continuously monitors the configured Git repository for changes and automatically applies them to the Kubernetes cluster. Once the changes are pushed to the repository, ArgoCD will detect the update and synchronize with the latest version.
+
+Check the ArgoCD UI to track the synchronization progress and ensure that the modifications are successfully applied to the cluster.

osh/README.md

@@ -34,7 +34,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh . ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash

osh/openstack/06-keystone/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   passwordSecretKeyRef:
     name: keystone-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   privileges:
     - "ALL"
   database: "keystone"

osh/openstack/06-keystone/addon_manifests/keystone-mariadb-database.yaml

@@ -29,7 +29,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh . ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash
@@ -45,7 +45,7 @@ kubectl  apply -k .
 ```bash
 cd ../
 helm template glance ../../openstack-helm/glance/ \
-    -f vales.yaml \
+    -f values.yaml \
     --set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.identity.auth.glance.password="$(kubectl --namespace openstack get secret glance-admin -o jsonpath='{.data.password}' | base64 -d)" \
     --set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \

osh/openstack/07-glance/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   passwordSecretKeyRef:
     name: glance-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   privileges:
     - "ALL"
   database: "glance"

osh/openstack/07-glance/addon_manifests/glance-mariadb-database.yaml

@@ -39,7 +39,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh . ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash

osh/openstack/08-heat/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   passwordSecretKeyRef:
     name: heat-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true    
   privileges:
     - "ALL"
   database: "heat"

osh/openstack/08-heat/addon_manifests/heat-mariadb-database.yaml

@@ -29,7 +29,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh . ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash
@@ -73,7 +73,7 @@ bash ../../../tools/kubeseal_secret.sh  manifests/ ../../../tools/sealed-secret-
 kubectl get secret rook-ceph-client-rbd-client -o jsonpath='{.data.rbd-client}' -n rook-ceph |base64 -d
 ```
 
-8. Create a new secret which will be used by Cinder to access the data from the rbd pool:
+8. Create a new secret(`rbd-client1-secret.yam`l) which will be used by Cinder to access the data from the rbd pool:
 ```bash
 apiVersion: v1
 stringData:
@@ -116,14 +116,15 @@ metadata:
 ```
 
 10.  Create the final `kustomization.yaml`, removing any duplicate secrets already applied in Step 2.
+
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash
 cat kustomization.yaml
 ```
 
-11. Commit and push the changes to your Git repository.
+1.  Commit and push the changes to your Git repository.
 
-12. Apply the ArgoCD application to deploy Keystone.
+2.  Apply the ArgoCD application to deploy Keystone.
 ```bash
 kubectl  apply -f osh/argoCD/09-cinder-argo.yaml
 ```

osh/openstack/09-cinder/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   passwordSecretKeyRef:
     name: cinder-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   privileges:
     - "ALL"
   database: "cinder"

osh/openstack/09-cinder/addon_manifests/cinder-mariadb-database.yaml

@@ -75,7 +75,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh secrets/ ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash
@@ -128,24 +128,60 @@ cat kustomization.yaml
 
 8. Commit and push the changes to your Git repository.
 
-9. Apply the ArgoCD application to deploy Keystone.
+
+9. Configure OVN for OpenStack
+
+- Set the name of the OVS integration bridge we'll use. In general, this should be br-int.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/int_bridge='br-int'
+```
+
+- Set the name of the OVS bridges we'll use. These are the bridges you will use on your hosts.
+
+NOTE The functional example here annotates all nodes; however, not all nodes have to have the same setup.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/bridges='br-ex'
+```
+
+- Set the bridge mapping. These are colon delimitated between OVS_BRIDGE:PHYSICAL_INTERFACE_NAME. Multiple bridge mappings can be defined here and are separated by commas.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/ports='br-ex:bond0'
+```
+
+- Set the OVN bridge mapping. This maps the Neutron interfaces to the ovs bridge names. These are colon delimitated between OVS_BRIDGE:PHYSICAL_INTERFACE_NAME. Multiple bridge mappings can be defined here and are separated by commas.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/mappings='physnet1:br-ex'
+```
+
+- Set the OVN availability zones. Multiple network availability zones can be defined and are colon separated.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/availability_zones='nova'
+```
+Note the "nova" availability zone is an assumed default.
+
+- Set the OVN gateway nodes.
+```bash
+kubectl annotate nodes $(kubectl get nodes -l 'openstack-network-node=enabled' -o 'jsonpath={.items[*].metadata.name}') ovn.openstack.org/gateway='enabled'
+```
+Note while all compute nodes could be a gateway, not all nodes should be a gateway.
+
+
+10. Apply the ArgoCD application to deploy Keystone.
 ```bash
 kubectl  apply -f osh/argoCD/10-neutron-argo.yaml
 ```
 
-10. Confirm if all the neutron pods are UP:
+11. Confirm if all the neutron pods are UP:
 ```bash
 kubectl get pods -n openstack |egrep -i neutron
 ```
 
-11.  Once neutron is up and running proceed with the installation of Open vSwitch OVN by referring this [link](https://github.com/cloudnull/genestack/wiki/4.-Deploy-Required-Infrastructure-in-the-Environment#deploy-open-vswitch-ovn
-)
-
 ---
 
 ## Validation:
 ```bash
 kubectl get pods -n openstack |egrep -i neutron
+# NOTE: `neutron-ovn-metadata-agent` will not be ready as it expects nova endpoint.
 kubectl exec -it openstack-admin-client -n openstack -- openstack catalog list
 kubectl exec -it openstack-admin-client -n openstack -- openstack service list
 kubectl exec -it openstack-admin-client -n openstack -- openstack network agent list

osh/openstack/10-neutron/README.md

@@ -3,16 +3,3 @@ resources:
   - neutron-rabbitmq-queue.yaml
   - hpa-neutron-server.yaml
   - ovn-setup.yaml
-
-patches:
-  - target:
-      kind: ConfigMap
-      name: neutron-bin
-      version: v1
-    patch: |-
-      - op: replace
-        path: /data/neutron-ovn-init.sh
-        value: |-
-          #!/bin/bash
-          mkdir -p /tmp/pod-shared
-          touch /tmp/pod-shared/ovn.ini

osh/openstack/10-neutron/addon_manifests/kustomization.yaml

@@ -56,3 +56,14 @@ patches:
       name: neutron-server
     spec:
       replicas: null
+- target:
+    kind: ConfigMap
+    name: neutron-bin
+    version: v1
+  patch: |-
+    - op: replace
+      path: /data/neutron-ovn-init.sh
+      value: |-
+        #!/bin/bash
+        mkdir -p /tmp/pod-shared
+        touch /tmp/pod-shared/ovn.ini

osh/openstack/10-neutron/kustomization.yaml

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   passwordSecretKeyRef:
     name: placement-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   privileges:
     - "ALL"
   database: "placement"

osh/openstack/11-placement/addon_manifests/placement-mariadb-database.yaml

@@ -13,7 +13,7 @@ This guide provides instructions to deploy Libvirt service on a Compute nodes.
 ```bash
 helm template libvirt ../../openstack-helm-infra/libvirt \
     -f values.yaml \
-    --set conf.ceph.cinder.keyring="$(kubectl get secret rook-ceph-client-rbd-client -o jsonpath='{.data.rbd-client}' -n rook-ceph |base64 -d)"
+    --set conf.ceph.cinder.keyring="$(kubectl get secret rook-ceph-client-rbd-client -o jsonpath='{.data.rbd-client}' -n rook-ceph |base64 -d)" \
     -n openstack --output-dir manifests
 ```
 

osh/openstack/12-libvirt/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -24,6 +25,7 @@ spec:
   name: nova_api
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -39,6 +41,7 @@ spec:
   name: nova_cell0
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s

osh/openstack/13-nova/addon_manifests/nova-mariadb-database.yaml

@@ -1426,7 +1426,7 @@ conf:
       send_service_user_token: true
     libvirt:
       connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock"
-      images_type: raw
+      images_type: rbd
       images_rbd_pool: cinder.volumes.gold
       images_rbd_ceph_conf: /etc/ceph/ceph.conf
       rbd_user: rbd-client

osh/openstack/13-nova/values.yaml

@@ -34,7 +34,7 @@ kubectl --namespace openstack \
 2. Encrypt the generated secrets using kubeseal for enhanced security. Also, create the kustomization.yaml file, ensuring removal of plain text Kubernetes secret resources.
 ```bash
 bash ../../../../tools/kubeseal_secret.sh . ../../../../tools/sealed-secret-tls.crt
-kustomize create --autodetect --recursive --namespace openstack .
+# kustomize create --autodetect --recursive --namespace openstack .
 ```
 **Note:** Make sure you remove plain text Kubernetes secret resources from `kustomization.yaml`
 ```bash

osh/openstack/14-octavia/README.md

@@ -9,6 +9,7 @@ spec:
   # name: data-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   characterSet: utf8
   collate: utf8_general_ci
   retryInterval: 5s
@@ -23,6 +24,7 @@ spec:
   # name: user-custom
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   passwordSecretKeyRef:
     name: octavia-db-password
     key: password
@@ -39,6 +41,7 @@ metadata:
 spec:
   mariaDbRef:
     name: mariadb-galera
+    waitForIt: true
   privileges:
     - "ALL"
   database: "octavia"