chore(openstack): create schema and document configuration

Created a schema for the current chart and validated samples we have
against it. Updated a few fields from JSON to YAML to make it consistent
and let my validation test pass. Symlink the schema so that it is able
to be fetched. Added documentation around how to configure this part of
a deployment.

Author: cardoe

components/openstack/templates/mariadb-instance.yaml.tpl

@@ -7,14 +7,16 @@ metadata:
     # do not allow ArgoCD to delete our DB
     argocd.argoproj.io/sync-options: Delete=false
 spec:
-  rootPasswordSecretKeyRef: {{ .Values.mariadb.rootPasswordSecretKeyRef | toJson }}
+  rootPasswordSecretKeyRef:
+{{ toYaml .Values.mariadb.rootPasswordSecretKeyRef | indent 4 }}
 
   # renovate: datasource=docker
   image: docker-registry1.mariadb.com/library/mariadb:11.4.4
   imagePullPolicy: IfNotPresent
 
   port: 3306
-  storage: {{ .Values.mariadb.storage | toJson }}
+  storage:
+{{ toYaml .Values.mariadb.storage | indent 4 }}
   replicas: {{ .Values.mariadb.replicas }}
   service:
     type: ClusterIP

components/openstack/values.schema.json

@@ -0,0 +1,144 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "OpenStack Helm Chart Values",
+  "description": "Schema for OpenStack component values.yaml configuration",
+  "type": "object",
+  "properties": {
+    "mariadb": {
+      "type": "object",
+      "description": "OpenStack mariadb instance settings",
+      "properties": {
+        "rootPasswordSecretKeyRef": {
+          "type": "object",
+          "description": "Root password settings",
+          "properties": {
+            "name": {
+              "type": "string",
+              "description": "Secret name containing the root password"
+            },
+            "key": {
+              "type": "string",
+              "description": "Key within the secret containing the password"
+            },
+            "generate": {
+              "type": "boolean",
+              "description": "Whether to generate the password if it doesn't exist"
+            }
+          },
+          "required": ["name", "key"],
+          "additionalProperties": false
+        },
+        "storage": {
+          "type": "object",
+          "description": "Storage settings",
+          "properties": {
+            "size": {
+              "type": "string",
+              "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$",
+              "description": "Storage size (e.g., 10Gi)"
+            },
+            "resizeInUseVolumes": {
+              "type": "boolean",
+              "description": "Enable resizing volumes while in use"
+            },
+            "waitForVolumeResize": {
+              "type": "boolean",
+              "description": "Wait for volume resize to complete"
+            },
+            "volumeClaimTemplate": {
+              "type": "object",
+              "description": "Volume claim template configuration",
+              "properties": {
+                "storageClassName": {
+                  "type": "string",
+                  "description": "Storage class name for the volume"
+                },
+                "accessModes": {
+                  "type": "array",
+                  "items": {
+                    "type": "string",
+                    "enum": ["ReadWriteOnce", "ReadOnlyMany", "ReadWriteMany"]
+                  },
+                  "description": "Access modes for the volume"
+                },
+                "resources": {
+                  "type": "object",
+                  "properties": {
+                    "requests": {
+                      "type": "object",
+                      "properties": {
+                        "storage": {
+                          "type": "string",
+                          "pattern": "^[0-9]+(Gi|G|Mi|M|Ki|K)$",
+                          "description": "Storage request size"
+                        }
+                      },
+                      "additionalProperties": false
+                    }
+                  },
+                  "additionalProperties": false
+                }
+              },
+              "additionalProperties": false
+            }
+          },
+          "additionalProperties": false
+        },
+        "replicas": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Number of MariaDB replicas (Galera cluster size)"
+        }
+      },
+      "additionalProperties": false
+    },
+    "rabbitmq": {
+      "type": "object",
+      "description": "OpenStack RabbitMQ instance settings",
+      "properties": {
+        "persistence": {
+          "type": "object",
+          "description": "Storage persistence settings",
+          "additionalProperties": true
+        }
+      },
+      "additionalProperties": false
+    },
+    "extraObjects": {
+      "type": "array",
+      "description": "Array of extra Kubernetes manifests to deploy",
+      "items": {
+        "type": "object",
+        "properties": {
+          "apiVersion": {
+            "type": "string",
+            "description": "Kubernetes API version"
+          },
+          "kind": {
+            "type": "string",
+            "description": "Kubernetes resource kind"
+          },
+          "metadata": {
+            "type": "object",
+            "properties": {
+              "name": {
+                "type": "string"
+              },
+              "namespace": {
+                "type": "string"
+              }
+            },
+            "additionalProperties": true
+          },
+          "spec": {
+            "type": "object",
+            "additionalProperties": true
+          }
+        },
+        "required": ["apiVersion", "kind"],
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": false
+}

docs/deploy-guide/config-openstack.md

@@ -0,0 +1,171 @@
+# Configuring OpenStack (Shared)
+
+The `openstack` component provides shared infrastructure and prerequisites for all OpenStack services in UnderStack. This includes database, messaging, and common resources needed by individual OpenStack services like Keystone, Nova, Neutron, and Ironic.
+
+## Overview
+
+The OpenStack component is a Helm chart that creates:
+
+- **MariaDB cluster** - Primary database for OpenStack services
+- **RabbitMQ cluster** - Message broker for OpenStack communication
+- **Shared secrets and credentials** - Common authentication resources
+- **Kubernetes Service accounts** - Kubernetes RBAC for workflow automation
+- **External secret stores** - Integration with external secret management
+
+## Configuration
+
+Configure the OpenStack component by editing `$DEPLOY_NAME/helm-configs/openstack.yaml` in your deployment repository.
+
+### MariaDB Database Configuration
+
+The MariaDB cluster provides the primary database for OpenStack services:
+
+```yaml
+mariadb:
+  # Root password configuration
+  rootPasswordSecretKeyRef:
+    name: mariadb
+    key: root-password
+    generate: true  # Auto-generate if not provided
+
+  # Storage configuration
+  storage:
+    size: 10Gi
+    resizeInUseVolumes: true
+    waitForVolumeResize: true
+    volumeClaimTemplate:
+      storageClassName: ceph-block-single
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 10Gi
+
+  # Enable Galera cluster with 3 replicas for HA
+  replicas: 3
+```
+
+#### Storage Considerations
+
+- **Size**: Start with 10Gi minimum, scale based on your deployment size
+- **Storage Class**: Use your cluster's high-performance storage class
+- **Replicas**: 3 replicas provide high availability via Galera clustering
+- **Resize**: Enable volume resizing for future scaling needs
+
+### RabbitMQ Message Broker Configuration
+
+RabbitMQ handles inter-service communication for OpenStack:
+
+```yaml
+rabbitmq:
+  # Configure persistent storage for message queues
+  persistence:
+    enabled: true
+    size: 8Gi
+    storageClassName: ceph-block-single
+```
+
+### Additional Kubernetes Resources
+
+Use `extraObjects` to deploy additional Kubernetes manifests alongside the OpenStack component:
+
+```yaml
+extraObjects:
+  - apiVersion: external-secrets.io/v1beta1
+    kind: ExternalSecret
+    metadata:
+      name: openstack-credentials
+    spec:
+      secretStoreRef:
+        kind: ClusterSecretStore
+        name: vault-backend
+      target:
+        name: openstack-admin-credentials
+      dataFrom:
+        - extract:
+            key: openstack/admin
+```
+
+## Integration with OpenStack Services
+
+Individual OpenStack services (Keystone, Nova, Neutron, etc.) depend on resources created by this component:
+
+- **Database**: Each service gets dedicated MariaDB databases
+- **Messaging**: Services connect to the shared RabbitMQ cluster
+- **Secrets**: Common credentials are managed centrally
+- **Kubernetes Service Accounts**: Argo Workflows automation uses shared service accounts
+
+## Security Considerations
+
+### Secret Management
+
+- Use External Secrets Operator for production deployments
+- Rotate database and RabbitMQ credentials regularly
+- Ensure proper RBAC for service accounts
+
+### Network Security
+
+- Configure network policies to restrict inter-pod communication
+- Use TLS for all database and message broker connections
+- Isolate OpenStack traffic using Kubernetes namespaces
+
+## Monitoring and Observability
+
+The OpenStack component integrates with cluster monitoring:
+
+```yaml
+# Enable monitoring for MariaDB
+mariadb:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+
+# Enable monitoring for RabbitMQ
+rabbitmq:
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+```
+
+## Troubleshooting
+
+### Database Connection Issues
+
+If OpenStack services can't connect to MariaDB:
+
+1. Check MariaDB pod status: `kubectl get pods -l app=mariadb`
+2. Verify service endpoints: `kubectl get endpoints mariadb`
+3. Test connectivity from a service pod: `kubectl exec -it <pod> -- mysql -h mariadb -u root -p`
+
+### Message Queue Problems
+
+For RabbitMQ connectivity issues:
+
+1. Check RabbitMQ cluster status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl cluster_status`
+2. Verify queue status: `kubectl exec -it rabbitmq-0 -- rabbitmqctl list_queues`
+3. Check service connectivity: `kubectl get svc rabbitmq`
+
+### Resource Scaling
+
+To scale the database cluster:
+
+```yaml
+mariadb:
+  replicas: 5  # Scale to 5 nodes
+  storage:
+    size: 50Gi  # Increase storage per node
+```
+
+Apply changes and monitor the scaling process:
+
+```bash
+kubectl get pods -l app=mariadb -w
+```
+
+## Related Documentation
+
+- [Component Configuration](./component-config.md) - General component configuration patterns
+- [Override OpenStack Service Config](./override-openstack-svc-config.md) - Service-specific configuration overrides
+- [Deploy Repo](./deploy-repo.md) - Deployment repository structure

docs/schema/component-openstack.schema.json

@@ -0,0 +1 @@
+../../components/openstack/values.schema.json

mkdocs.yml

@@ -130,6 +130,7 @@ nav:
       - deploy-guide/deploy-repo.md
       - deploy-guide/component-config.md
       - deploy-guide/config-dex.md
+      - deploy-guide/config-openstack.md
       - deploy-guide/auth.md
       - deploy-guide/config-argo-workflows.md
     - Starting the Deployment: