netapp_nvme with netapp credentials as volume mount

Author: syedhaseebahmed

components/cinder/cinder-volume-netapp.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: cinder-netapp-config
+  namespace: openstack
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: openstack
+  target:
+    name: cinder-netapp-config
+    creationPolicy: Owner
+    deletionPolicy: Delete
+    template:
+      engineVersion: v2
+      data:
+        netapp_nvme.conf: |
+          [netapp_nvme]
+          netapp_login = {{ .netapp_username }}
+          netapp_password = {{ .netapp_password }}
+          netapp_server_hostname = {{ .netapp_host }}
+          netapp_server_port = 443
+          netapp_storage_family = ontap_cluster
+          netapp_storage_protocol = nvme
+          netapp_transport_type = https
+          netapp_use_legacy_client = false
+          netapp_vserver = data-svm1
+          volume_backend_name = netapp_nvme
+          volume_driver = cinder.volume.drivers.netapp.common.NetAppDriver
+  data:
+  - secretKey: netapp_username
+    remoteRef:
+      key: svc-acct-netapp
+      property: username
+  - secretKey: netapp_password
+    remoteRef:
+      key: svc-acct-netapp
+      property: password
+  - secretKey: netapp_host
+    remoteRef:
+      key: svc-acct-netapp
+      property: host

components/cinder/kustomization.yaml

@@ -5,3 +5,4 @@ kind: Kustomization
 resources:
   - cinder-mariadb-db.yaml
   - cinder-rabbitmq-queue.yaml
+  - cinder-volume-netapp.yaml

components/cinder/values.yaml

@@ -5,6 +5,10 @@ conf:
   backends:
     # disable the hardcoded one in the OpenStack Helm values.yaml
     rbd1: null
+  cinder:
+    DEFAULT:
+      enabled_backends: netapp_nvme
+      default_volume_type: netapp_nvme
 
 # typically overridden by environmental
 # values, but should include all endpoints
@@ -56,9 +60,16 @@ pod:
         volumeMounts:
           - mountPath: /var/lib/cinder
             name: var-lib-cinder
+          - mountPath: /etc/cinder/cinder.conf.d/netapp_nvme.conf
+            subPath: netapp_nvme.conf
+            name: volume-backend
+            readOnly: true
         volumes:
           - name: var-lib-cinder
             emptyDir: {}
+          - name: volume-backend
+            secret:
+              secretName: cinder-netapp-config
   lifecycle:
     disruption_budget:
       deployments:

components/openstack/secretstore-openstack.yaml

@@ -26,6 +26,7 @@ rules:
   - watch
   resourceNames:
   - svc-acct-argoworkflow
+  - svc-acct-netapp
 - apiGroups:
   - authorization.k8s.io
   resources: