Add glance registry config

Author: intlabs

glance/templates/configmap-etc.yaml

@@ -13,5 +13,7 @@ data:
 {{ tuple "etc/_glance-api-paste.ini.tpl" . | include "template" | indent 4 }}
   glance-registry.conf: |+
 {{ tuple "etc/_glance-registry.conf.tpl" . | include "template" | indent 4 }}
+  glance-registry-paste.ini: |+
+{{ tuple "etc/_glance-registry-paste.ini.tpl" . | include "template" | indent 4 }}
   policy.json: |+
 {{ tuple "etc/_policy.json.tpl" . | include "template" | indent 4 }}

glance/templates/deployment-api.yaml

@@ -36,7 +36,7 @@ spec:
           command:
           - glance-api
           - --config-file
-          - /etc/glance/glance-registry.conf
+          - /etc/glance/glance-api.conf
           ports:
             - containerPort: {{ .Values.network.port.api }}
           readinessProbe:

glance/templates/deployment-registry.yaml

@@ -41,6 +41,14 @@ spec:
               mountPath: /etc/glance/glance-registry.conf
               subPath: glance-registry.conf
               readOnly: true
+            - name: glanceregistrypaste
+              mountPath: /etc/glance/glance-registry-paste.ini
+              subPath: glance-registry-paste.ini
+              readOnly: true
+            - name: glancepolicy
+              mountPath: /etc/glance/policy.json
+              subPath: policy.json
+              readOnly: true
       volumes:
         - name: etcglance
           emptyDir: {}

glance/templates/etc/_glance-registry-paste.ini.tpl

@@ -0,0 +1,35 @@
+# Use this pipeline for no auth - DEFAULT
+[pipeline:glance-registry]
+pipeline = healthcheck osprofiler unauthenticated-context registryapp
+
+# Use this pipeline for keystone auth
+[pipeline:glance-registry-keystone]
+pipeline = healthcheck osprofiler authtoken context registryapp
+
+# Use this pipeline for authZ only. This means that the registry will treat a
+# user as authenticated without making requests to keystone to reauthenticate
+# the user.
+[pipeline:glance-registry-trusted-auth]
+pipeline = healthcheck osprofiler context registryapp
+
+[app:registryapp]
+paste.app_factory = glance.registry.api:API.factory
+
+[filter:healthcheck]
+paste.filter_factory = oslo_middleware:Healthcheck.factory
+backends = disable_by_file
+disable_by_file_path = /etc/glance/healthcheck_disable
+
+[filter:context]
+paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
+
+[filter:unauthenticated-context]
+paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
+
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+hmac_keys = SECRET_KEY  #DEPRECATED
+enabled = yes  #DEPRECATED