add compute-kit to openstack umbrella chart
ADD: include new charts to the umbrella chart for comprehensive deployment of openstack-helm. * openvswitch * libvirt * neutron * nova * placement Change-Id: I78d1c7c629024c3f9530239dff9f8eb9da598764
This commit is contained in:
parent
8d5ddc9035
commit
2e5b7f9cb7
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Neutron
|
description: OpenStack-Helm Neutron
|
||||||
name: neutron
|
name: neutron
|
||||||
version: 0.2.17
|
version: 0.2.18
|
||||||
home: https://docs.openstack.org/neutron/latest/
|
home: https://docs.openstack.org/neutron/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -12,6 +12,12 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if (.Values.global).subchart_release_name }}
|
||||||
|
{{- $_ := set . "deployment_name" .Chart.Name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $_ := set . "deployment_name" .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- define "neutron.configmap.etc" }}
|
{{- define "neutron.configmap.etc" }}
|
||||||
{{- $configMapName := index . 0 }}
|
{{- $configMapName := index . 0 }}
|
||||||
{{- $envAll := index . 1 }}
|
{{- $envAll := index . 1 }}
|
||||||
@ -161,7 +167,7 @@ just set it along with nova_metadata_host.
|
|||||||
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
|
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
|
||||||
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
||||||
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
|
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
|
||||||
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
|
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
|
||||||
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
|
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if (.Values.global).subchart_release_name }}
|
||||||
|
{{- $_ := set . "deployment_name" .Chart.Name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $_ := set . "deployment_name" .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- if .Values.manifests.pod_rally_test }}
|
{{- if .Values.manifests.pod_rally_test }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
|
||||||
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
|
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
|
||||||
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
|
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
|
||||||
|
|
||||||
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
{{- $serviceAccountName := print .deployment_name "-test" }}
|
||||||
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ print $envAll.Release.Name "-test" }}
|
name: {{ print .deployment_name "-test" }}
|
||||||
annotations:
|
annotations:
|
||||||
"helm.sh/hook": test-success
|
"helm.sh/hook": test-success
|
||||||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||||
@ -66,7 +72,7 @@ spec:
|
|||||||
- name: SERVICE_OS_ROLE
|
- name: SERVICE_OS_ROLE
|
||||||
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
|
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
|
||||||
{{ if $envAll.Values.conf.rally_tests.force_project_purge }}
|
{{ if $envAll.Values.conf.rally_tests.force_project_purge }}
|
||||||
- name: {{ .Release.Name }}-reset
|
- name: {{ .deployment_name }}-reset
|
||||||
{{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }}
|
{{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }}
|
||||||
env:
|
env:
|
||||||
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
|
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
|
||||||
|
@ -14,7 +14,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Nova
|
description: OpenStack-Helm Nova
|
||||||
name: nova
|
name: nova
|
||||||
version: 0.2.39
|
version: 0.2.40
|
||||||
home: https://docs.openstack.org/nova/latest/
|
home: https://docs.openstack.org/nova/latest/
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -11,6 +11,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
{{- if (.Values.global).subchart_release_name }}
|
||||||
|
{{- $_ := set . "deployment_name" .Chart.Name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $_ := set . "deployment_name" .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- define "nova.configmap.etc" }}
|
{{- define "nova.configmap.etc" }}
|
||||||
{{- $configMapName := index . 0 }}
|
{{- $configMapName := index . 0 }}
|
||||||
@ -242,7 +247,7 @@ limitations under the License.
|
|||||||
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
|
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
|
||||||
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
|
||||||
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
|
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
|
||||||
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
|
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
|
||||||
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
|
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/}}
|
*/}}
|
||||||
|
|
||||||
|
{{- if (.Values.global).subchart_release_name }}
|
||||||
|
{{- $_ := set . "deployment_name" .Chart.Name }}
|
||||||
|
{{- else }}
|
||||||
|
{{- $_ := set . "deployment_name" .Release.Name }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- if .Values.manifests.pod_rally_test }}
|
{{- if .Values.manifests.pod_rally_test }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
|
||||||
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
|
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
|
||||||
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
|
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
|
||||||
|
|
||||||
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
|
||||||
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ print $envAll.Release.Name "-test" }}
|
name: {{ print $envAll.deployment_name "-test" }}
|
||||||
labels:
|
labels:
|
||||||
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
||||||
annotations:
|
annotations:
|
||||||
@ -77,7 +83,7 @@ spec:
|
|||||||
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
|
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: RALLY_ENV_NAME
|
- name: RALLY_ENV_NAME
|
||||||
value: {{.Release.Name}}
|
value: {{.deployment_name}}
|
||||||
command:
|
command:
|
||||||
- /tmp/rally-test.sh
|
- /tmp/rally-test.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
@ -4,28 +4,55 @@ dependencies:
|
|||||||
- name: helm-toolkit
|
- name: helm-toolkit
|
||||||
repository: file://../../openstack-helm-infra/helm-toolkit
|
repository: file://../../openstack-helm-infra/helm-toolkit
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: helm-toolkit.enabled
|
||||||
- name: mariadb
|
- name: mariadb
|
||||||
repository: file://../../openstack-helm-infra/mariadb
|
repository: file://../../openstack-helm-infra/mariadb
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: mariadb.enabled
|
||||||
- name: rabbitmq
|
- name: rabbitmq
|
||||||
repository: file://../../openstack-helm-infra/rabbitmq
|
repository: file://../../openstack-helm-infra/rabbitmq
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: rabbitmq.enabled
|
||||||
- name: memcached
|
- name: memcached
|
||||||
repository: file://../../openstack-helm-infra/memcached
|
repository: file://../../openstack-helm-infra/memcached
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: memcached.enabled
|
||||||
- name: keystone
|
- name: keystone
|
||||||
repository: file://../keystone
|
repository: file://../keystone
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: keystone.enabled
|
||||||
- name: heat
|
- name: heat
|
||||||
repository: file://../heat
|
repository: file://../heat
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: heat.enabled
|
||||||
- name: glance
|
- name: glance
|
||||||
repository: file://../glance
|
repository: file://../glance
|
||||||
version: ">0.1.0"
|
version: ">0.1.0"
|
||||||
|
condition: glance.enabled
|
||||||
|
- name: openvswitch
|
||||||
|
repository: file://../../openstack-helm-infra/openvswitch
|
||||||
|
version: ">0.1.0"
|
||||||
|
condition: openvswitch.enabled
|
||||||
|
- name: libvirt
|
||||||
|
repository: file://../../openstack-helm-infra/libvirt
|
||||||
|
version: ">0.1.0"
|
||||||
|
condition: libvirt.enabled
|
||||||
|
- name: nova
|
||||||
|
repository: file://../nova
|
||||||
|
version: ">0.1.0"
|
||||||
|
condition: nova.enabled
|
||||||
|
- name: placement
|
||||||
|
repository: file://../placement
|
||||||
|
version: ">0.1.0"
|
||||||
|
condition: placement.enabled
|
||||||
|
- name: neutron
|
||||||
|
repository: file://../neutron
|
||||||
|
version: ">0.1.0"
|
||||||
|
condition: neutron.enabled
|
||||||
|
|
||||||
description: A chart for openstack helm commmon deployment items
|
description: A chart for openstack helm commmon deployment items
|
||||||
name: openstack
|
name: openstack
|
||||||
type: application
|
type: application
|
||||||
version: 0.1.0
|
version: 0.1.1
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: OpenStack-Helm Authors
|
- name: OpenStack-Helm Authors
|
||||||
|
1
openstack/charts/libvirt
Symbolic link
1
openstack/charts/libvirt
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../../openstack-helm-infra/libvirt/
|
1
openstack/charts/neutron
Symbolic link
1
openstack/charts/neutron
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../neutron/
|
1
openstack/charts/nova
Symbolic link
1
openstack/charts/nova
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../nova/
|
1
openstack/charts/openvswitch
Symbolic link
1
openstack/charts/openvswitch
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../../openstack-helm-infra/openvswitch/
|
1
openstack/charts/placement
Symbolic link
1
openstack/charts/placement
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../placement/
|
@ -1,7 +1,12 @@
|
|||||||
---
|
|
||||||
# default values for openstack umbrella chart
|
# default values for openstack umbrella chart
|
||||||
# Global overrides for subcharts
|
# Global overrides for subcharts
|
||||||
|
|
||||||
|
# note(v-dspecker): helm3_hook must be disabled
|
||||||
|
# There is a cyclic dependency otherwise. For example, libvirt-default ->
|
||||||
|
# nuetron-ovs-agent-default -> neutron-server -> neutron-ks-user.
|
||||||
|
# Since libvirt-default is deployed during install phase, neutron-ks-user must also
|
||||||
|
# be installed during install phase instead of post-install phase.
|
||||||
|
|
||||||
global:
|
global:
|
||||||
subchart_release_name: true
|
subchart_release_name: true
|
||||||
|
|
||||||
@ -9,6 +14,7 @@ helm-toolkit:
|
|||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
rabbitmq:
|
rabbitmq:
|
||||||
|
release_group: rabbitmq
|
||||||
enabled: true
|
enabled: true
|
||||||
volume:
|
volume:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -17,6 +23,7 @@ rabbitmq:
|
|||||||
server: 1
|
server: 1
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
|
release_group: mariadb
|
||||||
enabled: true
|
enabled: true
|
||||||
pod:
|
pod:
|
||||||
replicas:
|
replicas:
|
||||||
@ -27,16 +34,46 @@ mariadb:
|
|||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
memcached:
|
memcached:
|
||||||
|
release_group: memcached
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
keystone:
|
keystone:
|
||||||
|
release_group: keystone
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
heat:
|
heat:
|
||||||
|
release_group: heat
|
||||||
enabled: true
|
enabled: true
|
||||||
|
helm3_hook: false
|
||||||
|
|
||||||
glance:
|
glance:
|
||||||
|
release_group: glance
|
||||||
enabled: true
|
enabled: true
|
||||||
storage: pvc
|
helm3_hook: false
|
||||||
volume:
|
|
||||||
class_name: standard
|
openvswitch:
|
||||||
|
release_group: openvswitch
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
libvirt:
|
||||||
|
release_group: libvirt
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
nova:
|
||||||
|
release_group: nova
|
||||||
|
enabled: true
|
||||||
|
helm3_hook: false
|
||||||
|
|
||||||
|
placement:
|
||||||
|
release_group: placement
|
||||||
|
enabled: true
|
||||||
|
helm3_hook: false
|
||||||
|
|
||||||
|
neutron:
|
||||||
|
release_group: neutron
|
||||||
|
enabled: true
|
||||||
|
helm3_hook: false
|
||||||
|
conf:
|
||||||
|
auto_bridge_add:
|
||||||
|
# no idea why, but something with sub-charts and null values get ommitted entirely from sub chart
|
||||||
|
br-ex: "null"
|
||||||
|
8
openstack/values_overrides/libvirt/apparmor.yaml
Normal file
8
openstack/values_overrides/libvirt/apparmor.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
libvirt-libvirt-default:
|
||||||
|
libvirt: runtime/default
|
||||||
|
...
|
@ -0,0 +1,17 @@
|
|||||||
|
# Note: This yaml file serves as an example for overriding the manifest
|
||||||
|
# to enable additional externally managed Ceph Cinder backend. When additional
|
||||||
|
# externally managed Ceph Cinder backend is provisioned as shown in
|
||||||
|
# cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm,
|
||||||
|
# below override is needed to store the secret key of the cinder user in
|
||||||
|
# libvirt.
|
||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
conf:
|
||||||
|
ceph:
|
||||||
|
cinder:
|
||||||
|
external_ceph:
|
||||||
|
enabled: true
|
||||||
|
user: cinder2
|
||||||
|
secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74
|
||||||
|
user_secret_name: cinder-volume-external-rbd-keyring
|
||||||
|
...
|
5
openstack/values_overrides/libvirt/netpol.yaml
Normal file
5
openstack/values_overrides/libvirt/netpol.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
manifests:
|
||||||
|
network_policy: true
|
||||||
|
...
|
8
openstack/values_overrides/libvirt/ssl.yaml
Normal file
8
openstack/values_overrides/libvirt/ssl.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
conf:
|
||||||
|
libvirt:
|
||||||
|
listen_tcp: "0"
|
||||||
|
listen_tls: "1"
|
||||||
|
listen_addr: 0.0.0.0
|
||||||
|
...
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
|
||||||
|
...
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
libvirt:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
|
||||||
|
...
|
42
openstack/values_overrides/neutron/apparmor.yaml
Normal file
42
openstack/values_overrides/neutron/apparmor.yaml
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
neutron-dhcp-agent-default:
|
||||||
|
neutron-dhcp-agent: runtime/default
|
||||||
|
neutron-dhcp-agent-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-l3-agent-default:
|
||||||
|
neutron-l3-agent: runtime/default
|
||||||
|
neutron-l3-agent-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-lb-agent-default:
|
||||||
|
neutron-lb-agent-default: runtime/default
|
||||||
|
neutron-metadata-agent-default:
|
||||||
|
neutron-metadata-agent: runtime/default
|
||||||
|
neutron-metadata-agent-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-ovs-agent-default:
|
||||||
|
neutron-ovs-agent: runtime/default
|
||||||
|
neutron-openvswitch-agent-kernel-modules: runtime/default
|
||||||
|
neutron-ovs-agent-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-sriov-agent-default:
|
||||||
|
neutron-sriov-agent: runtime/default
|
||||||
|
neutron-sriov-agent-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-netns-cleanup-cron-default:
|
||||||
|
neutron-netns-cleanup-cron: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
neutron-server:
|
||||||
|
neutron-server: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nginx: runtime/default
|
||||||
|
neutron-test:
|
||||||
|
init: runtime/default
|
||||||
|
neutron-test: runtime/default
|
||||||
|
neutron-test-ks-user: runtime/default
|
||||||
|
manifests:
|
||||||
|
certificates: true
|
||||||
|
...
|
33
openstack/values_overrides/neutron/dpdk-bond.yaml
Normal file
33
openstack/values_overrides/neutron/dpdk-bond.yaml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
network:
|
||||||
|
interface:
|
||||||
|
tunnel: br-phy-bond0
|
||||||
|
conf:
|
||||||
|
plugins:
|
||||||
|
openvswitch_agent:
|
||||||
|
agent:
|
||||||
|
tunnel_types: vxlan
|
||||||
|
ovs:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
datapath_type: netdev
|
||||||
|
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
|
||||||
|
ovs_dpdk:
|
||||||
|
enabled: true
|
||||||
|
driver: uio_pci_generic
|
||||||
|
nics: []
|
||||||
|
bonds:
|
||||||
|
# CHANGE-ME: modify below parameters according to your hardware
|
||||||
|
- name: dpdkbond0
|
||||||
|
bridge: br-phy-bond0
|
||||||
|
# The IP from the first nic in nics list shall be used
|
||||||
|
migrate_ip: true
|
||||||
|
ovs_options: "bond_mode=active-backup"
|
||||||
|
nics:
|
||||||
|
- name: dpdk_b0s0
|
||||||
|
pci_id: '0000:00:05.0'
|
||||||
|
- name: dpdk_b0s1
|
||||||
|
pci_id: '0000:00:06.0'
|
||||||
|
bridges:
|
||||||
|
- name: br-phy-bond0
|
||||||
|
...
|
27
openstack/values_overrides/neutron/dpdk.yaml
Normal file
27
openstack/values_overrides/neutron/dpdk.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
network:
|
||||||
|
interface:
|
||||||
|
tunnel: br-phy
|
||||||
|
conf:
|
||||||
|
plugins:
|
||||||
|
openvswitch_agent:
|
||||||
|
agent:
|
||||||
|
tunnel_types: vxlan
|
||||||
|
ovs:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
datapath_type: netdev
|
||||||
|
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
|
||||||
|
ovs_dpdk:
|
||||||
|
enabled: true
|
||||||
|
driver: uio_pci_generic
|
||||||
|
nics:
|
||||||
|
# CHANGE-ME: modify pci_id according to your hardware
|
||||||
|
- name: dpdk0
|
||||||
|
pci_id: '0000:05:00.0'
|
||||||
|
bridge: br-phy
|
||||||
|
migrate_ip: true
|
||||||
|
bridges:
|
||||||
|
- name: br-phy
|
||||||
|
bonds: []
|
||||||
|
...
|
25
openstack/values_overrides/neutron/gate.yaml
Normal file
25
openstack/values_overrides/neutron/gate.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
network:
|
||||||
|
interface:
|
||||||
|
tunnel: docker0
|
||||||
|
conf:
|
||||||
|
neutron:
|
||||||
|
DEFAULT:
|
||||||
|
l3_ha: False
|
||||||
|
max_l3_agents_per_router: 1
|
||||||
|
l3_ha_network_type: vxlan
|
||||||
|
dhcp_agents_per_network: 1
|
||||||
|
plugins:
|
||||||
|
ml2_conf:
|
||||||
|
ml2_type_flat:
|
||||||
|
flat_networks: public
|
||||||
|
openvswitch_agent:
|
||||||
|
agent:
|
||||||
|
tunnel_types: vxlan
|
||||||
|
ovs:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
linuxbridge_agent:
|
||||||
|
linux_bridge:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
...
|
14
openstack/values_overrides/neutron/netpol.yaml
Normal file
14
openstack/values_overrides/neutron/netpol.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
manifests:
|
||||||
|
network_policy: true
|
||||||
|
network_policy:
|
||||||
|
neutron:
|
||||||
|
egress:
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
cidr: %%%REPLACE_API_ADDR%%%/32
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: %%%REPLACE_API_PORT%%%
|
||||||
|
...
|
@ -0,0 +1,97 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
network:
|
||||||
|
interface:
|
||||||
|
sriov:
|
||||||
|
- device: enp3s0f0
|
||||||
|
num_vfs: 32
|
||||||
|
promisc: false
|
||||||
|
- device: enp66s0f1
|
||||||
|
num_vfs: 32
|
||||||
|
promisc: false
|
||||||
|
tunnel: br-phy-bond0
|
||||||
|
backend:
|
||||||
|
- openvswitch
|
||||||
|
- sriov
|
||||||
|
conf:
|
||||||
|
auto_bridge_add:
|
||||||
|
br-ex: null
|
||||||
|
neutron:
|
||||||
|
DEFAULT:
|
||||||
|
l3_ha: False
|
||||||
|
max_l3_agents_per_router: 1
|
||||||
|
l3_ha_network_type: vxlan
|
||||||
|
dhcp_agents_per_network: 1
|
||||||
|
service_plugins: router
|
||||||
|
plugins:
|
||||||
|
ml2_conf:
|
||||||
|
ml2:
|
||||||
|
mechanism_drivers: l2population,openvswitch,sriovnicswitch
|
||||||
|
type_drivers: vlan,flat,vxlan
|
||||||
|
tenant_network_types: vxlan
|
||||||
|
ml2_type_flat:
|
||||||
|
flat_networks: public
|
||||||
|
ml2_type_vlan:
|
||||||
|
network_vlan_ranges: ovsnet:2:4094,sriovnet1:100:4000,sriovnet2:100:4000
|
||||||
|
openvswitch_agent:
|
||||||
|
default:
|
||||||
|
ovs_vsctl_timeout: 30
|
||||||
|
agent:
|
||||||
|
tunnel_types: vxlan
|
||||||
|
securitygroup:
|
||||||
|
enable_security_group: False
|
||||||
|
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
|
||||||
|
ovs:
|
||||||
|
bridge_mappings: public:br-ex,ovsnet:br-phy-bond0
|
||||||
|
datapath_type: netdev
|
||||||
|
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
|
||||||
|
of_connect_timeout: 60
|
||||||
|
of_request_timeout: 30
|
||||||
|
sriov_agent:
|
||||||
|
securitygroup:
|
||||||
|
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
|
||||||
|
sriov_nic:
|
||||||
|
physical_device_mappings: sriovnet1:enp3s0f0,sriovnet2:enp66s0f1
|
||||||
|
exclude_devices: enp3s0f0:0000:00:05.1,enp66s0f1:0000:00:06.1
|
||||||
|
ovs_dpdk:
|
||||||
|
enabled: true
|
||||||
|
driver: uio_pci_generic
|
||||||
|
nics: []
|
||||||
|
bonds:
|
||||||
|
# CHANGE-ME: modify below parameters according to your hardware
|
||||||
|
- name: dpdkbond0
|
||||||
|
bridge: br-phy-bond0
|
||||||
|
mtu: 9000
|
||||||
|
# The IP from the first nic in nics list shall be used
|
||||||
|
migrate_ip: true
|
||||||
|
n_rxq: 2
|
||||||
|
n_rxq_size: 1024
|
||||||
|
n_txq_size: 1024
|
||||||
|
ovs_options: "bond_mode=active-backup"
|
||||||
|
nics:
|
||||||
|
- name: dpdk_b0s0
|
||||||
|
pci_id: '0000:00:05.0'
|
||||||
|
vf_index: 0
|
||||||
|
- name: dpdk_b0s1
|
||||||
|
pci_id: '0000:00:06.0'
|
||||||
|
vf_index: 0
|
||||||
|
bridges:
|
||||||
|
- name: br-phy-bond0
|
||||||
|
modules:
|
||||||
|
- name: dpdk
|
||||||
|
log_level: info
|
||||||
|
|
||||||
|
# In case of shared profile (sriov + ovs-dpdk), sriov agent should finish
|
||||||
|
# first so as to let it configure the SRIOV VFs before ovs-agent tries to
|
||||||
|
# bind it with DPDK driver.
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
targeted:
|
||||||
|
openvswitch:
|
||||||
|
ovs_agent:
|
||||||
|
pod:
|
||||||
|
- requireSameNode: true
|
||||||
|
labels:
|
||||||
|
application: neutron
|
||||||
|
component: neutron-sriov-agent
|
||||||
|
...
|
71
openstack/values_overrides/neutron/tf.yaml
Normal file
71
openstack/values_overrides/neutron/tf.yaml
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
tf_neutron_init: opencontrailnightly/contrail-openstack-neutron-init:master-latest
|
||||||
|
labels:
|
||||||
|
job:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
server:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
test:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
network:
|
||||||
|
backend:
|
||||||
|
- tungstenfabric
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
targeted:
|
||||||
|
tungstenfabric:
|
||||||
|
server:
|
||||||
|
daemonset: []
|
||||||
|
conf:
|
||||||
|
openstack_version: queens
|
||||||
|
neutron:
|
||||||
|
DEFAULT:
|
||||||
|
core_plugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
|
||||||
|
service_plugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
|
||||||
|
l3_ha: False
|
||||||
|
api_extensions_path: /opt/plugin/site-packages/neutron_plugin_contrail/extensions:/opt/plugin/site-packages/neutron_lbaas/extensions
|
||||||
|
interface_driver: null
|
||||||
|
quotas:
|
||||||
|
quota_driver: neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
|
||||||
|
plugins:
|
||||||
|
tungstenfabric:
|
||||||
|
APISERVER:
|
||||||
|
api_server_ip: config-api-server.tungsten-fabric.svc.cluster.local
|
||||||
|
api_server_port: 8082
|
||||||
|
contrail_extensions: "ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None"
|
||||||
|
multi_tenancy: True
|
||||||
|
KEYSTONE:
|
||||||
|
insecure: True
|
||||||
|
tf_vnc_api_lib:
|
||||||
|
global:
|
||||||
|
WEB_SERVER: config-api-server.tungsten-fabric.svc.cluster.local
|
||||||
|
WEB_PORT: 8082
|
||||||
|
auth:
|
||||||
|
AUTHN_TYPE: keystone
|
||||||
|
AUTHN_PROTOCOL: http
|
||||||
|
AUTHN_URL: /v3/auth/tokens
|
||||||
|
manifests:
|
||||||
|
daemonset_dhcp_agent: false
|
||||||
|
daemonset_l3_agent: false
|
||||||
|
daemonset_lb_agent: false
|
||||||
|
daemonset_metadata_agent: false
|
||||||
|
daemonset_ovs_agent: false
|
||||||
|
daemonset_sriov_agent: false
|
||||||
|
pod_rally_test: false
|
||||||
|
pod:
|
||||||
|
mounts:
|
||||||
|
neutron_db_sync:
|
||||||
|
neutron_db_sync:
|
||||||
|
volumeMounts:
|
||||||
|
- name: db-sync-conf
|
||||||
|
mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
|
||||||
|
subPath: tf_plugin.ini
|
||||||
|
readOnly: true
|
||||||
|
volumes:
|
||||||
|
...
|
142
openstack/values_overrides/neutron/tls.yaml
Normal file
142
openstack/values_overrides/neutron/tls.yaml
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
nginx: docker.io/nginx:1.18.0
|
||||||
|
network:
|
||||||
|
server:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
||||||
|
pod:
|
||||||
|
security_context:
|
||||||
|
neutron_server:
|
||||||
|
pod:
|
||||||
|
runAsUser: 0
|
||||||
|
container:
|
||||||
|
neutron_server:
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
resources:
|
||||||
|
nginx:
|
||||||
|
requests:
|
||||||
|
memory: "128Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "1024Mi"
|
||||||
|
cpu: "2000m"
|
||||||
|
conf:
|
||||||
|
nginx: |
|
||||||
|
worker_processes 1;
|
||||||
|
daemon off;
|
||||||
|
user nginx;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
keepalive_timeout 65s;
|
||||||
|
tcp_nodelay on;
|
||||||
|
|
||||||
|
log_format main '[nginx] method=$request_method path=$request_uri '
|
||||||
|
'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
|
||||||
|
'"$remote_user" "$http_referer" "$http_user_agent"';
|
||||||
|
|
||||||
|
access_log /dev/stdout main;
|
||||||
|
|
||||||
|
upstream websocket {
|
||||||
|
server 127.0.0.1:$PORT;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
|
||||||
|
listen $POD_IP:$PORT ssl;
|
||||||
|
|
||||||
|
client_max_body_size 0;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/certs/tls.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/certs/tls.key;
|
||||||
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass_request_headers on;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_pass http://websocket;
|
||||||
|
proxy_read_timeout 90;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
neutron:
|
||||||
|
DEFAULT:
|
||||||
|
bind_host: 127.0.0.1
|
||||||
|
nova:
|
||||||
|
cafile: /etc/neutron/certs/ca.crt
|
||||||
|
keystone_authtoken:
|
||||||
|
cafile: /etc/neutron/certs/ca.crt
|
||||||
|
oslo_messaging_rabbit:
|
||||||
|
ssl: true
|
||||||
|
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||||
|
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||||
|
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||||
|
metadata_agent:
|
||||||
|
DEFAULT:
|
||||||
|
auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
nova_metadata_port: 443
|
||||||
|
nova_metadata_protocol: https
|
||||||
|
endpoints:
|
||||||
|
compute:
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
compute_metadata:
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
metadata:
|
||||||
|
public: 443
|
||||||
|
identity:
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
neutron:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
nova:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
test:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 443
|
||||||
|
network:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: neutron-tls-server
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
ingress:
|
||||||
|
port:
|
||||||
|
ingress:
|
||||||
|
default: 443
|
||||||
|
oslo_messaging:
|
||||||
|
port:
|
||||||
|
https:
|
||||||
|
default: 15680
|
||||||
|
manifests:
|
||||||
|
certificates: true
|
||||||
|
...
|
21
openstack/values_overrides/neutron/train-ubuntu_bionic.yaml
Normal file
21
openstack/values_overrides/neutron/train-ubuntu_bionic.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
neutron_db_sync: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_dhcp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_l3: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_l2gw: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_metadata: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_rpc_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
|
||||||
|
...
|
21
openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml
Normal file
21
openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
neutron_db_sync: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_dhcp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_l3: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_l2gw: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_metadata: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_rpc_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
|
||||||
|
...
|
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
neutron_db_sync: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_dhcp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_l3: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_l2gw: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_metadata: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_rpc_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
|
||||||
|
...
|
21
openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml
Normal file
21
openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
neutron:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
neutron_db_sync: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_dhcp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_l3: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_l2gw: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_metadata: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_rpc_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
|
||||||
|
...
|
37
openstack/values_overrides/nova/apparmor.yaml
Normal file
37
openstack/values_overrides/nova/apparmor.yaml
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
nova-compute-default:
|
||||||
|
nova-compute: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-compute-init: runtime/default
|
||||||
|
nova-compute-vnc-init: runtime/default
|
||||||
|
nova-api-metadata:
|
||||||
|
nova-api-metadata-init: runtime/default
|
||||||
|
nova-api: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-api-osapi:
|
||||||
|
nova-osapi: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-conductor:
|
||||||
|
nova-conductor: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-novncproxy:
|
||||||
|
nova-novncproxy: runtime/default
|
||||||
|
nova-novncproxy-init-assets: runtime/default
|
||||||
|
nova-novncproxy-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-scheduler:
|
||||||
|
nova-scheduler: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-cell-setup:
|
||||||
|
nova-cell-setup: runtime/default
|
||||||
|
nova-cell-setup-init: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
nova-test:
|
||||||
|
init: runtime/default
|
||||||
|
nova-test: runtime/default
|
||||||
|
nova-test-ks-user: runtime/default
|
||||||
|
...
|
23
openstack/values_overrides/nova/cntt.yaml
Normal file
23
openstack/values_overrides/nova/cntt.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
---
|
||||||
|
nova:
|
||||||
|
conf:
|
||||||
|
nova:
|
||||||
|
DEFAULT:
|
||||||
|
reserved_huge_pages:
|
||||||
|
type: multistring
|
||||||
|
values:
|
||||||
|
- node:0,size:1GB,count:4
|
||||||
|
- node:1,size:1GB,count:4
|
||||||
|
reserved_host_memory_mb: 512
|
||||||
|
...
|
18
openstack/values_overrides/nova/netpol.yaml
Normal file
18
openstack/values_overrides/nova/netpol.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
manifests:
|
||||||
|
network_policy: true
|
||||||
|
network_policy:
|
||||||
|
nova:
|
||||||
|
egress:
|
||||||
|
- to:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
application: nova
|
||||||
|
- to:
|
||||||
|
- ipBlock:
|
||||||
|
cidr: %%%REPLACE_API_ADDR%%%/32
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: %%%REPLACE_API_PORT%%%
|
||||||
|
...
|
27
openstack/values_overrides/nova/opensuse_15.yaml
Normal file
27
openstack/values_overrides/nova/opensuse_15.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
conf:
|
||||||
|
software:
|
||||||
|
apache2:
|
||||||
|
binary: apache2ctl
|
||||||
|
start_parameters: -DFOREGROUND -k start
|
||||||
|
site_dir: /etc/apache2/vhosts.d
|
||||||
|
conf_dir: /etc/apache2/conf.d
|
||||||
|
a2enmod:
|
||||||
|
- version
|
||||||
|
security: |
|
||||||
|
<Directory "/var/www">
|
||||||
|
Options Indexes FollowSymLinks
|
||||||
|
AllowOverride All
|
||||||
|
<IfModule !mod_access_compat.c>
|
||||||
|
Require all granted
|
||||||
|
</IfModule>
|
||||||
|
<IfModule mod_access_compat.c>
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</IfModule>
|
||||||
|
</Directory>
|
||||||
|
nova:
|
||||||
|
DEFAULT:
|
||||||
|
mkisofs_cmd: mkisofs
|
||||||
|
...
|
36
openstack/values_overrides/nova/ssh.yaml
Normal file
36
openstack/values_overrides/nova/ssh.yaml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
network:
|
||||||
|
ssh:
|
||||||
|
enabled: true
|
||||||
|
public_key: |
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
|
||||||
|
private_key: |
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
|
||||||
|
YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
|
||||||
|
acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
|
||||||
|
xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
|
||||||
|
sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
|
||||||
|
mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
|
||||||
|
Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
|
||||||
|
wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
|
||||||
|
ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
|
||||||
|
YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
|
||||||
|
b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
|
||||||
|
942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
|
||||||
|
P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
|
||||||
|
MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
|
||||||
|
h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
|
||||||
|
xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
|
||||||
|
WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
|
||||||
|
qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
|
||||||
|
Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
|
||||||
|
Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
|
||||||
|
sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
|
||||||
|
K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
|
||||||
|
PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
|
||||||
|
2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
|
||||||
|
UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
...
|
79
openstack/values_overrides/nova/tf.yaml
Normal file
79
openstack/values_overrides/nova/tf.yaml
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
tf_compute_init: opencontrailnightly/contrail-openstack-compute-init:master-latest
|
||||||
|
conf:
|
||||||
|
nova:
|
||||||
|
libvirt:
|
||||||
|
virt_type: qemu
|
||||||
|
cpu_mode: host-model
|
||||||
|
agent:
|
||||||
|
compute:
|
||||||
|
node_selector_key: openstack-compute-node
|
||||||
|
node_selector_value: enabled
|
||||||
|
compute_ironic:
|
||||||
|
node_selector_key: openstack-compute-node
|
||||||
|
node_selector_value: enabled
|
||||||
|
api_metadata:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
conductor:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
job:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
novncproxy:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
osapi:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
scheduler:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
spiceproxy:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
test:
|
||||||
|
node_selector_key: openstack-control-plane
|
||||||
|
node_selector_value: enabled
|
||||||
|
rootwrap: |
|
||||||
|
# Configuration for nova-rootwrap
|
||||||
|
# This file should be owned by (and only-writeable by) the root user
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# List of directories to load filter definitions from (separated by ',').
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
|
||||||
|
|
||||||
|
# List of directories to search executables in, in case filters do not
|
||||||
|
# explicitely specify a full path (separated by ',')
|
||||||
|
# If not specified, defaults to system PATH environment variable.
|
||||||
|
# These directories MUST all be only writeable by root !
|
||||||
|
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin,/opt/plugin/bin
|
||||||
|
|
||||||
|
# Enable logging to syslog
|
||||||
|
# Default value is False
|
||||||
|
use_syslog=False
|
||||||
|
|
||||||
|
# Which syslog facility to use.
|
||||||
|
# Valid values include auth, authpriv, syslog, local0, local1...
|
||||||
|
# Default value is 'syslog'
|
||||||
|
syslog_log_facility=syslog
|
||||||
|
|
||||||
|
# Which messages to log.
|
||||||
|
# INFO means log all usage
|
||||||
|
# ERROR means only log unsuccessful attempts
|
||||||
|
syslog_log_level=ERROR
|
||||||
|
network:
|
||||||
|
backend:
|
||||||
|
- tungstenfabric
|
||||||
|
dependencies:
|
||||||
|
dynamic:
|
||||||
|
targeted:
|
||||||
|
tungstenfabric:
|
||||||
|
compute:
|
||||||
|
daemonset: []
|
||||||
|
...
|
15
openstack/values_overrides/nova/tls-offloading.yaml
Normal file
15
openstack/values_overrides/nova/tls-offloading.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
endpoints:
|
||||||
|
identity:
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
nova:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
test:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
|
||||||
|
tls:
|
||||||
|
identity: true
|
||||||
|
...
|
213
openstack/values_overrides/nova/tls.yaml
Normal file
213
openstack/values_overrides/nova/tls.yaml
Normal file
@ -0,0 +1,213 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
network:
|
||||||
|
osapi:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
||||||
|
metadata:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
||||||
|
novncproxy:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
||||||
|
conf:
|
||||||
|
mpm_event: |
|
||||||
|
<IfModule mpm_event_module>
|
||||||
|
ServerLimit 1024
|
||||||
|
StartServers 32
|
||||||
|
MinSpareThreads 32
|
||||||
|
MaxSpareThreads 256
|
||||||
|
ThreadsPerChild 25
|
||||||
|
MaxRequestsPerChild 128
|
||||||
|
ThreadLimit 720
|
||||||
|
</IfModule>
|
||||||
|
wsgi_nova_api: |
|
||||||
|
{{- $portInt := tuple "compute" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
Listen {{ $portInt }}
|
||||||
|
<VirtualHost *:{{ $portInt }}>
|
||||||
|
ServerName {{ printf "%s.%s.svc.%s" "nova-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
||||||
|
WSGIDaemonProcess nova-api processes=1 threads=1 user=nova display-name=%{GROUP}
|
||||||
|
WSGIProcessGroup nova-api
|
||||||
|
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-api-wsgi
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
AllowEncodedSlashes On
|
||||||
|
<IfVersion >= 2.4>
|
||||||
|
ErrorLogFormat "%{cu}t %M"
|
||||||
|
</IfVersion>
|
||||||
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||||
|
ErrorLog /dev/stdout
|
||||||
|
CustomLog /dev/stdout combined env=!forwarded
|
||||||
|
CustomLog /dev/stdout proxy env=forwarded
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/nova/certs/tls.crt
|
||||||
|
SSLCertificateKeyFile /etc/nova/certs/tls.key
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
</VirtualHost>
|
||||||
|
wsgi_nova_metadata: |
|
||||||
|
{{- $portInt := tuple "compute_metadata" "internal" "metadata" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
Listen {{ $portInt }}
|
||||||
|
<VirtualHost *:{{ $portInt }}>
|
||||||
|
ServerName {{ printf "%s.%s.svc.%s" "nova-metadata" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
||||||
|
WSGIDaemonProcess nova-metadata processes=1 threads=1 user=nova display-name=%{GROUP}
|
||||||
|
WSGIProcessGroup nova-metadata
|
||||||
|
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-metadata-wsgi
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
AllowEncodedSlashes On
|
||||||
|
<IfVersion >= 2.4>
|
||||||
|
ErrorLogFormat "%{cu}t %M"
|
||||||
|
</IfVersion>
|
||||||
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||||
|
ErrorLog /dev/stdout
|
||||||
|
CustomLog /dev/stdout combined env=!forwarded
|
||||||
|
CustomLog /dev/stdout proxy env=forwarded
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/nova/certs/tls.crt
|
||||||
|
SSLCertificateKeyFile /etc/nova/certs/tls.key
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
</VirtualHost>
|
||||||
|
software:
|
||||||
|
apache2:
|
||||||
|
a2enmod:
|
||||||
|
- ssl
|
||||||
|
nova:
|
||||||
|
console:
|
||||||
|
ssl_minimum_version: tlsv1_2
|
||||||
|
glance:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
ironic:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
neutron:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
keystone_authtoken:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
cinder:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
placement:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
keystone:
|
||||||
|
cafile: /etc/nova/certs/ca.crt
|
||||||
|
oslo_messaging_rabbit:
|
||||||
|
ssl: true
|
||||||
|
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
|
||||||
|
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
|
||||||
|
ssl_key_file: /etc/rabbitmq/certs/tls.key
|
||||||
|
endpoints:
|
||||||
|
identity:
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
nova:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
neutron:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
placement:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
test:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 443
|
||||||
|
image:
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
compute:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: nova-tls-api
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: 'https'
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
compute_metadata:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: metadata-tls-metadata
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
metadata:
|
||||||
|
public: 443
|
||||||
|
compute_novnc_proxy:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: nova-novncproxy-tls-proxy
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
novnc_proxy:
|
||||||
|
public: 443
|
||||||
|
compute_spice_proxy:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: nova-tls-spiceproxy
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
placement:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: placement-tls-api
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
network:
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
oslo_messaging:
|
||||||
|
port:
|
||||||
|
https:
|
||||||
|
default: 15680
|
||||||
|
pod:
|
||||||
|
security_context:
|
||||||
|
nova:
|
||||||
|
container:
|
||||||
|
nova_api:
|
||||||
|
runAsUser: 0
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
nova_osapi:
|
||||||
|
runAsUser: 0
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
manifests:
|
||||||
|
certificates: true
|
||||||
|
...
|
24
openstack/values_overrides/nova/train-ubuntu_bionic.yaml
Normal file
24
openstack/values_overrides/nova/train-ubuntu_bionic.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
nova_api: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_cell_setup: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_cell_setup_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
nova_compute: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_compute_ssh: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_conductor: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_db_sync: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_novncproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_novncproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_scheduler: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_spiceproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
|
||||||
|
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
|
||||||
|
...
|
24
openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml
Normal file
24
openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
nova_api: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_cell_setup: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_cell_setup_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
nova_compute: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_compute_ssh: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_conductor: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_db_sync: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_novncproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_novncproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_scheduler: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_spiceproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
|
||||||
|
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
|
||||||
|
...
|
24
openstack/values_overrides/nova/victoria-ubuntu_focal.yaml
Normal file
24
openstack/values_overrides/nova/victoria-ubuntu_focal.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
nova_api: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_cell_setup: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_cell_setup_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
nova_compute: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_compute_ssh: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_conductor: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_db_sync: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_novncproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_novncproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_scheduler: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_spiceproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
|
||||||
|
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
|
||||||
|
...
|
24
openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml
Normal file
24
openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
nova_api: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_cell_setup: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_cell_setup_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
nova_compute: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_compute_ssh: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_conductor: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_db_sync: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_novncproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_novncproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_scheduler: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_spiceproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
|
||||||
|
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
|
||||||
|
...
|
7
openstack/values_overrides/nova/wallaby.yaml
Normal file
7
openstack/values_overrides/nova/wallaby.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
nova:
|
||||||
|
conf:
|
||||||
|
rally_tests:
|
||||||
|
tests:
|
||||||
|
NovaAgents.list_agents: []
|
||||||
|
...
|
15
openstack/values_overrides/openvswitch/apparmor.yaml
Normal file
15
openstack/values_overrides/openvswitch/apparmor.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# NOTE: Enable this with the correct policy
|
||||||
|
---
|
||||||
|
openvswitch:
|
||||||
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
openvswitch-vswitchd:
|
||||||
|
openvswitch-vswitchd: runtime/default
|
||||||
|
openvswitch-vswitchd-modules: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
openvswitch-db:
|
||||||
|
openvswitch-db: runtime/default
|
||||||
|
openvswitch-db-perms: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
...
|
25
openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml
Normal file
25
openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
openvswitch:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
|
||||||
|
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: true
|
||||||
|
ovs:
|
||||||
|
vswitchd:
|
||||||
|
requests:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "2"
|
||||||
|
limits:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "2"
|
||||||
|
hugepages-1Gi: "1Gi"
|
||||||
|
conf:
|
||||||
|
ovs_dpdk:
|
||||||
|
enabled: true
|
||||||
|
hugepages_mountpath: /dev/hugepages
|
||||||
|
vhostuser_socket_dir: vhostuser
|
||||||
|
socket_memory: 1024
|
||||||
|
...
|
@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
openvswitch:
|
||||||
|
images:
|
||||||
|
tags:
|
||||||
|
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
|
||||||
|
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
|
||||||
|
pod:
|
||||||
|
resources:
|
||||||
|
enabled: true
|
||||||
|
ovs:
|
||||||
|
vswitchd:
|
||||||
|
requests:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "2"
|
||||||
|
limits:
|
||||||
|
memory: "2Gi"
|
||||||
|
cpu: "2"
|
||||||
|
hugepages-1Gi: "1Gi"
|
||||||
|
conf:
|
||||||
|
ovs_dpdk:
|
||||||
|
enabled: true
|
||||||
|
hugepages_mountpath: /dev/hugepages
|
||||||
|
vhostuser_socket_dir: vhostuser
|
||||||
|
socket_memory: 1024
|
||||||
|
...
|
5
openstack/values_overrides/openvswitch/netpol.yaml
Normal file
5
openstack/values_overrides/openvswitch/netpol.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
openvswitch:
|
||||||
|
manifests:
|
||||||
|
network_policy: true
|
||||||
|
...
|
12
openstack/values_overrides/openvswitch/vswitchd-probes.yaml
Normal file
12
openstack/values_overrides/openvswitch/vswitchd-probes.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
openvswitch:
|
||||||
|
pod:
|
||||||
|
probes:
|
||||||
|
ovs_vswitch:
|
||||||
|
ovs_vswitch:
|
||||||
|
liveness:
|
||||||
|
exec:
|
||||||
|
- /bin/bash
|
||||||
|
- -c
|
||||||
|
- '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))'
|
||||||
|
...
|
15
openstack/values_overrides/placement/apparmor.yaml
Normal file
15
openstack/values_overrides/placement/apparmor.yaml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
pod:
|
||||||
|
mandatory_access_control:
|
||||||
|
type: apparmor
|
||||||
|
placement-api:
|
||||||
|
placement-api: runtime/default
|
||||||
|
init: runtime/default
|
||||||
|
placement-db-migrate:
|
||||||
|
init: runtime/default
|
||||||
|
placement-mysql-migration: runtime/default
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
job_db_migrate: true
|
||||||
|
...
|
21
openstack/values_overrides/placement/netpol.yaml
Normal file
21
openstack/values_overrides/placement/netpol.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
manifests:
|
||||||
|
network_policy: true
|
||||||
|
network_policy:
|
||||||
|
placement:
|
||||||
|
egress:
|
||||||
|
- {}
|
||||||
|
ingress:
|
||||||
|
- from:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
application: nova
|
||||||
|
ports:
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8778
|
||||||
|
- protocol: TCP
|
||||||
|
port: 80
|
||||||
|
- protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
...
|
80
openstack/values_overrides/placement/tls.yaml
Normal file
80
openstack/values_overrides/placement/tls.yaml
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
network:
|
||||||
|
api:
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
nginx.ingress.kubernetes.io/backend-protocol: "https"
|
||||||
|
conf:
|
||||||
|
software:
|
||||||
|
apache2:
|
||||||
|
a2enmod:
|
||||||
|
- ssl
|
||||||
|
placement:
|
||||||
|
keystone_authtoken:
|
||||||
|
cafile: /etc/placement/certs/ca.crt
|
||||||
|
wsgi_placement: |
|
||||||
|
Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
||||||
|
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||||
|
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
|
||||||
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||||
|
CustomLog /dev/stdout combined env=!forwarded
|
||||||
|
CustomLog /dev/stdout proxy env=forwarded
|
||||||
|
<VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
|
||||||
|
ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
|
||||||
|
WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
|
||||||
|
WSGIProcessGroup placement-api
|
||||||
|
WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
<IfVersion >= 2.4>
|
||||||
|
ErrorLogFormat "%{cu}t %M"
|
||||||
|
</IfVersion>
|
||||||
|
ErrorLog /dev/stdout
|
||||||
|
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
|
||||||
|
CustomLog /dev/stdout combined env=!forwarded
|
||||||
|
CustomLog /dev/stdout proxy env=forwarded
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/placement/certs/tls.crt
|
||||||
|
SSLCertificateKeyFile /etc/placement/certs/tls.key
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
</VirtualHost>
|
||||||
|
Alias /placement /var/www/cgi-bin/placement/placement-api
|
||||||
|
<Location /placement>
|
||||||
|
SetHandler wsgi-script
|
||||||
|
Options +ExecCGI
|
||||||
|
WSGIProcessGroup placement-api
|
||||||
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
|
WSGIPassAuthorization On
|
||||||
|
</Location>
|
||||||
|
endpoints:
|
||||||
|
identity:
|
||||||
|
auth:
|
||||||
|
admin:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
placement:
|
||||||
|
cacert: /etc/ssl/certs/openstack-helm.crt
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
default: 443
|
||||||
|
placement:
|
||||||
|
host_fqdn_override:
|
||||||
|
default:
|
||||||
|
tls:
|
||||||
|
secretName: placement-tls-api
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
scheme:
|
||||||
|
default: https
|
||||||
|
port:
|
||||||
|
api:
|
||||||
|
public: 443
|
||||||
|
manifests:
|
||||||
|
certificates: true
|
||||||
|
...
|
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
tags:
|
||||||
|
placement: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
|
||||||
|
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
|
||||||
|
placement_db_sync: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
|
||||||
|
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
|
||||||
|
image_repo_sync: "docker.io/docker:17.07.0"
|
||||||
|
manifests:
|
||||||
|
job_db_migrate: true
|
||||||
|
dependencies:
|
||||||
|
static:
|
||||||
|
db_sync:
|
||||||
|
jobs:
|
||||||
|
- placement-db-init
|
||||||
|
- placement-db-migrate
|
||||||
|
...
|
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
tags:
|
||||||
|
placement: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
|
||||||
|
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
|
||||||
|
placement_db_sync: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
|
||||||
|
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
|
||||||
|
image_repo_sync: "docker.io/docker:17.07.0"
|
||||||
|
manifests:
|
||||||
|
job_db_migrate: true
|
||||||
|
dependencies:
|
||||||
|
static:
|
||||||
|
db_sync:
|
||||||
|
jobs:
|
||||||
|
- placement-db-init
|
||||||
|
- placement-db-migrate
|
||||||
|
...
|
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
tags:
|
||||||
|
placement: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
|
||||||
|
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
|
||||||
|
placement_db_sync: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
|
||||||
|
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
|
||||||
|
image_repo_sync: "docker.io/docker:17.07.0"
|
||||||
|
manifests:
|
||||||
|
job_db_migrate: true
|
||||||
|
dependencies:
|
||||||
|
static:
|
||||||
|
db_sync:
|
||||||
|
jobs:
|
||||||
|
- placement-db-init
|
||||||
|
- placement-db-migrate
|
||||||
|
...
|
@ -0,0 +1,24 @@
|
|||||||
|
---
|
||||||
|
placement:
|
||||||
|
images:
|
||||||
|
pull_policy: IfNotPresent
|
||||||
|
tags:
|
||||||
|
placement: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
|
||||||
|
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
|
||||||
|
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
|
||||||
|
placement_db_sync: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
|
||||||
|
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
|
||||||
|
image_repo_sync: "docker.io/docker:17.07.0"
|
||||||
|
manifests:
|
||||||
|
job_db_migrate: true
|
||||||
|
dependencies:
|
||||||
|
static:
|
||||||
|
db_sync:
|
||||||
|
jobs:
|
||||||
|
- placement-db-init
|
||||||
|
- placement-db-migrate
|
||||||
|
...
|
@ -31,4 +31,5 @@ neutron:
|
|||||||
- 0.2.15 Remove unsupported values overrides
|
- 0.2.15 Remove unsupported values overrides
|
||||||
- 0.2.16 Remove usage of six
|
- 0.2.16 Remove usage of six
|
||||||
- 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version
|
- 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version
|
||||||
|
- 0.2.18 Updated naming for subchart compatibility
|
||||||
...
|
...
|
||||||
|
@ -60,4 +60,5 @@ nova:
|
|||||||
- 0.2.37 Remove nova-placement
|
- 0.2.37 Remove nova-placement
|
||||||
- 0.2.38 Update nova image defaults
|
- 0.2.38 Update nova image defaults
|
||||||
- 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
|
- 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
|
||||||
|
- 0.2.40 Updated naming for subchart compatibility
|
||||||
...
|
...
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
openstack:
|
openstack:
|
||||||
- 0.1.0 Initial Chart
|
- 0.1.0 Initial Chart
|
||||||
|
- 0.1.1 Deploy compute-kit charts (neutron, nova, libvirt, openvswitch, placement)
|
||||||
...
|
...
|
||||||
|
@ -13,28 +13,110 @@
|
|||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
set -xe
|
set -xe
|
||||||
namespace=openstack
|
|
||||||
chart=$namespace
|
export OSH_TEST_TIMEOUT=1200
|
||||||
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm/openstack"}"}"
|
export OS_CLOUD=openstack_helm
|
||||||
|
: "${RUN_HELM_TESTS:="no"}"
|
||||||
|
: "${CEPH_ENABLED:="false"}"
|
||||||
|
: "${OSH_EXTRA_HELM_ARGS:=""}"
|
||||||
|
release=openstack
|
||||||
|
namespace=$release
|
||||||
|
|
||||||
|
: ${GLANCE_BACKEND:="pvc"}
|
||||||
|
tee /tmp/glance.yaml <<EOF
|
||||||
|
glance:
|
||||||
|
storage: ${GLANCE_BACKEND}
|
||||||
|
volume:
|
||||||
|
class_name: standard
|
||||||
|
EOF
|
||||||
|
#NOTE: Deploy neutron
|
||||||
|
tee /tmp/neutron.yaml << EOF
|
||||||
|
neutron:
|
||||||
|
release_group: neutron
|
||||||
|
enabled: true
|
||||||
|
network:
|
||||||
|
interface:
|
||||||
|
tunnel: docker0
|
||||||
|
conf:
|
||||||
|
neutron:
|
||||||
|
DEFAULT:
|
||||||
|
l3_ha: False
|
||||||
|
max_l3_agents_per_router: 1
|
||||||
|
l3_ha_network_type: vxlan
|
||||||
|
dhcp_agents_per_network: 1
|
||||||
|
plugins:
|
||||||
|
ml2_conf:
|
||||||
|
ml2_type_flat:
|
||||||
|
flat_networks: public
|
||||||
|
openvswitch_agent:
|
||||||
|
agent:
|
||||||
|
tunnel_types: vxlan
|
||||||
|
ovs:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
linuxbridge_agent:
|
||||||
|
linux_bridge:
|
||||||
|
bridge_mappings: public:br-ex
|
||||||
|
EOF
|
||||||
|
## includes second argument 'subchart' to indicate a different path
|
||||||
|
export HELM_CHART_ROOT_PATH="../openstack-helm/openstack"
|
||||||
: ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb subchart)"}
|
||||||
: ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq subchart)"}
|
||||||
: ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached subchart)"}
|
||||||
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone subchart)"}
|
||||||
: ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat subchart)"}
|
||||||
: ${OSH_EXTRA_HELM_ARGS_GLANCE:="$(./tools/deployment/common/get-values-overrides.sh glance subchart)"}
|
: ${OSH_EXTRA_HELM_ARGS_GLANCE:="$(./tools/deployment/common/get-values-overrides.sh glance subchart)"}
|
||||||
|
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch subchart)"}
|
||||||
|
: ${OSH_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt subchart)"}
|
||||||
|
: ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova subchart)"}
|
||||||
|
: ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement subchart)"}
|
||||||
|
: ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron subchart)"}
|
||||||
|
|
||||||
#NOTE: Lint and package chart
|
#NOTE: Lint and package chart
|
||||||
make -C ${HELM_CHART_ROOT_PATH} .
|
make -C ${HELM_CHART_ROOT_PATH} .
|
||||||
|
|
||||||
echo "helm installing ..."
|
if [ "x$(systemd-detect-virt)" != "xnone" ]; then
|
||||||
helm upgrade --install $chart $chart/ \
|
echo 'OSH is being deployed in virtualized environment, using qemu for nova'
|
||||||
|
OSH_EXTRA_HELM_ARGS=( "--set nova.conf.nova.libvirt.virt_type=qemu" \
|
||||||
|
"--set nova.conf.nova.libvirt.cpu_mode=none" )
|
||||||
|
fi
|
||||||
|
echo "helm installing openstack..."
|
||||||
|
helm upgrade --install $release openstack/ \
|
||||||
${OSH_EXTRA_HELM_ARGS_MARIADB} \
|
${OSH_EXTRA_HELM_ARGS_MARIADB} \
|
||||||
${OSH_EXTRA_HELM_ARGS_RABBITMQ} \
|
${OSH_EXTRA_HELM_ARGS_RABBITMQ} \
|
||||||
${OSH_EXTRA_HELM_ARGS_MEMCACHED} \
|
${OSH_EXTRA_HELM_ARGS_MEMCACHED} \
|
||||||
${OSH_EXTRA_HELM_ARGS_KEYSTONE} \
|
${OSH_EXTRA_HELM_ARGS_KEYSTONE} \
|
||||||
${OSH_EXTRA_HELM_ARGS_HEAT} \
|
${OSH_EXTRA_HELM_ARGS_HEAT} \
|
||||||
${OSH_EXTRA_HELM_ARGS_GLANCE} \
|
${OSH_EXTRA_HELM_ARGS_GLANCE} \
|
||||||
${OSH_EXTRA_HELM_ARGS:=} \
|
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} \
|
||||||
|
${OSH_EXTRA_HELM_ARGS_LIBVIRT} \
|
||||||
|
${OSH_EXTRA_HELM_ARGS_NOVA} \
|
||||||
|
${OSH_EXTRA_HELM_ARGS_PLACEMENT} \
|
||||||
|
${OSH_EXTRA_HELM_ARGS_NEUTRON} \
|
||||||
|
${OSH_EXTRA_HELM_ARGS} \
|
||||||
|
--set nova.bootstrap.wait_for_computes.enabled=true \
|
||||||
|
--set libvirt.conf.ceph.enabled=${CEPH_ENABLED} \
|
||||||
|
--set nova.conf.ceph.enabled=${CEPH_ENABLED} \
|
||||||
|
--values=/tmp/neutron.yaml \
|
||||||
|
--values=/tmp/glance.yaml \
|
||||||
--namespace=$namespace
|
--namespace=$namespace
|
||||||
|
|
||||||
|
# If compute kit installed using Tungsten Fubric, it will be alive when Tunsten Fabric become active.
|
||||||
|
if [[ "$FEATURE_GATES" =~ (,|^)tf(,|$) ]]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
#NOTE: Wait for deploy
|
#NOTE: Wait for deploy
|
||||||
./tools/deployment/common/wait-for-pods.sh $namespace 1800
|
./tools/deployment/common/wait-for-pods.sh $namespace 1800
|
||||||
|
|
||||||
|
#NOTE: Validate Deployment info
|
||||||
|
openstack service list
|
||||||
|
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
|
||||||
|
openstack compute service list
|
||||||
|
openstack network agent list
|
||||||
|
openstack hypervisor list
|
||||||
|
|
||||||
|
if [ "${RUN_HELM_TESTS}" == "no" ]; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
./tools/deployment/common/run-helm-tests.sh $chart $release
|
||||||
|
@ -170,7 +170,7 @@
|
|||||||
name: openstack-helm-compute-kit-umbrella
|
name: openstack-helm-compute-kit-umbrella
|
||||||
parent: openstack-helm-chart-deploy
|
parent: openstack-helm-chart-deploy
|
||||||
vars:
|
vars:
|
||||||
run_helm_tests: "no"
|
run_helm_tests: "yes"
|
||||||
gate_scripts_relative_path: ../openstack-helm
|
gate_scripts_relative_path: ../openstack-helm
|
||||||
gate_scripts:
|
gate_scripts:
|
||||||
- ./tools/deployment/common/install-packages.sh
|
- ./tools/deployment/common/install-packages.sh
|
||||||
@ -178,12 +178,6 @@
|
|||||||
- - ./tools/deployment/common/setup-client.sh
|
- - ./tools/deployment/common/setup-client.sh
|
||||||
- ./tools/deployment/component/common/ingress.sh
|
- ./tools/deployment/component/common/ingress.sh
|
||||||
- ./tools/deployment/component/common/openstack.sh
|
- ./tools/deployment/component/common/openstack.sh
|
||||||
- ./tools/deployment/component/compute-kit/openvswitch.sh
|
|
||||||
- ./tools/deployment/component/compute-kit/libvirt.sh
|
|
||||||
- ./tools/deployment/component/compute-kit/compute-kit.sh
|
|
||||||
- - export OSH_TEST_TIMEOUT=1200;./tools/deployment/common/run-helm-tests.sh neutron
|
|
||||||
- ./tools/deployment/common/run-helm-tests.sh nova;
|
|
||||||
- ./tools/deployment/common/run-helm-tests.sh openstack;
|
|
||||||
- ./tools/deployment/developer/common/170-setup-gateway.sh
|
- ./tools/deployment/developer/common/170-setup-gateway.sh
|
||||||
- - ./tools/deployment/developer/common/900-use-it.sh
|
- - ./tools/deployment/developer/common/900-use-it.sh
|
||||||
- ./tools/deployment/common/force-cronjob-run.sh
|
- ./tools/deployment/common/force-cronjob-run.sh
|
||||||
|
Loading…
Reference in New Issue
Block a user