add compute-kit to openstack umbrella chart

ADD: include new charts to the umbrella chart for comprehensive
     deployment of openstack-helm.

       * openvswitch
       * libvirt
       * neutron
       * nova
       * placement

Change-Id: I78d1c7c629024c3f9530239dff9f8eb9da598764
This commit is contained in:
Graham Steffaniak 2022-04-08 09:10:44 -05:00 committed by Dustin Specker
parent 8d5ddc9035
commit 2e5b7f9cb7
61 changed files with 1636 additions and 35 deletions

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Neutron
name: neutron
version: 0.2.17
version: 0.2.18
home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:

View File

@ -12,6 +12,12 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- define "neutron.configmap.etc" }}
{{- $configMapName := index . 0 }}
{{- $envAll := index . 1 }}
@ -161,7 +167,7 @@ just set it along with nova_metadata_host.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}

View File

@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{- $serviceAccountName := print .deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: {{ print $envAll.Release.Name "-test" }}
name: {{ print .deployment_name "-test" }}
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
@ -66,7 +72,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
{{ if $envAll.Values.conf.rally_tests.force_project_purge }}
- name: {{ .Release.Name }}-reset
- name: {{ .deployment_name }}-reset
{{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}

View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
version: 0.2.39
version: 0.2.40
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:

View File

@ -11,6 +11,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- define "nova.configmap.etc" }}
{{- $configMapName := index . 0 }}
@ -242,7 +247,7 @@ limitations under the License.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}

View File

@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if (.Values.global).subchart_release_name }}
{{- $_ := set . "deployment_name" .Chart.Name }}
{{- else }}
{{- $_ := set . "deployment_name" .Release.Name }}
{{- end }}
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
name: {{ print $envAll.Release.Name "-test" }}
name: {{ print $envAll.deployment_name "-test" }}
labels:
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
@ -77,7 +83,7 @@ spec:
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.Release.Name}}
value: {{.deployment_name}}
command:
- /tmp/rally-test.sh
volumeMounts:

View File

@ -4,28 +4,55 @@ dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
version: ">0.1.0"
condition: helm-toolkit.enabled
- name: mariadb
repository: file://../../openstack-helm-infra/mariadb
version: ">0.1.0"
condition: mariadb.enabled
- name: rabbitmq
repository: file://../../openstack-helm-infra/rabbitmq
version: ">0.1.0"
condition: rabbitmq.enabled
- name: memcached
repository: file://../../openstack-helm-infra/memcached
version: ">0.1.0"
condition: memcached.enabled
- name: keystone
repository: file://../keystone
version: ">0.1.0"
condition: keystone.enabled
- name: heat
repository: file://../heat
version: ">0.1.0"
condition: heat.enabled
- name: glance
repository: file://../glance
version: ">0.1.0"
condition: glance.enabled
- name: openvswitch
repository: file://../../openstack-helm-infra/openvswitch
version: ">0.1.0"
condition: openvswitch.enabled
- name: libvirt
repository: file://../../openstack-helm-infra/libvirt
version: ">0.1.0"
condition: libvirt.enabled
- name: nova
repository: file://../nova
version: ">0.1.0"
condition: nova.enabled
- name: placement
repository: file://../placement
version: ">0.1.0"
condition: placement.enabled
- name: neutron
repository: file://../neutron
version: ">0.1.0"
condition: neutron.enabled
description: A chart for openstack helm commmon deployment items
name: openstack
type: application
version: 0.1.0
version: 0.1.1
maintainers:
- name: OpenStack-Helm Authors

1
openstack/charts/libvirt Symbolic link
View File

@ -0,0 +1 @@
../../../openstack-helm-infra/libvirt/

1
openstack/charts/neutron Symbolic link
View File

@ -0,0 +1 @@
../../neutron/

1
openstack/charts/nova Symbolic link
View File

@ -0,0 +1 @@
../../nova/

View File

@ -0,0 +1 @@
../../../openstack-helm-infra/openvswitch/

1
openstack/charts/placement Symbolic link
View File

@ -0,0 +1 @@
../../placement/

View File

@ -1,7 +1,12 @@
---
# default values for openstack umbrella chart
# Global overrides for subcharts
# note(v-dspecker): helm3_hook must be disabled
# There is a cyclic dependency otherwise. For example, libvirt-default ->
# nuetron-ovs-agent-default -> neutron-server -> neutron-ks-user.
# Since libvirt-default is deployed during install phase, neutron-ks-user must also
# be installed during install phase instead of post-install phase.
global:
subchart_release_name: true
@ -9,6 +14,7 @@ helm-toolkit:
enabled: true
rabbitmq:
release_group: rabbitmq
enabled: true
volume:
enabled: false
@ -17,6 +23,7 @@ rabbitmq:
server: 1
mariadb:
release_group: mariadb
enabled: true
pod:
replicas:
@ -27,16 +34,46 @@ mariadb:
enabled: true
memcached:
release_group: memcached
enabled: true
keystone:
release_group: keystone
enabled: true
heat:
release_group: heat
enabled: true
helm3_hook: false
glance:
release_group: glance
enabled: true
storage: pvc
volume:
class_name: standard
helm3_hook: false
openvswitch:
release_group: openvswitch
enabled: true
libvirt:
release_group: libvirt
enabled: true
nova:
release_group: nova
enabled: true
helm3_hook: false
placement:
release_group: placement
enabled: true
helm3_hook: false
neutron:
release_group: neutron
enabled: true
helm3_hook: false
conf:
auto_bridge_add:
# no idea why, but something with sub-charts and null values get ommitted entirely from sub chart
br-ex: "null"

View File

@ -0,0 +1,8 @@
---
libvirt:
pod:
mandatory_access_control:
type: apparmor
libvirt-libvirt-default:
libvirt: runtime/default
...

View File

@ -0,0 +1,17 @@
# Note: This yaml file serves as an example for overriding the manifest
# to enable additional externally managed Ceph Cinder backend. When additional
# externally managed Ceph Cinder backend is provisioned as shown in
# cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm,
# below override is needed to store the secret key of the cinder user in
# libvirt.
---
libvirt:
conf:
ceph:
cinder:
external_ceph:
enabled: true
user: cinder2
secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74
user_secret_name: cinder-volume-external-rbd-keyring
...

View File

@ -0,0 +1,5 @@
---
libvirt:
manifests:
network_policy: true
...

View File

@ -0,0 +1,8 @@
---
libvirt:
conf:
libvirt:
listen_tcp: "0"
listen_tls: "1"
listen_addr: 0.0.0.0
...

View File

@ -0,0 +1,6 @@
---
libvirt:
images:
tags:
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
...

View File

@ -0,0 +1,6 @@
---
libvirt:
images:
tags:
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
...

View File

@ -0,0 +1,42 @@
---
neutron:
pod:
mandatory_access_control:
type: apparmor
neutron-dhcp-agent-default:
neutron-dhcp-agent: runtime/default
neutron-dhcp-agent-init: runtime/default
init: runtime/default
neutron-l3-agent-default:
neutron-l3-agent: runtime/default
neutron-l3-agent-init: runtime/default
init: runtime/default
neutron-lb-agent-default:
neutron-lb-agent-default: runtime/default
neutron-metadata-agent-default:
neutron-metadata-agent: runtime/default
neutron-metadata-agent-init: runtime/default
init: runtime/default
neutron-ovs-agent-default:
neutron-ovs-agent: runtime/default
neutron-openvswitch-agent-kernel-modules: runtime/default
neutron-ovs-agent-init: runtime/default
init: runtime/default
neutron-sriov-agent-default:
neutron-sriov-agent: runtime/default
neutron-sriov-agent-init: runtime/default
init: runtime/default
neutron-netns-cleanup-cron-default:
neutron-netns-cleanup-cron: runtime/default
init: runtime/default
neutron-server:
neutron-server: runtime/default
init: runtime/default
nginx: runtime/default
neutron-test:
init: runtime/default
neutron-test: runtime/default
neutron-test-ks-user: runtime/default
manifests:
certificates: true
...

View File

@ -0,0 +1,33 @@
---
neutron:
network:
interface:
tunnel: br-phy-bond0
conf:
plugins:
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics: []
bonds:
# CHANGE-ME: modify below parameters according to your hardware
- name: dpdkbond0
bridge: br-phy-bond0
# The IP from the first nic in nics list shall be used
migrate_ip: true
ovs_options: "bond_mode=active-backup"
nics:
- name: dpdk_b0s0
pci_id: '0000:00:05.0'
- name: dpdk_b0s1
pci_id: '0000:00:06.0'
bridges:
- name: br-phy-bond0
...

View File

@ -0,0 +1,27 @@
---
neutron:
network:
interface:
tunnel: br-phy
conf:
plugins:
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics:
# CHANGE-ME: modify pci_id according to your hardware
- name: dpdk0
pci_id: '0000:05:00.0'
bridge: br-phy
migrate_ip: true
bridges:
- name: br-phy
bonds: []
...

View File

@ -0,0 +1,25 @@
---
neutron:
network:
interface:
tunnel: docker0
conf:
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
plugins:
ml2_conf:
ml2_type_flat:
flat_networks: public
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
linuxbridge_agent:
linux_bridge:
bridge_mappings: public:br-ex
...

View File

@ -0,0 +1,14 @@
---
neutron:
manifests:
network_policy: true
network_policy:
neutron:
egress:
- to:
- ipBlock:
cidr: %%%REPLACE_API_ADDR%%%/32
ports:
- protocol: TCP
port: %%%REPLACE_API_PORT%%%
...

View File

@ -0,0 +1,97 @@
---
neutron:
network:
interface:
sriov:
- device: enp3s0f0
num_vfs: 32
promisc: false
- device: enp66s0f1
num_vfs: 32
promisc: false
tunnel: br-phy-bond0
backend:
- openvswitch
- sriov
conf:
auto_bridge_add:
br-ex: null
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
service_plugins: router
plugins:
ml2_conf:
ml2:
mechanism_drivers: l2population,openvswitch,sriovnicswitch
type_drivers: vlan,flat,vxlan
tenant_network_types: vxlan
ml2_type_flat:
flat_networks: public
ml2_type_vlan:
network_vlan_ranges: ovsnet:2:4094,sriovnet1:100:4000,sriovnet2:100:4000
openvswitch_agent:
default:
ovs_vsctl_timeout: 30
agent:
tunnel_types: vxlan
securitygroup:
enable_security_group: False
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
ovs:
bridge_mappings: public:br-ex,ovsnet:br-phy-bond0
datapath_type: netdev
vhostuser_socket_dir: /var/run/openvswitch/vhostuser
of_connect_timeout: 60
of_request_timeout: 30
sriov_agent:
securitygroup:
firewall_driver: neutron.agent.firewall.NoopFirewallDriver
sriov_nic:
physical_device_mappings: sriovnet1:enp3s0f0,sriovnet2:enp66s0f1
exclude_devices: enp3s0f0:0000:00:05.1,enp66s0f1:0000:00:06.1
ovs_dpdk:
enabled: true
driver: uio_pci_generic
nics: []
bonds:
# CHANGE-ME: modify below parameters according to your hardware
- name: dpdkbond0
bridge: br-phy-bond0
mtu: 9000
# The IP from the first nic in nics list shall be used
migrate_ip: true
n_rxq: 2
n_rxq_size: 1024
n_txq_size: 1024
ovs_options: "bond_mode=active-backup"
nics:
- name: dpdk_b0s0
pci_id: '0000:00:05.0'
vf_index: 0
- name: dpdk_b0s1
pci_id: '0000:00:06.0'
vf_index: 0
bridges:
- name: br-phy-bond0
modules:
- name: dpdk
log_level: info
# In case of shared profile (sriov + ovs-dpdk), sriov agent should finish
# first so as to let it configure the SRIOV VFs before ovs-agent tries to
# bind it with DPDK driver.
dependencies:
dynamic:
targeted:
openvswitch:
ovs_agent:
pod:
- requireSameNode: true
labels:
application: neutron
component: neutron-sriov-agent
...

View File

@ -0,0 +1,71 @@
---
neutron:
images:
tags:
tf_neutron_init: opencontrailnightly/contrail-openstack-neutron-init:master-latest
labels:
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
server:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
network:
backend:
- tungstenfabric
dependencies:
dynamic:
targeted:
tungstenfabric:
server:
daemonset: []
conf:
openstack_version: queens
neutron:
DEFAULT:
core_plugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
service_plugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
l3_ha: False
api_extensions_path: /opt/plugin/site-packages/neutron_plugin_contrail/extensions:/opt/plugin/site-packages/neutron_lbaas/extensions
interface_driver: null
quotas:
quota_driver: neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
plugins:
tungstenfabric:
APISERVER:
api_server_ip: config-api-server.tungsten-fabric.svc.cluster.local
api_server_port: 8082
contrail_extensions: "ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None"
multi_tenancy: True
KEYSTONE:
insecure: True
tf_vnc_api_lib:
global:
WEB_SERVER: config-api-server.tungsten-fabric.svc.cluster.local
WEB_PORT: 8082
auth:
AUTHN_TYPE: keystone
AUTHN_PROTOCOL: http
AUTHN_URL: /v3/auth/tokens
manifests:
daemonset_dhcp_agent: false
daemonset_l3_agent: false
daemonset_lb_agent: false
daemonset_metadata_agent: false
daemonset_ovs_agent: false
daemonset_sriov_agent: false
pod_rally_test: false
pod:
mounts:
neutron_db_sync:
neutron_db_sync:
volumeMounts:
- name: db-sync-conf
mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
subPath: tf_plugin.ini
readOnly: true
volumes:
...

View File

@ -0,0 +1,142 @@
---
neutron:
images:
tags:
nginx: docker.io/nginx:1.18.0
network:
server:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
pod:
security_context:
neutron_server:
pod:
runAsUser: 0
container:
neutron_server:
readOnlyRootFilesystem: false
resources:
nginx:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
conf:
nginx: |
worker_processes 1;
daemon off;
user nginx;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65s;
tcp_nodelay on;
log_format main '[nginx] method=$request_method path=$request_uri '
'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
'"$remote_user" "$http_referer" "$http_user_agent"';
access_log /dev/stdout main;
upstream websocket {
server 127.0.0.1:$PORT;
}
server {
server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
listen $POD_IP:$PORT ssl;
client_max_body_size 0;
ssl_certificate /etc/nginx/certs/tls.crt;
ssl_certificate_key /etc/nginx/certs/tls.key;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
location / {
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_pass http://websocket;
proxy_read_timeout 90;
}
}
}
neutron:
DEFAULT:
bind_host: 127.0.0.1
nova:
cafile: /etc/neutron/certs/ca.crt
keystone_authtoken:
cafile: /etc/neutron/certs/ca.crt
oslo_messaging_rabbit:
ssl: true
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
ssl_key_file: /etc/rabbitmq/certs/tls.key
metadata_agent:
DEFAULT:
auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
nova_metadata_port: 443
nova_metadata_protocol: https
endpoints:
compute:
scheme:
default: https
port:
api:
public: 443
compute_metadata:
scheme:
default: https
port:
metadata:
public: 443
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
neutron:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
network:
host_fqdn_override:
default:
tls:
secretName: neutron-tls-server
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
ingress:
port:
ingress:
default: 443
oslo_messaging:
port:
https:
default: 15680
manifests:
certificates: true
...

View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
neutron_db_sync: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_dhcp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_l3: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_l2gw: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_metadata: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_rpc_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
...

View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
neutron_db_sync: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_dhcp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_l3: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_l2gw: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_metadata: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_rpc_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
...

View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
neutron_db_sync: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_dhcp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_l3: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_l2gw: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
...

View File

@ -0,0 +1,21 @@
---
neutron:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
neutron_db_sync: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_dhcp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_l3: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_l2gw: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_metadata: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_rpc_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
...

View File

@ -0,0 +1,37 @@
---
nova:
pod:
mandatory_access_control:
type: apparmor
nova-compute-default:
nova-compute: runtime/default
init: runtime/default
nova-compute-init: runtime/default
nova-compute-vnc-init: runtime/default
nova-api-metadata:
nova-api-metadata-init: runtime/default
nova-api: runtime/default
init: runtime/default
nova-api-osapi:
nova-osapi: runtime/default
init: runtime/default
nova-conductor:
nova-conductor: runtime/default
init: runtime/default
nova-novncproxy:
nova-novncproxy: runtime/default
nova-novncproxy-init-assets: runtime/default
nova-novncproxy-init: runtime/default
init: runtime/default
nova-scheduler:
nova-scheduler: runtime/default
init: runtime/default
nova-cell-setup:
nova-cell-setup: runtime/default
nova-cell-setup-init: runtime/default
init: runtime/default
nova-test:
init: runtime/default
nova-test: runtime/default
nova-test-ks-user: runtime/default
...

View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
nova:
conf:
nova:
DEFAULT:
reserved_huge_pages:
type: multistring
values:
- node:0,size:1GB,count:4
- node:1,size:1GB,count:4
reserved_host_memory_mb: 512
...

View File

@ -0,0 +1,18 @@
---
nova:
manifests:
network_policy: true
network_policy:
nova:
egress:
- to:
- podSelector:
matchLabels:
application: nova
- to:
- ipBlock:
cidr: %%%REPLACE_API_ADDR%%%/32
ports:
- protocol: TCP
port: %%%REPLACE_API_PORT%%%
...

View File

@ -0,0 +1,27 @@
---
nova:
conf:
software:
apache2:
binary: apache2ctl
start_parameters: -DFOREGROUND -k start
site_dir: /etc/apache2/vhosts.d
conf_dir: /etc/apache2/conf.d
a2enmod:
- version
security: |
<Directory "/var/www">
Options Indexes FollowSymLinks
AllowOverride All
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
nova:
DEFAULT:
mkisofs_cmd: mkisofs
...

View File

@ -0,0 +1,36 @@
---
nova:
network:
ssh:
enabled: true
public_key: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
private_key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
-----END RSA PRIVATE KEY-----
...

View File

@ -0,0 +1,79 @@
---
nova:
images:
tags:
tf_compute_init: opencontrailnightly/contrail-openstack-compute-init:master-latest
conf:
nova:
libvirt:
virt_type: qemu
cpu_mode: host-model
agent:
compute:
node_selector_key: openstack-compute-node
node_selector_value: enabled
compute_ironic:
node_selector_key: openstack-compute-node
node_selector_value: enabled
api_metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
novncproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
spiceproxy:
node_selector_key: openstack-control-plane
node_selector_value: enabled
test:
node_selector_key: openstack-control-plane
node_selector_value: enabled
rootwrap: |
# Configuration for nova-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin,/opt/plugin/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, local0, local1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
network:
backend:
- tungstenfabric
dependencies:
dynamic:
targeted:
tungstenfabric:
compute:
daemonset: []
...

View File

@ -0,0 +1,15 @@
---
nova:
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
tls:
identity: true
...

View File

@ -0,0 +1,213 @@
---
nova:
network:
osapi:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
metadata:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
novncproxy:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
conf:
mpm_event: |
<IfModule mpm_event_module>
ServerLimit 1024
StartServers 32
MinSpareThreads 32
MaxSpareThreads 256
ThreadsPerChild 25
MaxRequestsPerChild 128
ThreadLimit 720
</IfModule>
wsgi_nova_api: |
{{- $portInt := tuple "compute" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "nova-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess nova-api processes=1 threads=1 user=nova display-name=%{GROUP}
WSGIProcessGroup nova-api
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-api-wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
AllowEncodedSlashes On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/nova/certs/tls.crt
SSLCertificateKeyFile /etc/nova/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
wsgi_nova_metadata: |
{{- $portInt := tuple "compute_metadata" "internal" "metadata" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Listen {{ $portInt }}
<VirtualHost *:{{ $portInt }}>
ServerName {{ printf "%s.%s.svc.%s" "nova-metadata" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess nova-metadata processes=1 threads=1 user=nova display-name=%{GROUP}
WSGIProcessGroup nova-metadata
WSGIScriptAlias / /var/www/cgi-bin/nova/nova-metadata-wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
AllowEncodedSlashes On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
ErrorLog /dev/stdout
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/nova/certs/tls.crt
SSLCertificateKeyFile /etc/nova/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
software:
apache2:
a2enmod:
- ssl
nova:
console:
ssl_minimum_version: tlsv1_2
glance:
cafile: /etc/nova/certs/ca.crt
ironic:
cafile: /etc/nova/certs/ca.crt
neutron:
cafile: /etc/nova/certs/ca.crt
keystone_authtoken:
cafile: /etc/nova/certs/ca.crt
cinder:
cafile: /etc/nova/certs/ca.crt
placement:
cafile: /etc/nova/certs/ca.crt
keystone:
cafile: /etc/nova/certs/ca.crt
oslo_messaging_rabbit:
ssl: true
ssl_ca_file: /etc/rabbitmq/certs/ca.crt
ssl_cert_file: /etc/rabbitmq/certs/tls.crt
ssl_key_file: /etc/rabbitmq/certs/tls.key
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
nova:
cacert: /etc/ssl/certs/openstack-helm.crt
neutron:
cacert: /etc/ssl/certs/openstack-helm.crt
placement:
cacert: /etc/ssl/certs/openstack-helm.crt
test:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
image:
scheme:
default: https
port:
api:
public: 443
compute:
host_fqdn_override:
default:
tls:
secretName: nova-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: 'https'
port:
api:
public: 443
compute_metadata:
host_fqdn_override:
default:
tls:
secretName: metadata-tls-metadata
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
metadata:
public: 443
compute_novnc_proxy:
host_fqdn_override:
default:
tls:
secretName: nova-novncproxy-tls-proxy
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
novnc_proxy:
public: 443
compute_spice_proxy:
host_fqdn_override:
default:
tls:
secretName: nova-tls-spiceproxy
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
placement:
host_fqdn_override:
default:
tls:
secretName: placement-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
network:
scheme:
default: https
port:
api:
public: 443
oslo_messaging:
port:
https:
default: 15680
pod:
security_context:
nova:
container:
nova_api:
runAsUser: 0
readOnlyRootFilesystem: false
nova_osapi:
runAsUser: 0
readOnlyRootFilesystem: false
manifests:
certificates: true
...

View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
nova_api: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_cell_setup: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_cell_setup_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
nova_compute: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_compute_ssh: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_conductor: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_db_sync: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_novncproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_scheduler: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_spiceproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
nova_api: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_cell_setup: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_cell_setup_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
nova_compute: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_compute_ssh: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_conductor: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_db_sync: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_novncproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_scheduler: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_spiceproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
nova_api: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_cell_setup: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_cell_setup_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
nova_compute: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_compute_ssh: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_conductor: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_db_sync: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_novncproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_scheduler: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_spiceproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

View File

@ -0,0 +1,24 @@
---
nova:
images:
tags:
bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
nova_api: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_cell_setup: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_cell_setup_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
nova_compute: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_compute_ssh: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_conductor: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_db_sync: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_novncproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_novncproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_scheduler: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_spiceproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_spiceproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
...

View File

@ -0,0 +1,7 @@
---
nova:
conf:
rally_tests:
tests:
NovaAgents.list_agents: []
...

View File

@ -0,0 +1,15 @@
# NOTE: Enable this with the correct policy
---
openvswitch:
pod:
mandatory_access_control:
type: apparmor
openvswitch-vswitchd:
openvswitch-vswitchd: runtime/default
openvswitch-vswitchd-modules: runtime/default
init: runtime/default
openvswitch-db:
openvswitch-db: runtime/default
openvswitch-db-perms: runtime/default
init: runtime/default
...

View File

@ -0,0 +1,25 @@
---
openvswitch:
images:
tags:
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
pod:
resources:
enabled: true
ovs:
vswitchd:
requests:
memory: "2Gi"
cpu: "2"
limits:
memory: "2Gi"
cpu: "2"
hugepages-1Gi: "1Gi"
conf:
ovs_dpdk:
enabled: true
hugepages_mountpath: /dev/hugepages
vhostuser_socket_dir: vhostuser
socket_memory: 1024
...

View File

@ -0,0 +1,25 @@
---
openvswitch:
images:
tags:
openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
pod:
resources:
enabled: true
ovs:
vswitchd:
requests:
memory: "2Gi"
cpu: "2"
limits:
memory: "2Gi"
cpu: "2"
hugepages-1Gi: "1Gi"
conf:
ovs_dpdk:
enabled: true
hugepages_mountpath: /dev/hugepages
vhostuser_socket_dir: vhostuser
socket_memory: 1024
...

View File

@ -0,0 +1,5 @@
---
openvswitch:
manifests:
network_policy: true
...

View File

@ -0,0 +1,12 @@
---
openvswitch:
pod:
probes:
ovs_vswitch:
ovs_vswitch:
liveness:
exec:
- /bin/bash
- -c
- '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))'
...

View File

@ -0,0 +1,15 @@
---
placement:
pod:
mandatory_access_control:
type: apparmor
placement-api:
placement-api: runtime/default
init: runtime/default
placement-db-migrate:
init: runtime/default
placement-mysql-migration: runtime/default
manifests:
job_db_migrate: true
...

View File

@ -0,0 +1,21 @@
---
placement:
manifests:
network_policy: true
network_policy:
placement:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
application: nova
ports:
- protocol: TCP
port: 8778
- protocol: TCP
port: 80
- protocol: TCP
port: 8080
...

View File

@ -0,0 +1,80 @@
---
placement:
network:
api:
ingress:
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "https"
conf:
software:
apache2:
a2enmod:
- ssl
placement:
keystone_authtoken:
cafile: /etc/placement/certs/ca.crt
wsgi_placement: |
Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
<VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
WSGIProcessGroup placement-api
WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /dev/stdout
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
SSLEngine on
SSLCertificateFile /etc/placement/certs/tls.crt
SSLCertificateKeyFile /etc/placement/certs/tls.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
</VirtualHost>
Alias /placement /var/www/cgi-bin/placement/placement-api
<Location /placement>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
endpoints:
identity:
auth:
admin:
cacert: /etc/ssl/certs/openstack-helm.crt
placement:
cacert: /etc/ssl/certs/openstack-helm.crt
scheme:
default: https
port:
api:
default: 443
placement:
host_fqdn_override:
default:
tls:
secretName: placement-tls-api
issuerRef:
name: ca-issuer
kind: ClusterIssuer
scheme:
default: https
port:
api:
public: 443
manifests:
certificates: true
...

View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

View File

@ -0,0 +1,24 @@
---
placement:
images:
pull_policy: IfNotPresent
tags:
placement: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
placement_db_sync: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
image_repo_sync: "docker.io/docker:17.07.0"
manifests:
job_db_migrate: true
dependencies:
static:
db_sync:
jobs:
- placement-db-init
- placement-db-migrate
...

View File

@ -31,4 +31,5 @@ neutron:
- 0.2.15 Remove unsupported values overrides
- 0.2.16 Remove usage of six
- 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version
- 0.2.18 Updated naming for subchart compatibility
...

View File

@ -60,4 +60,5 @@ nova:
- 0.2.37 Remove nova-placement
- 0.2.38 Update nova image defaults
- 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
- 0.2.40 Updated naming for subchart compatibility
...

View File

@ -1,4 +1,5 @@
---
openstack:
- 0.1.0 Initial Chart
- 0.1.1 Deploy compute-kit charts (neutron, nova, libvirt, openvswitch, placement)
...

View File

@ -13,28 +13,110 @@
# under the License.
set -xe
namespace=openstack
chart=$namespace
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm/openstack"}"}"
export OSH_TEST_TIMEOUT=1200
export OS_CLOUD=openstack_helm
: "${RUN_HELM_TESTS:="no"}"
: "${CEPH_ENABLED:="false"}"
: "${OSH_EXTRA_HELM_ARGS:=""}"
release=openstack
namespace=$release
: ${GLANCE_BACKEND:="pvc"}
tee /tmp/glance.yaml <<EOF
glance:
storage: ${GLANCE_BACKEND}
volume:
class_name: standard
EOF
#NOTE: Deploy neutron
tee /tmp/neutron.yaml << EOF
neutron:
release_group: neutron
enabled: true
network:
interface:
tunnel: docker0
conf:
neutron:
DEFAULT:
l3_ha: False
max_l3_agents_per_router: 1
l3_ha_network_type: vxlan
dhcp_agents_per_network: 1
plugins:
ml2_conf:
ml2_type_flat:
flat_networks: public
openvswitch_agent:
agent:
tunnel_types: vxlan
ovs:
bridge_mappings: public:br-ex
linuxbridge_agent:
linux_bridge:
bridge_mappings: public:br-ex
EOF
## includes second argument 'subchart' to indicate a different path
export HELM_CHART_ROOT_PATH="../openstack-helm/openstack"
: ${OSH_EXTRA_HELM_ARGS_MARIADB:="$(./tools/deployment/common/get-values-overrides.sh mariadb subchart)"}
: ${OSH_EXTRA_HELM_ARGS_RABBITMQ:="$(./tools/deployment/common/get-values-overrides.sh rabbitmq subchart)"}
: ${OSH_EXTRA_HELM_ARGS_MEMCACHED:="$(./tools/deployment/common/get-values-overrides.sh memcached subchart)"}
: ${OSH_EXTRA_HELM_ARGS_KEYSTONE:="$(./tools/deployment/common/get-values-overrides.sh keystone subchart)"}
: ${OSH_EXTRA_HELM_ARGS_HEAT:="$(./tools/deployment/common/get-values-overrides.sh heat subchart)"}
: ${OSH_EXTRA_HELM_ARGS_GLANCE:="$(./tools/deployment/common/get-values-overrides.sh glance subchart)"}
: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch subchart)"}
: ${OSH_EXTRA_HELM_ARGS_LIBVIRT:="$(./tools/deployment/common/get-values-overrides.sh libvirt subchart)"}
: ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova subchart)"}
: ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement subchart)"}
: ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron subchart)"}
#NOTE: Lint and package chart
make -C ${HELM_CHART_ROOT_PATH} .
echo "helm installing ..."
helm upgrade --install $chart $chart/ \
if [ "x$(systemd-detect-virt)" != "xnone" ]; then
echo 'OSH is being deployed in virtualized environment, using qemu for nova'
OSH_EXTRA_HELM_ARGS=( "--set nova.conf.nova.libvirt.virt_type=qemu" \
"--set nova.conf.nova.libvirt.cpu_mode=none" )
fi
echo "helm installing openstack..."
helm upgrade --install $release openstack/ \
${OSH_EXTRA_HELM_ARGS_MARIADB} \
${OSH_EXTRA_HELM_ARGS_RABBITMQ} \
${OSH_EXTRA_HELM_ARGS_MEMCACHED} \
${OSH_EXTRA_HELM_ARGS_KEYSTONE} \
${OSH_EXTRA_HELM_ARGS_HEAT} \
${OSH_EXTRA_HELM_ARGS_GLANCE} \
${OSH_EXTRA_HELM_ARGS:=} \
${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} \
${OSH_EXTRA_HELM_ARGS_LIBVIRT} \
${OSH_EXTRA_HELM_ARGS_NOVA} \
${OSH_EXTRA_HELM_ARGS_PLACEMENT} \
${OSH_EXTRA_HELM_ARGS_NEUTRON} \
${OSH_EXTRA_HELM_ARGS} \
--set nova.bootstrap.wait_for_computes.enabled=true \
--set libvirt.conf.ceph.enabled=${CEPH_ENABLED} \
--set nova.conf.ceph.enabled=${CEPH_ENABLED} \
--values=/tmp/neutron.yaml \
--values=/tmp/glance.yaml \
--namespace=$namespace
# If compute kit installed using Tungsten Fubric, it will be alive when Tunsten Fabric become active.
if [[ "$FEATURE_GATES" =~ (,|^)tf(,|$) ]]; then
exit 0
fi
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh $namespace 1800
#NOTE: Validate Deployment info
openstack service list
sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
openstack compute service list
openstack network agent list
openstack hypervisor list
if [ "${RUN_HELM_TESTS}" == "no" ]; then
exit 0
fi
./tools/deployment/common/run-helm-tests.sh $chart $release

View File

@ -170,7 +170,7 @@
name: openstack-helm-compute-kit-umbrella
parent: openstack-helm-chart-deploy
vars:
run_helm_tests: "no"
run_helm_tests: "yes"
gate_scripts_relative_path: ../openstack-helm
gate_scripts:
- ./tools/deployment/common/install-packages.sh
@ -178,12 +178,6 @@
- - ./tools/deployment/common/setup-client.sh
- ./tools/deployment/component/common/ingress.sh
- ./tools/deployment/component/common/openstack.sh
- ./tools/deployment/component/compute-kit/openvswitch.sh
- ./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- - export OSH_TEST_TIMEOUT=1200;./tools/deployment/common/run-helm-tests.sh neutron
- ./tools/deployment/common/run-helm-tests.sh nova;
- ./tools/deployment/common/run-helm-tests.sh openstack;
- ./tools/deployment/developer/common/170-setup-gateway.sh
- - ./tools/deployment/developer/common/900-use-it.sh
- ./tools/deployment/common/force-cronjob-run.sh