diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml
index 2c5f16e63f..faf64739b1 100644
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Neutron
name: neutron
-version: 0.2.17
+version: 0.2.18
home: https://docs.openstack.org/neutron/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:
diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml
index e5cb874a80..17765c2dcc 100644
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@@ -12,6 +12,12 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
+
{{- define "neutron.configmap.etc" }}
{{- $configMapName := index . 0 }}
{{- $envAll := index . 1 }}
@@ -161,7 +167,7 @@ just set it along with nova_metadata_host.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml
index cd6899c2fd..5ef57fa34b 100644
--- a/neutron/templates/pod-rally-test.yaml
+++ b/neutron/templates/pod-rally-test.yaml
@@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
+
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.neutron_tests.neutron_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.neutron_tests.init_container }}
-{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
+{{- $serviceAccountName := print .deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
- name: {{ print $envAll.Release.Name "-test" }}
+ name: {{ print .deployment_name "-test" }}
annotations:
"helm.sh/hook": test-success
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
@@ -66,7 +72,7 @@ spec:
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.test.role | quote }}
{{ if $envAll.Values.conf.rally_tests.force_project_purge }}
- - name: {{ .Release.Name }}-reset
+ - name: {{ .deployment_name }}-reset
{{ tuple $envAll "purge_test" | include "helm-toolkit.snippets.image" | indent 6 }}
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
diff --git a/nova/Chart.yaml b/nova/Chart.yaml
index c5b9b58d1f..f171e83c56 100644
--- a/nova/Chart.yaml
+++ b/nova/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Nova
name: nova
-version: 0.2.39
+version: 0.2.40
home: https://docs.openstack.org/nova/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png
sources:
diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml
index 3a2f660740..d090d0e69e 100644
--- a/nova/templates/configmap-etc.yaml
+++ b/nova/templates/configmap-etc.yaml
@@ -11,6 +11,11 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
{{- define "nova.configmap.etc" }}
{{- $configMapName := index . 0 }}
@@ -242,7 +247,7 @@ limitations under the License.
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml
index 019596f1a0..d53f2047dd 100644
--- a/nova/templates/pod-rally-test.yaml
+++ b/nova/templates/pod-rally-test.yaml
@@ -12,19 +12,25 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
+
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
-{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
+{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
- name: {{ print $envAll.Release.Name "-test" }}
+ name: {{ print $envAll.deployment_name "-test" }}
labels:
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
@@ -77,7 +83,7 @@ spec:
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
- value: {{.Release.Name}}
+ value: {{.deployment_name}}
command:
- /tmp/rally-test.sh
volumeMounts:
diff --git a/openstack/Chart.yaml b/openstack/Chart.yaml
index ba270f9f9d..138310684e 100644
--- a/openstack/Chart.yaml
+++ b/openstack/Chart.yaml
@@ -4,28 +4,55 @@ dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
version: ">0.1.0"
+ condition: helm-toolkit.enabled
- name: mariadb
repository: file://../../openstack-helm-infra/mariadb
version: ">0.1.0"
+ condition: mariadb.enabled
- name: rabbitmq
repository: file://../../openstack-helm-infra/rabbitmq
version: ">0.1.0"
+ condition: rabbitmq.enabled
- name: memcached
repository: file://../../openstack-helm-infra/memcached
version: ">0.1.0"
+ condition: memcached.enabled
- name: keystone
repository: file://../keystone
version: ">0.1.0"
+ condition: keystone.enabled
- name: heat
repository: file://../heat
version: ">0.1.0"
+ condition: heat.enabled
- name: glance
repository: file://../glance
version: ">0.1.0"
+ condition: glance.enabled
+- name: openvswitch
+ repository: file://../../openstack-helm-infra/openvswitch
+ version: ">0.1.0"
+ condition: openvswitch.enabled
+- name: libvirt
+ repository: file://../../openstack-helm-infra/libvirt
+ version: ">0.1.0"
+ condition: libvirt.enabled
+- name: nova
+ repository: file://../nova
+ version: ">0.1.0"
+ condition: nova.enabled
+- name: placement
+ repository: file://../placement
+ version: ">0.1.0"
+ condition: placement.enabled
+- name: neutron
+ repository: file://../neutron
+ version: ">0.1.0"
+ condition: neutron.enabled
description: A chart for openstack helm commmon deployment items
name: openstack
type: application
-version: 0.1.0
+version: 0.1.1
maintainers:
- name: OpenStack-Helm Authors
diff --git a/openstack/charts/libvirt b/openstack/charts/libvirt
new file mode 120000
index 0000000000..2d8a158277
--- /dev/null
+++ b/openstack/charts/libvirt
@@ -0,0 +1 @@
+../../../openstack-helm-infra/libvirt/
\ No newline at end of file
diff --git a/openstack/charts/neutron b/openstack/charts/neutron
new file mode 120000
index 0000000000..a25b8df4c0
--- /dev/null
+++ b/openstack/charts/neutron
@@ -0,0 +1 @@
+../../neutron/
\ No newline at end of file
diff --git a/openstack/charts/nova b/openstack/charts/nova
new file mode 120000
index 0000000000..df1edcdc07
--- /dev/null
+++ b/openstack/charts/nova
@@ -0,0 +1 @@
+../../nova/
\ No newline at end of file
diff --git a/openstack/charts/openvswitch b/openstack/charts/openvswitch
new file mode 120000
index 0000000000..ba5cd373c1
--- /dev/null
+++ b/openstack/charts/openvswitch
@@ -0,0 +1 @@
+../../../openstack-helm-infra/openvswitch/
\ No newline at end of file
diff --git a/openstack/charts/placement b/openstack/charts/placement
new file mode 120000
index 0000000000..9bbdf9c2ed
--- /dev/null
+++ b/openstack/charts/placement
@@ -0,0 +1 @@
+../../placement/
\ No newline at end of file
diff --git a/openstack/values.yaml b/openstack/values.yaml
index ce61966b37..a9fddf99a0 100644
--- a/openstack/values.yaml
+++ b/openstack/values.yaml
@@ -1,7 +1,12 @@
----
# default values for openstack umbrella chart
# Global overrides for subcharts
+# note(v-dspecker): helm3_hook must be disabled
+# There is a cyclic dependency otherwise. For example, libvirt-default ->
+# nuetron-ovs-agent-default -> neutron-server -> neutron-ks-user.
+# Since libvirt-default is deployed during install phase, neutron-ks-user must also
+# be installed during install phase instead of post-install phase.
+
global:
subchart_release_name: true
@@ -9,6 +14,7 @@ helm-toolkit:
enabled: true
rabbitmq:
+ release_group: rabbitmq
enabled: true
volume:
enabled: false
@@ -17,6 +23,7 @@ rabbitmq:
server: 1
mariadb:
+ release_group: mariadb
enabled: true
pod:
replicas:
@@ -27,16 +34,46 @@ mariadb:
enabled: true
memcached:
+ release_group: memcached
enabled: true
keystone:
+ release_group: keystone
enabled: true
heat:
+ release_group: heat
enabled: true
+ helm3_hook: false
glance:
+ release_group: glance
enabled: true
- storage: pvc
- volume:
- class_name: standard
+ helm3_hook: false
+
+openvswitch:
+ release_group: openvswitch
+ enabled: true
+
+libvirt:
+ release_group: libvirt
+ enabled: true
+
+nova:
+ release_group: nova
+ enabled: true
+ helm3_hook: false
+
+placement:
+ release_group: placement
+ enabled: true
+ helm3_hook: false
+
+neutron:
+ release_group: neutron
+ enabled: true
+ helm3_hook: false
+ conf:
+ auto_bridge_add:
+ # no idea why, but something with sub-charts and null values get ommitted entirely from sub chart
+ br-ex: "null"
diff --git a/openstack/values_overrides/libvirt/apparmor.yaml b/openstack/values_overrides/libvirt/apparmor.yaml
new file mode 100644
index 0000000000..e7cff6de60
--- /dev/null
+++ b/openstack/values_overrides/libvirt/apparmor.yaml
@@ -0,0 +1,8 @@
+---
+libvirt:
+ pod:
+ mandatory_access_control:
+ type: apparmor
+ libvirt-libvirt-default:
+ libvirt: runtime/default
+...
diff --git a/openstack/values_overrides/libvirt/cinder-external-ceph-backend.yaml b/openstack/values_overrides/libvirt/cinder-external-ceph-backend.yaml
new file mode 100644
index 0000000000..5ffa5914bd
--- /dev/null
+++ b/openstack/values_overrides/libvirt/cinder-external-ceph-backend.yaml
@@ -0,0 +1,17 @@
+# Note: This yaml file serves as an example for overriding the manifest
+# to enable additional externally managed Ceph Cinder backend. When additional
+# externally managed Ceph Cinder backend is provisioned as shown in
+# cinder/values_overrides/external-ceph-backend.yaml of repo openstack-helm,
+# below override is needed to store the secret key of the cinder user in
+# libvirt.
+---
+libvirt:
+ conf:
+ ceph:
+ cinder:
+ external_ceph:
+ enabled: true
+ user: cinder2
+ secret_uuid: 3f0133e4-8384-4743-9473-fecacc095c74
+ user_secret_name: cinder-volume-external-rbd-keyring
+...
diff --git a/openstack/values_overrides/libvirt/netpol.yaml b/openstack/values_overrides/libvirt/netpol.yaml
new file mode 100644
index 0000000000..9c393832d4
--- /dev/null
+++ b/openstack/values_overrides/libvirt/netpol.yaml
@@ -0,0 +1,5 @@
+---
+libvirt:
+ manifests:
+ network_policy: true
+...
diff --git a/openstack/values_overrides/libvirt/ssl.yaml b/openstack/values_overrides/libvirt/ssl.yaml
new file mode 100644
index 0000000000..a5041fab37
--- /dev/null
+++ b/openstack/values_overrides/libvirt/ssl.yaml
@@ -0,0 +1,8 @@
+---
+libvirt:
+ conf:
+ libvirt:
+ listen_tcp: "0"
+ listen_tls: "1"
+ listen_addr: 0.0.0.0
+...
diff --git a/openstack/values_overrides/libvirt/victoria-ubuntu_focal.yaml b/openstack/values_overrides/libvirt/victoria-ubuntu_focal.yaml
new file mode 100644
index 0000000000..d5b88e2a84
--- /dev/null
+++ b/openstack/values_overrides/libvirt/victoria-ubuntu_focal.yaml
@@ -0,0 +1,6 @@
+---
+libvirt:
+ images:
+ tags:
+ libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
+...
diff --git a/openstack/values_overrides/libvirt/wallaby-ubuntu_focal.yaml b/openstack/values_overrides/libvirt/wallaby-ubuntu_focal.yaml
new file mode 100644
index 0000000000..d5b88e2a84
--- /dev/null
+++ b/openstack/values_overrides/libvirt/wallaby-ubuntu_focal.yaml
@@ -0,0 +1,6 @@
+---
+libvirt:
+ images:
+ tags:
+ libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_focal
+...
diff --git a/openstack/values_overrides/neutron/apparmor.yaml b/openstack/values_overrides/neutron/apparmor.yaml
new file mode 100644
index 0000000000..ce642e55ea
--- /dev/null
+++ b/openstack/values_overrides/neutron/apparmor.yaml
@@ -0,0 +1,42 @@
+---
+neutron:
+ pod:
+ mandatory_access_control:
+ type: apparmor
+ neutron-dhcp-agent-default:
+ neutron-dhcp-agent: runtime/default
+ neutron-dhcp-agent-init: runtime/default
+ init: runtime/default
+ neutron-l3-agent-default:
+ neutron-l3-agent: runtime/default
+ neutron-l3-agent-init: runtime/default
+ init: runtime/default
+ neutron-lb-agent-default:
+ neutron-lb-agent-default: runtime/default
+ neutron-metadata-agent-default:
+ neutron-metadata-agent: runtime/default
+ neutron-metadata-agent-init: runtime/default
+ init: runtime/default
+ neutron-ovs-agent-default:
+ neutron-ovs-agent: runtime/default
+ neutron-openvswitch-agent-kernel-modules: runtime/default
+ neutron-ovs-agent-init: runtime/default
+ init: runtime/default
+ neutron-sriov-agent-default:
+ neutron-sriov-agent: runtime/default
+ neutron-sriov-agent-init: runtime/default
+ init: runtime/default
+ neutron-netns-cleanup-cron-default:
+ neutron-netns-cleanup-cron: runtime/default
+ init: runtime/default
+ neutron-server:
+ neutron-server: runtime/default
+ init: runtime/default
+ nginx: runtime/default
+ neutron-test:
+ init: runtime/default
+ neutron-test: runtime/default
+ neutron-test-ks-user: runtime/default
+ manifests:
+ certificates: true
+...
diff --git a/openstack/values_overrides/neutron/dpdk-bond.yaml b/openstack/values_overrides/neutron/dpdk-bond.yaml
new file mode 100644
index 0000000000..f125f65eef
--- /dev/null
+++ b/openstack/values_overrides/neutron/dpdk-bond.yaml
@@ -0,0 +1,33 @@
+---
+neutron:
+ network:
+ interface:
+ tunnel: br-phy-bond0
+ conf:
+ plugins:
+ openvswitch_agent:
+ agent:
+ tunnel_types: vxlan
+ ovs:
+ bridge_mappings: public:br-ex
+ datapath_type: netdev
+ vhostuser_socket_dir: /var/run/openvswitch/vhostuser
+ ovs_dpdk:
+ enabled: true
+ driver: uio_pci_generic
+ nics: []
+ bonds:
+ # CHANGE-ME: modify below parameters according to your hardware
+ - name: dpdkbond0
+ bridge: br-phy-bond0
+ # The IP from the first nic in nics list shall be used
+ migrate_ip: true
+ ovs_options: "bond_mode=active-backup"
+ nics:
+ - name: dpdk_b0s0
+ pci_id: '0000:00:05.0'
+ - name: dpdk_b0s1
+ pci_id: '0000:00:06.0'
+ bridges:
+ - name: br-phy-bond0
+...
diff --git a/openstack/values_overrides/neutron/dpdk.yaml b/openstack/values_overrides/neutron/dpdk.yaml
new file mode 100644
index 0000000000..c48cbda683
--- /dev/null
+++ b/openstack/values_overrides/neutron/dpdk.yaml
@@ -0,0 +1,27 @@
+---
+neutron:
+ network:
+ interface:
+ tunnel: br-phy
+ conf:
+ plugins:
+ openvswitch_agent:
+ agent:
+ tunnel_types: vxlan
+ ovs:
+ bridge_mappings: public:br-ex
+ datapath_type: netdev
+ vhostuser_socket_dir: /var/run/openvswitch/vhostuser
+ ovs_dpdk:
+ enabled: true
+ driver: uio_pci_generic
+ nics:
+ # CHANGE-ME: modify pci_id according to your hardware
+ - name: dpdk0
+ pci_id: '0000:05:00.0'
+ bridge: br-phy
+ migrate_ip: true
+ bridges:
+ - name: br-phy
+ bonds: []
+...
diff --git a/openstack/values_overrides/neutron/gate.yaml b/openstack/values_overrides/neutron/gate.yaml
new file mode 100644
index 0000000000..d01a1d8c94
--- /dev/null
+++ b/openstack/values_overrides/neutron/gate.yaml
@@ -0,0 +1,25 @@
+---
+neutron:
+ network:
+ interface:
+ tunnel: docker0
+ conf:
+ neutron:
+ DEFAULT:
+ l3_ha: False
+ max_l3_agents_per_router: 1
+ l3_ha_network_type: vxlan
+ dhcp_agents_per_network: 1
+ plugins:
+ ml2_conf:
+ ml2_type_flat:
+ flat_networks: public
+ openvswitch_agent:
+ agent:
+ tunnel_types: vxlan
+ ovs:
+ bridge_mappings: public:br-ex
+ linuxbridge_agent:
+ linux_bridge:
+ bridge_mappings: public:br-ex
+...
diff --git a/openstack/values_overrides/neutron/netpol.yaml b/openstack/values_overrides/neutron/netpol.yaml
new file mode 100644
index 0000000000..9a1002552d
--- /dev/null
+++ b/openstack/values_overrides/neutron/netpol.yaml
@@ -0,0 +1,14 @@
+---
+neutron:
+ manifests:
+ network_policy: true
+ network_policy:
+ neutron:
+ egress:
+ - to:
+ - ipBlock:
+ cidr: %%%REPLACE_API_ADDR%%%/32
+ ports:
+ - protocol: TCP
+ port: %%%REPLACE_API_PORT%%%
+...
diff --git a/openstack/values_overrides/neutron/shared-sriov-ovs-dpdk-bond.yaml b/openstack/values_overrides/neutron/shared-sriov-ovs-dpdk-bond.yaml
new file mode 100644
index 0000000000..a6b2d36126
--- /dev/null
+++ b/openstack/values_overrides/neutron/shared-sriov-ovs-dpdk-bond.yaml
@@ -0,0 +1,97 @@
+---
+neutron:
+ network:
+ interface:
+ sriov:
+ - device: enp3s0f0
+ num_vfs: 32
+ promisc: false
+ - device: enp66s0f1
+ num_vfs: 32
+ promisc: false
+ tunnel: br-phy-bond0
+ backend:
+ - openvswitch
+ - sriov
+ conf:
+ auto_bridge_add:
+ br-ex: null
+ neutron:
+ DEFAULT:
+ l3_ha: False
+ max_l3_agents_per_router: 1
+ l3_ha_network_type: vxlan
+ dhcp_agents_per_network: 1
+ service_plugins: router
+ plugins:
+ ml2_conf:
+ ml2:
+ mechanism_drivers: l2population,openvswitch,sriovnicswitch
+ type_drivers: vlan,flat,vxlan
+ tenant_network_types: vxlan
+ ml2_type_flat:
+ flat_networks: public
+ ml2_type_vlan:
+ network_vlan_ranges: ovsnet:2:4094,sriovnet1:100:4000,sriovnet2:100:4000
+ openvswitch_agent:
+ default:
+ ovs_vsctl_timeout: 30
+ agent:
+ tunnel_types: vxlan
+ securitygroup:
+ enable_security_group: False
+ firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ ovs:
+ bridge_mappings: public:br-ex,ovsnet:br-phy-bond0
+ datapath_type: netdev
+ vhostuser_socket_dir: /var/run/openvswitch/vhostuser
+ of_connect_timeout: 60
+ of_request_timeout: 30
+ sriov_agent:
+ securitygroup:
+ firewall_driver: neutron.agent.firewall.NoopFirewallDriver
+ sriov_nic:
+ physical_device_mappings: sriovnet1:enp3s0f0,sriovnet2:enp66s0f1
+ exclude_devices: enp3s0f0:0000:00:05.1,enp66s0f1:0000:00:06.1
+ ovs_dpdk:
+ enabled: true
+ driver: uio_pci_generic
+ nics: []
+ bonds:
+ # CHANGE-ME: modify below parameters according to your hardware
+ - name: dpdkbond0
+ bridge: br-phy-bond0
+ mtu: 9000
+ # The IP from the first nic in nics list shall be used
+ migrate_ip: true
+ n_rxq: 2
+ n_rxq_size: 1024
+ n_txq_size: 1024
+ ovs_options: "bond_mode=active-backup"
+ nics:
+ - name: dpdk_b0s0
+ pci_id: '0000:00:05.0'
+ vf_index: 0
+ - name: dpdk_b0s1
+ pci_id: '0000:00:06.0'
+ vf_index: 0
+ bridges:
+ - name: br-phy-bond0
+ modules:
+ - name: dpdk
+ log_level: info
+
+ # In case of shared profile (sriov + ovs-dpdk), sriov agent should finish
+ # first so as to let it configure the SRIOV VFs before ovs-agent tries to
+ # bind it with DPDK driver.
+ dependencies:
+ dynamic:
+ targeted:
+ openvswitch:
+ ovs_agent:
+ pod:
+ - requireSameNode: true
+ labels:
+ application: neutron
+ component: neutron-sriov-agent
+...
diff --git a/openstack/values_overrides/neutron/tf.yaml b/openstack/values_overrides/neutron/tf.yaml
new file mode 100644
index 0000000000..c2485de747
--- /dev/null
+++ b/openstack/values_overrides/neutron/tf.yaml
@@ -0,0 +1,71 @@
+---
+neutron:
+ images:
+ tags:
+ tf_neutron_init: opencontrailnightly/contrail-openstack-neutron-init:master-latest
+ labels:
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ server:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ network:
+ backend:
+ - tungstenfabric
+ dependencies:
+ dynamic:
+ targeted:
+ tungstenfabric:
+ server:
+ daemonset: []
+ conf:
+ openstack_version: queens
+ neutron:
+ DEFAULT:
+ core_plugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2
+ service_plugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2
+ l3_ha: False
+ api_extensions_path: /opt/plugin/site-packages/neutron_plugin_contrail/extensions:/opt/plugin/site-packages/neutron_lbaas/extensions
+ interface_driver: null
+ quotas:
+ quota_driver: neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
+ plugins:
+ tungstenfabric:
+ APISERVER:
+ api_server_ip: config-api-server.tungsten-fabric.svc.cluster.local
+ api_server_port: 8082
+ contrail_extensions: "ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None"
+ multi_tenancy: True
+ KEYSTONE:
+ insecure: True
+ tf_vnc_api_lib:
+ global:
+ WEB_SERVER: config-api-server.tungsten-fabric.svc.cluster.local
+ WEB_PORT: 8082
+ auth:
+ AUTHN_TYPE: keystone
+ AUTHN_PROTOCOL: http
+ AUTHN_URL: /v3/auth/tokens
+ manifests:
+ daemonset_dhcp_agent: false
+ daemonset_l3_agent: false
+ daemonset_lb_agent: false
+ daemonset_metadata_agent: false
+ daemonset_ovs_agent: false
+ daemonset_sriov_agent: false
+ pod_rally_test: false
+ pod:
+ mounts:
+ neutron_db_sync:
+ neutron_db_sync:
+ volumeMounts:
+ - name: db-sync-conf
+ mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+ subPath: tf_plugin.ini
+ readOnly: true
+ volumes:
+...
diff --git a/openstack/values_overrides/neutron/tls.yaml b/openstack/values_overrides/neutron/tls.yaml
new file mode 100644
index 0000000000..416effc294
--- /dev/null
+++ b/openstack/values_overrides/neutron/tls.yaml
@@ -0,0 +1,142 @@
+---
+neutron:
+ images:
+ tags:
+ nginx: docker.io/nginx:1.18.0
+ network:
+ server:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/backend-protocol: "https"
+ pod:
+ security_context:
+ neutron_server:
+ pod:
+ runAsUser: 0
+ container:
+ neutron_server:
+ readOnlyRootFilesystem: false
+ resources:
+ nginx:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ conf:
+ nginx: |
+ worker_processes 1;
+ daemon off;
+ user nginx;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ sendfile on;
+ keepalive_timeout 65s;
+ tcp_nodelay on;
+
+ log_format main '[nginx] method=$request_method path=$request_uri '
+ 'status=$status upstream_status=$upstream_status duration=$request_time size=$body_bytes_sent '
+ '"$remote_user" "$http_referer" "$http_user_agent"';
+
+ access_log /dev/stdout main;
+
+ upstream websocket {
+ server 127.0.0.1:$PORT;
+ }
+
+ server {
+ server_name {{ printf "%s.%s.svc.%s" "${SHORTNAME}" .Release.Namespace .Values.endpoints.cluster_domain_suffix }};
+ listen $POD_IP:$PORT ssl;
+
+ client_max_body_size 0;
+
+ ssl_certificate /etc/nginx/certs/tls.crt;
+ ssl_certificate_key /etc/nginx/certs/tls.key;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+
+ location / {
+ proxy_pass_request_headers on;
+
+ proxy_http_version 1.1;
+ proxy_pass http://websocket;
+ proxy_read_timeout 90;
+ }
+ }
+ }
+ neutron:
+ DEFAULT:
+ bind_host: 127.0.0.1
+ nova:
+ cafile: /etc/neutron/certs/ca.crt
+ keystone_authtoken:
+ cafile: /etc/neutron/certs/ca.crt
+ oslo_messaging_rabbit:
+ ssl: true
+ ssl_ca_file: /etc/rabbitmq/certs/ca.crt
+ ssl_cert_file: /etc/rabbitmq/certs/tls.crt
+ ssl_key_file: /etc/rabbitmq/certs/tls.key
+ metadata_agent:
+ DEFAULT:
+ auth_ca_cert: /etc/ssl/certs/openstack-helm.crt
+ nova_metadata_port: 443
+ nova_metadata_protocol: https
+ endpoints:
+ compute:
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ compute_metadata:
+ scheme:
+ default: https
+ port:
+ metadata:
+ public: 443
+ identity:
+ auth:
+ admin:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ neutron:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ nova:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ test:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ scheme:
+ default: https
+ port:
+ api:
+ default: 443
+ network:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: neutron-tls-server
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ ingress:
+ port:
+ ingress:
+ default: 443
+ oslo_messaging:
+ port:
+ https:
+ default: 15680
+ manifests:
+ certificates: true
+...
diff --git a/openstack/values_overrides/neutron/train-ubuntu_bionic.yaml b/openstack/values_overrides/neutron/train-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..bc5ab0a7f4
--- /dev/null
+++ b/openstack/values_overrides/neutron/train-ubuntu_bionic.yaml
@@ -0,0 +1,21 @@
+---
+neutron:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ neutron_db_sync: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_dhcp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_l3: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_l2gw: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_metadata: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_rpc_server: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+ neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:train-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml b/openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..1d28a28164
--- /dev/null
+++ b/openstack/values_overrides/neutron/ussuri-ubuntu_bionic.yaml
@@ -0,0 +1,21 @@
+---
+neutron:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ neutron_db_sync: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_dhcp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_l3: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_l2gw: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_metadata: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_rpc_server: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+ neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:ussuri-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/neutron/victoria-ubuntu_focal.yaml b/openstack/values_overrides/neutron/victoria-ubuntu_focal.yaml
new file mode 100644
index 0000000000..61bf6e8c6b
--- /dev/null
+++ b/openstack/values_overrides/neutron/victoria-ubuntu_focal.yaml
@@ -0,0 +1,21 @@
+---
+neutron:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ neutron_db_sync: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_dhcp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_l3: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_l2gw: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_metadata: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_rpc_server: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+ neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:victoria-ubuntu_focal"
+...
diff --git a/openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml b/openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml
new file mode 100644
index 0000000000..0677c6fecf
--- /dev/null
+++ b/openstack/values_overrides/neutron/wallaby-ubuntu_focal.yaml
@@ -0,0 +1,21 @@
+---
+neutron:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ neutron_db_sync: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_dhcp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_l3: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_l2gw: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_metadata: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_rpc_server: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+ neutron_bagpipe_bgp: "docker.io/openstackhelm/neutron:wallaby-ubuntu_focal"
+...
diff --git a/openstack/values_overrides/nova/apparmor.yaml b/openstack/values_overrides/nova/apparmor.yaml
new file mode 100644
index 0000000000..7676c306fc
--- /dev/null
+++ b/openstack/values_overrides/nova/apparmor.yaml
@@ -0,0 +1,37 @@
+---
+nova:
+ pod:
+ mandatory_access_control:
+ type: apparmor
+ nova-compute-default:
+ nova-compute: runtime/default
+ init: runtime/default
+ nova-compute-init: runtime/default
+ nova-compute-vnc-init: runtime/default
+ nova-api-metadata:
+ nova-api-metadata-init: runtime/default
+ nova-api: runtime/default
+ init: runtime/default
+ nova-api-osapi:
+ nova-osapi: runtime/default
+ init: runtime/default
+ nova-conductor:
+ nova-conductor: runtime/default
+ init: runtime/default
+ nova-novncproxy:
+ nova-novncproxy: runtime/default
+ nova-novncproxy-init-assets: runtime/default
+ nova-novncproxy-init: runtime/default
+ init: runtime/default
+ nova-scheduler:
+ nova-scheduler: runtime/default
+ init: runtime/default
+ nova-cell-setup:
+ nova-cell-setup: runtime/default
+ nova-cell-setup-init: runtime/default
+ init: runtime/default
+ nova-test:
+ init: runtime/default
+ nova-test: runtime/default
+ nova-test-ks-user: runtime/default
+...
diff --git a/openstack/values_overrides/nova/cntt.yaml b/openstack/values_overrides/nova/cntt.yaml
new file mode 100644
index 0000000000..57e07b86ee
--- /dev/null
+++ b/openstack/values_overrides/nova/cntt.yaml
@@ -0,0 +1,23 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+nova:
+ conf:
+ nova:
+ DEFAULT:
+ reserved_huge_pages:
+ type: multistring
+ values:
+ - node:0,size:1GB,count:4
+ - node:1,size:1GB,count:4
+ reserved_host_memory_mb: 512
+...
diff --git a/openstack/values_overrides/nova/netpol.yaml b/openstack/values_overrides/nova/netpol.yaml
new file mode 100644
index 0000000000..8d0901cb45
--- /dev/null
+++ b/openstack/values_overrides/nova/netpol.yaml
@@ -0,0 +1,18 @@
+---
+nova:
+ manifests:
+ network_policy: true
+ network_policy:
+ nova:
+ egress:
+ - to:
+ - podSelector:
+ matchLabels:
+ application: nova
+ - to:
+ - ipBlock:
+ cidr: %%%REPLACE_API_ADDR%%%/32
+ ports:
+ - protocol: TCP
+ port: %%%REPLACE_API_PORT%%%
+...
diff --git a/openstack/values_overrides/nova/opensuse_15.yaml b/openstack/values_overrides/nova/opensuse_15.yaml
new file mode 100644
index 0000000000..5cb0ec8281
--- /dev/null
+++ b/openstack/values_overrides/nova/opensuse_15.yaml
@@ -0,0 +1,27 @@
+---
+nova:
+ conf:
+ software:
+ apache2:
+ binary: apache2ctl
+ start_parameters: -DFOREGROUND -k start
+ site_dir: /etc/apache2/vhosts.d
+ conf_dir: /etc/apache2/conf.d
+ a2enmod:
+ - version
+ security: |
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+
+ Require all granted
+
+
+ Order allow,deny
+ Allow from all
+
+
+ nova:
+ DEFAULT:
+ mkisofs_cmd: mkisofs
+...
diff --git a/openstack/values_overrides/nova/ssh.yaml b/openstack/values_overrides/nova/ssh.yaml
new file mode 100644
index 0000000000..e776c09fbb
--- /dev/null
+++ b/openstack/values_overrides/nova/ssh.yaml
@@ -0,0 +1,36 @@
+---
+nova:
+ network:
+ ssh:
+ enabled: true
+ public_key: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfgGkoPxu6jVqyBTGDlhGqoFFaTymMOH3pDRzrzXCVodqrtv1heBAyi7L63+MZ+m/facDDo43hWzhFLmmMgD00AS7L+VH+oeEwKVCfq0HN3asKLadpweBQVAkGX7PzjRKF25qj6J7iVpKAf1NcnJCsWL3b+wC9mwK7TmupOmWra8BrfP7Fvek1RLx3lwk+ZZ9lUlm6o+jwXn/9rCEFa7ywkGpdrPRBNHQshGjDlJPi15boXIKxOmoZ/DszkJq7iLYQnwa4Kdb0dJ9OE/l2LLBiEpkMlTnwXA7QCS5jEHXwW78b4BOZvqrFflga+YldhDmkyRRfnhcF5Ok2zQmx9Q+t root@openstack-helm
+ private_key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpAIBAAKCAQEA34BpKD8buo1asgUxg5YRqqBRWk8pjDh96Q0c681wlaHaq7b9
+ YXgQMouy+t/jGfpv32nAw6ON4Vs4RS5pjIA9NAEuy/lR/qHhMClQn6tBzd2rCi2n
+ acHgUFQJBl+z840Shduao+ie4laSgH9TXJyQrFi92/sAvZsCu05rqTplq2vAa3z+
+ xb3pNUS8d5cJPmWfZVJZuqPo8F5//awhBWu8sJBqXaz0QTR0LIRow5ST4teW6FyC
+ sTpqGfw7M5Cau4i2EJ8GuCnW9HSfThP5diywYhKZDJU58FwO0AkuYxB18Fu/G+AT
+ mb6qxX5YGvmJXYQ5pMkUX54XBeTpNs0JsfUPrQIDAQABAoIBAFkEFd3XtL2KSxMY
+ Cm50OLkSfRRQ7yVP4qYNePVZr3uJKUS27xgA78KR7UkKHrNcEW6T+hhxbbLR2AmF
+ wLga40VxKyhGNqgJ5Vx/OAM//Ed4AAVfxYvTkfmsXqPRPiTEjRoPKvoZTh6riFHx
+ ZExAd0aNWaDhyZu6v03GoA6YmaG53CLhUpDjIEpAHT8Q5fiukvpvFNAkSpSU3wWW
+ YD14S5BTXx8Z7v5mNgbxzDIST9P6oGm9jOoMJJCxu3KVF5Xh6k23DP1wukiWNypJ
+ b7dzfE8/NZUZ15Du4g1ZXHZyOATwN+4GQi1tV+oB1o6wI6829lpIMlsmqHhrw867
+ 942SmakCgYEA9R1xFEEVRavBGIUeg/NMbFP+Ssl2DljAdnmcOASCxAFqCx6y3WSK
+ P2xWTD/MCG/uz627EVp+lfbapZimm171rUMpVCqTa5tH+LZ+Lbl+rjoLwSWVqySK
+ MGyIEzpPLq5PrpGdUghZNsGAG7kgTarJM5SYyA+Esqr8AADjDrZdmzcCgYEA6W1C
+ h9nU5i04UogndbkOiDVDWn0LnjUnVDTmhgGhbJDLtx4/hte/zGK7+mKl561q3Qmm
+ xY0s8cSQCX1ULHyrgzS9rc0k42uvuRWgpKKKT5IrjiA91HtfcVM1r9hxa2/dw4wk
+ WbAoaqpadjQAKoB4PNYzRfvITkv/9O+JSyK5BjsCgYEA5p9C68momBrX3Zgyc/gQ
+ qcQFeJxAxZLf0xjs0Q/9cSnbeobxx7h3EuF9+NP1xuJ6EVDmt5crjzHp2vDboUgh
+ Y1nToutENXSurOYXpjHnbUoUETCpt5LzqkgTZ/Pu2H8NXbSIDszoE8rQHEV8jVbp
+ Y+ymK2XedrTF0cMD363aONUCgYEAy5J4+kdUL+VyADAz0awxa0KgWdNCBZivkvWL
+ sYTMhgUFVM7xciTIZXQaIjRUIeeQkfKv2gvUDYlyYIRHm4Cih4vAfEmziQ7KMm0V
+ K1+BpgGBMLMXmS57PzblVFU8HQlzau3Wac2CgfvNZtbU6jweIFhiYP9DYl1PfQpG
+ PxuqJy8CgYBERsjdYfnyGMnFg3DVwgv/W/JspX201jMhQW2EW1OGDf7RQV+qTUnU
+ 2NRGN9QbVYUvdwuRPd7C9wXQfLzXf0/E67oYg6fHHGTBNMjSq56qhZ2dSZnyQCxI
+ UZu0B4/1A5493Mypxp8c2fPhBdfzjTA5latsr75U26OMPxCxgFxm1A==
+ -----END RSA PRIVATE KEY-----
+...
diff --git a/openstack/values_overrides/nova/tf.yaml b/openstack/values_overrides/nova/tf.yaml
new file mode 100644
index 0000000000..ef8cbfca23
--- /dev/null
+++ b/openstack/values_overrides/nova/tf.yaml
@@ -0,0 +1,79 @@
+---
+nova:
+ images:
+ tags:
+ tf_compute_init: opencontrailnightly/contrail-openstack-compute-init:master-latest
+ conf:
+ nova:
+ libvirt:
+ virt_type: qemu
+ cpu_mode: host-model
+ agent:
+ compute:
+ node_selector_key: openstack-compute-node
+ node_selector_value: enabled
+ compute_ironic:
+ node_selector_key: openstack-compute-node
+ node_selector_value: enabled
+ api_metadata:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ conductor:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ novncproxy:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ osapi:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ scheduler:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ spiceproxy:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ rootwrap: |
+ # Configuration for nova-rootwrap
+ # This file should be owned by (and only-writeable by) the root user
+
+ [DEFAULT]
+ # List of directories to load filter definitions from (separated by ',').
+ # These directories MUST all be only writeable by root !
+ filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
+
+ # List of directories to search executables in, in case filters do not
+ # explicitely specify a full path (separated by ',')
+ # If not specified, defaults to system PATH environment variable.
+ # These directories MUST all be only writeable by root !
+ exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/var/lib/openstack/bin,/var/lib/kolla/venv/bin,/opt/plugin/bin
+
+ # Enable logging to syslog
+ # Default value is False
+ use_syslog=False
+
+ # Which syslog facility to use.
+ # Valid values include auth, authpriv, syslog, local0, local1...
+ # Default value is 'syslog'
+ syslog_log_facility=syslog
+
+ # Which messages to log.
+ # INFO means log all usage
+ # ERROR means only log unsuccessful attempts
+ syslog_log_level=ERROR
+ network:
+ backend:
+ - tungstenfabric
+ dependencies:
+ dynamic:
+ targeted:
+ tungstenfabric:
+ compute:
+ daemonset: []
+...
diff --git a/openstack/values_overrides/nova/tls-offloading.yaml b/openstack/values_overrides/nova/tls-offloading.yaml
new file mode 100644
index 0000000000..c2b771a53e
--- /dev/null
+++ b/openstack/values_overrides/nova/tls-offloading.yaml
@@ -0,0 +1,15 @@
+---
+nova:
+ endpoints:
+ identity:
+ auth:
+ admin:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ nova:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ test:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+
+ tls:
+ identity: true
+...
diff --git a/openstack/values_overrides/nova/tls.yaml b/openstack/values_overrides/nova/tls.yaml
new file mode 100644
index 0000000000..ea25ab6583
--- /dev/null
+++ b/openstack/values_overrides/nova/tls.yaml
@@ -0,0 +1,213 @@
+---
+nova:
+ network:
+ osapi:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/backend-protocol: "https"
+ metadata:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/backend-protocol: "https"
+ novncproxy:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/backend-protocol: "https"
+ conf:
+ mpm_event: |
+
+ ServerLimit 1024
+ StartServers 32
+ MinSpareThreads 32
+ MaxSpareThreads 256
+ ThreadsPerChild 25
+ MaxRequestsPerChild 128
+ ThreadLimit 720
+
+ wsgi_nova_api: |
+ {{- $portInt := tuple "compute" "internal" "api" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ Listen {{ $portInt }}
+
+ ServerName {{ printf "%s.%s.svc.%s" "nova-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
+ WSGIDaemonProcess nova-api processes=1 threads=1 user=nova display-name=%{GROUP}
+ WSGIProcessGroup nova-api
+ WSGIScriptAlias / /var/www/cgi-bin/nova/nova-api-wsgi
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ AllowEncodedSlashes On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ ErrorLog /dev/stdout
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+
+ SSLEngine on
+ SSLCertificateFile /etc/nova/certs/tls.crt
+ SSLCertificateKeyFile /etc/nova/certs/tls.key
+ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ SSLHonorCipherOrder on
+
+ wsgi_nova_metadata: |
+ {{- $portInt := tuple "compute_metadata" "internal" "metadata" $ | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ Listen {{ $portInt }}
+
+ ServerName {{ printf "%s.%s.svc.%s" "nova-metadata" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
+ WSGIDaemonProcess nova-metadata processes=1 threads=1 user=nova display-name=%{GROUP}
+ WSGIProcessGroup nova-metadata
+ WSGIScriptAlias / /var/www/cgi-bin/nova/nova-metadata-wsgi
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ AllowEncodedSlashes On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ ErrorLog /dev/stdout
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+
+ SSLEngine on
+ SSLCertificateFile /etc/nova/certs/tls.crt
+ SSLCertificateKeyFile /etc/nova/certs/tls.key
+ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ SSLHonorCipherOrder on
+
+ software:
+ apache2:
+ a2enmod:
+ - ssl
+ nova:
+ console:
+ ssl_minimum_version: tlsv1_2
+ glance:
+ cafile: /etc/nova/certs/ca.crt
+ ironic:
+ cafile: /etc/nova/certs/ca.crt
+ neutron:
+ cafile: /etc/nova/certs/ca.crt
+ keystone_authtoken:
+ cafile: /etc/nova/certs/ca.crt
+ cinder:
+ cafile: /etc/nova/certs/ca.crt
+ placement:
+ cafile: /etc/nova/certs/ca.crt
+ keystone:
+ cafile: /etc/nova/certs/ca.crt
+ oslo_messaging_rabbit:
+ ssl: true
+ ssl_ca_file: /etc/rabbitmq/certs/ca.crt
+ ssl_cert_file: /etc/rabbitmq/certs/tls.crt
+ ssl_key_file: /etc/rabbitmq/certs/tls.key
+ endpoints:
+ identity:
+ auth:
+ admin:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ nova:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ neutron:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ placement:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ test:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ scheme:
+ default: https
+ port:
+ api:
+ default: 443
+ image:
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ compute:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: nova-tls-api
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: 'https'
+ port:
+ api:
+ public: 443
+ compute_metadata:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: metadata-tls-metadata
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ port:
+ metadata:
+ public: 443
+ compute_novnc_proxy:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: nova-novncproxy-tls-proxy
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ port:
+ novnc_proxy:
+ public: 443
+ compute_spice_proxy:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: nova-tls-spiceproxy
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ placement:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: placement-tls-api
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ network:
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ oslo_messaging:
+ port:
+ https:
+ default: 15680
+ pod:
+ security_context:
+ nova:
+ container:
+ nova_api:
+ runAsUser: 0
+ readOnlyRootFilesystem: false
+ nova_osapi:
+ runAsUser: 0
+ readOnlyRootFilesystem: false
+ manifests:
+ certificates: true
+...
diff --git a/openstack/values_overrides/nova/train-ubuntu_bionic.yaml b/openstack/values_overrides/nova/train-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..6cf522c147
--- /dev/null
+++ b/openstack/values_overrides/nova/train-ubuntu_bionic.yaml
@@ -0,0 +1,24 @@
+---
+nova:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ nova_api: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_cell_setup: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_cell_setup_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ nova_compute: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_compute_ssh: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_conductor: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_db_sync: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_novncproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_novncproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_scheduler: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_spiceproxy: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_spiceproxy_assets: "docker.io/openstackhelm/nova:train-ubuntu_bionic"
+ nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml b/openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..baba3fd6fd
--- /dev/null
+++ b/openstack/values_overrides/nova/ussuri-ubuntu_bionic.yaml
@@ -0,0 +1,24 @@
+---
+nova:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ nova_api: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_cell_setup: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_cell_setup_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ nova_compute: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_compute_ssh: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_conductor: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_db_sync: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_novncproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_novncproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_scheduler: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_spiceproxy: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_spiceproxy_assets: "docker.io/openstackhelm/nova:ussuri-ubuntu_bionic"
+ nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/nova/victoria-ubuntu_focal.yaml b/openstack/values_overrides/nova/victoria-ubuntu_focal.yaml
new file mode 100644
index 0000000000..5053e4150b
--- /dev/null
+++ b/openstack/values_overrides/nova/victoria-ubuntu_focal.yaml
@@ -0,0 +1,24 @@
+---
+nova:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ nova_api: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_cell_setup: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_cell_setup_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ nova_compute: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_compute_ssh: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_conductor: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_db_sync: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_novncproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_novncproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_scheduler: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_spiceproxy: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_spiceproxy_assets: "docker.io/openstackhelm/nova:victoria-ubuntu_focal"
+ nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml b/openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml
new file mode 100644
index 0000000000..afb30b0d5c
--- /dev/null
+++ b/openstack/values_overrides/nova/wallaby-ubuntu_focal.yaml
@@ -0,0 +1,24 @@
+---
+nova:
+ images:
+ tags:
+ bootstrap: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ nova_api: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_cell_setup: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_cell_setup_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ nova_compute: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_compute_ssh: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_conductor: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_db_sync: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_novncproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_novncproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_scheduler: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_spiceproxy: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_spiceproxy_assets: "docker.io/openstackhelm/nova:wallaby-ubuntu_focal"
+ nova_service_cleaner: "docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_bionic"
+...
diff --git a/openstack/values_overrides/nova/wallaby.yaml b/openstack/values_overrides/nova/wallaby.yaml
new file mode 100644
index 0000000000..81210dacc2
--- /dev/null
+++ b/openstack/values_overrides/nova/wallaby.yaml
@@ -0,0 +1,7 @@
+---
+nova:
+ conf:
+ rally_tests:
+ tests:
+ NovaAgents.list_agents: []
+...
diff --git a/openstack/values_overrides/openvswitch/apparmor.yaml b/openstack/values_overrides/openvswitch/apparmor.yaml
new file mode 100644
index 0000000000..885ab0b907
--- /dev/null
+++ b/openstack/values_overrides/openvswitch/apparmor.yaml
@@ -0,0 +1,15 @@
+# NOTE: Enable this with the correct policy
+---
+openvswitch:
+ pod:
+ mandatory_access_control:
+ type: apparmor
+ openvswitch-vswitchd:
+ openvswitch-vswitchd: runtime/default
+ openvswitch-vswitchd-modules: runtime/default
+ init: runtime/default
+ openvswitch-db:
+ openvswitch-db: runtime/default
+ openvswitch-db-perms: runtime/default
+ init: runtime/default
+...
diff --git a/openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml b/openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml
new file mode 100644
index 0000000000..952b09c543
--- /dev/null
+++ b/openstack/values_overrides/openvswitch/dpdk-opensuse_15.yaml
@@ -0,0 +1,25 @@
+---
+openvswitch:
+ images:
+ tags:
+ openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
+ openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-opensuse_15-dpdk
+ pod:
+ resources:
+ enabled: true
+ ovs:
+ vswitchd:
+ requests:
+ memory: "2Gi"
+ cpu: "2"
+ limits:
+ memory: "2Gi"
+ cpu: "2"
+ hugepages-1Gi: "1Gi"
+ conf:
+ ovs_dpdk:
+ enabled: true
+ hugepages_mountpath: /dev/hugepages
+ vhostuser_socket_dir: vhostuser
+ socket_memory: 1024
+...
diff --git a/openstack/values_overrides/openvswitch/dpdk-ubuntu_bionic.yaml b/openstack/values_overrides/openvswitch/dpdk-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..98265e7ecd
--- /dev/null
+++ b/openstack/values_overrides/openvswitch/dpdk-ubuntu_bionic.yaml
@@ -0,0 +1,25 @@
+---
+openvswitch:
+ images:
+ tags:
+ openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
+ openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_bionic-dpdk
+ pod:
+ resources:
+ enabled: true
+ ovs:
+ vswitchd:
+ requests:
+ memory: "2Gi"
+ cpu: "2"
+ limits:
+ memory: "2Gi"
+ cpu: "2"
+ hugepages-1Gi: "1Gi"
+ conf:
+ ovs_dpdk:
+ enabled: true
+ hugepages_mountpath: /dev/hugepages
+ vhostuser_socket_dir: vhostuser
+ socket_memory: 1024
+...
diff --git a/openstack/values_overrides/openvswitch/netpol.yaml b/openstack/values_overrides/openvswitch/netpol.yaml
new file mode 100644
index 0000000000..efde08fb09
--- /dev/null
+++ b/openstack/values_overrides/openvswitch/netpol.yaml
@@ -0,0 +1,5 @@
+---
+openvswitch:
+ manifests:
+ network_policy: true
+...
diff --git a/openstack/values_overrides/openvswitch/vswitchd-probes.yaml b/openstack/values_overrides/openvswitch/vswitchd-probes.yaml
new file mode 100644
index 0000000000..14e350cfba
--- /dev/null
+++ b/openstack/values_overrides/openvswitch/vswitchd-probes.yaml
@@ -0,0 +1,12 @@
+---
+openvswitch:
+ pod:
+ probes:
+ ovs_vswitch:
+ ovs_vswitch:
+ liveness:
+ exec:
+ - /bin/bash
+ - -c
+ - '/usr/bin/ovs-appctl bond/list; C1=$?; ovs-vsctl --column statistics list interface dpdk_b0s0 | grep -q -E "rx_|tx_"; C2=$?; ovs-vsctl --column statistics list interface dpdk_b0s1 | grep -q -E "rx_|tx_"; C3=$?; exit $(($C1+$C2+$C3))'
+...
diff --git a/openstack/values_overrides/placement/apparmor.yaml b/openstack/values_overrides/placement/apparmor.yaml
new file mode 100644
index 0000000000..4c1be44172
--- /dev/null
+++ b/openstack/values_overrides/placement/apparmor.yaml
@@ -0,0 +1,15 @@
+---
+placement:
+ pod:
+ mandatory_access_control:
+ type: apparmor
+ placement-api:
+ placement-api: runtime/default
+ init: runtime/default
+ placement-db-migrate:
+ init: runtime/default
+ placement-mysql-migration: runtime/default
+
+ manifests:
+ job_db_migrate: true
+...
diff --git a/openstack/values_overrides/placement/netpol.yaml b/openstack/values_overrides/placement/netpol.yaml
new file mode 100644
index 0000000000..284f798d92
--- /dev/null
+++ b/openstack/values_overrides/placement/netpol.yaml
@@ -0,0 +1,21 @@
+---
+placement:
+ manifests:
+ network_policy: true
+ network_policy:
+ placement:
+ egress:
+ - {}
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels:
+ application: nova
+ ports:
+ - protocol: TCP
+ port: 8778
+ - protocol: TCP
+ port: 80
+ - protocol: TCP
+ port: 8080
+...
diff --git a/openstack/values_overrides/placement/tls.yaml b/openstack/values_overrides/placement/tls.yaml
new file mode 100644
index 0000000000..d77291e9c5
--- /dev/null
+++ b/openstack/values_overrides/placement/tls.yaml
@@ -0,0 +1,80 @@
+---
+placement:
+ network:
+ api:
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/backend-protocol: "https"
+ conf:
+ software:
+ apache2:
+ a2enmod:
+ - ssl
+ placement:
+ keystone_authtoken:
+ cafile: /etc/placement/certs/ca.crt
+ wsgi_placement: |
+ Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+
+ ServerName {{ printf "%s.%s.svc.%s" "placement-api" .Release.Namespace .Values.endpoints.cluster_domain_suffix }}
+ WSGIDaemonProcess placement-api processes=4 threads=1 user=placement group=placement display-name=%{GROUP}
+ WSGIProcessGroup placement-api
+ WSGIScriptAlias / /var/www/cgi-bin/placement/placement-api
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ = 2.4>
+ ErrorLogFormat "%{cu}t %M"
+
+ ErrorLog /dev/stdout
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ CustomLog /dev/stdout combined env=!forwarded
+ CustomLog /dev/stdout proxy env=forwarded
+
+ SSLEngine on
+ SSLCertificateFile /etc/placement/certs/tls.crt
+ SSLCertificateKeyFile /etc/placement/certs/tls.key
+ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ SSLHonorCipherOrder on
+
+ Alias /placement /var/www/cgi-bin/placement/placement-api
+
+ SetHandler wsgi-script
+ Options +ExecCGI
+ WSGIProcessGroup placement-api
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+
+ endpoints:
+ identity:
+ auth:
+ admin:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ placement:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ scheme:
+ default: https
+ port:
+ api:
+ default: 443
+ placement:
+ host_fqdn_override:
+ default:
+ tls:
+ secretName: placement-tls-api
+ issuerRef:
+ name: ca-issuer
+ kind: ClusterIssuer
+ scheme:
+ default: https
+ port:
+ api:
+ public: 443
+ manifests:
+ certificates: true
+...
diff --git a/openstack/values_overrides/placement/train-ubuntu_bionic.yaml b/openstack/values_overrides/placement/train-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..2134345aea
--- /dev/null
+++ b/openstack/values_overrides/placement/train-ubuntu_bionic.yaml
@@ -0,0 +1,24 @@
+---
+placement:
+ images:
+ pull_policy: IfNotPresent
+ tags:
+ placement: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:train-ubuntu_bionic"
+ db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
+ placement_db_sync: "docker.io/openstackhelm/placement:train-ubuntu_bionic"
+ dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+ image_repo_sync: "docker.io/docker:17.07.0"
+ manifests:
+ job_db_migrate: true
+ dependencies:
+ static:
+ db_sync:
+ jobs:
+ - placement-db-init
+ - placement-db-migrate
+...
diff --git a/openstack/values_overrides/placement/ussuri-ubuntu_bionic.yaml b/openstack/values_overrides/placement/ussuri-ubuntu_bionic.yaml
new file mode 100644
index 0000000000..7031b0a7e3
--- /dev/null
+++ b/openstack/values_overrides/placement/ussuri-ubuntu_bionic.yaml
@@ -0,0 +1,24 @@
+---
+placement:
+ images:
+ pull_policy: IfNotPresent
+ tags:
+ placement: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
+ ks_user: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_service: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ ks_endpoints: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_init: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_drop: "docker.io/openstackhelm/heat:ussuri-ubuntu_bionic"
+ db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
+ placement_db_sync: "docker.io/openstackhelm/placement:ussuri-ubuntu_bionic"
+ dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+ image_repo_sync: "docker.io/docker:17.07.0"
+ manifests:
+ job_db_migrate: true
+ dependencies:
+ static:
+ db_sync:
+ jobs:
+ - placement-db-init
+ - placement-db-migrate
+...
diff --git a/openstack/values_overrides/placement/victoria-ubuntu_focal.yaml b/openstack/values_overrides/placement/victoria-ubuntu_focal.yaml
new file mode 100644
index 0000000000..68841b4a02
--- /dev/null
+++ b/openstack/values_overrides/placement/victoria-ubuntu_focal.yaml
@@ -0,0 +1,24 @@
+---
+placement:
+ images:
+ pull_policy: IfNotPresent
+ tags:
+ placement: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:victoria-ubuntu_focal"
+ db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
+ placement_db_sync: "docker.io/openstackhelm/placement:victoria-ubuntu_focal"
+ dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+ image_repo_sync: "docker.io/docker:17.07.0"
+ manifests:
+ job_db_migrate: true
+ dependencies:
+ static:
+ db_sync:
+ jobs:
+ - placement-db-init
+ - placement-db-migrate
+...
diff --git a/openstack/values_overrides/placement/wallaby-ubuntu_focal.yaml b/openstack/values_overrides/placement/wallaby-ubuntu_focal.yaml
new file mode 100644
index 0000000000..6cbb373573
--- /dev/null
+++ b/openstack/values_overrides/placement/wallaby-ubuntu_focal.yaml
@@ -0,0 +1,24 @@
+---
+placement:
+ images:
+ pull_policy: IfNotPresent
+ tags:
+ placement: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
+ ks_user: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_service: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ ks_endpoints: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_init: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_drop: "docker.io/openstackhelm/heat:wallaby-ubuntu_focal"
+ db_migrate: "quay.io/airshipit/porthole-mysqlclient-utility:latest-ubuntu_bionic"
+ placement_db_sync: "docker.io/openstackhelm/placement:wallaby-ubuntu_focal"
+ dep_check: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+ image_repo_sync: "docker.io/docker:17.07.0"
+ manifests:
+ job_db_migrate: true
+ dependencies:
+ static:
+ db_sync:
+ jobs:
+ - placement-db-init
+ - placement-db-migrate
+...
diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml
index 399f0bfb7b..ea3f865045 100644
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@@ -31,4 +31,5 @@ neutron:
- 0.2.15 Remove unsupported values overrides
- 0.2.16 Remove usage of six
- 0.2.17 Migrated PodDisruptionBudget resource to policy/v1 API version
+ - 0.2.18 Updated naming for subchart compatibility
...
diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml
index 1793ab43ac..15d3910afc 100644
--- a/releasenotes/notes/nova.yaml
+++ b/releasenotes/notes/nova.yaml
@@ -60,4 +60,5 @@ nova:
- 0.2.37 Remove nova-placement
- 0.2.38 Update nova image defaults
- 0.2.39 Migrated CronJob resource to batch/v1 API version & PodDisruptionBudget to policy/v1
+ - 0.2.40 Updated naming for subchart compatibility
...
diff --git a/releasenotes/notes/openstack.yaml b/releasenotes/notes/openstack.yaml
index 277cae1260..0d804f97a3 100644
--- a/releasenotes/notes/openstack.yaml
+++ b/releasenotes/notes/openstack.yaml
@@ -1,4 +1,5 @@
---
openstack:
- 0.1.0 Initial Chart
+ - 0.1.1 Deploy compute-kit charts (neutron, nova, libvirt, openvswitch, placement)
...
diff --git a/tools/deployment/component/common/openstack.sh b/tools/deployment/component/common/openstack.sh
index 756df8e56e..5a816bde85 100755
--- a/tools/deployment/component/common/openstack.sh
+++ b/tools/deployment/component/common/openstack.sh
@@ -13,28 +13,110 @@
# under the License.
set -xe
-namespace=openstack
-chart=$namespace
-export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm/openstack"}"}"
+
+export OSH_TEST_TIMEOUT=1200
+export OS_CLOUD=openstack_helm
+: "${RUN_HELM_TESTS:="no"}"
+: "${CEPH_ENABLED:="false"}"
+: "${OSH_EXTRA_HELM_ARGS:=""}"
+release=openstack
+namespace=$release
+
+: ${GLANCE_BACKEND:="pvc"}
+tee /tmp/glance.yaml <