add helm chart for nginx ports control

this chart is added as a part of "stx-openstack" application,
in the same chart group as openstack-ingress chart, so that
when "nginx-ingress-controller" starts working, http and https
ports are allowed for nginx which accepts http/https requests
and forwards to internal services accordingly.
In the following LP#1827246, the http request of opening console
of VM instance is sent to nginx 80 first, and then nginx forwards
the request to "nova-novncproxy" at port 6080 internally.

Closes-Bug: 1827246

Change-Id: I183f7edc92f1a9e0bdedad0afe35e3d03e20e7d5
Signed-off-by: yhu6 <yong.hu@intel.com>
This commit is contained in:
yhu6 2019-05-28 03:59:11 +00:00
parent dd7ff62936
commit 9b0820d1d6
9 changed files with 127 additions and 1 deletions

View File

@ -1,3 +1,4 @@
SRC_DIR="stx-openstack-helm" SRC_DIR="stx-openstack-helm"
COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd" COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd \
$PKG_BASE/../../../helm-charts/nginx-ports-control"
TIS_PATCH_VER=16 TIS_PATCH_VER=16

View File

@ -60,6 +60,7 @@ make nova-api-proxy
make garbd make garbd
make keystone-api-proxy make keystone-api-proxy
make fm-rest-api make fm-rest-api
make nginx-ports-control
# terminate helm server (the last backgrounded task) # terminate helm server (the last backgrounded task)
kill %1 kill %1

View File

@ -112,6 +112,21 @@ data:
- helm-toolkit - helm-toolkit
--- ---
schema: armada/Chart/v1 schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: openstack-nginx-ports-control
data:
chart_name: nginx-ports-control
release: openstack-nginx-ports-control
namespace: openstack
values: {}
source:
type: tar
location: http://172.17.0.1/helm_charts/starlingx/nginx-ports-control-0.1.0.tgz
subpath: nginx-ports-control
dependencies: []
---
schema: armada/Chart/v1
metadata: metadata:
schema: metadata/Document/v1 schema: metadata/Document/v1
name: openstack-mariadb name: openstack-mariadb
@ -3101,6 +3116,7 @@ data:
sequenced: false sequenced: false
chart_group: chart_group:
- openstack-ingress - openstack-ingress
- openstack-nginx-ports-control
--- ---
schema: armada/ChartGroup/v1 schema: armada/ChartGroup/v1
metadata: metadata:

View File

@ -0,0 +1,10 @@
#
# Copyright (c) 2019 Intel, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
apiVersion: v1
description: Nginx Ports Control
name: nginx-ports-control
version: 0.1.0

View File

@ -0,0 +1,40 @@
{{/*
Copyright (c) 2019 Intel, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.global_network_policy -}}
{{- $http_port := .Values.global_network_policy.ingress.destination.http_port}}
{{- $https_port := .Values.global_network_policy.ingress.destination.https_port}}
---
apiVersion: "crd.projectcalico.org/v1"
kind: GlobalNetworkPolicy
metadata:
name: gnp-for-nginx-ports
namespace: openstack
spec:
selector: "has(iftype) && iftype == 'oam'"
order: 100
applyOnForward: false
types:
- Ingress
- Egress
ingress:
- action: Allow
ipVersion: {{ .Values.global_network_policy.ingress.ipVersion }}
protocol: {{ .Values.global_network_policy.ingress.protocol }}
destination:
ports: [{{$http_port}}, {{$https_port}}]
egress:
- action: Allow
{{- end -}}

View File

@ -0,0 +1,21 @@
#
# Copyright (c) 2019 Intel, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for node-feature-discovery.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
global_network_policy:
ingress:
ipVersion: 4
protocol: TCP
destination:
http_port: 80
https_port: 443
manifests:
global_network_policy: true

View File

@ -106,6 +106,7 @@ systemconfig.helm_plugins.stx_openstack =
023_ceph-rgw = sysinv.helm.swift:SwiftHelm 023_ceph-rgw = sysinv.helm.swift:SwiftHelm
024_ironic = sysinv.helm.ironic:IronicHelm 024_ironic = sysinv.helm.ironic:IronicHelm
025_placement = sysinv.helm.placement:PlacementHelm 025_placement = sysinv.helm.placement:PlacementHelm
026_nginx-ports-control = sysinv.helm.nginx_ports_control:NginxPortsControlHelm
sysinv.agent.lldp.drivers = sysinv.agent.lldp.drivers =
lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver

View File

@ -1458,6 +1458,7 @@ HELM_CHART_CEPH_POOLS_AUDIT = 'ceph-pools-audit'
HELM_CHART_HELM_TOOLKIT = 'helm-toolkit' HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy' HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
HELM_CHART_SWIFT = 'ceph-rgw' HELM_CHART_SWIFT = 'ceph-rgw'
HELM_CHART_NGINX_PORTS_CONTROL = "nginx-ports-control"
# Helm: Supported application (aka chart bundles) # Helm: Supported application (aka chart bundles)
HELM_APP_OPENSTACK = 'stx-openstack' HELM_APP_OPENSTACK = 'stx-openstack'

View File

@ -0,0 +1,35 @@
#
# Copyright (c) 2019 Intel, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
from sysinv.common import constants
from sysinv.common import exception
from sysinv.openstack.common import log as logging
from sysinv.helm import common
from sysinv.helm import base
LOG = logging.getLogger(__name__)
class NginxPortsControlHelm(base.BaseHelm):
"""Class to encapsulate helm operations for nginx-ports-control chart"""
CHART = constants.HELM_CHART_NGINX_PORTS_CONTROL
SUPPORTED_NAMESPACES = \
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
def get_overrides(self, namespace=None):
overrides = {
common.HELM_NS_OPENSTACK: {
}
}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART,
namespace=namespace)
else:
return overrides