add helm chart for nginx ports control
this chart is added as a part of "stx-openstack" application, in the same chart group as openstack-ingress chart, so that when "nginx-ingress-controller" starts working, http and https ports are allowed for nginx which accepts http/https requests and forwards to internal services accordingly. In the following LP#1827246, the http request of opening console of VM instance is sent to nginx 80 first, and then nginx forwards the request to "nova-novncproxy" at port 6080 internally. Closes-Bug: 1827246 Change-Id: I183f7edc92f1a9e0bdedad0afe35e3d03e20e7d5 Signed-off-by: yhu6 <yong.hu@intel.com>
This commit is contained in:
parent
dd7ff62936
commit
9b0820d1d6
@ -1,3 +1,4 @@
|
|||||||
SRC_DIR="stx-openstack-helm"
|
SRC_DIR="stx-openstack-helm"
|
||||||
COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd"
|
COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd \
|
||||||
|
$PKG_BASE/../../../helm-charts/nginx-ports-control"
|
||||||
TIS_PATCH_VER=16
|
TIS_PATCH_VER=16
|
||||||
|
@ -60,6 +60,7 @@ make nova-api-proxy
|
|||||||
make garbd
|
make garbd
|
||||||
make keystone-api-proxy
|
make keystone-api-proxy
|
||||||
make fm-rest-api
|
make fm-rest-api
|
||||||
|
make nginx-ports-control
|
||||||
|
|
||||||
# terminate helm server (the last backgrounded task)
|
# terminate helm server (the last backgrounded task)
|
||||||
kill %1
|
kill %1
|
||||||
|
@ -112,6 +112,21 @@ data:
|
|||||||
- helm-toolkit
|
- helm-toolkit
|
||||||
---
|
---
|
||||||
schema: armada/Chart/v1
|
schema: armada/Chart/v1
|
||||||
|
metadata:
|
||||||
|
schema: metadata/Document/v1
|
||||||
|
name: openstack-nginx-ports-control
|
||||||
|
data:
|
||||||
|
chart_name: nginx-ports-control
|
||||||
|
release: openstack-nginx-ports-control
|
||||||
|
namespace: openstack
|
||||||
|
values: {}
|
||||||
|
source:
|
||||||
|
type: tar
|
||||||
|
location: http://172.17.0.1/helm_charts/starlingx/nginx-ports-control-0.1.0.tgz
|
||||||
|
subpath: nginx-ports-control
|
||||||
|
dependencies: []
|
||||||
|
---
|
||||||
|
schema: armada/Chart/v1
|
||||||
metadata:
|
metadata:
|
||||||
schema: metadata/Document/v1
|
schema: metadata/Document/v1
|
||||||
name: openstack-mariadb
|
name: openstack-mariadb
|
||||||
@ -3101,6 +3116,7 @@ data:
|
|||||||
sequenced: false
|
sequenced: false
|
||||||
chart_group:
|
chart_group:
|
||||||
- openstack-ingress
|
- openstack-ingress
|
||||||
|
- openstack-nginx-ports-control
|
||||||
---
|
---
|
||||||
schema: armada/ChartGroup/v1
|
schema: armada/ChartGroup/v1
|
||||||
metadata:
|
metadata:
|
||||||
|
10
kubernetes/helm-charts/nginx-ports-control/Chart.yaml
Normal file
10
kubernetes/helm-charts/nginx-ports-control/Chart.yaml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2019 Intel, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
description: Nginx Ports Control
|
||||||
|
name: nginx-ports-control
|
||||||
|
version: 0.1.0
|
@ -0,0 +1,40 @@
|
|||||||
|
{{/*
|
||||||
|
Copyright (c) 2019 Intel, Inc.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
{{- if .Values.manifests.global_network_policy -}}
|
||||||
|
{{- $http_port := .Values.global_network_policy.ingress.destination.http_port}}
|
||||||
|
{{- $https_port := .Values.global_network_policy.ingress.destination.https_port}}
|
||||||
|
---
|
||||||
|
apiVersion: "crd.projectcalico.org/v1"
|
||||||
|
kind: GlobalNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: gnp-for-nginx-ports
|
||||||
|
namespace: openstack
|
||||||
|
spec:
|
||||||
|
selector: "has(iftype) && iftype == 'oam'"
|
||||||
|
order: 100
|
||||||
|
applyOnForward: false
|
||||||
|
types:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
||||||
|
ingress:
|
||||||
|
- action: Allow
|
||||||
|
ipVersion: {{ .Values.global_network_policy.ingress.ipVersion }}
|
||||||
|
protocol: {{ .Values.global_network_policy.ingress.protocol }}
|
||||||
|
destination:
|
||||||
|
ports: [{{$http_port}}, {{$https_port}}]
|
||||||
|
egress:
|
||||||
|
- action: Allow
|
||||||
|
{{- end -}}
|
21
kubernetes/helm-charts/nginx-ports-control/values.yaml
Normal file
21
kubernetes/helm-charts/nginx-ports-control/values.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2019 Intel, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
# Default values for node-feature-discovery.
|
||||||
|
# This is a YAML-formatted file.
|
||||||
|
# Declare name/value pairs to be passed into your templates.
|
||||||
|
# name: value
|
||||||
|
|
||||||
|
global_network_policy:
|
||||||
|
ingress:
|
||||||
|
ipVersion: 4
|
||||||
|
protocol: TCP
|
||||||
|
destination:
|
||||||
|
http_port: 80
|
||||||
|
https_port: 443
|
||||||
|
|
||||||
|
manifests:
|
||||||
|
global_network_policy: true
|
@ -106,6 +106,7 @@ systemconfig.helm_plugins.stx_openstack =
|
|||||||
023_ceph-rgw = sysinv.helm.swift:SwiftHelm
|
023_ceph-rgw = sysinv.helm.swift:SwiftHelm
|
||||||
024_ironic = sysinv.helm.ironic:IronicHelm
|
024_ironic = sysinv.helm.ironic:IronicHelm
|
||||||
025_placement = sysinv.helm.placement:PlacementHelm
|
025_placement = sysinv.helm.placement:PlacementHelm
|
||||||
|
026_nginx-ports-control = sysinv.helm.nginx_ports_control:NginxPortsControlHelm
|
||||||
|
|
||||||
sysinv.agent.lldp.drivers =
|
sysinv.agent.lldp.drivers =
|
||||||
lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver
|
lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver
|
||||||
|
@ -1458,6 +1458,7 @@ HELM_CHART_CEPH_POOLS_AUDIT = 'ceph-pools-audit'
|
|||||||
HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
|
HELM_CHART_HELM_TOOLKIT = 'helm-toolkit'
|
||||||
HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
|
HELM_CHART_KEYSTONE_API_PROXY = 'keystone-api-proxy'
|
||||||
HELM_CHART_SWIFT = 'ceph-rgw'
|
HELM_CHART_SWIFT = 'ceph-rgw'
|
||||||
|
HELM_CHART_NGINX_PORTS_CONTROL = "nginx-ports-control"
|
||||||
|
|
||||||
# Helm: Supported application (aka chart bundles)
|
# Helm: Supported application (aka chart bundles)
|
||||||
HELM_APP_OPENSTACK = 'stx-openstack'
|
HELM_APP_OPENSTACK = 'stx-openstack'
|
||||||
|
35
sysinv/sysinv/sysinv/sysinv/helm/nginx_ports_control.py
Normal file
35
sysinv/sysinv/sysinv/sysinv/helm/nginx_ports_control.py
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2019 Intel, Inc.
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
#
|
||||||
|
|
||||||
|
from sysinv.common import constants
|
||||||
|
from sysinv.common import exception
|
||||||
|
from sysinv.openstack.common import log as logging
|
||||||
|
from sysinv.helm import common
|
||||||
|
from sysinv.helm import base
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
class NginxPortsControlHelm(base.BaseHelm):
|
||||||
|
"""Class to encapsulate helm operations for nginx-ports-control chart"""
|
||||||
|
|
||||||
|
CHART = constants.HELM_CHART_NGINX_PORTS_CONTROL
|
||||||
|
SUPPORTED_NAMESPACES = \
|
||||||
|
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
|
||||||
|
|
||||||
|
def get_overrides(self, namespace=None):
|
||||||
|
overrides = {
|
||||||
|
common.HELM_NS_OPENSTACK: {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if namespace in self.SUPPORTED_NAMESPACES:
|
||||||
|
return overrides[namespace]
|
||||||
|
elif namespace:
|
||||||
|
raise exception.InvalidHelmNamespace(chart=self.CHART,
|
||||||
|
namespace=namespace)
|
||||||
|
else:
|
||||||
|
return overrides
|
Loading…
Reference in New Issue
Block a user