add helm chart for nginx ports control
this chart is added as a part of "stx-openstack" application, in the same chart group as openstack-ingress chart, so that when "nginx-ingress-controller" starts working, http and https ports are allowed for nginx which accepts http/https requests and forwards to internal services accordingly. In the following LP#1827246, the http request of opening console of VM instance is sent to nginx 80 first, and then nginx forwards the request to "nova-novncproxy" at port 6080 internally. Closes-Bug: 1827246 Change-Id: I183f7edc92f1a9e0bdedad0afe35e3d03e20e7d5 Signed-off-by: yhu6 <yong.hu@intel.com>
This commit is contained in:
parent
058688ef85
commit
e3dac7f148
|
@ -1,3 +1,4 @@
|
|||
SRC_DIR="stx-openstack-helm"
|
||||
COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd"
|
||||
COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd \
|
||||
$PKG_BASE/../../../helm-charts/nginx-ports-control"
|
||||
TIS_PATCH_VER=16
|
||||
|
|
|
@ -60,6 +60,7 @@ make nova-api-proxy
|
|||
make garbd
|
||||
make keystone-api-proxy
|
||||
make fm-rest-api
|
||||
make nginx-ports-control
|
||||
|
||||
# terminate helm server (the last backgrounded task)
|
||||
kill %1
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
#
|
||||
# Copyright (c) 2019 Intel, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
apiVersion: v1
|
||||
description: Nginx Ports Control
|
||||
name: nginx-ports-control
|
||||
version: 0.1.0
|
|
@ -0,0 +1,40 @@
|
|||
{{/*
|
||||
Copyright (c) 2019 Intel, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
{{- if .Values.manifests.global_network_policy -}}
|
||||
{{- $http_port := .Values.global_network_policy.ingress.destination.http_port}}
|
||||
{{- $https_port := .Values.global_network_policy.ingress.destination.https_port}}
|
||||
---
|
||||
apiVersion: "crd.projectcalico.org/v1"
|
||||
kind: GlobalNetworkPolicy
|
||||
metadata:
|
||||
name: gnp-for-nginx-ports
|
||||
namespace: openstack
|
||||
spec:
|
||||
selector: "has(iftype) && iftype == 'oam'"
|
||||
order: 100
|
||||
applyOnForward: false
|
||||
types:
|
||||
- Ingress
|
||||
- Egress
|
||||
ingress:
|
||||
- action: Allow
|
||||
ipVersion: {{ .Values.global_network_policy.ingress.ipVersion }}
|
||||
protocol: {{ .Values.global_network_policy.ingress.protocol }}
|
||||
destination:
|
||||
ports: [{{$http_port}}, {{$https_port}}]
|
||||
egress:
|
||||
- action: Allow
|
||||
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
|||
#
|
||||
# Copyright (c) 2019 Intel, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
# Default values for node-feature-discovery.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare name/value pairs to be passed into your templates.
|
||||
# name: value
|
||||
|
||||
global_network_policy:
|
||||
ingress:
|
||||
ipVersion: 4
|
||||
protocol: TCP
|
||||
destination:
|
||||
http_port: 80
|
||||
https_port: 443
|
||||
|
||||
manifests:
|
||||
global_network_policy: true
|
|
@ -112,6 +112,21 @@ data:
|
|||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: openstack-nginx-ports-control
|
||||
data:
|
||||
chart_name: nginx-ports-control
|
||||
release: openstack-nginx-ports-control
|
||||
namespace: openstack
|
||||
values: {}
|
||||
source:
|
||||
type: tar
|
||||
location: http://172.17.0.1/helm_charts/starlingx/nginx-ports-control-0.1.0.tgz
|
||||
subpath: nginx-ports-control
|
||||
dependencies: []
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
schema: metadata/Document/v1
|
||||
name: openstack-mariadb
|
||||
|
@ -3101,6 +3116,7 @@ data:
|
|||
sequenced: false
|
||||
chart_group:
|
||||
- openstack-ingress
|
||||
- openstack-nginx-ports-control
|
||||
---
|
||||
schema: armada/ChartGroup/v1
|
||||
metadata:
|
||||
|
|
Loading…
Reference in New Issue