diff --git a/barbican/templates/configmap-etc.yaml b/barbican/templates/configmap-etc.yaml index 91cd192d66..1468de7cee 100644 --- a/barbican/templates/configmap-etc.yaml +++ b/barbican/templates/configmap-etc.yaml @@ -21,7 +21,7 @@ {{- end -}} {{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.barbican.database.oslo.db.connection -}} @@ -32,6 +32,10 @@ {{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.default.oslo.messaging "transport_url" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.barbican.default.barbican.common.config.host_href -}} +{{- tuple "key-manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.barbican.default.barbican.common.config "host_href" | quote | trunc 0 -}} +{{- end -}} + apiVersion: v1 kind: ConfigMap metadata: diff --git a/barbican/templates/ingress-api.yaml b/barbican/templates/ingress-api.yaml new file mode 100644 index 0000000000..c3e2f69b52 --- /dev/null +++ b/barbican/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "key-manager" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "key-manager" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "key-manager" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: b-api + - host: {{ tuple "key-manager" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "key-manager" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: b-api +{{- end }} diff --git a/barbican/templates/service-api.yaml b/barbican/templates/service-api.yaml index eb09847b68..19186b4d24 100644 --- a/barbican/templates/service-api.yaml +++ b/barbican/templates/service-api.yaml @@ -13,10 +13,10 @@ apiVersion: v1 kind: Service metadata: - name: barbican-api + name: {{ tuple "key-manager" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - name: barbican-api + - name: b-api port: {{ .Values.conf.barbican.barbican_api.barbican.config.bind_port }} {{ if .Values.network.api.node_port.enabled }} nodePort: .Values.network.api.node_port.port diff --git a/barbican/templates/service-ingress-api.yaml b/barbican/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..94d3334d58 --- /dev/null +++ b/barbican/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "key-manager" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/barbican/values.yaml b/barbican/values.yaml index bc7975da1b..2f707379f9 100644 --- a/barbican/values.yaml +++ b/barbican/values.yaml @@ -39,8 +39,8 @@ pod_disruption_budget: network: api: - name: "barbican-api" - proto: "http" + ingress: + public: true node_port: enabled: false port: 39486 @@ -135,19 +135,29 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: http + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 key-manager: name: barbican hosts: default: barbican-api - path: /v1 - scheme: http + public: barbican + path: + default: /v1 + scheme: + default: http port: - api: 9311 + api: + default: 9311 + public: 80 oslo_db: auth: admin: @@ -161,7 +171,8 @@ endpoints: path: /barbican scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -175,12 +186,14 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 resources: enabled: false diff --git a/ceph/templates/configmap-etc.yaml b/ceph/templates/configmap-etc.yaml index 3a1203562a..e7152c4428 100644 --- a/ceph/templates/configmap-etc.yaml +++ b/ceph/templates/configmap-etc.yaml @@ -13,7 +13,7 @@ # limitations under the License. {{- if empty .Values.conf.ceph.config.global.mon_host -}} -{{- $monHost := tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_endpoint_lookup" }} +{{- $monHost := tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} {{- $monHostDomain := default .Release.Namespace .Values.ceph.namespace }} {{- $monHostURI := cat $monHost "." $monHostDomain | nospace -}} {{- $monHostURI | set .Values.conf.ceph.config.global "mon_host" | quote | trunc 0 -}} diff --git a/ceph/templates/statefulset-mon.yaml b/ceph/templates/statefulset-mon.yaml index 0f1ca1e169..33e7151fe9 100644 --- a/ceph/templates/statefulset-mon.yaml +++ b/ceph/templates/statefulset-mon.yaml @@ -24,7 +24,7 @@ metadata: daemon: mon name: ceph-mon spec: - serviceName: {{ tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_endpoint_lookup" }} + serviceName: {{ tuple "ceph_mon" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} replicas: {{ .Values.replicas.mon }} template: metadata: diff --git a/ceph/templates/storage.yaml b/ceph/templates/storage.yaml index e75fd35df6..db0cd9e4fb 100644 --- a/ceph/templates/storage.yaml +++ b/ceph/templates/storage.yaml @@ -20,7 +20,7 @@ metadata: name: {{ .Values.storageclass.name }} provisioner: kubernetes.io/rbd parameters: - monitors: {{ tuple "ceph_mon" "internal" "mon" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" }} + monitors: {{ tuple "ceph_mon" "internal" "mon" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} adminId: {{ .Values.storageclass.admin_id }} adminSecretName: {{ .Values.storageclass.admin_secret_name }} adminSecretNamespace: {{ .Values.storageclass.admin_secret_namespace }} diff --git a/ceph/values.yaml b/ceph/values.yaml index ebfd7160d4..32dbccb27a 100644 --- a/ceph/values.yaml +++ b/ceph/values.yaml @@ -221,4 +221,5 @@ endpoints: hosts: default: ceph-mon port: - mon: 6789 + mon: + default: 6789 diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index f817c45bae..a646838d43 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -24,7 +24,7 @@ {{- end -}} {{- if empty .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.cinder.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.cinder.database.oslo.db.connection -}} diff --git a/cinder/templates/ingress-api.yaml b/cinder/templates/ingress-api.yaml new file mode 100644 index 0000000000..40f7c7bee3 --- /dev/null +++ b/cinder/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "volume" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "volume" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "volume" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: c-api + - host: {{ tuple "volume" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "volume" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: c-api +{{- end }} diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml index 6254ca296e..0fb56d3e69 100644 --- a/cinder/templates/service-api.yaml +++ b/cinder/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: cinder-api + name: {{ tuple "volume" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.cinder.default.cinder.osapi_volume_listen_port }} + - name: c-api + port: {{ .Values.conf.cinder.default.cinder.osapi_volume_listen_port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} diff --git a/cinder/templates/service-ingress-api.yaml b/cinder/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..927371d331 --- /dev/null +++ b/cinder/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "volume" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/cinder/values.yaml b/cinder/values.yaml index 433cea4be7..0493000f6b 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -77,7 +77,8 @@ keystone: network: api: - name: "cinder-api" + ingress: + public: true node_port: enabled: false port: 30877 @@ -233,44 +234,81 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 image: name: glance hosts: default: glance-api - path: null - scheme: 'http' + public: glance + path: + default: null + scheme: + default: http port: - api: 9292 - registry: 9191 + api: + default: 9292 + public: 80 + image_registry: + name: glance-registry + hosts: + default: glance-registry + public: glance-reg + path: + default: null + scheme: + default: 'http' + port: + api: + default: 9191 + public: 80 volume: name: cinder hosts: default: cinder-api - path: '/v1/%(tenant_id)s' - scheme: 'http' + public: cinder + path: + default: '/v1/%(tenant_id)s' + scheme: + default: 'http' port: - api: 8776 + api: + default: 8776 + public: 80 volumev2: name: cinder hosts: default: cinder-api - path: '/v2/%(tenant_id)s' - scheme: 'http' + public: cinder + path: + default: '/v2/%(tenant_id)s' + scheme: + default: 'http' port: - api: 8776 + api: + default: 8776 + public: 80 volumev3: name: cinder hosts: default: cinder-api - path: '/v3/%(tenant_id)s' - scheme: 'http' + public: cinder + path: + default: '/v3/%(tenant_id)s' + scheme: + default: 'http' port: - api: 8776 + api: + default: 8776 + public: 80 oslo_db: auth: admin: @@ -284,7 +322,8 @@ endpoints: path: /cinder scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -298,12 +337,14 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 resources: enabled: false diff --git a/doc/source/install/all-in-one.rst b/doc/source/install/all-in-one.rst index 690efd3218..147083ef6a 100644 --- a/doc/source/install/all-in-one.rst +++ b/doc/source/install/all-in-one.rst @@ -138,6 +138,7 @@ The below snippet will install the given chart name from the local repository us helm install --name=memcached local/memcached --namespace=openstack helm install --name=etcd-rabbitmq local/etcd --namespace=openstack helm install --name=rabbitmq local/rabbitmq --namespace=openstack + helm install --name=ingress local/ingress --namespace=openstack helm install --name=keystone local/keystone --namespace=openstack diff --git a/doc/source/install/multinode.rst b/doc/source/install/multinode.rst index 28ee45511c..033a4e0cc8 100644 --- a/doc/source/install/multinode.rst +++ b/doc/source/install/multinode.rst @@ -413,13 +413,14 @@ Installation of Other Services Now you can easily install the other services simply by going in order: -**Install Memcached/Etcd/RabbitMQ:** +**Install Memcached/Etcd/RabbitMQ/Ingress:** :: helm install --name=memcached local/memcached --namespace=openstack helm install --name=etcd-rabbitmq local/etcd --namespace=openstack helm install --name=rabbitmq local/rabbitmq --namespace=openstack + helm install --name=ingress local/ingress --namespace=openstack **Install Keystone:** diff --git a/glance/templates/bin/_bootstrap.sh.tpl b/glance/templates/bin/_bootstrap.sh.tpl index 9f7c96b279..1ac0a21c2a 100644 --- a/glance/templates/bin/_bootstrap.sh.tpl +++ b/glance/templates/bin/_bootstrap.sh.tpl @@ -16,7 +16,6 @@ set -ex export HOME=/tmp - {{ if .Values.bootstrap.enabled }} cd /tmp/images diff --git a/glance/templates/configmap-etc.yaml b/glance/templates/configmap-etc.yaml index 13655b773a..c751b64f66 100644 --- a/glance/templates/configmap-etc.yaml +++ b/glance/templates/configmap-etc.yaml @@ -30,10 +30,10 @@ {{- end -}} {{- if empty .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.glance_registry.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.glance.database.oslo.db.connection -}} @@ -51,17 +51,21 @@ {{- end -}} {{- if empty .Values.conf.glance.default.glance.api.registry_host -}} -{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" }} +{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} {{- $imageRegistryHostURI := split ":" $imageRegistry -}} {{- $imageRegistryHostURI._0 | set .Values.conf.glance.default.glance.api "registry_host" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.glance.default.glance.api.registry_port -}} -{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" }} +{{- $imageRegistry := tuple "image_registry" "internal" "api" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }} {{- $imageRegistryHostURI := split ":" $imageRegistry -}} {{- $imageRegistryHostURI._1 | set .Values.conf.glance.default.glance.api "registry_port" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.glance.default.glance.api.public_endpoint -}} +{{- tuple "image" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.glance.default.glance.api "public_endpoint" | quote | trunc 0 -}} +{{- end -}} + apiVersion: v1 kind: ConfigMap metadata: diff --git a/glance/templates/ingress-api.yaml b/glance/templates/ingress-api.yaml new file mode 100644 index 0000000000..57855a87ef --- /dev/null +++ b/glance/templates/ingress-api.yaml @@ -0,0 +1,40 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "image" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / + ingress.kubernetes.io/proxy-body-size: {{ .Values.network.api.ingress.proxy_body_size }} +spec: + rules: + - host: {{ tuple "image" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: g-api + - host: {{ tuple "image" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: g-api +{{- end }} diff --git a/glance/templates/ingress-registry.yaml b/glance/templates/ingress-registry.yaml new file mode 100644 index 0000000000..f0a88f5fe4 --- /dev/null +++ b/glance/templates/ingress-registry.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.registry.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "image_registry" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "image_registry" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "image_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: g-reg + - host: {{ tuple "image_registry" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "image_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: g-reg +{{- end }} diff --git a/glance/templates/service-api.yaml b/glance/templates/service-api.yaml index 1e1250fcec..8e0813092f 100644 --- a/glance/templates/service-api.yaml +++ b/glance/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: glance-api + name: {{ tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.glance.default.glance.api.bind_port }} + - name: g-api + port: {{ .Values.conf.glance.default.glance.api.bind_port }} {{ if .Values.network.api.node_port.enabled }} nodePort: .Values.network.api.node_port.port {{ end }} diff --git a/glance/templates/service-ingress-api.yaml b/glance/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..6adec249fd --- /dev/null +++ b/glance/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "image" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/glance/templates/service-ingress-registry.yaml b/glance/templates/service-ingress-registry.yaml new file mode 100644 index 0000000000..c4a4dfea44 --- /dev/null +++ b/glance/templates/service-ingress-registry.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.registry.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "image_registry" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/glance/templates/service-registry.yaml b/glance/templates/service-registry.yaml index 750ed48183..0e93cb3694 100644 --- a/glance/templates/service-registry.yaml +++ b/glance/templates/service-registry.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: glance-registry + name: {{ tuple "image_registry" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.glance_registry.default.glance.registry.bind_port }} + - name: g-reg + port: {{ .Values.conf.glance_registry.default.glance.registry.bind_port }} {{ if .Values.network.registry.node_port.enabled }} nodePort: {{ .Values.network.registry.node_port.port }} {{ end }} diff --git a/glance/values.yaml b/glance/values.yaml index 1e45fe850c..c33e1db1a1 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -111,6 +111,9 @@ conf: override: append: default: + oslo: + log: + debug: true glance: api: bind_port: 9292 @@ -159,12 +162,15 @@ conf: network: api: - name: "glance-api" + ingress: + public: true + proxy_body_size: 1024M node_port: enabled: false port: 30092 registry: - name: "glance-registry" + ingress: + public: true node_port: enabled: false port: 30091 @@ -300,27 +306,42 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 image: name: glance hosts: default: glance-api - path: null - scheme: 'http' + public: glance + path: + default: null + scheme: + default: http port: - api: 9292 + api: + default: 9292 + public: 80 image_registry: name: glance-registry hosts: default: glance-registry - path: null - scheme: 'http' + public: glance-reg + path: + default: null + scheme: + default: 'http' port: - api: 9191 + api: + default: 9191 + public: 80 oslo_db: auth: admin: @@ -334,12 +355,14 @@ endpoints: path: /glance scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 oslo_messaging: auth: admin: @@ -353,7 +376,8 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 mounts: glance_api: diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 1e7fb1dd37..5097230d42 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -24,7 +24,7 @@ {{- end -}} {{- if empty .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.heat.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.heat.database.oslo.db.connection -}} @@ -36,7 +36,7 @@ {{- end -}} {{- if empty .Values.conf.heat.default.heat.common.config.heat_metadata_server_url -}} -{{- tuple "cloudformation" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.cloudformation.path | set .Values.conf.heat.default.heat.common.config "heat_metadata_server_url" | quote | trunc 0 -}} +{{- tuple "cloudformation" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.cloudformation.path.default | set .Values.conf.heat.default.heat.common.config "heat_metadata_server_url" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.heat.default.heat.common.config.heat_waitcondition_server_url -}} @@ -48,11 +48,11 @@ {{- end -}} {{- if empty .Values.conf.heat.clients_keystone.heat.common.config.auth_uri -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path | set .Values.conf.heat.clients_keystone.heat.common.config "auth_uri" | quote | trunc 0 -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path.default | set .Values.conf.heat.clients_keystone.heat.common.config "auth_uri" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.heat.trustee.heat.common.context.auth_url -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path | set .Values.conf.heat.trustee.heat.common.context "auth_url" | quote | trunc 0 -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path.default | set .Values.conf.heat.trustee.heat.common.context "auth_url" | quote | trunc 0 -}} {{- end -}} apiVersion: v1 diff --git a/heat/templates/ingress-api.yaml b/heat/templates/ingress-api.yaml new file mode 100644 index 0000000000..fdc1983af5 --- /dev/null +++ b/heat/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "orchestration" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "orchestration" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "orchestration" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-api + - host: {{ tuple "orchestration" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "orchestration" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-api +{{- end }} diff --git a/heat/templates/ingress-cfn.yaml b/heat/templates/ingress-cfn.yaml new file mode 100644 index 0000000000..b23f847d00 --- /dev/null +++ b/heat/templates/ingress-cfn.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.cfn.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "cloudformation" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "cloudformation" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "cloudformation" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-cfn + - host: {{ tuple "cloudformation" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "cloudformation" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-cfn +{{- end }} diff --git a/heat/templates/ingress-cloudwatch.yaml b/heat/templates/ingress-cloudwatch.yaml new file mode 100644 index 0000000000..c5680ec352 --- /dev/null +++ b/heat/templates/ingress-cloudwatch.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.cloudwatch.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "cloudwatch" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "cloudwatch" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "cloudwatch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-cwh + - host: {{ tuple "cloudwatch" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "cloudwatch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: h-cwh +{{- end }} diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml index d8b6c48a1c..a5b6c9f6e0 100644 --- a/heat/templates/service-api.yaml +++ b/heat/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: heat-api + name: {{ tuple "orchestration" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.heat.heat_api.heat.common.wsgi.bind_port }} + - name: h-api + port: {{ .Values.conf.heat.heat_api.heat.common.wsgi.bind_port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} diff --git a/heat/templates/service-cfn.yaml b/heat/templates/service-cfn.yaml index e9d547865e..89268b6d17 100644 --- a/heat/templates/service-cfn.yaml +++ b/heat/templates/service-cfn.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: heat-cfn + name: {{ tuple "cloudformation" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.heat.heat_api_cfn.heat.common.wsgi.bind_port }} + - name: h-cfn + port: {{ .Values.conf.heat.heat_api_cfn.heat.common.wsgi.bind_port }} {{ if .Values.network.cfn.node_port.enabled }} nodePort: {{ .Values.network.cfn.node_port.port }} {{ end }} diff --git a/heat/templates/service-cloudwatch.yaml b/heat/templates/service-cloudwatch.yaml index a575ca91fe..04f42dcc5b 100644 --- a/heat/templates/service-cloudwatch.yaml +++ b/heat/templates/service-cloudwatch.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: heat-cloudwatch + name: {{ tuple "cloudwatch" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.heat.heat_api_cloudwatch.heat.common.wsgi.bind_port }} + - name: h-cwh + port: {{ .Values.conf.heat.heat_api_cloudwatch.heat.common.wsgi.bind_port }} {{ if .Values.network.cloudwatch.node_port.enabled }} nodePort: {{ .Values.network.cloudwatch.node_port.port }} {{ end }} diff --git a/heat/templates/service-ingress-api.yaml b/heat/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..f46060d74d --- /dev/null +++ b/heat/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "orchestration" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/heat/templates/service-ingress-cfn.yaml b/heat/templates/service-ingress-cfn.yaml new file mode 100644 index 0000000000..881619ca02 --- /dev/null +++ b/heat/templates/service-ingress-cfn.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.cfn.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "cloudformation" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/heat/templates/service-ingress-cloudwatch.yaml b/heat/templates/service-ingress-cloudwatch.yaml new file mode 100644 index 0000000000..94a203752b --- /dev/null +++ b/heat/templates/service-ingress-cloudwatch.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.cloudwatch.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "cloudwatch" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/heat/values.yaml b/heat/values.yaml index f49109ba04..2a0e8eb122 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -165,20 +165,20 @@ conf: network: api: - name: "heat-api" - proto: "http" + ingress: + public: true node_port: enabled: false port: 30004 cfn: - name: "heat-cfn" - proto: "http" + ingress: + public: true node_port: enabled: false port: 30800 cloudwatch: - name: "heat-cloudwatch" - proto: "http" + ingress: + public: true node_port: enabled: false port: 30003 @@ -257,37 +257,57 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: 'http' port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 orchestration: name: heat hosts: default: heat-api - path: '/v1/%(project_id)s' - scheme: 'http' + public: heat + path: + default: '/v1/%(project_id)s' + scheme: + default: 'http' port: - api: 8004 + api: + default: 8004 + public: 80 cloudformation: name: heat-cfn hosts: default: heat-cfn - path: /v1 - scheme: 'http' + public: cloudformation + path: + default: /v1 + scheme: + default: 'http' port: - api: 8000 + api: + default: 8000 + public: 80 # Cloudwatch does not get an entry in the keystone service catalog cloudwatch: name: heat-cloudwatch hosts: default: heat-cloudwatch - path: null + public: cloudwatch + path: + default: null type: null - scheme: 'http' + scheme: + default: 'http' port: - api: 8003 + api: + default: 8003 + public: 80 oslo_db: auth: admin: @@ -301,12 +321,14 @@ endpoints: path: /heat scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 oslo_messaging: auth: admin: @@ -320,7 +342,8 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 resources: enabled: false diff --git a/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl index c2928682be..4f4a8f02c4 100644 --- a/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl +++ b/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl @@ -28,7 +28,7 @@ {{- $context := index . 4 -}} {{- $endpointMap := index $context.Values.endpoints $type }} {{- $userMap := index $endpointMap.auth $userclass }} -{{- $fqdn := $context.Release.Namespace -}} +{{- $fqdn := default "svc.cluster.local" $context.Release.Namespace -}} {{- if $context.Values.endpoints.fqdn -}} {{- $fqdn := $context.Values.endpoints.fqdn -}} {{- end -}} @@ -37,7 +37,8 @@ {{- $endpointUser := index $userMap "username" }} {{- $endpointPass := index $userMap "password" }} {{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port | default .port.default }} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} {{- $endpointPath := .path | default "" }} {{- printf "%s://%s:%s@%s.%s:%1.f%s" $endpointScheme $endpointUser $endpointPass $endpointHost $fqdn $endpointPort $endpointPath -}} {{- end -}} diff --git a/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl b/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl new file mode 100644 index 0000000000..37b6a91659 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_endpoint_port_lookup.tpl @@ -0,0 +1,34 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" "portName" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" } +# returns: internal_host:port +# +# Output that requires the port aspect striped could simply split the output based on ':' + +{{- define "helm-toolkit.endpoints.endpoint_port_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- with $endpointMap -}} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- printf "%1.f" $endpointPort -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl similarity index 80% rename from helm-toolkit/templates/endpoints/_hostname_endpoint_uri_lookup.tpl rename to helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl index 1917a371a4..b4cd0448dc 100644 --- a/helm-toolkit/templates/endpoints/_hostname_endpoint_uri_lookup.tpl +++ b/helm-toolkit/templates/endpoints/_host_and_port_endpoint_uri_lookup.tpl @@ -15,25 +15,26 @@ # This function returns hostnames from endpoint definitions for use cases # where the uri style return is not appropriate, and only the hostname # portion is used or relevant in the template: -# { tuple "memcache" "internal" "portName" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" } +# { tuple "memcache" "internal" "portName" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" } # returns: internal_host:port # # Output that requires the port aspect striped could simply split the output based on ':' -{{- define "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" -}} +{{- define "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" -}} {{- $type := index . 0 -}} {{- $endpoint := index . 1 -}} {{- $port := index . 2 -}} {{- $context := index . 3 -}} {{- $endpointMap := index $context.Values.endpoints $type }} -{{- $fqdn := $context.Release.Namespace -}} +{{- $fqdn := default "svc.cluster.local" $context.Release.Namespace -}} {{- if $context.Values.endpoints.fqdn -}} {{- $fqdn := $context.Values.endpoints.fqdn -}} {{- end -}} {{- with $endpointMap -}} {{- $endpointScheme := .scheme }} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port | default .port.default }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} {{- printf "%s.%s:%1.f" $endpointHost $fqdn $endpointPort -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl b/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl new file mode 100644 index 0000000000..9f0640ab65 --- /dev/null +++ b/helm-toolkit/templates/endpoints/_hostname_fqdn_endpoint_lookup.tpl @@ -0,0 +1,35 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This function returns hostnames from endpoint definitions for use cases +# where the uri style return is not appropriate, and only the hostname +# portion is used or relevant in the template: +# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" } +# returns: internal_host_fqdn + +{{- define "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $context := index . 2 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- $fqdn := default "svc.cluster.local" $context.Release.Namespace -}} +{{- if $context.Values.endpoints.fqdn -}} +{{- $fqdn := $context.Values.endpoints.fqdn -}} +{{- end -}} +{{- with $endpointMap -}} +{{- $endpointScheme := .scheme }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- printf "%s.%s" $endpointHost $fqdn -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_hostname_endpoint_lookup.tpl b/helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl similarity index 92% rename from helm-toolkit/templates/endpoints/_hostname_endpoint_lookup.tpl rename to helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl index de813ab431..1eaaa9471e 100644 --- a/helm-toolkit/templates/endpoints/_hostname_endpoint_lookup.tpl +++ b/helm-toolkit/templates/endpoints/_hostname_short_endpoint_lookup.tpl @@ -15,11 +15,10 @@ # This function returns hostnames from endpoint definitions for use cases # where the uri style return is not appropriate, and only the short hostname or # kubernetes servicename is used or relevant in the template: -# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_endpoint_lookup" } +# { tuple "memcache" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" } # returns: the short internal hostname, which will also match the service name - -{{- define "helm-toolkit.endpoints.hostname_endpoint_lookup" -}} +{{- define "helm-toolkit.endpoints.hostname_short_endpoint_lookup" -}} {{- $type := index . 0 -}} {{- $endpoint := index . 1 -}} {{- $context := index . 2 -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl index 7717ec841a..ff51995a79 100644 --- a/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_name_lookup.tpl @@ -14,7 +14,7 @@ # This function is used in endpoint management templates # it returns the service type for an openstack service eg: -# { tuple orchestration . | include "ks_endpoint_type" } +# { tuple orchestration . | include "keystone_endpoint_name_lookup" } # will return "heat" {{- define "helm-toolkit.endpoints.keystone_endpoint_name_lookup" -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl new file mode 100644 index 0000000000..f85cbeb5fc --- /dev/null +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_path_lookup.tpl @@ -0,0 +1,30 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This function returns the path for a service, it takes an tuple +# input in the form: service-type, endpoint-class, port-name. eg: +# { tuple "orchestration" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" } +# will return the appropriate path. + +{{- define "helm-toolkit.endpoints.keystone_endpoint_path_lookup" -}} +{{- $type := index . 0 -}} +{{- $endpoint := index . 1 -}} +{{- $port := index . 2 -}} +{{- $context := index . 3 -}} +{{- $endpointMap := index $context.Values.endpoints $type }} +{{- with $endpointMap -}} +{{- $endpointPath := index .path $endpoint | default .path.default | default "/" }} +{{- printf "%s" $endpointPath -}} +{{- end -}} +{{- end -}} diff --git a/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl b/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl index 401894023b..1115b85179 100644 --- a/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl +++ b/helm-toolkit/templates/endpoints/_keystone_endpoint_uri_lookup.tpl @@ -23,15 +23,16 @@ {{- $port := index . 2 -}} {{- $context := index . 3 -}} {{- $endpointMap := index $context.Values.endpoints $type }} -{{- $fqdn := $context.Release.Namespace -}} +{{- $fqdn := default "svc.cluster.local" $context.Release.Namespace -}} {{- if $context.Values.endpoints.fqdn -}} {{- $fqdn := $context.Values.endpoints.fqdn -}} {{- end -}} {{- with $endpointMap -}} -{{- $endpointScheme := .scheme }} -{{- $endpointHost := index .hosts $endpoint | default .hosts.default}} -{{- $endpointPort := index .port $port }} -{{- $endpointPath := .path | default "" }} +{{- $endpointScheme := index .scheme $endpoint | default .scheme.default }} +{{- $endpointHost := index .hosts $endpoint | default .hosts.default }} +{{- $endpointPortMAP := index .port $port }} +{{- $endpointPort := index $endpointPortMAP $endpoint | default (index $endpointPortMAP "default") }} +{{- $endpointPath := index .path $endpoint | default .path.default | default "/" }} {{- printf "%s://%s.%s:%1.f%s" $endpointScheme $endpointHost $fqdn $endpointPort $endpointPath -}} {{- end -}} {{- end -}} diff --git a/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl b/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl index f697d616c6..a9820571d8 100644 --- a/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl +++ b/helm-toolkit/templates/utils/_comma_joined_hostname_list.tpl @@ -15,5 +15,5 @@ {{- define "helm-toolkit.utils.comma_joined_hostname_list" -}} {{- $deps := index . 0 -}} {{- $envAll := index . 1 -}} -{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.hostname_endpoint_lookup" }}{{- end -}} +{{- range $k, $v := $deps -}}{{- if $k -}},{{- end -}}{{ tuple $v.service $v.endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}{{- end -}} {{- end -}} diff --git a/horizon/templates/etc/_local_settings.tpl b/horizon/templates/etc/_local_settings.tpl index 5f1d582f77..45b64ae6f5 100644 --- a/horizon/templates/etc/_local_settings.tpl +++ b/horizon/templates/etc/_local_settings.tpl @@ -144,7 +144,7 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '{{ .Values.memcached.host }}:{{ .Values.memcached.port }}' + 'LOCATION': '{{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}' } } @@ -165,7 +165,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), #] -OPENSTACK_KEYSTONE_URL = "{{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}" +OPENSTACK_KEYSTONE_URL = "{{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" # Enables keystone web single-sign-on if set to True. @@ -309,7 +309,7 @@ IMAGE_RESERVED_CUSTOM_PROPERTIES = [] # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints # in the Keystone service catalog. Use this setting when Horizon is running # external to the OpenStack environment. The default is 'publicURL'. -OPENSTACK_ENDPOINT_TYPE = "internalURL" +OPENSTACK_ENDPOINT_TYPE = "publicURL" # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints diff --git a/horizon/templates/ingress-api.yaml b/horizon/templates/ingress-api.yaml new file mode 100644 index 0000000000..ff6792f73d --- /dev/null +++ b/horizon/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "dashboard" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "dashboard" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: http + - host: {{ tuple "dashboard" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: http +{{- end }} diff --git a/horizon/templates/service-ingress.yaml b/horizon/templates/service-ingress.yaml new file mode 100644 index 0000000000..6535f45186 --- /dev/null +++ b/horizon/templates/service-ingress.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "dashboard" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml index 7c849908f3..d50586eead 100644 --- a/horizon/templates/service.yaml +++ b/horizon/templates/service.yaml @@ -15,16 +15,18 @@ apiVersion: v1 kind: Service metadata: - name: horizon + name: {{ tuple "dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: {{ if .Values.network.enable_node_port }} - - nodePort: {{ .Values.network.node_port }} + - name: http + nodePort: {{ .Values.network.node_port }} port: {{ .Values.network.port }} protocol: TCP targetPort: {{ .Values.network.port }} {{ else }} - - port: {{ .Values.network.port }} + - name: http + port: {{ .Values.network.port }} protocol: TCP targetPort: {{ .Values.network.port }} {{ end }} diff --git a/horizon/values.yaml b/horizon/values.yaml index d601919a47..d0ca2fb76b 100644 --- a/horizon/values.yaml +++ b/horizon/values.yaml @@ -44,14 +44,12 @@ labels: node_selector_value: enabled network: + ingress: + public: true port: 80 node_port: 31000 enable_node_port: false -memcached: - host: memcached - port: 11211 - local_settings: horizon_secret_key: 9aee62c0-5253-4a86-b189-e0fb71fa503c debug: "True" @@ -82,16 +80,34 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 + dashboard: + name: horizon + hosts: + default: horizon-int + public: horizon + path: + default: null + scheme: + default: http + port: + web: + default: 80 mounts: horizon: diff --git a/ingress/templates/error-deployment.yaml b/ingress/templates/deployment-error.yaml similarity index 100% rename from ingress/templates/error-deployment.yaml rename to ingress/templates/deployment-error.yaml diff --git a/ingress/templates/ingress-deployment.yaml b/ingress/templates/deployment-ingress.yaml similarity index 99% rename from ingress/templates/ingress-deployment.yaml rename to ingress/templates/deployment-ingress.yaml index b14bff12a8..574a7a1eaa 100644 --- a/ingress/templates/ingress-deployment.yaml +++ b/ingress/templates/deployment-ingress.yaml @@ -83,7 +83,6 @@ spec: args: - /nginx-ingress-controller - '--default-backend-service=$(POD_NAMESPACE)/ingress-error-pages' - - '--v=3' {{- if .Values.network.host_namespace }} volumeMounts: - name: ingress-etc diff --git a/ingress/templates/error-service.yaml b/ingress/templates/service-error.yaml similarity index 100% rename from ingress/templates/error-service.yaml rename to ingress/templates/service-error.yaml diff --git a/ingress/templates/service-ingress.yaml b/ingress/templates/service-ingress.yaml new file mode 100644 index 0000000000..7c29946ae2 --- /dev/null +++ b/ingress/templates/service-ingress.yaml @@ -0,0 +1,32 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + labels: + app: ingress-api + name: {{ .Values.endpoints.ingress.host }} +spec: + ports: + - name: http + port: {{ .Values.endpoints.ingress.port.http }} + protocol: TCP + targetPort: 80 + - name: https + port: {{ .Values.endpoints.ingress.port.https }} + protocol: TCP + targetPort: 443 + selector: + app: ingress-api diff --git a/ingress/values.yaml b/ingress/values.yaml index 48c560dccc..0fc204c5f3 100644 --- a/ingress/values.yaml +++ b/ingress/values.yaml @@ -23,7 +23,8 @@ replicas: images: entrypoint: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 - ingress: gcr.io/google_containers/nginx-ingress-controller:0.8.3 + # https://github.com/kubernetes/ingress/blob/master/controllers/nginx/Changelog.md + ingress: gcr.io/google_containers/nginx-ingress-controller:0.9.0-beta.8 error_pages: gcr.io/google_containers/defaultbackend:1.0 pull_policy: "IfNotPresent" @@ -48,6 +49,13 @@ network: - 10.96.0.10 - 8.8.8.8 +endpoints: + ingress: + host: openstack + port: + http: 80 + https: 443 + deployment_type: Deployment resources: diff --git a/keystone/templates/configmap-etc.yaml b/keystone/templates/configmap-etc.yaml index ddf987c56e..a144a7ca3b 100644 --- a/keystone/templates/configmap-etc.yaml +++ b/keystone/templates/configmap-etc.yaml @@ -23,7 +23,7 @@ {{- end -}} {{- if empty .Values.conf.keystone.cache.oslo.cache.memcache_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.keystone.cache.oslo.cache "memcache_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.keystone.cache.oslo.cache "memcache_servers" | quote | trunc 0 -}} {{- end -}} apiVersion: v1 diff --git a/keystone/templates/etc/_wsgi-keystone.conf.tpl b/keystone/templates/etc/_wsgi-keystone.conf.tpl index 6fdef25fa4..879fe7279a 100644 --- a/keystone/templates/etc/_wsgi-keystone.conf.tpl +++ b/keystone/templates/etc/_wsgi-keystone.conf.tpl @@ -18,6 +18,10 @@ Listen 0.0.0.0:{{ .Values.network.admin.port }} LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy +SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded +CustomLog /dev/stdout combined env=!forwarded +CustomLog /dev/stdout proxy env=forwarded + WSGIDaemonProcess keystone-public processes=1 threads=4 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public @@ -49,3 +53,23 @@ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-A CustomLog /dev/stdout combined env=!forwarded CustomLog /dev/stdout proxy env=forwarded + +Alias /identity /var/www/cgi-bin/keystone/keystone-wsgi-public + + SetHandler wsgi-script + Options +ExecCGI + + WSGIProcessGroup keystone-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + + +Alias /identity_admin /var/www/cgi-bin/keystone/keystone-wsgi-admin + + SetHandler wsgi-script + Options +ExecCGI + + WSGIProcessGroup keystone-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + diff --git a/keystone/templates/ingress.yaml b/keystone/templates/ingress.yaml new file mode 100644 index 0000000000..118de4d9cc --- /dev/null +++ b/keystone/templates/ingress.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: ks-pub + - host: {{ tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: ks-pub +{{- end }} diff --git a/keystone/templates/service-ingress.yaml b/keystone/templates/service-ingress.yaml new file mode 100644 index 0000000000..d0bf5284c0 --- /dev/null +++ b/keystone/templates/service-ingress.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "identity" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/keystone/templates/service.yaml b/keystone/templates/service.yaml index 3aa07b8dbd..f323996cf1 100644 --- a/keystone/templates/service.yaml +++ b/keystone/templates/service.yaml @@ -15,15 +15,15 @@ apiVersion: v1 kind: Service metadata: - name: keystone-api + name: {{ tuple "identity" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - name: keystone-api-public + - name: ks-pub port: {{ .Values.network.api.port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} - - name: keystone-api-admin + - name: ks-adm port: {{ .Values.network.admin.port }} {{ if .Values.network.admin.node_port.enabled }} nodePort: {{ .Values.network.admin.node_port.port }} diff --git a/keystone/values.yaml b/keystone/values.yaml index 05fb28de22..e87ca30bbc 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -69,13 +69,13 @@ bootstrap: network: api: - name: "keystone-api" - port: 5000 + port: 80 + ingress: + public: true node_port: enabled: false port: 30500 admin: - name: "keystone-admin" port: 35357 node_port: enabled: false @@ -202,11 +202,16 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 oslo_db: auth: admin: @@ -220,7 +225,8 @@ endpoints: path: /keystone scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -234,9 +240,11 @@ endpoints: path: /openstack scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 diff --git a/magnum/templates/configmap-etc.yaml b/magnum/templates/configmap-etc.yaml index 4e156b42f5..51f7dac680 100644 --- a/magnum/templates/configmap-etc.yaml +++ b/magnum/templates/configmap-etc.yaml @@ -24,7 +24,7 @@ {{- end -}} {{- if empty .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.magnum.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.magnum.database.oslo.db.connection -}} diff --git a/magnum/templates/ingress-api.yaml b/magnum/templates/ingress-api.yaml new file mode 100644 index 0000000000..c3eb789095 --- /dev/null +++ b/magnum/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "container-infra" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "container-infra" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "container-infra" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: m-api + - host: {{ tuple "container-infra" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "container-infra" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: m-api +{{- end }} diff --git a/magnum/templates/service-api.yaml b/magnum/templates/service-api.yaml index ddbf627b2b..e470c06baf 100644 --- a/magnum/templates/service-api.yaml +++ b/magnum/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: magnum-api + name: {{ tuple "container-infra" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.magnum.api.magnum.port }} + - name: m-api + port: {{ .Values.conf.magnum.api.magnum.port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} diff --git a/magnum/templates/service-ingress-api.yaml b/magnum/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..a773b776b4 --- /dev/null +++ b/magnum/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "container-infra" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/magnum/values.yaml b/magnum/values.yaml index 3d16b45911..27d54f89b5 100644 --- a/magnum/values.yaml +++ b/magnum/values.yaml @@ -94,8 +94,8 @@ conf: network: api: - name: "magnum-api" - proto: "http" + ingress: + public: true node_port: enabled: false port: 30511 @@ -154,19 +154,29 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 container-infra: name: magnum hosts: default: magnum-api - path: /v1 - scheme: 'http' + public: magnum + path: + default: /v1 + scheme: + default: http port: - api: 9511 + api: + default: 9511 + public: 80 oslo_db: auth: admin: @@ -180,12 +190,14 @@ endpoints: path: /magnum scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 oslo_messaging: auth: admin: @@ -199,7 +211,8 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 resources: enabled: false diff --git a/mistral/templates/bin/_db-sync.sh.tpl b/mistral/templates/bin/_db-sync.sh.tpl index f89bdace5f..799abf4ba5 100644 --- a/mistral/templates/bin/_db-sync.sh.tpl +++ b/mistral/templates/bin/_db-sync.sh.tpl @@ -1,3 +1,5 @@ +#!/bin/bash + # Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,7 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash set -ex diff --git a/mistral/templates/bin/_mistral-engine.sh.tpl b/mistral/templates/bin/_mistral-engine.sh.tpl index ac74543ee7..04b2ee8e71 100644 --- a/mistral/templates/bin/_mistral-engine.sh.tpl +++ b/mistral/templates/bin/_mistral-engine.sh.tpl @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -x +set -ex exec mistral-server \ --server engine \ --config-file /etc/mistral/mistral.conf diff --git a/mistral/templates/bin/_mistral-event-engine.sh.tpl b/mistral/templates/bin/_mistral-event-engine.sh.tpl index 83faced05c..9c9368008b 100644 --- a/mistral/templates/bin/_mistral-event-engine.sh.tpl +++ b/mistral/templates/bin/_mistral-event-engine.sh.tpl @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -x +set -ex exec mistral-server \ --server event-engine \ --config-file /etc/mistral/mistral.conf diff --git a/mistral/templates/bin/_mistral-executor.sh.tpl b/mistral/templates/bin/_mistral-executor.sh.tpl index 5b16b754e3..b25459b09e 100644 --- a/mistral/templates/bin/_mistral-executor.sh.tpl +++ b/mistral/templates/bin/_mistral-executor.sh.tpl @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -x +set -ex exec mistral-server \ --server executor \ --config-file /etc/mistral/mistral.conf diff --git a/mistral/templates/configmap-etc.yaml b/mistral/templates/configmap-etc.yaml index 4d9848ac05..439555d90f 100644 --- a/mistral/templates/configmap-etc.yaml +++ b/mistral/templates/configmap-etc.yaml @@ -23,7 +23,7 @@ {{- end -}} {{- if empty .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.mistral.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.mistral.database.oslo.db.connection -}} diff --git a/mistral/templates/ingress-api.yaml b/mistral/templates/ingress-api.yaml new file mode 100644 index 0000000000..26eece5476 --- /dev/null +++ b/mistral/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "workflow" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "workflow" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "workflow" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: w-api + - host: {{ tuple "workflow" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "workflow" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: w-api +{{- end }} diff --git a/mistral/templates/service-api.yaml b/mistral/templates/service-api.yaml index 1e827b4a99..87a851df5e 100644 --- a/mistral/templates/service-api.yaml +++ b/mistral/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: mistral-api + name: {{ tuple "workflow" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.mistral.api.mistral.config.port }} + - name: w-api + port: {{ .Values.conf.mistral.api.mistral.config.port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} diff --git a/mistral/templates/service-ingress-api.yaml b/mistral/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..1ed8f5d17b --- /dev/null +++ b/mistral/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "workflow" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/mistral/values.yaml b/mistral/values.yaml index 92fb08849f..a387b5bc7a 100644 --- a/mistral/values.yaml +++ b/mistral/values.yaml @@ -78,8 +78,8 @@ keystone: network: api: - name: "mistral-api" - proto: "http" + ingress: + public: true node_port: enabled: false port: 28989 @@ -158,19 +158,29 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 workflow: name: mistral hosts: default: mistral-api - path: /v2 - scheme: 'http' + public: mistral + path: + default: /v2 + scheme: + default: 'http' port: - api: 8989 + api: + default: 8989 + public: 80 oslo_db: auth: admin: @@ -184,7 +194,8 @@ endpoints: path: /mistral scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -198,12 +209,14 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 mounts: mistral_api: diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 709b9125da..a71d4c93ee 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -34,7 +34,7 @@ {{- end }} {{- if empty .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end }} {{- if empty .Values.conf.neutron.database.oslo.db.connection -}} diff --git a/neutron/templates/ingress.yaml b/neutron/templates/ingress.yaml new file mode 100644 index 0000000000..42eb8ad5c4 --- /dev/null +++ b/neutron/templates/ingress.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.server.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "network" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "network" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "network" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: q-api + - host: {{ tuple "network" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "network" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: q-api +{{- end }} diff --git a/neutron/templates/service-ingress-neutron.yaml b/neutron/templates/service-ingress-neutron.yaml new file mode 100644 index 0000000000..693a08de52 --- /dev/null +++ b/neutron/templates/service-ingress-neutron.yaml @@ -0,0 +1,25 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.server.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "network" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/neutron/templates/service.yaml b/neutron/templates/service.yaml index bb3cbe3bc3..18b04c1bb6 100644 --- a/neutron/templates/service.yaml +++ b/neutron/templates/service.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: neutron-server + name: {{ tuple "network" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.network.server.port }} + - name: q-api + port: {{ .Values.network.server.port }} {{ if .Values.network.server.node_port.enabled }} nodePort: {{ .Values.network.server.node_port.port }} {{ end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 3e4df466e7..d55c9a71c8 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -98,13 +98,13 @@ network: # br0: if0 # br1: iface_two server: - name: "neutron-server" port: 9696 + ingress: + public: true node_port: enabled: false port: 30096 metadata: - name: "neutron-metadata" port: 8775 keystone: @@ -438,6 +438,14 @@ conf: metadata_agent: override: append: + default: + neutron: + metadata: + agent: + nova_metadata_ip: 10.97.120.234 + nova_metadata_port: 80 + nova_metadata_protocol: http + metadata_proxy_shared_secret: "password" sriov_agent: override: append: @@ -466,7 +474,8 @@ endpoints: path: /neutron scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -480,39 +489,58 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 compute: name: nova hosts: default: nova-api - path: "/v2/%(tenant_id)s" - scheme: 'http' + public: nova + path: + default: "/v2/%(tenant_id)s" + scheme: + default: 'http' port: - api: 8774 - metadata: 8775 - novncproxy: 6080 + api: + default: 8774 + public: 80 + metadata: + default: 8775 + novncproxy: + default: 6080 identity: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 network: name: neutron hosts: default: neutron-server - path: null - scheme: 'http' + public: neutron + path: + default: null + scheme: + default: 'http' port: - api: 9696 + api: + default: 9696 + public: 80 mounts: neutron_server: diff --git a/nova/templates/bin/_nova-api.sh.tpl b/nova/templates/bin/_nova-api.sh.tpl index 4c334f7c5b..d929242297 100644 --- a/nova/templates/bin/_nova-api.sh.tpl +++ b/nova/templates/bin/_nova-api.sh.tpl @@ -19,7 +19,7 @@ COMMAND="${@:-start}" function start () { exec nova-api-os-compute \ - --config-file /etc/nova/nova.conf + --config-file /etc/nova/nova.conf --debug } function stop () { diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index 706fb2ef41..391912ca71 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -24,7 +24,7 @@ {{- end -}} {{- if empty .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.nova.database.oslo.db.connection -}} @@ -52,7 +52,15 @@ {{- end -}} {{- if empty .Values.conf.nova.cache.nova.conf.memcache_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.nova.cache.nova.conf "memcache_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.nova.cache.nova.conf "memcache_servers" | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.nova.default.nova.conf.metadata_host -}} +{{- set .Values.conf.nova.default.nova.conf "metadata_host" .Values.network.metadata.ip | quote | trunc 0 -}} +{{- end -}} + +{{- if empty .Values.conf.nova.default.nova.conf.metadata_port -}} +{{- tuple "compute_metadata" "public" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.default.nova.conf "metadata_port" | quote | trunc 0 -}} {{- end -}} apiVersion: v1 diff --git a/nova/templates/ingress-metadata.yaml b/nova/templates/ingress-metadata.yaml new file mode 100644 index 0000000000..87c0474b72 --- /dev/null +++ b/nova/templates/ingress-metadata.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.metadata.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: n-meta + - host: {{ tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: n-meta +{{- end }} diff --git a/nova/templates/ingress-osapi.yaml b/nova/templates/ingress-osapi.yaml new file mode 100644 index 0000000000..fd71963db4 --- /dev/null +++ b/nova/templates/ingress-osapi.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.osapi.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "compute" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "compute" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "compute" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: n-api + - host: {{ tuple "compute" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "compute" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: n-api +{{- end }} diff --git a/nova/templates/service-ingress-metadata.yaml b/nova/templates/service-ingress-metadata.yaml new file mode 100644 index 0000000000..df3994d130 --- /dev/null +++ b/nova/templates/service-ingress-metadata.yaml @@ -0,0 +1,27 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.metadata.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + clusterIP: {{ .Values.network.metadata.ip }} + selector: + app: ingress-api +{{- end }} diff --git a/nova/templates/service-ingress-osapi.yaml b/nova/templates/service-ingress-osapi.yaml new file mode 100644 index 0000000000..fba905eaa7 --- /dev/null +++ b/nova/templates/service-ingress-osapi.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.osapi.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "compute" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/nova/templates/service-metadata.yaml b/nova/templates/service-metadata.yaml index 29de9f0069..a34ab7e77d 100644 --- a/nova/templates/service-metadata.yaml +++ b/nova/templates/service-metadata.yaml @@ -15,10 +15,10 @@ apiVersion: v1 kind: Service metadata: - name: nova-metadata + name: {{ tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - name: nova-metadata + - name: n-meta port: {{ .Values.network.metadata.port }} {{ if .Values.network.metadata.node_port.enabled }} nodePort: {{ .Values.network.metadata.node_port.port }} diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml index fd9199e3d6..f1e7081aec 100644 --- a/nova/templates/service-osapi.yaml +++ b/nova/templates/service-osapi.yaml @@ -15,13 +15,10 @@ apiVersion: v1 kind: Service metadata: - # alanmeadows(TODO): refactor to nova-osapi - # which requires updating other charts - # dependencies - name: nova-api + name: {{ tuple "compute" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - name: nova-api-osapi + - name: n-api port: {{ .Values.network.osapi.port }} {{ if .Values.network.osapi.node_port.enabled }} nodePort: {{ .Values.network.osapi.node_port.port }} diff --git a/nova/values.yaml b/nova/values.yaml index b0239e30a1..f3fb9ba02b 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -106,20 +106,20 @@ network: kubernetes_domain: "cluster.local" other_domains: "" osapi: - name: "nova-osapi" port: 8774 + ingress: + public: true node_port: enabled: false port: 30774 metadata: - name: "nova-metadata" + ip: 10.97.120.234 port: 8775 + ingress: + public: true node_port: enabled: false port: 30775 - novncproxy: - name: "nova-novncproxy" - port: 6080 keystone: admin_user: "admin" @@ -326,6 +326,10 @@ conf: oslo: concurrency: lock_path: /var/lib/nova/tmp + oslo_middleware: + oslo: + middleware: + enable_proxy_headers_parsing: true glance: nova: conf: @@ -410,7 +414,8 @@ endpoints: path: /nova scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_db_api: auth: admin: @@ -424,7 +429,8 @@ endpoints: path: /nova_api scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_messaging: auth: admin: @@ -438,48 +444,82 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 oslo_cache: hosts: default: memcached port: - memcache: 11211 - compute: - name: nova - hosts: - default: nova-api - path: "/v2/%(tenant_id)s" - scheme: 'http' - port: - api: 8774 - metadata: 8775 - novncproxy: 6080 + memcache: + default: 11211 identity: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - api: 5000 - admin: 35357 + admin: + default: 35357 + api: + default: 80 image: name: glance hosts: default: glance-api - path: null - scheme: 'http' + public: glance + path: + default: null + scheme: + default: http port: - api: 9292 - registry: 9191 + api: + default: 9292 + public: 80 + compute: + name: nova + hosts: + default: nova-api + public: nova + path: + default: "/v2/%(tenant_id)s" + scheme: + default: 'http' + port: + api: + default: 8774 + public: 80 + novncproxy: + default: 6080 + compute_metadata: + name: nova + hosts: + default: nova-metadata + public: metadata + path: + default: / + scheme: + default: 'http' + port: + metadata: + default: 8775 + public: 80 network: name: neutron hosts: default: neutron-server - path: null - scheme: 'http' + public: neutron + path: + default: null + scheme: + default: 'http' port: - api: 9696 + api: + default: 9696 + public: 80 resources: diff --git a/senlin/templates/configmap-etc.yaml b/senlin/templates/configmap-etc.yaml index aed6ffca9f..bec615d3a4 100644 --- a/senlin/templates/configmap-etc.yaml +++ b/senlin/templates/configmap-etc.yaml @@ -24,7 +24,7 @@ {{- end -}} {{- if empty .Values.conf.senlin.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.hostname_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.senlin.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.senlin.database.oslo.db.connection -}} diff --git a/senlin/templates/ingress-api.yaml b/senlin/templates/ingress-api.yaml new file mode 100644 index 0000000000..f3362ca1f3 --- /dev/null +++ b/senlin/templates/ingress-api.yaml @@ -0,0 +1,39 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ tuple "clustering" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + annotations: + kubernetes.io/ingress.class: "nginx" + ingress.kubernetes.io/rewrite-target: / +spec: + rules: + - host: {{ tuple "clustering" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "clustering" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: s-api + - host: {{ tuple "clustering" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" }} + http: + paths: + - path: / + backend: + serviceName: {{ tuple "clustering" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + servicePort: s-api +{{- end }} diff --git a/senlin/templates/service-api.yaml b/senlin/templates/service-api.yaml index 56eaa44c25..1251f0888e 100644 --- a/senlin/templates/service-api.yaml +++ b/senlin/templates/service-api.yaml @@ -15,10 +15,11 @@ apiVersion: v1 kind: Service metadata: - name: senlin-api + name: {{ tuple "clustering" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} spec: ports: - - port: {{ .Values.conf.senlin.senlin_api.senlin.config.bind_port }} + - name: s-api + port: {{ .Values.conf.senlin.senlin_api.senlin.config.bind_port }} {{ if .Values.network.api.node_port.enabled }} nodePort: {{ .Values.network.api.node_port.port }} {{ end }} diff --git a/senlin/templates/service-ingress-api.yaml b/senlin/templates/service-ingress-api.yaml new file mode 100644 index 0000000000..bcacfa88c9 --- /dev/null +++ b/senlin/templates/service-ingress-api.yaml @@ -0,0 +1,26 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.network.api.ingress.public }} +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "clustering" "public" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: http + port: 80 + selector: + app: ingress-api +{{- end }} diff --git a/senlin/values.yaml b/senlin/values.yaml index e26f505f10..1520e5477f 100644 --- a/senlin/values.yaml +++ b/senlin/values.yaml @@ -95,8 +95,8 @@ conf: network: api: - name: "senlin-api" - proto: "http" + ingress: + public: true node_port: enabled: false port: 30778 @@ -155,19 +155,29 @@ endpoints: name: keystone hosts: default: keystone-api - path: /v3 - scheme: 'http' + public: keystone + path: + default: /v3 + scheme: + default: http port: - admin: 35357 - api: 5000 + admin: + default: 35357 + api: + default: 80 clustering: name: senlin hosts: default: senlin-api - path: null - scheme: 'http' + public: senlin + path: + default: null + scheme: + default: http port: - api: 8778 + api: + default: 8778 + public: 80 oslo_db: auth: admin: @@ -181,12 +191,14 @@ endpoints: path: /senlin scheme: mysql+pymysql port: - mysql: 3306 + mysql: + default: 3306 oslo_cache: hosts: default: memcached port: - memcache: 11211 + memcache: + default: 11211 oslo_messaging: auth: admin: @@ -200,7 +212,8 @@ endpoints: path: / scheme: rabbit port: - amqp: 5672 + amqp: + default: 5672 resources: enabled: false diff --git a/tools/gate/basic_launch.sh b/tools/gate/basic_launch.sh index 3a721bd19b..0b01601093 100755 --- a/tools/gate/basic_launch.sh +++ b/tools/gate/basic_launch.sh @@ -64,6 +64,7 @@ EOF" kubectl exec -n ceph ceph-mon-0 -- ceph osd pool create vms 8 fi +helm install --namespace=openstack local/ingress --name=ingress helm install --namespace=openstack local/mariadb --name=mariadb helm install --namespace=openstack local/memcached --name=memcached helm install --namespace=openstack local/etcd --name=etcd-rabbitmq @@ -101,3 +102,11 @@ helm_test_deployment keystone 600 helm_test_deployment glance 600 helm_test_deployment neutron 600 helm_test_deployment nova 600 + +if [ "x$LAUNCH_ALL_OSH_SERVICES" == "xtrue" ]; then + helm install --namespace=openstack local/barbican --name=barbican + helm install --namespace=openstack local/magnum --name=magnum + helm install --namespace=openstack local/mistral --name=mistral + helm install --namespace=openstack local/senlin --name=senlin + kube_wait_for_pods openstack 600 +fi diff --git a/tools/gate/openstack_aio_launch.sh b/tools/gate/openstack_aio_launch.sh index 5126b7285e..06bc43d519 100644 --- a/tools/gate/openstack_aio_launch.sh +++ b/tools/gate/openstack_aio_launch.sh @@ -18,7 +18,7 @@ set -xe : ${KS_PASSWORD:="password"} : ${KS_USER_DOMAIN:="default"} : ${KS_PROJECT_DOMAIN:="default"} -: ${KS_URL:="http://keystone-api.openstack:5000/v3"} +: ${KS_URL:="http://keystone.openstack/v3"} : ${OSH_BR_EX_ADDR:="172.24.4.1/24"} : ${OSH_EXT_SUBNET:="172.24.4.0/24"} diff --git a/tools/gate/setup_gate.sh b/tools/gate/setup_gate.sh index f9b72bf0d8..b732f8dad2 100755 --- a/tools/gate/setup_gate.sh +++ b/tools/gate/setup_gate.sh @@ -30,6 +30,7 @@ export PVC_BACKEND=ceph # Setup the logging location: by default use the working dir as the root. export LOGS_DIR=${LOGS_DIR:-"${WORK_DIR}/logs"} +rm -rf ${LOGS_DIR} || true mkdir -p ${LOGS_DIR} function dump_logs () {