Create Ingress-nginx FluxCD Manifest

The Openstack upstream community have deprecated its
Ingress Helm chart and begun to use the Helm chart from
Nginx.

The purpose of this task is to add a new FluxCD Manifest
for the Ingress-nginx Helm chart without removing the
current Ingress manifest. There will be a follow-up to
this review that will substitute the current ingress
manifest with the new one. Because of that, ingress-nginx
is not being added to the kustomization file, as it is
not to be deployed right now.

The plugin for this new Helm chart is also added to the
helm folder.

Test Plan:
PASS - Build stx-openstack-helm-fluxcd and STX-O
PASS - Ingress-nginx Helm chart appears in the build
PASS - Update and apply STX-O
PASS - Ingress-nginx is present but not deployed

Story: 2011303
Task: 51430

Change-Id: Iaf3cb33724871141abb5f8334b5043d3b823041b
Signed-off-by: Daniel Caires <DanielMarques.Caires@windriver.com>

python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/ingress-nginx.py

@@ -0,0 +1,54 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import exception
+from sysinv.helm import common
+
+from k8sapp_openstack.common import constants as app_constants
+from k8sapp_openstack.helm import openstack
+
+
+class IngressHelm(openstack.OpenstackBaseHelm):
+    """Class to encapsulate helm operations for the ingress chart"""
+
+    CHART = app_constants.HELM_CHART_INGRESS
+    HELM_RELEASE = app_constants.FLUXCD_HELMRELEASE_INGRESS
+
+    def get_overrides(self, namespace=None):
+        limit_enabled, limit_cpus, limit_mem_mib = self._get_platform_res_limit()
+
+        overrides = {
+            common.HELM_NS_OPENSTACK: {
+                'controller': {
+                    'replicaCount': self._num_provisioned_controllers(),
+                    'resources': {
+                        'enabled': limit_enabled,
+                        'limits': {
+                            'cpu': "%d000m" % (limit_cpus),
+                            'memory': "%dMi" % (limit_mem_mib)
+                        }
+                    }
+                },
+                'defaultBackend': {
+                    'replicaCount': self._num_provisioned_controllers(),
+                    'resources': {
+                        'enabled': limit_enabled,
+                        'limits': {
+                            'cpu': "%d000m" % (limit_cpus),
+                            'memory': "%dMi" % (limit_mem_mib)
+                        }
+                    }
+                }
+            }
+        }
+
+        if namespace in self.SUPPORTED_NAMESPACES:
+            return overrides[namespace]
+        elif namespace:
+            raise exception.InvalidHelmNamespace(chart=self.CHART,
+                                                 namespace=namespace)
+        else:
+            return overrides

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/helmrelease.yaml

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: "helm.toolkit.fluxcd.io/v2"
+kind: HelmRelease
+metadata:
+  name: ingress-nginx
+  labels:
+    chart_group: openstack-ingress-nginx
+spec:
+  releaseName: openstack-ingress-nginx
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: 4.11.1
+      sourceRef:
+        kind: HelmRepository
+        name: starlingx
+      interval: 1m
+  interval: 1m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: ingress-nginx-static-overrides
+      valuesKey: ingress-nginx-static-overrides.yaml
+    - kind: Secret
+      name: ingress-nginx-system-overrides
+      valuesKey: ingress-nginx-system-overrides.yaml
+...

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-static-overrides.yaml

@@ -0,0 +1,140 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+fullnameOverride: ingress-nginx
+
+controller:
+  config:
+    bind-address: '::'
+    worker-processes: "4"
+    enable-underscores-in-headers: "true"
+    enable-vts-status: "true"
+    proxy-connect-timeout: "30"
+    server-tokens: "false"
+    ssl-dh-param: openstack/secret-dhparam
+
+  dnsPolicy: ClusterFirstWithHostNet
+  ingressClassResource:
+    enabled: false
+    controllerValue: k8s.io/ingress-nginx-openstack
+  scope:
+    enabled: true
+    namespace: "openstack"
+    namespaceSelector: "openstack"
+  labels:
+    app: ingress-api
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "openstack-compute-node"
+      operator: "Exists"
+      effect: "NoSchedule"
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: release_group
+              operator: In
+              values:
+              - osh-openstack-ingress
+            - key: application
+              operator: In
+              values:
+              - ingress
+            - key: component
+              operator: In
+              values:
+              - server
+        topologyKey: kubernetes.io/hostname
+  nodeSelector:
+    openstack-control-plane: "enabled"
+  service:
+    type: ClusterIP
+  admissionWebhooks:
+    enabled: false
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 3
+  requests:
+    cpu: 100m
+    ephemeral-storage: 2000Ki
+    memory: 128Mi
+
+defaultBackend:
+  enabled: true
+  config:
+    bind-address: '::'
+    worker-processes: "4"
+    enable-underscores-in-headers: "true"
+    enable-vts-status: "true"
+    proxy-connect-timeout: "30"
+    server-tokens: "false"
+    ssl-dh-param: openstack/secret-dhparam
+
+  dnsPolicy: ClusterFirstWithHostNet
+  ingressClassResource:
+    enabled: false
+    controllerValue: k8s.io/ingress-nginx-openstack
+  scope:
+    enabled: true
+    namespace: "openstack"
+    namespaceSelector: "openstack"
+  labels:
+    app: ingress-api
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "node-role.kubernetes.io/control-plane"
+      operator: "Exists"
+      effect: "NoSchedule"
+    - key: "openstack-compute-node"
+      operator: "Exists"
+      effect: "NoSchedule"
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+      - labelSelector:
+          matchExpressions:
+            - key: release_group
+              operator: In
+              values:
+              - osh-openstack-ingress
+            - key: application
+              operator: In
+              values:
+              - ingress
+            - key: component
+              operator: In
+              values:
+              - server
+        topologyKey: kubernetes.io/hostname
+  nodeSelector:
+    openstack-control-plane: "enabled"
+  service:
+    type: ClusterIP
+  admissionWebhooks:
+    enabled: false
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+      maxSurge: 3
+  requests:
+    cpu: 100m
+    ephemeral-storage: 2000Ki
+    memory: 128Mi
+
+revisionHistoryLimit: 3
+...

stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/kustomization.yaml

@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+---
+namespace: openstack
+commonLabels:
+  chart_group: openstack-ingress-nginx
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: ingress-nginx-static-overrides
+    files:
+      - ingress-nginx-static-overrides.yaml
+  - name: ingress-nginx-system-overrides
+    files:
+      - ingress-nginx-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true
+...