diff --git a/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/ingress-nginx.py b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/ingress-nginx.py new file mode 100644 index 00000000..07a21262 --- /dev/null +++ b/python3-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/ingress-nginx.py @@ -0,0 +1,54 @@ +# +# Copyright (c) 2024 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +from sysinv.common import exception +from sysinv.helm import common + +from k8sapp_openstack.common import constants as app_constants +from k8sapp_openstack.helm import openstack + + +class IngressHelm(openstack.OpenstackBaseHelm): + """Class to encapsulate helm operations for the ingress chart""" + + CHART = app_constants.HELM_CHART_INGRESS + HELM_RELEASE = app_constants.FLUXCD_HELMRELEASE_INGRESS + + def get_overrides(self, namespace=None): + limit_enabled, limit_cpus, limit_mem_mib = self._get_platform_res_limit() + + overrides = { + common.HELM_NS_OPENSTACK: { + 'controller': { + 'replicaCount': self._num_provisioned_controllers(), + 'resources': { + 'enabled': limit_enabled, + 'limits': { + 'cpu': "%d000m" % (limit_cpus), + 'memory': "%dMi" % (limit_mem_mib) + } + } + }, + 'defaultBackend': { + 'replicaCount': self._num_provisioned_controllers(), + 'resources': { + 'enabled': limit_enabled, + 'limits': { + 'cpu': "%d000m" % (limit_cpus), + 'memory': "%dMi" % (limit_mem_mib) + } + } + } + } + } + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, + namespace=namespace) + else: + return overrides diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/helmrelease.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/helmrelease.yaml new file mode 100644 index 00000000..ce6f0f76 --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/helmrelease.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2024 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +apiVersion: "helm.toolkit.fluxcd.io/v2" +kind: HelmRelease +metadata: + name: ingress-nginx + labels: + chart_group: openstack-ingress-nginx +spec: + releaseName: openstack-ingress-nginx + chart: + spec: + chart: ingress-nginx + version: 4.11.1 + sourceRef: + kind: HelmRepository + name: starlingx + interval: 1m + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + valuesFrom: + - kind: Secret + name: ingress-nginx-static-overrides + valuesKey: ingress-nginx-static-overrides.yaml + - kind: Secret + name: ingress-nginx-system-overrides + valuesKey: ingress-nginx-system-overrides.yaml +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-static-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-static-overrides.yaml new file mode 100644 index 00000000..aadc46ab --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-static-overrides.yaml @@ -0,0 +1,140 @@ +# +# Copyright (c) 2024 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +fullnameOverride: ingress-nginx + +controller: + config: + bind-address: '::' + worker-processes: "4" + enable-underscores-in-headers: "true" + enable-vts-status: "true" + proxy-connect-timeout: "30" + server-tokens: "false" + ssl-dh-param: openstack/secret-dhparam + + dnsPolicy: ClusterFirstWithHostNet + ingressClassResource: + enabled: false + controllerValue: k8s.io/ingress-nginx-openstack + scope: + enabled: true + namespace: "openstack" + namespaceSelector: "openstack" + labels: + app: ingress-api + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "openstack-compute-node" + operator: "Exists" + effect: "NoSchedule" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: release_group + operator: In + values: + - osh-openstack-ingress + - key: application + operator: In + values: + - ingress + - key: component + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + nodeSelector: + openstack-control-plane: "enabled" + service: + type: ClusterIP + admissionWebhooks: + enabled: false + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 3 + requests: + cpu: 100m + ephemeral-storage: 2000Ki + memory: 128Mi + +defaultBackend: + enabled: true + config: + bind-address: '::' + worker-processes: "4" + enable-underscores-in-headers: "true" + enable-vts-status: "true" + proxy-connect-timeout: "30" + server-tokens: "false" + ssl-dh-param: openstack/secret-dhparam + + dnsPolicy: ClusterFirstWithHostNet + ingressClassResource: + enabled: false + controllerValue: k8s.io/ingress-nginx-openstack + scope: + enabled: true + namespace: "openstack" + namespaceSelector: "openstack" + labels: + app: ingress-api + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "openstack-compute-node" + operator: "Exists" + effect: "NoSchedule" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: release_group + operator: In + values: + - osh-openstack-ingress + - key: application + operator: In + values: + - ingress + - key: component + operator: In + values: + - server + topologyKey: kubernetes.io/hostname + nodeSelector: + openstack-control-plane: "enabled" + service: + type: ClusterIP + admissionWebhooks: + enabled: false + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 3 + requests: + cpu: 100m + ephemeral-storage: 2000Ki + memory: 128Mi + +revisionHistoryLimit: 3 +... diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-system-overrides.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/ingress-nginx-system-overrides.yaml new file mode 100644 index 00000000..e69de29b diff --git a/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/kustomization.yaml b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/kustomization.yaml new file mode 100644 index 00000000..19a609fb --- /dev/null +++ b/stx-openstack-helm-fluxcd/stx-openstack-helm-fluxcd/manifests/ingress-nginx/kustomization.yaml @@ -0,0 +1,22 @@ +# +# Copyright (c) 2024 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +namespace: openstack +commonLabels: + chart_group: openstack-ingress-nginx +resources: + - helmrelease.yaml +secretGenerator: + - name: ingress-nginx-static-overrides + files: + - ingress-nginx-static-overrides.yaml + - name: ingress-nginx-system-overrides + files: + - ingress-nginx-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true +...