From 0808cf5198f6f7b8fdc29905c536d3e8ffa333d2 Mon Sep 17 00:00:00 2001
From: Hyunsun Moon <hyunsun.moon@gmail.com>
Date: Thu, 2 Nov 2017 14:37:09 +0900
Subject: [PATCH] Add option to set external policy to local for openstack
 services

External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.

Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
---
 barbican/templates/service-api.yaml    | 3 +++
 barbican/values.yaml                   | 1 +
 cinder/templates/service-api.yaml      | 3 +++
 cinder/values.yaml                     | 1 +
 glance/templates/service-api.yaml      | 3 +++
 glance/templates/service-registry.yaml | 3 +++
 glance/values.yaml                     | 2 ++
 gnocchi/templates/service-api.yaml     | 3 +++
 gnocchi/values.yaml                    | 1 +
 heat/templates/service-api.yaml        | 3 +++
 heat/values.yaml                       | 1 +
 horizon/templates/service.yaml         | 9 ++++++---
 horizon/values.yaml                    | 8 +++++---
 keystone/templates/service-api.yaml    | 3 +++
 keystone/values.yaml                   | 1 +
 magnum/templates/service-api.yaml      | 3 +++
 magnum/values.yaml                     | 1 +
 neutron/templates/service-server.yaml  | 3 +++
 neutron/values.yaml                    | 1 +
 nova/templates/service-metadata.yaml   | 3 +++
 nova/templates/service-osapi.yaml      | 3 +++
 nova/values.yaml                       | 2 ++
 22 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/barbican/templates/service-api.yaml b/barbican/templates/service-api.yaml
index f113672318..2bdebdd4f3 100644
--- a/barbican/templates/service-api.yaml
+++ b/barbican/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 465635c93d..136ee17dfb 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -134,6 +134,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 39486
diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml
index c1f9aee881..a009e764ff 100644
--- a/cinder/templates/service-api.yaml
+++ b/cinder/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 3ff3d439c4..04c83e8c4d 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -195,6 +195,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30877
diff --git a/glance/templates/service-api.yaml b/glance/templates/service-api.yaml
index a2daba3f4c..a234ab47c9 100644
--- a/glance/templates/service-api.yaml
+++ b/glance/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/glance/templates/service-registry.yaml b/glance/templates/service-registry.yaml
index ba98f5fa2f..72c89140bf 100644
--- a/glance/templates/service-registry.yaml
+++ b/glance/templates/service-registry.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "glance" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.registry.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.registry.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/glance/values.yaml b/glance/values.yaml
index 328db9706b..376e88147e 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -275,12 +275,14 @@ network:
     ingress:
       public: true
       proxy_body_size: 1024M
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30092
   registry:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30091
diff --git a/gnocchi/templates/service-api.yaml b/gnocchi/templates/service-api.yaml
index d637e3a1d4..16ff31c8fa 100644
--- a/gnocchi/templates/service-api.yaml
+++ b/gnocchi/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml
index fc8d1f1f3c..bb76e59940 100644
--- a/gnocchi/values.yaml
+++ b/gnocchi/values.yaml
@@ -27,6 +27,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 8041
diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml
index 2a247841c1..380027d46d 100644
--- a/heat/templates/service-api.yaml
+++ b/heat/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "heat" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/heat/values.yaml b/heat/values.yaml
index d13e96f35b..518d5ba2d1 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -221,6 +221,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30004
diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml
index 05b604c976..121b3b4c79 100644
--- a/horizon/templates/service.yaml
+++ b/horizon/templates/service.yaml
@@ -23,9 +23,9 @@ metadata:
   name: {{ tuple "dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-    {{ if .Values.network.enable_node_port }}
+    {{ if .Values.network.node_port.enabled }}
     - name: http
-      nodePort: {{ .Values.network.node_port }}
+      nodePort: {{ .Values.network.node_port.port }}
       port: {{ .Values.network.port }}
       protocol: TCP
       targetPort: {{ .Values.network.port }}
@@ -37,7 +37,10 @@ spec:
     {{ end }}
   selector:
 {{ tuple $envAll "horizon" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-  {{ if .Values.network.enable_node_port }}
+  {{ if .Values.network.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 911848907f..d1d1d47a50 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -33,11 +33,13 @@ labels:
   node_selector_value: enabled
 
 network:
+  port: 80
   ingress:
     public: true
-  port: 80
-  node_port: 31000
-  enable_node_port: false
+  external_policy_local: false
+  node_port:
+    enabled: false
+    port: 31000
 
 # Use "True" and "False" as Titlecase strings with quotes, boolean
 # values will not work
diff --git a/keystone/templates/service-api.yaml b/keystone/templates/service-api.yaml
index 28238ca4fe..f66e3f03f0 100644
--- a/keystone/templates/service-api.yaml
+++ b/keystone/templates/service-api.yaml
@@ -37,5 +37,8 @@ spec:
 {{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if or (.Values.network.api.node_port.enabled) (.Values.network.admin.node_port.enabled) }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index a6fb4b7a84..d520c3b933 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -53,6 +53,7 @@ network:
     port: 80
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30500
diff --git a/magnum/templates/service-api.yaml b/magnum/templates/service-api.yaml
index 2e6ca654d7..f401f0ccb7 100644
--- a/magnum/templates/service-api.yaml
+++ b/magnum/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "magnum" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/magnum/values.yaml b/magnum/values.yaml
index 5b5c7cc948..dfd24aaa27 100644
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@@ -115,6 +115,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30511
diff --git a/neutron/templates/service-server.yaml b/neutron/templates/service-server.yaml
index 136418e746..c7287eeb0d 100644
--- a/neutron/templates/service-server.yaml
+++ b/neutron/templates/service-server.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.server.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.server.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index b6fe3f2ca1..a9b94416ce 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -91,6 +91,7 @@ network:
     port: 9696
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30096
diff --git a/nova/templates/service-metadata.yaml b/nova/templates/service-metadata.yaml
index 481e1ed5a2..7262db8031 100644
--- a/nova/templates/service-metadata.yaml
+++ b/nova/templates/service-metadata.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.metadata.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.metadata.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml
index cc1fa8240a..6214a19564 100644
--- a/nova/templates/service-osapi.yaml
+++ b/nova/templates/service-osapi.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.osapi.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.osapi.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index f7541d429e..857454678a 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -109,6 +109,7 @@ network:
     port: 8774
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30774
@@ -118,6 +119,7 @@ network:
     port: 8775
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30775