openstack/openstack-helm
Code Issues Proposed changes

Allows Octavia Amphore V2

Browse Source 
Add support for Octavia Amphore V2

For backward compatibility the default driver still Amphore v1.

One can use Amphore V2 as driver, by specify
`config.octavia.api_settings.default_provider_driver`
`config.octavia.api_settings.enabled_provider_drivers`

Also for authentication, you can provide
`.Values.endpoints.valkey.password` to use password auth, but more
recommanded way is to use CA cert access.
And then add path to
`config.octavia.task_flow.jobboard_redis_backend_ssl_options` and
`config.octavia.task_flow.jobboard_redis_sentinel_ssl_options`.

Change-Id: I6e652c1ed3a6ae45c72bb47809a1f8d846352314
This commit is contained in:
ricolin 2024-05-07 21:07:42 +08:00 committed by Rico Lin
parent f37dd907f9
commit d151a81650
6 changed files with 97 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
octavia/templates/bin/_db-sync.sh.tpl
View File

@ -19,3 +19,5 @@ limitations under the License.
set -ex set -ex
octavia-db-manage upgrade head octavia-db-manage upgrade head
octavia-db-manage upgrade_persistence

16
octavia/templates/configmap-etc.yaml
View File

@ -84,6 +84,22 @@ limitations under the License.
{{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}} {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.octavia.task_flow.persistence_connection -}}
{{- $_ := tuple "oslo_db_persistence" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.task_flow "persistence_connection" -}}
{{- end -}}
{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_hosts -}}
{{- $_ := tuple "valkey" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_hosts" -}}
{{- end -}}
{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_port -}}
{{- $_ := tuple "valkey" "sentinel" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_port" -}}
{{- end -}}
{{- if and (empty .Values.conf.octavia.task_flow.jobboard_backend_password) (not (empty .Values.endpoints.valkey.password) ) -}}
{{- $_ := set .Values.conf.octavia.task_flow "jobboard_backend_password" .Values.endpoints.valkey.password -}}
{{- end -}}
{{- if empty .Values.conf.octavia.DEFAULT.transport_url -}} {{- if empty .Values.conf.octavia.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "octavia" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.octavia.DEFAULT "transport_url" -}} {{- $_ := tuple "oslo_messaging" "internal" "octavia" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.octavia.DEFAULT "transport_url" -}}
{{- end -}} {{- end -}}

6
octavia/templates/job-db-drop.yaml
View File

@ -15,6 +15,10 @@ limitations under the License.
*/}} */}}
{{- if .Values.manifests.job_db_drop }} {{- if .Values.manifests.job_db_drop }}
{{- $dbDropJob := dict "envAll" . "serviceName" "octavia" -}} {{- $serviceName := "octavia" -}}
{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
{{- $dbsToDrop := list $dbSvc $dbPersist }}
{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbsToDrop" $dbsToDrop -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }} {{- end }}

9
octavia/templates/job-db-init.yaml
View File

@ -20,6 +20,13 @@ helm.sh/hook-weight: "-5"
{{- end }} {{- end }}
{{- if .Values.manifests.job_db_init }} {{- if .Values.manifests.job_db_init }}
{{- $dbInitJob := dict "envAll" . "serviceName" "octavia" "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}} {{- $serviceName := "octavia" -}}
{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
{{- $dbsToInit := list $dbSvc $dbPersist }}
{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }} {{- end }}

19
octavia/templates/secret-db-persistence.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2024 Vexxhost Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.manifests.secret_db_persistence }}
{{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "octavia" }}
{{- $secretName := index $envAll.Values.secrets.oslo_db_persistence $userClass }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: Opaque
data:
DB_CONNECTION: {{ tuple "oslo_db_persistence" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
{{- end }}
{{- end }}

47
octavia/values.yaml
View File

@ -107,6 +107,8 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
@ -124,6 +126,8 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
@ -143,6 +147,8 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
@ -162,6 +168,8 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
- endpoint: internal - endpoint: internal
service: identity service: identity
- endpoint: internal - endpoint: internal
@ -176,12 +184,16 @@ dependencies:
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
db_sync: db_sync:
jobs: jobs:
- octavia-db-init - octavia-db-init
services: services:
- endpoint: internal - endpoint: internal
service: oslo_db service: oslo_db
- endpoint: internal
service: oslo_db_persistence
ks_endpoints: ks_endpoints:
jobs: jobs:
- octavia-ks-service - octavia-ks-service
@ -263,6 +275,8 @@ conf:
cafile: "" cafile: ""
auth_version: v3 auth_version: v3
memcache_security_strategy: ENCRYPT memcache_security_strategy: ENCRYPT
task_flow:
jobboard_enabled: true
logging: logging:
loggers: loggers:
keys: keys:
@ -361,6 +375,9 @@ secrets:
oslo_db: oslo_db:
admin: octavia-db-admin admin: octavia-db-admin
octavia: octavia-db-user octavia: octavia-db-user
oslo_db_persistence:
admin: octavia-persistence-db-admin
octavia: octavia-persistence-db-user
oslo_messaging: oslo_messaging:
admin: octavia-rabbitmq-admin admin: octavia-rabbitmq-admin
octavia: octavia-rabbitmq-user octavia: octavia-rabbitmq-user
@ -471,6 +488,23 @@ endpoints:
port: port:
mysql: mysql:
default: 3306 default: 3306
oslo_db_persistence:
auth:
admin:
username: root
password: password
octavia:
username: octavia
password: password
hosts:
default: mariadb
host_fqdn_override:
default: null
path: /octavia_persistence
scheme: mysql+pymysql
port:
mysql:
default: 3306
oslo_cache: oslo_cache:
auth: auth:
# NOTE(portdirect): this is used to define the value for keystone # NOTE(portdirect): this is used to define the value for keystone
@ -523,6 +557,18 @@ endpoints:
api: api:
default: 9696 default: 9696
public: 80 public: 80
valkey:
name: valkey
hosts:
default: valkey
# NOTE(rlin): we should only provide password when not using CA cert.
password: null
host_fqdn_override:
default: null
port:
server:
default: 6379
sentinel: 26379
pod: pod:
security_context: security_context:
@ -739,6 +785,7 @@ manifests:
network_policy: false network_policy: false
secret_credential_keys: true secret_credential_keys: true
secret_db: true secret_db: true
secret_db_persistence: true
secret_ingress_tls: true secret_ingress_tls: true
secret_keystone: true secret_keystone: true
secret_rabbitmq: true secret_rabbitmq: true