Added horizon to install as default component

Added horizon to the openstack umbrella chart to deploy but disabled by default. Change-Id: Ia835c0c142d0e0878623af9165d595a386b7c4c2
2022-09-06 20:08:52 +00:00 · 2022-09-06 20:08:52 +00:00 · 94a8d348a9
commit 94a8d348a9
parent 08cc418ae4
16 changed files with 287 additions and 1 deletions
--- a/openstack/Chart.yaml
+++ b/openstack/Chart.yaml
@ -49,10 +49,14 @@ dependencies:
  repository: file://../neutron
  version: ">0.1.0"
  condition: neutron.enabled
+- name: horizon
+  repository: file://../horizon
+  version: ">0.1.0"
+  condition: horizon.enabled

 description: A chart for openstack helm commmon deployment items
 name: openstack
 type: application
-version: 0.1.5
+version: 0.1.6
 maintainers:
  - name: OpenStack-Helm Authors
--- a/openstack/charts/horizon
+++ b/openstack/charts/horizon
@ -0,0 +1 @@
+../../horizon
--- a/openstack/values.yaml
+++ b/openstack/values.yaml
@ -72,6 +72,11 @@ placement:
  enabled: true
  helm3_hook: false

+horizon:
+  release_group: horizon
+  enabled: false
+  helm3_hook: false
+
 neutron:
  release_group: neutron
  enabled: true
--- a/openstack/values_overrides/horizon/apparmor.yaml
+++ b/openstack/values_overrides/horizon/apparmor.yaml
@ -0,0 +1,15 @@
+---
+horizon:
+  pod:
+    mandatory_access_control:
+      type: apparmor
+      horizon:
+        horizon: runtime/default
+        init: runtime/default
+      horizon-db-sync:
+        horizon-db-sync: runtime/default
+        init: runtime/default
+      horizon-test:
+        init: runtime/default
+        horizon-test: runtime/default
+...
--- a/openstack/values_overrides/horizon/netpol.yaml
+++ b/openstack/values_overrides/horizon/netpol.yaml
@ -0,0 +1,56 @@
+---
+horizon:
+  manifests:
+    network_policy: true
+  network_policy:
+    horizon:
+      ingress:
+        - from:
+          - podSelector:
+              matchLabels:
+                application: horizon
+        - from:
+          - podSelector:
+              matchLabels:
+                application: prometheus-openstack-exporter
+        - from:
+          - podSelector:
+              matchLabels:
+                application: ingress
+          ports:
+            - port: 80
+              protocol: TCP
+            - port: 443
+              protocol: TCP
+      egress:
+        - to:
+          - podSelector:
+              matchLabels:
+                application: neutron
+        - to:
+          - podSelector:
+              matchLabels:
+                application: nova
+        - to:
+          - podSelector:
+              matchLabels:
+                application: glance
+        - to:
+          - podSelector:
+              matchLabels:
+                application: cinder
+        - to:
+          - podSelector:
+              matchLabels:
+                application: keystone
+        - to:
+          - podSelector:
+              matchLabels:
+                application: heat
+        - to:
+          - ipBlock:
+              cidr: %%%REPLACE_API_ADDR%%%/32
+          ports:
+            - protocol: TCP
+              port: %%%REPLACE_API_PORT%%%
+...
--- a/openstack/values_overrides/horizon/tls.yaml
+++ b/openstack/values_overrides/horizon/tls.yaml
@ -0,0 +1,112 @@
+---
+horizon:
+  network:
+    dashboard:
+      ingress:
+        annotations:
+          nginx.ingress.kubernetes.io/backend-protocol: "https"
+  conf:
+    software:
+      apache2:
+        a2enmod:
+          - headers
+          - rewrite
+          - ssl
+    horizon:
+      apache: |
+        <IfVersion < 2.4>
+        Listen 0.0.0.0:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+        </IfVersion>
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+        LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+
+        SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+        CustomLog /dev/stdout combined env=!forwarded
+        CustomLog /dev/stdout proxy env=forwarded
+
+        <VirtualHost *:80>
+          ServerName horizon-int.openstack.svc.cluster.local
+          RewriteEngine On
+          RewriteCond %{HTTPS} off
+          RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
+        </Virtualhost>
+
+        <VirtualHost *:{{ tuple "dashboard" "internal" "web" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
+          ServerName horizon-int.openstack.svc.cluster.local
+          WSGIScriptReloading On
+          WSGIDaemonProcess horizon-http processes=5 threads=1 user=horizon group=horizon display-name=%{GROUP} python-path=/var/lib/kolla/venv/lib/python2.7/site-packages
+          WSGIProcessGroup horizon-http
+          WSGIScriptAlias / /var/www/cgi-bin/horizon/django.wsgi
+          WSGIPassAuthorization On
+
+          RewriteEngine On
+          RewriteCond %{REQUEST_METHOD} !^(POST|PUT|GET|DELETE|PATCH)
+          RewriteRule .* - [F]
+
+          <Location "/">
+            Require all granted
+          </Location>
+
+          Alias /static /var/www/html/horizon
+          <Location "/static">
+            SetHandler static
+          </Location>
+
+          <IfVersion >= 2.4>
+            ErrorLogFormat "%{cu}t %M"
+          </IfVersion>
+          ErrorLog /dev/stdout
+          TransferLog /dev/stdout
+
+          SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+          CustomLog /dev/stdout combined env=!forwarded
+          CustomLog /dev/stdout proxy env=forwarded
+
+          ErrorLog /dev/stdout
+          SSLEngine on
+          SSLCertificateFile      /etc/openstack-dashboard/certs/tls.crt
+          SSLCertificateKeyFile   /etc/openstack-dashboard/certs/tls.key
+          SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+          SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+          SSLHonorCipherOrder     on
+        </VirtualHost>
+      local_settings:
+        config:
+          use_ssl: "True"
+          csrf_cookie_secure: "True"
+          csrf_cookie_httponly: "True"
+          enforce_password_check: "True"
+          session_cookie_secure: "True"
+          session_cookie_httponly: "True"
+  endpoints:
+    identity:
+      auth:
+        admin:
+          cacert: /etc/ssl/certs/openstack-helm.crt
+      scheme:
+        default: https
+      port:
+        api:
+          default: 443
+    dashboard:
+      host_fqdn_override:
+        default:
+          tls:
+            secretName: horizon-tls-web
+            issuerRef:
+              name: ca-issuer
+              kind: ClusterIssuer
+      scheme:
+        default: https
+        public: https
+      port:
+        web:
+          default: 443
+          public: 443
+    ingress:
+      port:
+        ingress:
+          default: 443
+  manifests:
+    certificates: true
+...
--- a/openstack/values_overrides/horizon/train-ubuntu_bionic.yaml
+++ b/openstack/values_overrides/horizon/train-ubuntu_bionic.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:train-ubuntu_bionic
+      db_drop: docker.io/openstackhelm/heat:train-ubuntu_bionic
+      horizon_db_sync: docker.io/openstackhelm/horizon:train-ubuntu_bionic
+      horizon: docker.io/openstackhelm/horizon:train-ubuntu_bionic
+...
--- a/openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml
+++ b/openstack/values_overrides/horizon/ussuri-ubuntu_bionic.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:ussuri-ubuntu_bionic
+      db_drop: docker.io/openstackhelm/heat:ussuri-ubuntu_bionic
+      horizon_db_sync: docker.io/openstackhelm/horizon:ussuri-ubuntu_bionic
+      horizon: docker.io/openstackhelm/horizon:ussuri-ubuntu_bionic
+...
--- a/openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml
+++ b/openstack/values_overrides/horizon/victoria-ubuntu_focal.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:victoria-ubuntu_focal
+      db_drop: docker.io/openstackhelm/heat:victoria-ubuntu_focal
+      horizon_db_sync: docker.io/openstackhelm/horizon:victoria-ubuntu_focal
+      horizon: docker.io/openstackhelm/horizon:victoria-ubuntu_focal
+...
--- a/openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml
+++ b/openstack/values_overrides/horizon/wallaby-ubuntu_focal.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+      db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+      horizon_db_sync: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal
+      horizon: docker.io/openstackhelm/horizon:wallaby-ubuntu_focal
+...
--- a/openstack/values_overrides/horizon/xena-ubuntu_focal.yaml
+++ b/openstack/values_overrides/horizon/xena-ubuntu_focal.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
+      db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
+      horizon_db_sync: docker.io/openstackhelm/horizon:xena-ubuntu_focal
+      horizon: docker.io/openstackhelm/horizon:xena-ubuntu_focal
+...
--- a/openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml
+++ b/openstack/values_overrides/horizon/yoga-ubuntu_focal.yaml
@ -0,0 +1,9 @@
+---
+horizon:
+  images:
+    tags:
+      db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+      db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+      horizon_db_sync: docker.io/openstackhelm/horizon:yoga-ubuntu_focal
+      horizon: docker.io/openstackhelm/horizon:yoga-ubuntu_focal
+...
--- a/releasenotes/notes/openstack.yaml
+++ b/releasenotes/notes/openstack.yaml
@ -6,4 +6,5 @@ openstack:
  - 0.1.3 Add neutron_netns_cleanup_cron release image override, so that the respective release image is used
  - 0.1.4 Remove links in openstack/charts
  - 0.1.5 Revert Remove links in openstack/charts
+  - 0.1.6 Added horizon to install as default component.
 ...
--- a/tools/deployment/component/common/openstack.sh
+++ b/tools/deployment/component/common/openstack.sh
@ -70,6 +70,7 @@ export HELM_CHART_ROOT_PATH="../openstack-helm/openstack"
 : ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova subchart)"}
 : ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement subchart)"}
 : ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron subchart)"}
+: ${OSH_EXTRA_HELM_ARGS_HORIZON:="$(./tools/deployment/common/get-values-overrides.sh horizon subchart)"}

 #NOTE: Lint and package chart
 make -C ${HELM_CHART_ROOT_PATH} .
@ -95,6 +96,7 @@ helm upgrade --install $release openstack/ \
  ${OSH_EXTRA_HELM_ARGS_MEMCACHED} \
  ${OSH_EXTRA_HELM_ARGS_KEYSTONE} \
  ${OSH_EXTRA_HELM_ARGS_HEAT} \
+  ${OSH_EXTRA_HELM_ARGS_HORIZON} \
  ${OSH_EXTRA_HELM_ARGS_GLANCE} \
  ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} \
  ${OSH_EXTRA_HELM_ARGS_LIBVIRT} \
@ -120,6 +122,16 @@ fi
 #NOTE: Wait for deploy
 ./tools/deployment/common/wait-for-pods.sh $namespace 1800

+# list pods and services
+echo "------------------ List kube-system pods and servics ------------"
+kubectl -n kube-system get pods
+kubectl -n kube-system get services
+
+echo
+echo "----------------- List openstack pods and services ---------------"
+kubectl -n openstack get pods
+kubectl -n openstack get services
+
 #NOTE: Validate Deployment info
 openstack service list
 sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx
--- a/zuul.d/jobs-openstack-helm.yaml
+++ b/zuul.d/jobs-openstack-helm.yaml
@ -172,6 +172,7 @@
    files:
      - ^glance/.*$
      - ^heat/.*$
+      - ^horizon/.*$
      - ^keystone/.*$
      - ^neutron/.*$
      - ^nova/.*$
@ -257,6 +258,30 @@
        container_distro_name: ubuntu
        container_distro_version: focal

+- job:
+    name: openstack-helm-horizon-victoria-ubuntu_focal
+    parent: openstack-helm-chart-deploy
+    files:
+      - ^horizon/.*$
+      - ^zuul\.d/.*$
+      - ^tools/deployment/component/horizon/.*$
+    vars:
+      osh_params:
+        openstack_release: victoria
+        container_distro_name: ubuntu
+        container_distro_version: focal
+      gate_scripts_relative_path: ../openstack-helm
+      gate_scripts:
+        - ./tools/deployment/common/install-packages.sh
+        - ./tools/gate/deploy-k8s.sh
+        - ./tools/deployment/common/setup-client.sh
+        - ./tools/deployment/component/common/ingress.sh
+        - ./tools/deployment/component/common/mariadb.sh
+        - ./tools/deployment/component/common/memcached.sh
+        - ./tools/deployment/component/common/rabbitmq.sh
+        - ./tools/deployment/component/keystone/keystone.sh
+        - ./tools/deployment/component/horizon/horizon.sh
+
 - job:
    name: openstack-helm-horizon-wallaby-ubuntu_focal
    parent: openstack-helm-chart-deploy
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -35,6 +35,7 @@
        # TODO(gagehugo): Fix and enable these job
        # - openstack-helm-compute-kit-xena-ubuntu_focal
        # - openstack-helm-compute-kit-yoga-ubuntu_focal
+        - openstack-helm-horizon-victoria-ubuntu_focal
        - openstack-helm-horizon-wallaby-ubuntu_focal
        - openstack-helm-keystone-ldap
    gate: