[ATMOSPHERE-544] feat: Add octavia amphorav2 support

.charts.yml

@@ -160,13 +160,13 @@ charts:
           - 899809
           - 904250
   - name: octavia
-    version: 0.2.9
+    version: 0.2.14
     repository: *openstack_helm_repository
     dependencies: *openstack_helm_dependencies
     patches:
       gerrit:
         review.opendev.org:
-          - 899918
+          - 918447
   - name: openvswitch
     version: 0.1.24
     repository: *openstack_helm_infra_repository
@@ -199,6 +199,10 @@ charts:
     version: 4.3.6
     repository:
       url: https://charts.bitnami.com/bitnami
+  - name: redis
+    version: 20.2.1
+    repository:
+      url: https://charts.bitnami.com/bitnami
   - name: rook-ceph
     version: 1.14.5
     repository:

charts/octavia/Chart.yaml

@@ -9,4 +9,4 @@ name: octavia
 sources:
 - https://opendev.org/openstack/octavia
 - https://opendev.org/openstack/openstack-helm
-version: 0.2.9
+version: 0.2.14

charts/octavia/templates/bin/_db-sync.sh.tpl

@@ -19,3 +19,5 @@ limitations under the License.
 set -ex
 
 octavia-db-manage upgrade head
+
+octavia-db-manage upgrade_persistence

charts/octavia/templates/configmap-etc.yaml

@@ -84,6 +84,18 @@ limitations under the License.
 {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}
 {{- end -}}
 
+{{- if empty .Values.conf.octavia.task_flow.persistence_connection -}}
+{{- $_ := tuple "oslo_db_presistence" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.task_flow "persistence_connection" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_port -}}
+{{- $_ := tuple "redis" "service" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_port" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_hosts -}}
+{{- $_ := tuple "redis" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_hosts" -}}
+{{- end -}}
+
 {{- if empty .Values.conf.octavia.DEFAULT.transport_url -}}
 {{- $_ := tuple "oslo_messaging" "internal" "octavia" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.octavia.DEFAULT "transport_url" -}}
 {{- end -}}

charts/octavia/templates/daemonset-health-manager.yaml

@@ -45,6 +45,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "octavia_health_manager" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       dnsPolicy: ClusterFirstWithHostNet
@@ -154,7 +155,7 @@ spec:
 {{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "health_manager" -}}
 {{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
 
-{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{ tuple $envAll "health_manager" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "octavia.health_manager.daemonset" | toString | fromYaml }}
 {{- $configmap_yaml := "octavia.configmap.etc" }}
 {{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}

charts/octavia/templates/deployment-api.yaml

@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "octavia_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       affinity:

charts/octavia/templates/deployment-housekeeping.yaml

@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "octavia_housekeeping" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       dnsPolicy: ClusterFirstWithHostNet

charts/octavia/templates/deployment-worker.yaml

@@ -44,6 +44,7 @@ spec:
       annotations:
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "octavia_worker" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
     spec:
       serviceAccountName: {{ $serviceAccountName }}
       dnsPolicy: ClusterFirstWithHostNet

charts/octavia/templates/job-db-drop.yaml

@@ -15,6 +15,10 @@ limitations under the License.
 */}}
 
 {{- if .Values.manifests.job_db_drop }}
-{{- $dbDropJob := dict "envAll" . "serviceName" "octavia" -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToDrop := list $dbSvc $dbPersist }}
+{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbsToDrop" $dbsToDrop -}}
 {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
 {{- end }}

charts/octavia/templates/job-db-init.yaml

@@ -20,6 +20,13 @@ helm.sh/hook-weight: "-5"
 {{- end }}
 
 {{- if .Values.manifests.job_db_init }}
-{{- $dbInitJob := dict "envAll" . "serviceName" "octavia" "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToInit := list $dbSvc $dbPersist }}
+{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
+{{- if .Values.helm3_hook }}
+{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
+{{- end }}
 {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
 {{- end }}

charts/octavia/templates/secret-db-persistence.yaml

@@ -0,0 +1,30 @@
+{{/*
+Copyright 2024 Vexxhost Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_db_presistence }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "octavia" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db_presistence $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+  DB_CONNECTION: {{ tuple "oslo_db_presistence" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
+{{- end }}
+{{- end }}

charts/octavia/templates/secret-db.yaml

@@ -23,6 +23,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $secretName }}
+  annotations:
+{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
 type: Opaque
 data:
   DB_CONNECTION: {{ tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}

charts/octavia/templates/secret-keystone.yaml

@@ -23,6 +23,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $secretName }}
+  annotations:
+{{ tuple "identity" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
 type: Opaque
 data:
 {{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}

charts/octavia/templates/secret-rabbitmq.yaml

@@ -23,6 +23,8 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ $secretName }}
+  annotations:
+{{ tuple "oslo_messaging" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
 type: Opaque
 data:
   RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}

charts/octavia/values.yaml

@@ -40,14 +40,14 @@ labels:
 images:
   tags:
     test: docker.io/xrally/xrally-openstack:2.0.0
-    bootstrap: docker.io/openstackhelm/heat:ocata
-    db_init: docker.io/openstackhelm/heat:ocata
+    bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+    db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
     octavia_db_sync: docker.io/loci/octavia:master-ubuntu
-    db_drop: docker.io/openstackhelm/heat:ocata
-    rabbit_init: docker.io/rabbitmq:3.7-management
-    ks_user: docker.io/openstackhelm/heat:ocata
-    ks_service: docker.io/openstackhelm/heat:ocata
-    ks_endpoints: docker.io/openstackhelm/heat:ocata
+    db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+    rabbit_init: docker.io/rabbitmq:3.13-management
+    ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+    ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+    ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
     image_repo_sync: docker.io/docker:17.07.0
     octavia_api: docker.io/loci/octavia:master-ubuntu
@@ -106,6 +106,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -123,6 +125,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -142,6 +146,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -161,6 +167,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -175,12 +183,16 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
     db_sync:
       jobs:
         - octavia-db-init
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
     ks_endpoints:
       jobs:
         - octavia-ks-service
@@ -211,6 +223,8 @@ conf:
     api_settings:
       api_handler: queue_producer
       bind_host: 0.0.0.0
+      default_provider_driver: amphorav2
+      enabled_provider_drivers: amphorav2:'The v2 amphora driver.',amphora:'The Octavia Amphora driver.',octavia:'Deprecated name of Amphora driver.'
     database:
       max_retries: -1
     health_manager:
@@ -259,6 +273,11 @@ conf:
       cafile: ""
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+    task_flow:
+      jobboard_enabled: true
+      jobboard_backend_driver: 'redis_taskflow_driver'
+      jobboard_backend_namespace: 'octavia_jobboard'
+      jobboard_expiration_time: 100
   logging:
     loggers:
       keys:
@@ -362,6 +381,9 @@ secrets:
   oslo_db:
     admin: octavia-db-admin
     octavia: octavia-db-user
+  oslo_db_presistence:
+    admin: octavia-presistence-db-admin
+    octavia: octavia-presistence-db-user
   oslo_messaging:
     admin: octavia-rabbitmq-admin
     octavia: octavia-rabbitmq-user
@@ -472,6 +494,23 @@ endpoints:
     port:
       mysql:
         default: 3306
+  oslo_db_presistence:
+    auth:
+      admin:
+        username: root
+        password: password
+      octavia:
+        username: octavia
+        password: password
+    hosts:
+      default: mariadb
+    host_fqdn_override:
+      default: null
+    path: /octavia_persistence
+    scheme: mysql+pymysql
+    port:
+      mysql:
+        default: 3306
   oslo_cache:
     auth:
       # NOTE(portdirect): this is used to define the value for keystone
@@ -524,6 +563,19 @@ endpoints:
       api:
         default: 9696
         public: 80
+  redis:
+    name: redis
+    hosts:
+      default: redis
+    host_fqdn_override:
+      default: null
+    path:
+      default: null
+    scheme:
+      default: 'http'
+    port:
+      server:
+        default: 6379
 
 pod:
   user:
@@ -692,6 +744,10 @@ network_policy:
     ingress:
       - {}
 
+# NOTE(helm_hook): helm_hook might break for helm2 binary.
+# set helm3_hook: false when using the helm2 binary.
+helm3_hook: true
+
 manifests:
   configmap_bin: true
   configmap_etc: true
@@ -714,6 +770,7 @@ manifests:
   network_policy: false
   secret_credential_keys: true
   secret_db: true
+  secret_db_presistence: true
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true

charts/octavia/values_overrides/annotations.yaml

@@ -0,0 +1,22 @@
+---
+annotations:
+  pod:
+    default:
+      custom.tld/key: "value"
+      custom.tld/key2: "value2"
+    octavia_api:
+      another.tld/foo: "bar"
+  secret:
+    default:
+      custom.tld/key: "value"
+      custom.tld/key2: "value2"
+    identity:
+      admin:
+        another.tld/foo: "bar"
+    oci_image_registry:
+      octavia:
+        custom.tld/key: "value"
+    tls:
+      load_balancer_api_public:
+        custom.tld/key: "value"
+...