fix: push all of the custom route bits ops

Based on new user feedback, it was determined that the custom route bits were confusing when bundled with the services. This change removes all of the custom entries and puts a general purpose doc into our ops guide. Signed-off-by: Kevin Carter <[email protected]>
rackerlabs · Dec 16, 2024 · 80bd249 · 80bd249
1 parent 94422ce
commit 80bd249
Show file tree

Hide file tree

Showing 16 changed files with 102 additions and 866 deletions.
diff --git a/docs/infrastructure-gateway-api-custom.md b/docs/infrastructure-gateway-api-custom.md
@@ -0,0 +1,59 @@
+# Custom Listeners
+
+!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed"
+
+??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`"
+
+    ``` yaml
+    --8<-- "etc/gateway-api/listeners/<SERVICE_NAME>-https.json"
+    ```
+
+## Modify the Listener Patch
+
+This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway)
+for more information on listener types.
+
+``` shell
+mkdir -p /etc/genestack/gateway-api/listeners
+sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
+    /opt/genestack/etc/gateway-api/listeners/<SERVICE_NAME>-https.json \
+    > /etc/genestack/gateway-api/listeners/<SERVICE_NAME>-https.json
+```
+
+## Apply the Listener Patch
+
+``` shell
+kubectl patch -n nginx-gateway gateway flex-gateway \
+              --type='json' \
+              --patch-file /etc/genestack/gateway-api/listeners/<SERVICE_NAME>-https.json
+```
+
+## Custom Routes
+
+!!! note "This step is not needed if all routes were applied when the Gateway API was deployed"
+
+A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service.
+
+??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`"
+
+    ``` yaml
+    --8<-- "etc/gateway-api/routes/custom-<SERVICE_NAME>-gateway-route.yaml"
+    ```
+
+## Modify the Route
+
+This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute)
+for more information on route types.
+
+``` shell
+mkdir -p /etc/genestack/gateway-api/routes
+sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
+    /opt/genestack/etc/gateway-api/routes/custom-<SERVICE_NAME>-gateway-route.yaml \
+    > /etc/genestack/gateway-api/routes/custom-<SERVICE_NAME>-gateway-route.yaml
+```
+
+#### Apply the Route
+
+``` shell
+kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-<SERVICE_NAME>-gateway-route.yaml
+```
diff --git a/docs/infrastructure-gateway-api.md b/docs/infrastructure-gateway-api.md
@@ -3,6 +3,18 @@
 Gateway API is L4 and L7 layer routing project in Kubernetes. It represents next generation of k8s Ingress, LB and Service Mesh APIs.
 For more information on the project see: [Gateway API SIG.](https://gateway-api.sigs.k8s.io/)
 
+!!! genestack
+
+    For each externally exposed service, example: keystone endpoint, we have a GatewayAPI resource setup to use listeners on services with matching rules based on
+    hostname, for example `keystone.your.domain.tld`. When a request comes in to the f5 vip for this the vip is setup to pass the traffic to the Metallb
+    external vip address. Metallb then forwards the traffic to the appropriate service endpoint for the gateway controller which matches the hostname and passes the
+    traffic onto the right service. The same applies to internal services. Anything that matches `your.domain.tld` hostname can be considered internal and handled accordingly.
+
+    ``` mermaid
+    flowchart LR
+        External --> External_VIP_Address --> MetalLB_VIP_Address --> Gateway_Service
+    ```
+
 ## Move from Ingress to Gateway APIs
 
 Since Gateway APIs are successor to Ingress Controllers there needs to be a one time migration from Ingress to GW API resources.
@@ -284,42 +296,6 @@ kubectl apply -f /etc/genestack/gateway-api/gateway-prometheus.yaml
 At this point, flex-gateway has a listener pointed to the port 80 matching *.your.domain.tld hostname. The HTTPRoute resource configures routes
 for this gateway. Here, we match all path and simply pass any request from the matching hostname to kube-prometheus-stack-prometheus backend service.
 
-## Example Implementation from Rackspace
-
-This example is not required and is only intended to show how Rackspace deploys specific gateway kustomization files.
-
-``` shell
-kubectl kustomize /etc/genestack/kustomize/gateway/nginx-gateway-fabric | kubectl apply -f -
-```
-
-## Exposing Flex Services
-
-We have a requirement to expose a service
-
- 1. Internally for private consumption (Management and Administrative Services)
- 2. Externally to customers (mostly Openstack services)
-
-![Flex Service Expose External with F5 Loadbalancer](assets/images/flexingress.png)
-
-For each externally exposed service, example: keystone endpoint, we have a GatewayAPI resource setup to use listeners on services with matching rules based on
-hostname, for example `keystone.your.domain.tld`. When a request comes in to the f5 vip for this the vip is setup to pass the traffic to the Metallb
-external vip address. Metallb then forwards the traffic to the appropriate service endpoint for the gateway controller which matches the hostname and passes the
-traffic onto the right service. The same applies to internal services. Anything that matches `your.domain.tld` hostname can be considered internal and handled accordingly.
-
-``` mermaid
-flowchart LR
-    External --> External_VIP_Address --> MetalLB_VIP_Address --> Gateway_Service
-```
-
-This setup can be expended to have multiple MetalLB VIPs with multiple Gateway Services listening on different IP addresses as required by your setup.
-
-!!! tip
-
-    The metalLB speaker wont advertise the service if :
-    1. There is no active endpoint backing the service
-    2. There are no matching L2 or BGP speaker nodes
-    3. If the service has external Traffic Policy set to local you need to have the running endpoint on the speaker node.
-
 ## Cross Namespace Routing
 
 Gateway API has support for multi-ns and cross namespace routing. Routes can be deployed into different Namespaces and Routes can attach to Gateways across

diff --git a/docs/openstack-barbican.md b/docs/openstack-barbican.md
@@ -38,63 +38,3 @@ OpenStack Barbican is the dedicated security service within the OpenStack ecosys
 
     You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`.
     In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution.
-
-### Custom Listeners
-
-!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed"
-
-??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/listeners/barbican-https.json"
-    ```
-
-#### Modify the Listener Patch
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway)
-for more information on listener types.
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/listeners
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/listeners/barbican-https.json \
-    > /etc/genestack/gateway-api/listeners/barbican-https.json
-```
-
-#### Apply the Listener Patch
-
-``` shell
-kubectl patch -n nginx-gateway gateway flex-gateway \
-              --type='json' \
-              --patch-file /etc/genestack/gateway-api/listeners/barbican-https.json
-```
-
-### Custom Routes
-
-!!! note "This step is not needed if all routes were applied when the Gateway API was deployed"
-
-A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service.
-
-??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/routes/custom-barbican-gateway-route.yaml"
-    ```
-
-#### Modify the Route
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute)
-for more information on route types.
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/routes
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/routes/custom-barbican-gateway-route.yaml \
-    > /etc/genestack/gateway-api/routes/custom-barbican-gateway-route.yaml
-```
-
-#### Apply the Route
-
-``` shell
-kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-barbican-gateway-route.yaml
-```
diff --git a/docs/openstack-cinder.md b/docs/openstack-cinder.md
@@ -41,66 +41,6 @@ OpenStack Cinder is a core component of the OpenStack cloud computing platform,
     You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`.
     In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution.
 
-### Custom Listeners
-
-!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed"
-
-??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/listeners/cinder-https.json"
-    ```
-
-#### Modify the Listener Patch
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway)
-for more information on listener types.
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/listeners
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/listeners/cinder-https.json \
-    > /etc/genestack/gateway-api/listeners/cinder-https.json
-```
-
-#### Apply the Listener Patch
-
-``` shell
-kubectl patch -n nginx-gateway gateway flex-gateway \
-              --type='json' \
-              --patch-file /etc/genestack/gateway-api/listeners/cinder-https.json
-```
-
-### Custom Routes
-
-!!! note "This step is not needed if all routes were applied when the Gateway API was deployed"
-
-A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service.
-
-??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/routes/custom-cinder-gateway-route.yaml"
-    ```
-
-#### Modify the Route
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute)
-for more information on route types.
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/routes
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/routes/custom-cinder-gateway-route.yaml \
-    > /etc/genestack/gateway-api/routes/custom-cinder-gateway-route.yaml
-```
-
-#### Apply the Route
-
-``` shell
-kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-cinder-gateway-route.yaml
-```
-
 ## Demo
 
 [![asciicast](https://asciinema.org/a/629808.svg)](https://asciinema.org/a/629808)
diff --git a/docs/openstack-compute-kit-neutron.md b/docs/openstack-compute-kit-neutron.md
@@ -15,66 +15,6 @@
 
     The above command derives the OVN north/south bound database from our K8S environment. The insert `set` is making the assumption we're using **tcp** to connect.
 
-## Custom Listeners
-
-!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed"
-
-??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/listeners/neutron-https.json"
-    ```
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway)
-for more information on listener types.
-
-### Modify the Listener Patch
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/listeners
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/listeners/neutron-https.json \
-    > /etc/genestack/gateway-api/listeners/neutron-https.json
-```
-
-### Apply the Listener Patch
-
-``` shell
-kubectl patch -n nginx-gateway gateway flex-gateway \
-              --type='json' \
-              --patch-file /etc/genestack/gateway-api/listeners/neutron-https.json
-```
-
-## Custom Neutron Routes
-
-!!! note "This step is not needed if all routes were applied when the Gateway API was deployed"
-
-A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service.
-
-??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`"
-
-    ``` yaml
-    --8<-- "etc/gateway-api/routes/custom-neutron-gateway-route.yaml"
-    ```
-
-### Modify the Neutron Route
-
-This example changes the placeholder domain to `<YOUR_DOMAIN>`. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute)
-for more information on route types.
-
-``` shell
-mkdir -p /etc/genestack/gateway-api/routes
-sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
-    /opt/genestack/etc/gateway-api/routes/custom-neutron-gateway-route.yaml \
-    > /etc/genestack/gateway-api/routes/custom-neutron-gateway-route.yaml
-```
-
-### Apply the Neutron Route
-
-``` shell
-kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-neutron-gateway-route.yaml
-```
-
 ## Neutron MTU settings / Jumbo frames / overlay networks on instances
 
 !!! warning You will likely need to increase the MTU as described here if you want to support creating L3 overlay networks (via any software that creates nested networks, such as _Genestack_ itself, VPN, etc.) on your nova instances. Your physical L2 network will need jumbo frames to support this. You will likely end up with an MTU of 1280 for overlay networks on instances if you don't, and the abnormally small MTU can cause various problems, perhaps even reaching a size too small for the software to support).