From 80bd2496d0b13b51112c7252ba232db1308439d1 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Mon, 16 Dec 2024 16:19:04 -0600 Subject: [PATCH] fix: push all of the custom route bits ops Based on new user feedback, it was determined that the custom route bits were confusing when bundled with the services. This change removes all of the custom entries and puts a general purpose doc into our ops guide. Signed-off-by: Kevin Carter --- docs/infrastructure-gateway-api-custom.md | 59 +++++++++ docs/infrastructure-gateway-api.md | 48 ++----- docs/openstack-barbican.md | 60 --------- docs/openstack-cinder.md | 60 --------- docs/openstack-compute-kit-neutron.md | 60 --------- docs/openstack-compute-kit-nova.md | 128 ------------------- docs/openstack-compute-kit-placement.md | 61 +-------- docs/openstack-glance.md | 60 --------- docs/openstack-gnocchi.md | 60 --------- docs/openstack-heat.md | 104 --------------- docs/openstack-keystone.md | 60 --------- docs/openstack-magnum.md | 60 --------- docs/openstack-octavia.md | 60 --------- docs/openstack-skyline.md | 60 --------- docs/rackspace-infrastructure-gateway-api.md | 25 ++++ mkdocs.yml | 3 + 16 files changed, 102 insertions(+), 866 deletions(-) create mode 100644 docs/infrastructure-gateway-api-custom.md create mode 100644 docs/rackspace-infrastructure-gateway-api.md diff --git a/docs/infrastructure-gateway-api-custom.md b/docs/infrastructure-gateway-api-custom.md new file mode 100644 index 00000000..0b1b999f --- /dev/null +++ b/docs/infrastructure-gateway-api-custom.md @@ -0,0 +1,59 @@ +# Custom Listeners + +!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" + +??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" + + ``` yaml + --8<-- "etc/gateway-api/listeners/-https.json" + ``` + +## Modify the Listener Patch + +This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) +for more information on listener types. + +``` shell +mkdir -p /etc/genestack/gateway-api/listeners +sed 's/your.domain.tld//g' \ + /opt/genestack/etc/gateway-api/listeners/-https.json \ + > /etc/genestack/gateway-api/listeners/-https.json +``` + +## Apply the Listener Patch + +``` shell +kubectl patch -n nginx-gateway gateway flex-gateway \ + --type='json' \ + --patch-file /etc/genestack/gateway-api/listeners/-https.json +``` + +## Custom Routes + +!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" + +A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. + +??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" + + ``` yaml + --8<-- "etc/gateway-api/routes/custom--gateway-route.yaml" + ``` + +## Modify the Route + +This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) +for more information on route types. + +``` shell +mkdir -p /etc/genestack/gateway-api/routes +sed 's/your.domain.tld//g' \ + /opt/genestack/etc/gateway-api/routes/custom--gateway-route.yaml \ + > /etc/genestack/gateway-api/routes/custom--gateway-route.yaml +``` + +#### Apply the Route + +``` shell +kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom--gateway-route.yaml +``` diff --git a/docs/infrastructure-gateway-api.md b/docs/infrastructure-gateway-api.md index 0b8582e6..d470c526 100644 --- a/docs/infrastructure-gateway-api.md +++ b/docs/infrastructure-gateway-api.md @@ -3,6 +3,18 @@ Gateway API is L4 and L7 layer routing project in Kubernetes. It represents next generation of k8s Ingress, LB and Service Mesh APIs. For more information on the project see: [Gateway API SIG.](https://gateway-api.sigs.k8s.io/) +!!! genestack + + For each externally exposed service, example: keystone endpoint, we have a GatewayAPI resource setup to use listeners on services with matching rules based on + hostname, for example `keystone.your.domain.tld`. When a request comes in to the f5 vip for this the vip is setup to pass the traffic to the Metallb + external vip address. Metallb then forwards the traffic to the appropriate service endpoint for the gateway controller which matches the hostname and passes the + traffic onto the right service. The same applies to internal services. Anything that matches `your.domain.tld` hostname can be considered internal and handled accordingly. + + ``` mermaid + flowchart LR + External --> External_VIP_Address --> MetalLB_VIP_Address --> Gateway_Service + ``` + ## Move from Ingress to Gateway APIs Since Gateway APIs are successor to Ingress Controllers there needs to be a one time migration from Ingress to GW API resources. @@ -284,42 +296,6 @@ kubectl apply -f /etc/genestack/gateway-api/gateway-prometheus.yaml At this point, flex-gateway has a listener pointed to the port 80 matching *.your.domain.tld hostname. The HTTPRoute resource configures routes for this gateway. Here, we match all path and simply pass any request from the matching hostname to kube-prometheus-stack-prometheus backend service. -## Example Implementation from Rackspace - -This example is not required and is only intended to show how Rackspace deploys specific gateway kustomization files. - -``` shell -kubectl kustomize /etc/genestack/kustomize/gateway/nginx-gateway-fabric | kubectl apply -f - -``` - -## Exposing Flex Services - -We have a requirement to expose a service - - 1. Internally for private consumption (Management and Administrative Services) - 2. Externally to customers (mostly Openstack services) - -![Flex Service Expose External with F5 Loadbalancer](assets/images/flexingress.png) - -For each externally exposed service, example: keystone endpoint, we have a GatewayAPI resource setup to use listeners on services with matching rules based on -hostname, for example `keystone.your.domain.tld`. When a request comes in to the f5 vip for this the vip is setup to pass the traffic to the Metallb -external vip address. Metallb then forwards the traffic to the appropriate service endpoint for the gateway controller which matches the hostname and passes the -traffic onto the right service. The same applies to internal services. Anything that matches `your.domain.tld` hostname can be considered internal and handled accordingly. - -``` mermaid -flowchart LR - External --> External_VIP_Address --> MetalLB_VIP_Address --> Gateway_Service -``` - -This setup can be expended to have multiple MetalLB VIPs with multiple Gateway Services listening on different IP addresses as required by your setup. - -!!! tip - - The metalLB speaker wont advertise the service if : - 1. There is no active endpoint backing the service - 2. There are no matching L2 or BGP speaker nodes - 3. If the service has external Traffic Policy set to local you need to have the running endpoint on the speaker node. - ## Cross Namespace Routing Gateway API has support for multi-ns and cross namespace routing. Routes can be deployed into different Namespaces and Routes can attach to Gateways across diff --git a/docs/openstack-barbican.md b/docs/openstack-barbican.md index 5926b7cf..9dcd6dc2 100644 --- a/docs/openstack-barbican.md +++ b/docs/openstack-barbican.md @@ -38,63 +38,3 @@ OpenStack Barbican is the dedicated security service within the OpenStack ecosys You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. - -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/barbican-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/barbican-https.json \ - > /etc/genestack/gateway-api/listeners/barbican-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/barbican-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-barbican-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-barbican-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-barbican-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-barbican-gateway-route.yaml -``` diff --git a/docs/openstack-cinder.md b/docs/openstack-cinder.md index e1d74572..df13df88 100644 --- a/docs/openstack-cinder.md +++ b/docs/openstack-cinder.md @@ -41,66 +41,6 @@ OpenStack Cinder is a core component of the OpenStack cloud computing platform, You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/cinder-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/cinder-https.json \ - > /etc/genestack/gateway-api/listeners/cinder-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/cinder-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-cinder-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-cinder-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-cinder-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-cinder-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629808.svg)](https://asciinema.org/a/629808) diff --git a/docs/openstack-compute-kit-neutron.md b/docs/openstack-compute-kit-neutron.md index c1c3d2cd..60724832 100644 --- a/docs/openstack-compute-kit-neutron.md +++ b/docs/openstack-compute-kit-neutron.md @@ -15,66 +15,6 @@ The above command derives the OVN north/south bound database from our K8S environment. The insert `set` is making the assumption we're using **tcp** to connect. -## Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/neutron-https.json" - ``` - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -### Modify the Listener Patch - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/neutron-https.json \ - > /etc/genestack/gateway-api/listeners/neutron-https.json -``` - -### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/neutron-https.json -``` - -## Custom Neutron Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-neutron-gateway-route.yaml" - ``` - -### Modify the Neutron Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-neutron-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-neutron-gateway-route.yaml -``` - -### Apply the Neutron Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-neutron-gateway-route.yaml -``` - ## Neutron MTU settings / Jumbo frames / overlay networks on instances !!! warning You will likely need to increase the MTU as described here if you want to support creating L3 overlay networks (via any software that creates nested networks, such as _Genestack_ itself, VPN, etc.) on your nova instances. Your physical L2 network will need jumbo frames to support this. You will likely end up with an MTU of 1280 for overlay networks on instances if you don't, and the abnormally small MTU can cause various problems, perhaps even reaching a size too small for the software to support). diff --git a/docs/openstack-compute-kit-nova.md b/docs/openstack-compute-kit-nova.md index fdd83719..d1b52db8 100644 --- a/docs/openstack-compute-kit-nova.md +++ b/docs/openstack-compute-kit-nova.md @@ -25,131 +25,3 @@ If running in an environment that doesn't have hardware virtualization extension You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. - -## Custom Nova Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/nova-https.json" - ``` - -### Modify the Nova Listener Patches - -This example changes the placeholder domain to ``. Review the [gateway listener documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -#### Nova Patch - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/nova-https.json \ - > /etc/genestack/gateway-api/listeners/nova-https.json -``` - -#### Novnc Patch - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/novnc-https.json \ - > /etc/genestack/gateway-api/listeners/novnc-https.json -``` - -#### Metadata Patch - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/metadata-https.json \ - > /etc/genestack/gateway-api/listeners/metadata-https.json -``` - -#### Apply the Nova Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/nova-https.json -``` - -#### Apply the Novnc Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/novnc-https.json -``` - -#### Apply the Metadata Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/metadata-https.json -``` - -## Custom Nova Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-nova-gateway-route.yaml" - ``` - -### Modifying the Nova Routes - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -#### Nova Route - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-nova-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-nova-gateway-route.yaml -``` - -#### Novnc Route - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-novnc-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-novnc-gateway-route.yaml -``` - -#### Metadata Route - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-metadata-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-metadata-gateway-route.yaml -``` - -#### Apply the Nova Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-nova-gateway-route.yaml -``` - -#### Apply the Novnc Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-novnc-gateway-route.yaml -``` - -#### Apply the Metadata Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-metadata-gateway-route.yaml -``` diff --git a/docs/openstack-compute-kit-placement.md b/docs/openstack-compute-kit-placement.md index e17f2a63..c51592c9 100644 --- a/docs/openstack-compute-kit-placement.md +++ b/docs/openstack-compute-kit-placement.md @@ -6,62 +6,7 @@ --8<-- "bin/install-placement.sh" ``` -## Custom Listeners +!!! tip -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/placement-https.json" - ``` - -### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/placement-https.json \ - > /etc/genestack/gateway-api/listeners/placement-https.json -``` - -### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/placement-https.json -``` - -## Custom Placement Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-placement-gateway-route.yaml" - ``` - -### Modify the Placement Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-placement-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-placement-gateway-route.yaml -``` - -### Apply the Placement Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-placement-gateway-route.yaml -``` + You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. + In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. diff --git a/docs/openstack-glance.md b/docs/openstack-glance.md index 7da31b92..b1e6ea58 100644 --- a/docs/openstack-glance.md +++ b/docs/openstack-glance.md @@ -53,66 +53,6 @@ OpenStack Glance is the image service within the OpenStack ecosystem, responsibl kubectl --namespace openstack exec -ti openstack-admin-client -- openstack image list ``` -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/glance-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway listener documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/glance-https.json \ - > /etc/genestack/gateway-api/listeners/glance-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/glance-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-glance-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-glance-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-glance-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-glance-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629806.svg)](https://asciinema.org/a/629806) diff --git a/docs/openstack-gnocchi.md b/docs/openstack-gnocchi.md index 8d4defdb..42311db7 100644 --- a/docs/openstack-gnocchi.md +++ b/docs/openstack-gnocchi.md @@ -155,66 +155,6 @@ gnocchi-metricd). You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/gnocchi-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/gnocchi-https.json \ - > /etc/genestack/gateway-api/listeners/gnocchi-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/gnocchi-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-keystone-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-gnocchi-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-gnocchi-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-gnocchi-gateway-route.yaml -``` - ## Validate the metric endpoint ### Pip install gnocchiclient and python-ceilometerclient diff --git a/docs/openstack-heat.md b/docs/openstack-heat.md index 2a8372e5..9993b35c 100644 --- a/docs/openstack-heat.md +++ b/docs/openstack-heat.md @@ -53,110 +53,6 @@ OpenStack Heat is the orchestration service within the OpenStack ecosystem, desi kubectl --namespace openstack exec -ti openstack-admin-client -- openstack --os-interface internal orchestration service list ``` -### Custom Heat Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/heat-https.json" - ``` - -#### Modify the Heat Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/heat-https.json \ - > /etc/genestack/gateway-api/listeners/heat-https.json -``` - -#### Apply the Heat Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/heat-https.json -``` - -### Custom Cloudformation Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/cloudformation-https.json" - ``` - -#### Modify the Cloudformation Listener Patch - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/cloudformation-https.json \ - > /etc/genestack/gateway-api/listeners/cloudformation-https.json -``` - -#### Apply the Cloudformation Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/cloudformation-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-heat-gateway-route.yaml" - ``` - -#### Modifying the Routes - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -##### Heat Route - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-heat-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-heat-gateway-route.yaml -``` - -##### Cloudformation Route - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-cloudformation-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-cloudformation-gateway-route.yaml -``` - -#### Apply the Heat Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-heat-gateway-route.yaml -``` - -#### Apply the Cloudformation Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-cloudformation-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629807.svg)](https://asciinema.org/a/629807) diff --git a/docs/openstack-keystone.md b/docs/openstack-keystone.md index 04b7df46..8e38fdf4 100644 --- a/docs/openstack-keystone.md +++ b/docs/openstack-keystone.md @@ -59,66 +59,6 @@ kubectl --namespace openstack apply -f /etc/genestack/manifests/utils/utils-open kubectl --namespace openstack exec -ti openstack-admin-client -- openstack user list ``` -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/keystone-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway listener documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/keystone-https.json \ - > /etc/genestack/gateway-api/listeners/keystone-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/keystone-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-keystone-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-keystone-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-keystone-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-keystone-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629802.svg)](https://asciinema.org/a/629802) diff --git a/docs/openstack-magnum.md b/docs/openstack-magnum.md index 337f4241..c9b20957 100644 --- a/docs/openstack-magnum.md +++ b/docs/openstack-magnum.md @@ -42,63 +42,3 @@ OpenStack Magnum is the container orchestration service within the OpenStack eco You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. - -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/magnum-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/magnum-https.json \ - > /etc/genestack/gateway-api/listeners/magnum-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/magnum-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-magnum-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-magnum-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-magnum-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-magnum-gateway-route.yaml -``` diff --git a/docs/openstack-octavia.md b/docs/openstack-octavia.md index bc02da98..515ccd0d 100644 --- a/docs/openstack-octavia.md +++ b/docs/openstack-octavia.md @@ -43,66 +43,6 @@ OpenStack Octavia is the load balancing service within the OpenStack ecosystem, You may need to provide custom values to configure your openstack services, for a simple single region or lab deployment you can supply an additional overrides flag using the example found at `base-helm-configs/aio-example-openstack-overrides.yaml`. In other cases such as a multi-region deployment you may want to view the [Multi-Region Support](multi-region-support.md) guide to for a workflow solution. -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/octavia-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/octavia-https.json \ - > /etc/genestack/gateway-api/listeners/octavia-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/octavia-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-octavia-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-octavia-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-octavia-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-octavia-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629814.svg)](https://asciinema.org/a/629814) diff --git a/docs/openstack-skyline.md b/docs/openstack-skyline.md index db33455b..6c9242ab 100644 --- a/docs/openstack-skyline.md +++ b/docs/openstack-skyline.md @@ -50,66 +50,6 @@ OpenStack Skyline is the next-generation web-based dashboard designed to provide kubectl --namespace openstack apply -k /etc/genestack/kustomize/skyline/overlay ``` -### Custom Listeners - -!!! note "This step is not needed if all listeners were applied when the Gateway API was deployed" - -??? abstract "Example listener patch file found in `/opt/genestack/etc/gateway-api/listeners`" - - ``` yaml - --8<-- "etc/gateway-api/listeners/skyline-https.json" - ``` - -#### Modify the Listener Patch - -This example changes the placeholder domain to ``. Review the [gateway documentation](https://gateway-api.sigs.k8s.io/api-types/gateway) -for more information on listener types. - -``` shell -mkdir -p /etc/genestack/gateway-api/listeners -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/listeners/skyline-https.json \ - > /etc/genestack/gateway-api/listeners/skyline-https.json -``` - -#### Apply the Listener Patch - -``` shell -kubectl patch -n nginx-gateway gateway flex-gateway \ - --type='json' \ - --patch-file /etc/genestack/gateway-api/listeners/skyline-https.json -``` - -### Custom Routes - -!!! note "This step is not needed if all routes were applied when the Gateway API was deployed" - -A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like `your.domain.tld` to be used for the service. - -??? abstract "Example routes file found in `/opt/genestack/etc/gateway-api/routes`" - - ``` yaml - --8<-- "etc/gateway-api/routes/custom-skyline-gateway-route.yaml" - ``` - -#### Modify the Route - -This example changes the placeholder domain to ``. Review the [gateway route documentation](https://gateway-api.sigs.k8s.io/api-types/httproute) -for more information on route types. - -``` shell -mkdir -p /etc/genestack/gateway-api/routes -sed 's/your.domain.tld//g' \ - /opt/genestack/etc/gateway-api/routes/custom-skyline-gateway-route.yaml \ - > /etc/genestack/gateway-api/routes/custom-skyline-gateway-route.yaml -``` - -#### Apply the Route - -``` shell -kubectl --namespace openstack apply -f /etc/genestack/gateway-api/routes/custom-skyline-gateway-route.yaml -``` - ## Demo [![asciicast](https://asciinema.org/a/629816.svg)](https://asciinema.org/a/629816) diff --git a/docs/rackspace-infrastructure-gateway-api.md b/docs/rackspace-infrastructure-gateway-api.md new file mode 100644 index 00000000..23b62cf0 --- /dev/null +++ b/docs/rackspace-infrastructure-gateway-api.md @@ -0,0 +1,25 @@ +# Example Implementation from Rackspace + +This example is not required and is only intended to show how Rackspace deploys specific gateway kustomization files. + +``` shell +kubectl kustomize /etc/genestack/kustomize/gateway/nginx-gateway-fabric | kubectl apply -f - +``` + +## Exposing Flex Services + +We have a requirement to expose a service + + 1. Internally for private consumption (Management and Administrative Services) + 2. Externally to customers (mostly Openstack services) + +![Flex Service Expose External with F5 Loadbalancer](assets/images/flexingress.png) + +This setup can be expended to have multiple MetalLB VIPs with multiple Gateway Services listening on different IP addresses as required by your setup. + +!!! tip + + The metalLB speaker wont advertise the service if : + 1. There is no active endpoint backing the service + 2. There are no matching L2 or BGP speaker nodes + 3. If the service has external Traffic Policy set to local you need to have the running endpoint on the speaker node. diff --git a/mkdocs.yml b/mkdocs.yml index 9e5bd3cb..abb1e031 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -255,6 +255,9 @@ nav: - Updating Kube OVN to OpenStack Configuration: ovn-kube-ovn-openstack.md - MariaDB: - Operations: infrastructure-mariadb-ops.md + - Gateway API: + - Custom Routes: infrastructure-gateway-api-custom.md + - Rackspace Example Gateway Overview: rackspace-infrastructure-gateway-api.md - Observability: - Observability Overview: observability-info.md - Monitoring Overview: monitoring-info.md