Deploy Placement
Run the Placement deployment Script bin/install-placement.sh
#!/bin/bash
pushd /opt/genestack/submodules/openstack-helm || exit
helm upgrade --install placement ./placement --namespace=openstack \
--namespace=openstack \
--timeout 120m \
-f /opt/genestack/base-helm-configs/placement/placement-helm-overrides.yaml \
-f /etc/genestack/helm-configs/placement/placement-helm-overrides.yaml \
--set endpoints.identity.auth.admin.password="$(kubectl --namespace openstack get secret keystone-admin -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.identity.auth.placement.password="$(kubectl --namespace openstack get secret placement-admin -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.oslo_db.auth.admin.password="$(kubectl --namespace openstack get secret mariadb -o jsonpath='{.data.root-password}' | base64 -d)" \
--set endpoints.oslo_db.auth.placement.password="$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)" \
--set endpoints.oslo_cache.auth.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
--set endpoints.oslo_db.auth.nova_api.password="$(kubectl --namespace openstack get secret nova-db-password -o jsonpath='{.data.password}' | base64 -d)" \
--set conf.placement.keystone_authtoken.memcache_secret_key="$(kubectl --namespace openstack get secret os-memcached -o jsonpath='{.data.memcache_secret_key}' | base64 -d)" \
--set conf.placement.placement_database.slave_connection="mysql+pymysql://placement:$(kubectl --namespace openstack get secret placement-db-password -o jsonpath='{.data.password}' | base64 -d)@mariadb-cluster-secondary.openstack.svc.cluster.local:3306/placement" \
--post-renderer /etc/genestack/kustomize/kustomize.sh \
--post-renderer-args placement/overlay "$@"
popd || exit
Custom Listeners
This step is not needed if all listeners were applied when the Gateway API was deployed
Example listener patch file found in /opt/genestack/etc/gateway-api/listeners
[
{
"op": "add",
"path": "/spec/listeners/-",
"value": {
"name": "placement-https",
"port": 443,
"protocol": "HTTPS",
"hostname": "placement.your.domain.tld",
"allowedRoutes": {
"namespaces": {
"from": "All"
}
},
"tls": {
"certificateRefs": [
{
"group": "",
"kind": "Secret",
"name": "placement-gw-tls-secret"
}
],
"mode": "Terminate"
}
}
}
]
Modify the Listener Patch
This example changes the placeholder domain to <YOUR_DOMAIN>. Review the gateway documentation
for more information on listener types.
mkdir -p /etc/genestack/gateway-api/listeners
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
/opt/genestack/etc/gateway-api/listeners/placement-https.json \
> /etc/genestack/gateway-api/listeners/placement-https.json
Apply the Listener Patch
kubectl patch -n nginx-gateway gateway flex-gateway \
--type='json' \
--patch-file /etc/genestack/gateway-api/listeners/placement-https.json
Custom Placement Routes
This step is not needed if all routes were applied when the Gateway API was deployed
A custom gateway route can be used when setting up the service. The custom route make it possible to for a domain like your.domain.tld to be used for the service.
Example routes file found in /opt/genestack/etc/gateway-api/routes
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: custom-placement-gateway-route
namespace: openstack
labels:
application: gateway-api
service: HTTPRoute
route: placement
spec:
parentRefs:
- name: flex-gateway
sectionName: placement-https
namespace: nginx-gateway
hostnames:
- "placement.your.domain.tld"
rules:
- backendRefs:
- name: placement-api
port: 8778
Modify the Placement Route
This example changes the placeholder domain to <YOUR_DOMAIN>. Review the gateway route documentation
for more information on route types.
mkdir -p /etc/genestack/gateway-api/routes
sed 's/your.domain.tld/<YOUR_DOMAIN>/g' \
/opt/genestack/etc/gateway-api/routes/custom-placement-gateway-route.yaml \
> /etc/genestack/gateway-api/routes/custom-placement-gateway-route.yaml