From 0808cf5198f6f7b8fdc29905c536d3e8ffa333d2 Mon Sep 17 00:00:00 2001
From: Hyunsun Moon <hyunsun.moon@gmail.com>
Date: Thu, 2 Nov 2017 14:37:09 +0900
Subject: [PATCH] Add option to set external policy to local for openstack
 services

External traffic policy "local" would be preffered when openstack
service is accessed from external via node port. This option has an
effect only when service node port is enabled.

Change-Id: Ic68cfc59dc39dc842d4790deffa70efe433dd7a6
---
 barbican/templates/service-api.yaml    | 3 +++
 barbican/values.yaml                   | 1 +
 cinder/templates/service-api.yaml      | 3 +++
 cinder/values.yaml                     | 1 +
 glance/templates/service-api.yaml      | 3 +++
 glance/templates/service-registry.yaml | 3 +++
 glance/values.yaml                     | 2 ++
 gnocchi/templates/service-api.yaml     | 3 +++
 gnocchi/values.yaml                    | 1 +
 heat/templates/service-api.yaml        | 3 +++
 heat/values.yaml                       | 1 +
 horizon/templates/service.yaml         | 9 ++++++---
 horizon/values.yaml                    | 8 +++++---
 keystone/templates/service-api.yaml    | 3 +++
 keystone/values.yaml                   | 1 +
 magnum/templates/service-api.yaml      | 3 +++
 magnum/values.yaml                     | 1 +
 neutron/templates/service-server.yaml  | 3 +++
 neutron/values.yaml                    | 1 +
 nova/templates/service-metadata.yaml   | 3 +++
 nova/templates/service-osapi.yaml      | 3 +++
 nova/values.yaml                       | 2 ++
 22 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/barbican/templates/service-api.yaml b/barbican/templates/service-api.yaml
index f1136723..2bdebdd4 100644
--- a/barbican/templates/service-api.yaml
+++ b/barbican/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 465635c9..136ee17d 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -134,6 +134,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 39486
diff --git a/cinder/templates/service-api.yaml b/cinder/templates/service-api.yaml
index c1f9aee8..a009e764 100644
--- a/cinder/templates/service-api.yaml
+++ b/cinder/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/cinder/values.yaml b/cinder/values.yaml
index 3ff3d439..04c83e8c 100644
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@@ -195,6 +195,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30877
diff --git a/glance/templates/service-api.yaml b/glance/templates/service-api.yaml
index a2daba3f..a234ab47 100644
--- a/glance/templates/service-api.yaml
+++ b/glance/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/glance/templates/service-registry.yaml b/glance/templates/service-registry.yaml
index ba98f5fa..72c89140 100644
--- a/glance/templates/service-registry.yaml
+++ b/glance/templates/service-registry.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "glance" "registry" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.registry.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.registry.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/glance/values.yaml b/glance/values.yaml
index 328db970..376e8814 100644
--- a/glance/values.yaml
+++ b/glance/values.yaml
@@ -275,12 +275,14 @@ network:
     ingress:
       public: true
       proxy_body_size: 1024M
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30092
   registry:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30091
diff --git a/gnocchi/templates/service-api.yaml b/gnocchi/templates/service-api.yaml
index d637e3a1..16ff31c8 100644
--- a/gnocchi/templates/service-api.yaml
+++ b/gnocchi/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/gnocchi/values.yaml b/gnocchi/values.yaml
index fc8d1f1f..bb76e599 100644
--- a/gnocchi/values.yaml
+++ b/gnocchi/values.yaml
@@ -27,6 +27,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 8041
diff --git a/heat/templates/service-api.yaml b/heat/templates/service-api.yaml
index 2a247841..380027d4 100644
--- a/heat/templates/service-api.yaml
+++ b/heat/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "heat" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/heat/values.yaml b/heat/values.yaml
index d13e96f3..518d5ba2 100644
--- a/heat/values.yaml
+++ b/heat/values.yaml
@@ -221,6 +221,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30004
diff --git a/horizon/templates/service.yaml b/horizon/templates/service.yaml
index 05b604c9..121b3b4c 100644
--- a/horizon/templates/service.yaml
+++ b/horizon/templates/service.yaml
@@ -23,9 +23,9 @@ metadata:
   name: {{ tuple "dashboard" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
   ports:
-    {{ if .Values.network.enable_node_port }}
+    {{ if .Values.network.node_port.enabled }}
     - name: http
-      nodePort: {{ .Values.network.node_port }}
+      nodePort: {{ .Values.network.node_port.port }}
       port: {{ .Values.network.port }}
       protocol: TCP
       targetPort: {{ .Values.network.port }}
@@ -37,7 +37,10 @@ spec:
     {{ end }}
   selector:
 {{ tuple $envAll "horizon" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-  {{ if .Values.network.enable_node_port }}
+  {{ if .Values.network.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/horizon/values.yaml b/horizon/values.yaml
index 91184890..d1d1d47a 100644
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@@ -33,11 +33,13 @@ labels:
   node_selector_value: enabled
 
 network:
+  port: 80
   ingress:
     public: true
-  port: 80
-  node_port: 31000
-  enable_node_port: false
+  external_policy_local: false
+  node_port:
+    enabled: false
+    port: 31000
 
 # Use "True" and "False" as Titlecase strings with quotes, boolean
 # values will not work
diff --git a/keystone/templates/service-api.yaml b/keystone/templates/service-api.yaml
index 28238ca4..f66e3f03 100644
--- a/keystone/templates/service-api.yaml
+++ b/keystone/templates/service-api.yaml
@@ -37,5 +37,8 @@ spec:
 {{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if or (.Values.network.api.node_port.enabled) (.Values.network.admin.node_port.enabled) }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index a6fb4b7a..d520c3b9 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -53,6 +53,7 @@ network:
     port: 80
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30500
diff --git a/magnum/templates/service-api.yaml b/magnum/templates/service-api.yaml
index 2e6ca654..f401f0cc 100644
--- a/magnum/templates/service-api.yaml
+++ b/magnum/templates/service-api.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "magnum" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.api.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.api.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/magnum/values.yaml b/magnum/values.yaml
index 5b5c7cc9..dfd24aaa 100644
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@@ -115,6 +115,7 @@ network:
   api:
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30511
diff --git a/neutron/templates/service-server.yaml b/neutron/templates/service-server.yaml
index 136418e7..c7287eeb 100644
--- a/neutron/templates/service-server.yaml
+++ b/neutron/templates/service-server.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.server.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.server.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index b6fe3f2c..a9b94416 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -91,6 +91,7 @@ network:
     port: 9696
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30096
diff --git a/nova/templates/service-metadata.yaml b/nova/templates/service-metadata.yaml
index 481e1ed5..7262db80 100644
--- a/nova/templates/service-metadata.yaml
+++ b/nova/templates/service-metadata.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.metadata.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.metadata.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/nova/templates/service-osapi.yaml b/nova/templates/service-osapi.yaml
index cc1fa824..6214a195 100644
--- a/nova/templates/service-osapi.yaml
+++ b/nova/templates/service-osapi.yaml
@@ -32,5 +32,8 @@ spec:
 {{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
   {{ if .Values.network.osapi.node_port.enabled }}
   type: NodePort
+  {{ if .Values.network.osapi.external_policy_local }}
+  externalTrafficPolicy: Local
+  {{ end }}
   {{ end }}
 {{- end }}
diff --git a/nova/values.yaml b/nova/values.yaml
index f7541d42..85745467 100644
--- a/nova/values.yaml
+++ b/nova/values.yaml
@@ -109,6 +109,7 @@ network:
     port: 8774
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30774
@@ -118,6 +119,7 @@ network:
     port: 8775
     ingress:
       public: true
+    external_policy_local: false
     node_port:
       enabled: false
       port: 30775