Nova: add spice console

This PS adds spice remote console.
User can choose a console by changing console_kind in values file.
Best practice is to select one or the other to run,
so choosing something other than vnc disables the vnc console.

Change-Id: Ic5d361d5f344b7a078e0c3aeb5f921810101552d

nova/templates/bin/_nova-compute.sh.tpl

@@ -23,6 +23,10 @@ if [ "${console_kind}" == "novnc" ] ; then
 exec nova-compute \
       --config-file /etc/nova/nova.conf \
       --config-file /tmp/pod-shared/nova-vnc.ini
+elif [ "${console_kind}" == "spice" ] ; then
+exec nova-compute \
+      --config-file /etc/nova/nova.conf \
+      --config-file /tmp/pod-shared/nova-spice.ini
 else
 exec nova-compute \
       --config-file /etc/nova/nova.conf

nova/templates/bin/_nova-console-compute-init.sh.tpl

@@ -18,9 +18,19 @@ limitations under the License.
 
 set -ex
 
-client_address="{{- .Values.conf.nova.vnc.vncserver_proxyclient_address -}}"
+console_kind="{{- .Values.console.console_kind -}}"
+
+if [ "${console_kind}" == "novnc" ] ; then
+    client_address="{{- .Values.conf.nova.vnc.server_proxyclient_address -}}"
+    client_interface="{{- .Values.console.novnc.compute.server_proxyclient_interface -}}"
+    listen_ip="{{- .Values.conf.nova.vnc.server_listen -}}"
+elif [ "${console_kind}" == "spice" ] ; then
+    client_address="{{- .Values.conf.nova.spice.server_proxyclient_address -}}"
+    client_interface="{{- .Values.console.spice.compute.server_proxyclient_interface -}}"
+    listen_ip="{{- .Values.conf.nova.spice.server_listen -}}"
+fi
+
 if [ -z "${client_address}" ] ; then
-    client_interface="{{- .Values.console.novnc.compute.vncserver_proxyclient_interface -}}"
     if [ -z "${client_interface}" ] ; then
         # search for interface with default routing
         client_interface=$(ip r | grep default | awk '{print $5}')
@@ -30,15 +40,22 @@ if [ -z "${client_address}" ] ; then
     client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
 fi
 
-listen_ip="{{- .Values.conf.nova.vnc.vncserver_listen -}}"
 if [ -z "${listen_ip}" ] ; then
     # The server component listens on all IP addresses and the proxy component
     # only listens on the management interface IP address of the compute node.
     listen_ip=0.0.0.0
 fi
 
+if [ "${console_kind}" == "novnc" ] ; then
 cat <<EOF>/tmp/pod-shared/nova-vnc.ini
 [vnc]
 vncserver_proxyclient_address = $client_address
 vncserver_listen = $listen_ip
 EOF
+elif [ "${console_kind}" == "spice" ] ; then
+cat <<EOF>/tmp/pod-shared/nova-spice.ini
+[spice]
+server_proxyclient_address = $client_address
+server_listen = $listen_ip
+EOF
+fi

nova/templates/bin/_nova-console-proxy-init-assets.sh.tpl

@@ -18,4 +18,9 @@ limitations under the License.
 
 set -ex
 
-cp -vaR /usr/share/novnc/* /tmp/usr/share/novnc/
+console_kind="{{- .Values.console.console_kind -}}"
+if [ "${console_kind}" == "novnc" ] ; then
+    cp -vaR /usr/share/novnc/* /tmp/usr/share/novnc/
+elif [ "${console_kind}" == "spice" ] ; then
+    cp -vaR /usr/share/spice-html5/* /tmp/usr/share/spice-html5/
+fi

nova/templates/bin/_nova-console-proxy-init.sh.tpl

@@ -18,9 +18,19 @@ limitations under the License.
 
 set -ex
 
-client_address="{{- .Values.conf.nova.vnc.vncserver_proxyclient_address -}}"
-if [ -z "${client_address}" ] ; then
+console_kind="{{- .Values.console.console_kind -}}"
+
+if [ "${console_kind}" == "novnc" ] ; then
+    client_address="{{- .Values.conf.nova.vnc.vncserver_proxyclient_address -}}"
     client_interface="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_interface -}}"
+    listen_ip="{{- .Values.conf.nova.vnc.vncserver_listen -}}"
+elif [ "${console_kind}" == "spice" ] ; then
+    client_address="{{- .Values.conf.nova.spice.server_proxyclient_address -}}"
+    client_interface="{{- .Values.console.spice.proxy.server_proxyclient_interface -}}"
+    listen_ip="{{- .Values.conf.nova.spice.server_listen -}}"
+fi
+
+if [ -z "${client_address}" ] ; then
     if [ -z "${client_interface}" ] ; then
         # search for interface with default routing
         client_interface=$(ip r | grep default | awk '{print $5}')
@@ -30,13 +40,20 @@ if [ -z "${client_address}" ] ; then
     client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
 fi
 
-listen_ip="{{- .Values.conf.nova.vnc.vncserver_listen -}}"
 if [ -z "${listen_ip}" ] ; then
     listen_ip=$client_address
 fi
 
+if [ "${console_kind}" == "novnc" ] ; then
 cat <<EOF>/tmp/pod-shared/nova-vnc.ini
 [vnc]
 vncserver_proxyclient_address = $client_address
 vncserver_listen = $listen_ip
 EOF
+elif [ "${console_kind}" == "spice" ] ; then
+cat <<EOF>/tmp/pod-shared/nova-spice.ini
+[spice]
+server_proxyclient_address = $client_address
+server_listen = $listen_ip
+EOF
+fi

nova/templates/bin/_nova-console-proxy.sh.tpl

@@ -17,6 +17,14 @@ limitations under the License.
 */}}
 
 set -x
-exec nova-novncproxy \
-      --config-file /etc/nova/nova.conf \
-      --config-file /tmp/pod-shared/nova-vnc.ini
+
+console_kind="{{- .Values.console.console_kind -}}"
+if [ "${console_kind}" == "novnc" ] ; then
+    exec nova-novncproxy \
+        --config-file /etc/nova/nova.conf \
+        --config-file /tmp/pod-shared/nova-vnc.ini
+elif [ "${console_kind}" == "spice" ] ; then
+    exec nova-spicehtml5proxy\
+        --config-file /etc/nova/nova.conf \
+        --config-file /tmp/pod-shared/nova-spice.ini
+fi

nova/templates/configmap-bin.yaml

@@ -63,14 +63,14 @@ data:
 {{ tuple "bin/_nova-scheduler.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   fake-iptables.sh: |
 {{ tuple "bin/_fake-iptables.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  nova-novncproxy.sh: |
-{{ tuple "bin/_nova-novncproxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  nova-vnc-compute-init.sh: |
-{{ tuple "bin/_nova-vnc-compute-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  nova-vnc-proxy-init-assets.sh: |
-{{ tuple "bin/_nova-vnc-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  nova-vnc-proxy-init.sh: |
-{{ tuple "bin/_nova-vnc-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-console-compute-init.sh: |
+{{ tuple "bin/_nova-console-compute-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-console-proxy.sh: |
+{{ tuple "bin/_nova-console-proxy.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-console-proxy-init.sh: |
+{{ tuple "bin/_nova-console-proxy-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  nova-console-proxy-init-assets.sh: |
+{{ tuple "bin/_nova-console-proxy-init-assets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   ssh-start.sh: |
 {{ tuple "bin/_ssh-start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   cell-setup.sh: |

nova/templates/configmap-etc.yaml

@@ -138,13 +138,26 @@ limitations under the License.
 {{- set .Values.conf.nova.placement "password" .Values.endpoints.identity.auth.placement.password | quote | trunc 0 -}}
 {{- end -}}
 
+{{- if eq .Values.console.console_kind "novnc"}}
+{{- "true" | set .Values.conf.nova.vnc "enabled" | quote | trunc 0 -}}
 {{- if empty .Values.conf.nova.vnc.novncproxy_base_url -}}
 {{- tuple "compute_novnc_proxy" "public" "novnc_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.vnc "novncproxy_base_url" | quote | trunc 0 -}}
 {{- end -}}
-
 {{- if empty .Values.conf.nova.vnc.novncproxy_port -}}
 {{- tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.vnc "novncproxy_port" | quote | trunc 0 -}}
 {{- end -}}
+{{- end -}}
+
+{{- if eq .Values.console.console_kind "spice"}}
+{{- "false" | set .Values.conf.nova.vnc "enabled" | quote | trunc 0 -}}
+{{- "true" | set .Values.conf.nova.spice "enabled" | quote | trunc 0 -}}
+{{- if empty .Values.conf.nova.spice.html5proxy_base_url -}}
+{{- tuple "compute_spice_proxy" "public" "spice_proxy" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.spice "html5proxy_base_url" | quote | trunc 0 -}}
+{{- end -}}
+{{- if empty .Values.conf.nova.spice.html5proxy_port -}}
+{{- tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.spice "html5proxy_port" | quote | trunc 0 -}}
+{{- end -}}
+{{- end -}}
 
 ---
 apiVersion: v1

nova/templates/daemonset-compute.yaml

@@ -92,6 +92,7 @@ spec:
               subPath: key
               readOnly: true
         {{ end }}
+        {{- if eq .Values.console.console_kind "novnc"}}
         - name: nova-compute-vnc-init
           image: {{ .Values.images.tags.compute }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
@@ -99,14 +100,32 @@ spec:
           securityContext:
             runAsUser: {{ .Values.pod.user.nova.uid }}
           command:
-            - /tmp/nova-vnc-compute-init.sh
+            - /tmp/nova-console-compute-init.sh
           volumeMounts:
             - name: nova-bin
-              mountPath: /tmp/nova-vnc-compute-init.sh
-              subPath: nova-vnc-compute-init.sh
+              mountPath: /tmp/nova-console-compute-init.sh
+              subPath: nova-console-compute-init.sh
               readOnly: true
             - name: pod-shared
               mountPath: /tmp/pod-shared
+        {{ end }}
+        {{- if eq .Values.console.console_kind "spice"}}
+        - name: nova-compute-spice-init
+          image: {{ .Values.images.tags.compute }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            runAsUser: {{ .Values.pod.user.nova.uid }}
+          command:
+            - /tmp/nova-console-compute-init.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-console-compute-init.sh
+              subPath: nova-console-compute-init.sh
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+        {{ end }}
       containers:
         - name: nova-compute
           image: {{ .Values.images.tags.compute }}

nova/templates/deployment-novncproxy.yaml

@@ -56,11 +56,11 @@ spec:
           securityContext:
             runAsUser: {{ .Values.pod.user.nova.uid }}
           command:
-            - /tmp/nova-vnc-proxy-init.sh
+            - /tmp/nova-console-proxy-init.sh
           volumeMounts:
             - name: nova-bin
-              mountPath: /tmp/nova-vnc-proxy-init.sh
-              subPath: nova-vnc-proxy-init.sh
+              mountPath: /tmp/nova-console-proxy-init.sh
+              subPath: nova-console-proxy-init.sh
               readOnly: true
             - name: nova-etc
               mountPath: /etc/nova/nova.conf
@@ -73,11 +73,11 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
           command:
-            - /tmp/nova-vnc-proxy-init-assets.sh
+            - /tmp/nova-console-proxy-init-assets.sh
           volumeMounts:
             - name: nova-bin
-              mountPath: /tmp/nova-vnc-proxy-init-assets.sh
-              subPath: nova-vnc-proxy-init-assets.sh
+              mountPath: /tmp/nova-console-proxy-init-assets.sh
+              subPath: nova-console-proxy-init-assets.sh
               readOnly: true
             - name: pod-usr-share-novnc
               mountPath: /tmp/usr/share/novnc
@@ -87,11 +87,11 @@ spec:
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.novncproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
           command:
-            - /tmp/nova-novncproxy.sh
+            - /tmp/nova-console-proxy.sh
           volumeMounts:
             - name: nova-bin
-              mountPath: /tmp/nova-novncproxy.sh
-              subPath: nova-novncproxy.sh
+              mountPath: /tmp/nova-console-proxy.sh
+              subPath: nova-console-proxy.sh
               readOnly: true
             - name: nova-etc
               mountPath: /etc/nova/nova.conf

nova/templates/deployment-spiceproxy.yaml

@@ -0,0 +1,121 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_spiceproxy }}
+{{- $envAll := . }}
+{{ if eq .Values.console.console_kind "spice" }}
+{{- $dependencies := .Values.dependencies.spiceproxy }}
+
+{{- $mounts_nova_spiceproxy := .Values.pod.mounts.nova_spiceproxy.nova_spiceproxy }}
+{{- $mounts_nova_spiceproxy_init := .Values.pod.mounts.nova_spiceproxy.init_spiceproxy }}
+
+{{- $serviceAccountName := "nova-spiceproxy" }}
+{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: nova-spiceproxy
+spec:
+  replicas: {{ .Values.pod.replicas.spiceproxy }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "nova" "spice-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+      serviceAccountName: {{ $serviceAccountName }}
+      affinity:
+{{ tuple $envAll "nova" "spice-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+      nodeSelector:
+        {{ .Values.labels.spiceproxy.node_selector_key }}: {{ .Values.labels.spiceproxy.node_selector_value }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      initContainers:
+{{ tuple $envAll $dependencies $mounts_nova_spiceproxy_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+        - name: nova-spiceproxy-init
+          image: {{ .Values.images.tags.spiceproxy }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            runAsUser: {{ .Values.pod.user.nova.uid }}
+          command:
+            - /tmp/nova-console-proxy-init.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-console-proxy-init.sh
+              subPath: nova-console-proxy-init.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+        - name: nova-spiceproxy-init-assets
+          image: {{ .Values.images.tags.spiceproxy_assets }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          command:
+            - /tmp/nova-console-proxy-init-assets.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-console-proxy-init-assets.sh
+              subPath: nova-console-proxy-init-assets.sh
+              readOnly: true
+            - name: pod-usr-share-spice-html5
+              mountPath: /tmp/usr/share/spice-html5
+      containers:
+        - name: nova-spiceproxy
+          image: {{ .Values.images.tags.spiceproxy }}
+          imagePullPolicy: {{ .Values.images.pull_policy }}
+{{ tuple $envAll $envAll.Values.pod.resources.spiceproxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          command:
+            - /tmp/nova-console-proxy.sh
+          volumeMounts:
+            - name: nova-bin
+              mountPath: /tmp/nova-console-proxy.sh
+              subPath: nova-console-proxy.sh
+              readOnly: true
+            - name: nova-etc
+              mountPath: /etc/nova/nova.conf
+              subPath: nova.conf
+              readOnly: true
+            - name: pod-usr-share-spice-html5
+              mountPath: /usr/share/spice-html5
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+{{ if $mounts_nova_spiceproxy.volumeMounts }}{{ toYaml $mounts_nova_spiceproxy.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: nova-bin
+          configMap:
+            name: nova-bin
+            defaultMode: 0555
+        - name: nova-etc
+          configMap:
+            name: nova-etc
+            defaultMode: 0444
+        - name: pod-usr-share-spice-html5
+          emptyDir: {}
+        - name: pod-shared
+          emptyDir: {}
+{{ if $mounts_nova_spiceproxy.volumes }}{{ toYaml $mounts_nova_spiceproxy.volumes | indent 8 }}{{ end }}
+{{- end }}
+{{- end }}

nova/templates/service-spiceproxy.yaml

@@ -0,0 +1,40 @@
+{{/*
+Copyright 2017 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service_spiceproxy }}
+{{- $envAll := . }}
+{{ if eq .Values.console.console_kind "spice" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ tuple "compute_spice_proxy" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+  ports:
+  - name: nova-spiceproxy
+    protocol: TCP
+    port: {{ .Values.network.spiceproxy.port }}
+    targetPort: {{ .Values.network.spiceproxy.targetPort }}
+    {{ if .Values.network.spiceproxy.node_port.enabled }}
+    nodePort: {{ .Values.network.spiceproxy.node_port.port }}
+    {{ end }}
+  selector:
+{{ tuple $envAll "nova" "spice-proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+  {{ if .Values.network.spiceproxy.node_port.enabled }}
+  type: NodePort
+  {{ end }}
+{{- end }}
+{{- end }}

nova/values.yaml

@@ -48,6 +48,9 @@ labels:
   novncproxy:
     node_selector_key: openstack-control-plane
     node_selector_value: enabled
+  spiceproxy:
+    node_selector_key: openstack-control-plane
+    node_selector_value: enabled
 
 images:
   tags:
@@ -63,6 +66,8 @@ images:
     scheduler: docker.io/kolla/ubuntu-source-nova-scheduler:3.0.3
     novncproxy: docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
     novncproxy_assets: docker.io/kolla/ubuntu-source-nova-novncproxy:3.0.3
+    spiceproxy: docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
+    spiceproxy_assets: docker.io/kolla/ubuntu-source-nova-spicehtml5proxy:3.0.3
     consoleauth: docker.io/kolla/ubuntu-source-nova-consoleauth:3.0.3
     compute: docker.io/kolla/ubuntu-source-nova-compute:3.0.3
     compute_ssh: docker.io/kolla/ubuntu-source-nova-ssh:3.0.3
@@ -147,9 +152,15 @@ network:
   novncproxy:
     node_port:
       enabled: false
-      port: 36080
+      port: 30680
     port: 6080
     targetPort: 6080
+  spiceproxy:
+    node_port:
+      enabled: false
+      port: 30682
+    port: 6082
+    targetPort: 6082
   ssh:
     name: "nova-ssh"
     port: 8022
@@ -294,6 +305,12 @@ console:
   console_kind: novnc
   serial:
   spice:
+    compute:
+      # IF blank, search default routing interface
+      server_proxyclient_interface:
+    proxy:
+      # IF blank, search default routing interface
+      server_proxyclient_interface:
   novnc:
     compute:
       # IF blank, search default routing interface
@@ -990,6 +1007,11 @@ conf:
       vncserver_listen: 0.0.0.0
       # leave blank, this should be set by each compute nodes's ip
       vncserver_proxyclient_address: null
+    spice:
+      html5proxy_host: 0.0.0.0
+      server_listen: 0.0.0.0
+      # leave blank, this should be set by each compute nodes's ip
+      server_proxyclient_address: null
     conductor:
       workers: 1
     oslo_policy:
@@ -1242,6 +1264,19 @@ endpoints:
     port:
       novnc_proxy:
         default: 6080
+  compute_spice_proxy:
+    name: nova
+    hosts:
+      default: nova-spiceproxy
+    host_fqdn_override:
+      default: null
+    path:
+      default: /spice_auto.html
+    scheme:
+      default: 'http'
+    port:
+      spice_proxy:
+        default: 6082
   placement:
     name: placement
     hosts:
@@ -1314,6 +1349,9 @@ pod:
     nova_novncproxy:
       init_novncproxy: null
       nova_novncproxy:
+    nova_spiceproxy:
+      init_spiceproxy: null
+      nova_spiceproxy:
   replicas:
     api_metadata: 1
     placement: 1
@@ -1322,6 +1360,7 @@ pod:
     consoleauth: 1
     scheduler: 1
     novncproxy: 1
+    spiceproxy: 1
   lifecycle:
     upgrades:
       deployments:
@@ -1415,6 +1454,13 @@ pod:
       limits:
         memory: "1024Mi"
         cpu: "2000m"
+    spiceproxy:
+      requests:
+        memory: "128Mi"
+        cpu: "100m"
+      limits:
+        memory: "1024Mi"
+        cpu: "2000m"
     jobs:
       bootstrap:
         requests:
@@ -1480,7 +1526,6 @@ pod:
           memory: "1024Mi"
           cpu: "2000m"
 
-
 manifests:
   configmap_bin: true
   configmap_etc: true
@@ -1491,6 +1536,7 @@ manifests:
   deployment_conductor: true
   deployment_consoleauth: true
   deployment_novncproxy: true
+  deployment_spiceproxy: true
   deployment_scheduler: true
   ingress_metadata: true
   ingress_placement: true
@@ -1521,4 +1567,5 @@ manifests:
   service_metadata: true
   service_placement: true
   service_novncproxy: true
+  service_spiceproxy: true
   service_osapi: true