[ATMOSPHERE-386] chore: sync vendor charts (#1767)
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/.charts.yml b/.charts.yml
index 75dd2c2..01d122b 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -86,9 +86,13 @@
repository:
url: https://kubernetes.github.io/ingress-nginx
- name: ironic
- version: 0.2.14
+ version: 0.2.17
repository: *openstack_helm_repository
dependencies: *openstack_helm_dependencies
+ patches:
+ gerrit:
+ review.opendev.org:
+ - 925931
- name: keycloak
version: 21.4.1
repository:
diff --git a/charts/ironic/Chart.yaml b/charts/ironic/Chart.yaml
index 9a1a847..d5a1192 100644
--- a/charts/ironic/Chart.yaml
+++ b/charts/ironic/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/ironic
- https://opendev.org/openstack/openstack-helm
-version: 0.2.14
+version: 0.2.17
diff --git a/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl
deleted file mode 100644
index 7acce1a..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-http-init.sh.tpl
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
- echo "Provisioner interface is not set"
- exit 1
-fi
-
-function net_pxe_addr {
- ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
-}
-function net_pxe_ip {
- echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
-}
-PXE_IP=$(net_pxe_ip)
-
-if [ "x" == "x${PXE_IP}" ]; then
- echo "Could not find IP for pxe to bind to"
- exit 1
-fi
-
-sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
diff --git a/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl
deleted file mode 100644
index 6a97b41..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-http.sh.tpl
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-mkdir -p /var/lib/openstack-helm/httpboot
-cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
-exec nginx -g 'daemon off;'
diff --git a/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
deleted file mode 100644
index c70a2f0..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-pxe-init.sh.tpl
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-. /etc/os-release
-HOST_OS=${HOST_OS:="${ID}"}
-FILEPATH=${FILEPATH:-/usr/lib/ipxe}
-
-if [ "x$ID" == "xubuntu" ]; then
- #NOTE(portdirect): this works around a limitation in Kolla images
- if ! dpkg -l ipxe; then
- apt-get update
- apt-get install ipxe -y
- fi
-
- FILEPATH=/usr/lib/ipxe
-
-elif [ "x$ID" == "xcentos" ]; then
-
- if ! yum list installed ipxe-bootimgs >/dev/null 2>&1; then
- yum update --nogpgcheck -y
- yum install ipxe-bootimgs syslinux-tftpboot --nogpgcheck -y
- fi
-
- FILEPATH=/usr/share/ipxe
-
-fi
-
-mkdir -p /var/lib/openstack-helm/tftpboot
-mkdir -p /var/lib/openstack-helm/tftpboot/master_images
-
-for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
- if [ -f /usr/lib/ipxe/$FILE ]; then
- cp -v /usr/lib/ipxe/$FILE /var/lib/openstack-helm/tftpboot
- fi
-
- # ipxe and pxe support for CentOS
- if [ "x$ID" == "xcentos" ]; then
- if [ -f /var/lib/tftpboot/$FILE ]; then
- cp -v /var/lib/tftpboot/$FILE /var/lib/openstack-helm/tftpboot
- fi
- if [ -f /usr/share/ipxe/$FILE ]; then
- cp -v /usr/share/ipxe/$FILE /var/lib/openstack-helm/tftpboot
- fi
- fi
-done
diff --git a/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl b/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl
deleted file mode 100644
index 19451ab..0000000
--- a/charts/ironic/templates/bin/_ironic-conductor-pxe.sh.tpl
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-function net_pxe_addr {
- ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
-}
-function net_pxe_ip {
- echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
-}
-PXE_IP=$(net_pxe_ip)
-
-if [ "x" == "x${PXE_IP}" ]; then
- echo "Could not find IP for pxe to bind to"
- exit 1
-fi
-
-ln -s /var/lib/openstack-helm/tftpboot /tftpboot
-exec /usr/sbin/in.tftpd \
- --verbose \
- --foreground \
- --user root \
- --address ${PXE_IP}:69 \
- --map-file /tftp-map-file /tftpboot
diff --git a/charts/ironic/templates/configmap-bin.yaml b/charts/ironic/templates/configmap-bin.yaml
index e2c6de2..9666803 100644
--- a/charts/ironic/templates/configmap-bin.yaml
+++ b/charts/ironic/templates/configmap-bin.yaml
@@ -52,14 +52,14 @@
{{ tuple "bin/_ironic-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ironic-conductor-init.sh: |
{{ tuple "bin/_ironic-conductor-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ironic-conductor-pxe.sh: |
-{{ tuple "bin/_ironic-conductor-pxe.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ironic-conductor-pxe-init.sh: |
-{{ tuple "bin/_ironic-conductor-pxe-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ironic-conductor-http.sh: |
-{{ tuple "bin/_ironic-conductor-http.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ironic-conductor-http-init.sh: |
-{{ tuple "bin/_ironic-conductor-http-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- if .Values.conductor.pxe.enabled }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.pxe.script "key" "ironic-conductor-pxe.sh") | indent 2 }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.pxe.init_script "key" "ironic-conductor-pxe-init.sh") | indent 2 }}
+{{ end }}
+{{- if .Values.conductor.http.enabled }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.http.script "key" "ironic-conductor-http.sh") | indent 2 }}
+{{ include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conductor.http.init_script "key" "ironic-conductor-http-init.sh") | indent 2 }}
+{{ end }}
rabbit-init.sh: |
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
{{- end }}
diff --git a/charts/ironic/templates/configmap-etc.yaml b/charts/ironic/templates/configmap-etc.yaml
index 395a2a4..8b25336 100644
--- a/charts/ironic/templates/configmap-etc.yaml
+++ b/charts/ironic/templates/configmap-etc.yaml
@@ -47,6 +47,32 @@
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
+{{- if .Values.conf.ironic.service_user.send_service_user_token -}}
+
+{{- if empty .Values.conf.ironic.service_user.auth_url -}}
+{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.ironic.service_user "auth_url" -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.region_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.project_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.project_domain_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.user_domain_name -}}
+{{- $_ := set .Values.conf.ironic.service_user "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.username -}}
+{{- $_ := set .Values.conf.ironic.service_user "username" .Values.endpoints.identity.auth.ironic.username -}}
+{{- end -}}
+{{- if empty .Values.conf.ironic.service_user.password -}}
+{{- $_ := set .Values.conf.ironic.service_user "password" .Values.endpoints.identity.auth.ironic.password -}}
+{{- end -}}
+
+{{- end -}}
+
{{- if empty .Values.conf.ironic.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
{{- end -}}
diff --git a/charts/ironic/templates/statefulset-conductor.yaml b/charts/ironic/templates/statefulset-conductor.yaml
index 43be977..bcf6238 100644
--- a/charts/ironic/templates/statefulset-conductor.yaml
+++ b/charts/ironic/templates/statefulset-conductor.yaml
@@ -54,11 +54,16 @@
{{ end }}
securityContext:
runAsUser: 0
+{{ if .Values.pod.useHostNetwork.conductor }}
hostNetwork: True
- hostIPC: True
dnsPolicy: ClusterFirstWithHostNet
+{{ end }}
+{{ if .Values.pod.useHostIPC.conductor }}
+ hostIPC: True
+{{ end }}
initContainers:
{{ tuple $envAll "conductor" $mounts_ironic_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{- if $envAll.Values.conductor.pxe.enabled }}
- name: ironic-conductor-pxe-init
{{ tuple $envAll "ironic_pxe_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -73,6 +78,7 @@
readOnly: true
- name: pod-data
mountPath: /var/lib/openstack-helm
+{{- end }}
- name: ironic-conductor-init
{{ tuple $envAll "ironic_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -90,6 +96,7 @@
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
+{{- if $envAll.Values.conductor.http.enabled }}
- name: ironic-conductor-http-init
{{ tuple $envAll "ironic_conductor" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -111,6 +118,7 @@
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
+{{- end }}
{{- if and (.Values.bootstrap.object_store.enabled) (.Values.bootstrap.object_store.openstack.enabled) }}
- name: ironic-retrive-swift-config
{{ tuple $envAll "ironic_retrive_swift_config" | include "helm-toolkit.snippets.image" | indent 10 }}
@@ -198,6 +206,7 @@
- name: pod-data
mountPath: /var/lib/openstack-helm
{{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }}
+{{- if $envAll.Values.conductor.pxe.enabled }}
- name: ironic-conductor-pxe
{{ tuple $envAll "ironic_pxe" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -221,6 +230,8 @@
readOnly: true
- name: pod-data
mountPath: /var/lib/openstack-helm
+{{- end }}
+{{- if $envAll.Values.conductor.http.enabled }}
- name: ironic-conductor-http
{{ tuple $envAll "ironic_pxe_http" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
@@ -239,6 +250,7 @@
- name: pod-data
mountPath: /var/lib/openstack-helm
{{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }}
+{{- end }}
volumes:
- name: pod-tmp
emptyDir: {}
diff --git a/charts/ironic/values.yaml b/charts/ironic/values.yaml
index 07f5c0a..a94bc3f 100644
--- a/charts/ironic/values.yaml
+++ b/charts/ironic/values.yaml
@@ -50,7 +50,7 @@
ironic_pxe: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
ironic_pxe_init: docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy
ironic_pxe_http: docker.io/nginx:1.13.3
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
@@ -119,6 +119,8 @@
inspector:
auth_type: password
keystone_authtoken:
+ service_token_roles: service
+ service_token_roles_required: true
auth_type: password
auth_version: v3
neutron:
@@ -136,6 +138,9 @@
ipxe_enabled: true
service_catalog:
auth_type: password
+ service_user:
+ auth_type: password
+ send_service_user_token: true
swift:
auth_url: null
oslo_policy:
@@ -201,6 +206,79 @@
format: "%(message)s"
datefmt: "%Y-%m-%d %H:%M:%S"
+conductor:
+ http:
+ enabled: true
+ init_script: |
+ #!/bin/bash
+ set -ex
+ if [ "x" == "x${PROVISIONER_INTERFACE}" ]; then
+ echo "Provisioner interface is not set"
+ exit 1
+ fi
+
+ function net_pxe_addr {
+ ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
+ }
+ function net_pxe_ip {
+ echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
+ }
+ PXE_IP=$(net_pxe_ip)
+
+ if [ "x" == "x${PXE_IP}" ]; then
+ echo "Could not find IP for pxe to bind to"
+ exit 1
+ fi
+
+ sed "s|OSH_PXE_IP|${PXE_IP}|g" /etc/nginx/nginx.conf > /tmp/pod-shared/nginx.conf
+ script: |
+ #!/bin/bash
+ set -ex
+ mkdir -p /var/lib/openstack-helm/httpboot
+ cp -v /tmp/pod-shared/nginx.conf /etc/nginx/nginx.conf
+ exec nginx -g 'daemon off;'
+ pxe:
+ enabled: true
+ init_script: |
+ #!/bin/bash
+ set -ex
+ # default to Ubuntu path
+ FILEPATH=${FILEPATH:-/usr/lib/ipxe}
+
+ mkdir -p /var/lib/openstack-helm/tftpboot
+ mkdir -p /var/lib/openstack-helm/tftpboot/master_images
+
+ for FILE in undionly.kpxe ipxe.efi pxelinux.0 snponly.efi; do
+ # copy in default file
+ if [ -f $FILEPATH/$FILE ]; then
+ cp -v $FILEPATH/$FILE /var/lib/openstack-helm/tftpboot
+ fi
+
+ done
+ script: |
+ #!/bin/bash
+ set -ex
+ function net_pxe_addr {
+ ip addr | awk "/inet / && /${PROVISIONER_INTERFACE}/{print \$2; exit }"
+ }
+ function net_pxe_ip {
+ echo $(net_pxe_addr) | awk -F '/' '{ print $1; exit }'
+ }
+ PXE_IP=$(net_pxe_ip)
+
+ if [ "x" == "x${PXE_IP}" ]; then
+ echo "Could not find IP for pxe to bind to"
+ exit 1
+ fi
+
+ ln -s /var/lib/openstack-helm/tftpboot /tftpboot
+ exec /usr/sbin/in.tftpd \
+ --verbose \
+ --foreground \
+ --user root \
+ --address ${PXE_IP}:69 \
+ --map-file /tftp-map-file /tftpboot
+
network:
pxe:
device: ironic-pxe
@@ -398,7 +476,7 @@
user_domain_name: default
project_domain_name: default
glance:
- role: admin
+ role: admin,service
region_name: RegionOne
username: glance
password: password
@@ -703,6 +781,10 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+ useHostNetwork:
+ conductor: true
+ useHostIPC:
+ conductor: true
network_policy:
ironic:
diff --git a/charts/libvirt/templates/daemonset-libvirt.yaml b/charts/libvirt/templates/daemonset-libvirt.yaml
index 34aebed..325f061 100644
--- a/charts/libvirt/templates/daemonset-libvirt.yaml
+++ b/charts/libvirt/templates/daemonset-libvirt.yaml
@@ -281,6 +281,8 @@
{{ tuple $envAll "libvirt_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.libvirt_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ args:
+ - "--libvirt.nova"
ports:
- name: metrics
protocol: TCP
@@ -299,8 +301,6 @@
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
mountPropagation: Bidirectional
{{- end }}
- args:
- - "--libvirt.nova"
{{- end }}
volumes:
- name: etc-pki-qemu
diff --git a/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch b/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch
new file mode 100644
index 0000000..7a66aff
--- /dev/null
+++ b/charts/patches/libvirt/0002-enable-nova-metadata-parser.patch
@@ -0,0 +1,13 @@
+diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml
+index 4a0b128..f8686d1 100644
+--- a/libvirt/templates/daemonset-libvirt.yaml
++++ b/libvirt/templates/daemonset-libvirt.yaml
+@@ -281,6 +281,8 @@
+ {{ tuple $envAll "libvirt_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.libvirt_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ {{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ args:
++ - "--libvirt.nova"
+ ports:
+ - name: metrics
+ protocol: TCP