Merge "Enable {priority,runtime}ClassName for Horizon" into stable/2023.2diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 8ae9ea4..1e5cbba 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -47,6 +47,12 @@
{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.barbican_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.barbican_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/barbican/templates/pod-test.yaml b/charts/barbican/templates/pod-test.yaml
index f414356..783d328 100644
--- a/charts/barbican/templates/pod-test.yaml
+++ b/charts/barbican/templates/pod-test.yaml
@@ -33,6 +33,12 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
+{{ with .Values.pod.priorityClassName.barbican_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.barbican_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index e2e87bf..17aee72 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -55,6 +55,14 @@
- image_repo_sync
pod:
+ priorityClassName:
+ barbican_api: null
+ barbican_tests: null
+ db_sync: null
+ runtimeClassName:
+ barbican_api: null
+ barbican_tests: null
+ db_sync: null
security_context:
barbican:
pod:
diff --git a/charts/designate/templates/deployment-api.yaml b/charts/designate/templates/deployment-api.yaml
index e9df6b6..2f6ed7c 100644
--- a/charts/designate/templates/deployment-api.yaml
+++ b/charts/designate/templates/deployment-api.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/designate/templates/deployment-central.yaml b/charts/designate/templates/deployment-central.yaml
index 02d9f3c..c3e7dcd 100644
--- a/charts/designate/templates/deployment-central.yaml
+++ b/charts/designate/templates/deployment-central.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_central }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_central }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-mdns.yaml b/charts/designate/templates/deployment-mdns.yaml
index d58f630..9312bc7 100644
--- a/charts/designate/templates/deployment-mdns.yaml
+++ b/charts/designate/templates/deployment-mdns.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_mdns }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_mdns }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/designate/templates/deployment-producer.yaml b/charts/designate/templates/deployment-producer.yaml
index 491dbad..68e46fb 100644
--- a/charts/designate/templates/deployment-producer.yaml
+++ b/charts/designate/templates/deployment-producer.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_producer }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_producer }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-sink.yaml b/charts/designate/templates/deployment-sink.yaml
index e577d9d..63222a1 100644
--- a/charts/designate/templates/deployment-sink.yaml
+++ b/charts/designate/templates/deployment-sink.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_sink }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_sink }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-worker.yaml b/charts/designate/templates/deployment-worker.yaml
index 74f9c99..12d0b96 100644
--- a/charts/designate/templates/deployment-worker.yaml
+++ b/charts/designate/templates/deployment-worker.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_worker }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_worker }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/values.yaml b/charts/designate/values.yaml
index 7169414..6e520ca 100644
--- a/charts/designate/values.yaml
+++ b/charts/designate/values.yaml
@@ -66,6 +66,22 @@
- image_repo_sync
pod:
+ priorityClassName:
+ designate_api: null
+ designate_central: null
+ designate_mdns: null
+ designate_producer: null
+ designate_sink: null
+ designate_worker: null
+ db_sync: null
+ runtimeClassName:
+ designate_api: null
+ designate_central: null
+ designate_mdns: null
+ designate_producer: null
+ designate_sink: null
+ designate_worker: null
+ db_sync: null
affinity:
anti:
type:
diff --git a/charts/ironic/templates/deployment-api.yaml b/charts/ironic/templates/deployment-api.yaml
index 7d4b838..99e25b6 100644
--- a/charts/ironic/templates/deployment-api.yaml
+++ b/charts/ironic/templates/deployment-api.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ tuple "ironic_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.ironic_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.ironic_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/ironic/values.yaml b/charts/ironic/values.yaml
index a94bc3f..d28463a 100644
--- a/charts/ironic/values.yaml
+++ b/charts/ironic/values.yaml
@@ -639,6 +639,12 @@
default: 24220
pod:
+ priorityClassName:
+ ironic_api: null
+ db_sync: null
+ runtimeClassName:
+ ironic_api: null
+ db_sync: null
affinity:
anti:
type:
diff --git a/charts/manila/templates/deployment-api.yaml b/charts/manila/templates/deployment-api.yaml
index bcc352f..0338ee1 100644
--- a/charts/manila/templates/deployment-api.yaml
+++ b/charts/manila/templates/deployment-api.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-data.yaml b/charts/manila/templates/deployment-data.yaml
index 21db299..6c981a6 100644
--- a/charts/manila/templates/deployment-data.yaml
+++ b/charts/manila/templates/deployment-data.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_data }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_data }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-scheduler.yaml b/charts/manila/templates/deployment-scheduler.yaml
index 4858dfc..c8749a2 100644
--- a/charts/manila/templates/deployment-scheduler.yaml
+++ b/charts/manila/templates/deployment-scheduler.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_scheduler }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_scheduler }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-share.yaml b/charts/manila/templates/deployment-share.yaml
index 87bff3b..2d7a6c1 100644
--- a/charts/manila/templates/deployment-share.yaml
+++ b/charts/manila/templates/deployment-share.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share" "manila-share-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_share }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_share }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/pod-rally-test.yaml b/charts/manila/templates/pod-rally-test.yaml
index 928c183..940989b 100644
--- a/charts/manila/templates/pod-rally-test.yaml
+++ b/charts/manila/templates/pod-rally-test.yaml
@@ -42,6 +42,12 @@
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ with .Values.pod.priorityClassName.manila_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
@@ -62,27 +68,27 @@
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{- end }}
env:
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
- value: {{ .Values.endpoints.share.auth.test.role | quote }}
+ value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: manila-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}}
env:
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.deployment_name}}
diff --git a/charts/manila/values.yaml b/charts/manila/values.yaml
index f820bc1..400d52d 100644
--- a/charts/manila/values.yaml
+++ b/charts/manila/values.yaml
@@ -66,6 +66,20 @@
- image_repo_sync
pod:
+ priorityClassName:
+ manila_api: null
+ manila_data: null
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
+ db_sync: null
+ runtimeClassName:
+ manila_api: null
+ manila_data: null
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
+ db_sync: null
security_context:
manila:
pod:
@@ -829,6 +843,7 @@
identity:
admin: manila-keystone-admin
manila: manila-keystone-user
+ test: manila-keystone-test
oslo_db:
admin: manila-db-admin
manila: manila-db-user
@@ -890,6 +905,14 @@
project_name: service
user_domain_name: service
project_domain_name: service
+ test:
+ role: admin
+ region_name: RegionOne
+ username: manila-test
+ password: password
+ project_name: test
+ user_domain_name: service
+ project_domain_name: service
hosts:
default: keystone
internal: keystone-api
@@ -1061,7 +1084,7 @@
job_ks_service: true
job_ks_user: true
pdb_api: true
- pod_test: true
+ pod_rally_test: true
secret_db: true
network_policy: false
secret_ingress_tls: true
diff --git a/charts/nova/templates/statefulset-compute-ironic.yaml b/charts/nova/templates/statefulset-compute-ironic.yaml
index 377555d..37d3fc5 100644
--- a/charts/nova/templates/statefulset-compute-ironic.yaml
+++ b/charts/nova/templates/statefulset-compute-ironic.yaml
@@ -51,8 +51,6 @@
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.agent.compute_ironic.node_selector_key }}: {{ .Values.labels.agent.compute_ironic.node_selector_value }}
- securityContext:
- runAsUser: 0
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
diff --git a/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch b/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch
new file mode 100644
index 0000000..a956746
--- /dev/null
+++ b/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch
@@ -0,0 +1,63 @@
+From e7640e5fc0179fabfa063e89f7e7a7612e1c807e Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 06:32:12 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Barbican
+
+---
+ barbican/templates/deployment-api.yaml | 6 +++
+ barbican/templates/pod-test.yaml | 6 +++
+ barbican/values.yaml | 8 ++++
+
+diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
+index 8ae9ea42..1e5cbbac 100644
+--- a/barbican/templates/deployment-api.yaml
++++ b/barbican/templates/deployment-api.yaml
+@@ -47,6 +47,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.barbican_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.barbican_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml
+index f4143564..783d328b 100644
+--- a/barbican/templates/pod-test.yaml
++++ b/barbican/templates/pod-test.yaml
+@@ -33,6 +33,12 @@ metadata:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ {{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
+ spec:
++{{ with .Values.pod.priorityClassName.barbican_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.barbican_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+diff --git a/barbican/values.yaml b/barbican/values.yaml
+index e2e87bf7..17aee723 100644
+--- a/barbican/values.yaml
++++ b/barbican/values.yaml
+@@ -55,6 +55,14 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ barbican_api: null
++ barbican_tests: null
++ db_sync: null
++ runtimeClassName:
++ barbican_api: null
++ barbican_tests: null
++ db_sync: null
+ security_context:
+ barbican:
+ pod:
diff --git a/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch b/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch
new file mode 100644
index 0000000..f8db3f7
--- /dev/null
+++ b/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch
@@ -0,0 +1,147 @@
+From 6d9700b99f7dc8462faed77ee404682c4c042c20 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 08:55:22 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Designate
+
+---
+ designate/templates/deployment-api.yaml | 6 ++++++
+ designate/templates/deployment-central.yaml | 6 ++++++
+ designate/templates/deployment-mdns.yaml | 6 ++++++
+ designate/templates/deployment-producer.yaml | 6 ++++++
+ designate/templates/deployment-sink.yaml | 6 ++++++
+ designate/templates/deployment-worker.yaml | 6 ++++++
+ designate/values.yaml | 16 ++++++++++++++++
+ 7 files changed, 52 insertions(+)
+
+diff --git a/designate/templates/deployment-api.yaml b/designate/templates/deployment-api.yaml
+index e9df6b6e..2f6ed7ca 100644
+--- a/designate/templates/deployment-api.yaml
++++ b/designate/templates/deployment-api.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/designate/templates/deployment-central.yaml b/designate/templates/deployment-central.yaml
+index 02d9f3ca..c3e7dcdb 100644
+--- a/designate/templates/deployment-central.yaml
++++ b/designate/templates/deployment-central.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_central }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_central }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-mdns.yaml b/designate/templates/deployment-mdns.yaml
+index d58f6304..9312bc7d 100644
+--- a/designate/templates/deployment-mdns.yaml
++++ b/designate/templates/deployment-mdns.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_mdns }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_mdns }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/designate/templates/deployment-producer.yaml b/designate/templates/deployment-producer.yaml
+index 491dbad8..68e46fb4 100644
+--- a/designate/templates/deployment-producer.yaml
++++ b/designate/templates/deployment-producer.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_producer }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_producer }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-sink.yaml b/designate/templates/deployment-sink.yaml
+index e577d9d8..63222a1a 100644
+--- a/designate/templates/deployment-sink.yaml
++++ b/designate/templates/deployment-sink.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_sink }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_sink }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-worker.yaml b/designate/templates/deployment-worker.yaml
+index 74f9c998..12d0b96a 100644
+--- a/designate/templates/deployment-worker.yaml
++++ b/designate/templates/deployment-worker.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_worker }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_worker }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/values.yaml b/designate/values.yaml
+index 71694146..6e520ca4 100644
+--- a/designate/values.yaml
++++ b/designate/values.yaml
+@@ -66,6 +66,22 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ designate_api: null
++ designate_central: null
++ designate_mdns: null
++ designate_producer: null
++ designate_sink: null
++ designate_worker: null
++ db_sync: null
++ runtimeClassName:
++ designate_api: null
++ designate_central: null
++ designate_mdns: null
++ designate_producer: null
++ designate_sink: null
++ designate_worker: null
++ db_sync: null
+ affinity:
+ anti:
+ type:
+--
+2.34.1
+
diff --git a/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch b/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch
new file mode 100644
index 0000000..71e821b
--- /dev/null
+++ b/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch
@@ -0,0 +1,47 @@
+From 0b672d9b62ce39a07969bb1910aba9c4c4cdadc1 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 13:28:41 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Ironic
+
+---
+ ironic/templates/deployment-api.yaml | 6 ++++++
+ ironic/values.yaml | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml
+index 7d4b8387..99e25b65 100644
+--- a/ironic/templates/deployment-api.yaml
++++ b/ironic/templates/deployment-api.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ tuple "ironic_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.ironic_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.ironic_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/ironic/values.yaml b/ironic/values.yaml
+index a94bc3f2..d28463aa 100644
+--- a/ironic/values.yaml
++++ b/ironic/values.yaml
+@@ -639,6 +639,12 @@ endpoints:
+ default: 24220
+
+ pod:
++ priorityClassName:
++ ironic_api: null
++ db_sync: null
++ runtimeClassName:
++ ironic_api: null
++ db_sync: null
+ affinity:
+ anti:
+ type:
+--
+2.34.1
+
diff --git a/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch b/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch
new file mode 100644
index 0000000..50c5783
--- /dev/null
+++ b/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch
@@ -0,0 +1,198 @@
+From 01653c9c731dc2b66a79426f1021052186eebe40 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 05:18:42 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Manila
+
+Also fix pod-rally-test.yaml template
+
+---
+ manila/templates/deployment-api.yaml | 6 +++++
+ manila/templates/deployment-data.yaml | 6 +++++
+ manila/templates/deployment-scheduler.yaml | 6 +++++
+ manila/templates/deployment-share.yaml | 6 +++++
+ manila/templates/pod-rally-test.yaml | 24 +++++++++++-------
+ manila/values.yaml | 25 ++++++++++++++++++-
+ 6 files changed, 63 insertions(+), 10 deletions(-)
+
+diff --git a/manila/templates/deployment-api.yaml b/manila/templates/deployment-api.yaml
+index bcc352f0..0338ee17 100644
+--- a/manila/templates/deployment-api.yaml
++++ b/manila/templates/deployment-api.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-data.yaml b/manila/templates/deployment-data.yaml
+index 21db299e..6c981a67 100644
+--- a/manila/templates/deployment-data.yaml
++++ b/manila/templates/deployment-data.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_data }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_data }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-scheduler.yaml b/manila/templates/deployment-scheduler.yaml
+index 4858dfce..c8749a25 100644
+--- a/manila/templates/deployment-scheduler.yaml
++++ b/manila/templates/deployment-scheduler.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_scheduler }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_scheduler }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-share.yaml b/manila/templates/deployment-share.yaml
+index 87bff3b1..2d7a6c19 100644
+--- a/manila/templates/deployment-share.yaml
++++ b/manila/templates/deployment-share.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share" "manila-share-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_share }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_share }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/pod-rally-test.yaml b/manila/templates/pod-rally-test.yaml
+index 928c1831..940989bb 100644
+--- a/manila/templates/pod-rally-test.yaml
++++ b/manila/templates/pod-rally-test.yaml
+@@ -42,6 +42,12 @@ spec:
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
++{{ with .Values.pod.priorityClassName.manila_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+@@ -62,27 +68,27 @@ spec:
+ {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
+ {{- end }}
+ env:
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
++{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: SERVICE_OS_SERVICE_NAME
+ value: "test"
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
++{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: SERVICE_OS_ROLE
+- value: {{ .Values.endpoints.share.auth.test.role | quote }}
++ value: {{ .Values.endpoints.identity.auth.test.role | quote }}
+ containers:
+ - name: manila-test
+ {{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+ {{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}}
+ env:
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
++{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
+ {{- end }}
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
++{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: RALLY_ENV_NAME
+ value: {{.deployment_name}}
+diff --git a/manila/values.yaml b/manila/values.yaml
+index f820bc1f..400d52da 100644
+--- a/manila/values.yaml
++++ b/manila/values.yaml
+@@ -66,6 +66,20 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ manila_api: null
++ manila_data: null
++ manila_scheduler: null
++ manila_tests: null
++ manila_share: null
++ db_sync: null
++ runtimeClassName:
++ manila_api: null
++ manila_data: null
++ manila_scheduler: null
++ manila_tests: null
++ manila_share: null
++ db_sync: null
+ security_context:
+ manila:
+ pod:
+@@ -829,6 +843,7 @@ secrets:
+ identity:
+ admin: manila-keystone-admin
+ manila: manila-keystone-user
++ test: manila-keystone-test
+ oslo_db:
+ admin: manila-db-admin
+ manila: manila-db-user
+@@ -890,6 +905,14 @@ endpoints:
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
++ test:
++ role: admin
++ region_name: RegionOne
++ username: manila-test
++ password: password
++ project_name: test
++ user_domain_name: service
++ project_domain_name: service
+ hosts:
+ default: keystone
+ internal: keystone-api
+@@ -1061,7 +1084,7 @@ manifests:
+ job_ks_service: true
+ job_ks_user: true
+ pdb_api: true
+- pod_test: true
++ pod_rally_test: true
+ secret_db: true
+ network_policy: false
+ secret_ingress_tls: true
+--
+2.34.1
+
diff --git a/charts/patches/neutron/0004-nic-name-feature.patch b/charts/patches/neutron/0004-nic-name-feature.patch
new file mode 100644
index 0000000..c2325e7
--- /dev/null
+++ b/charts/patches/neutron/0004-nic-name-feature.patch
@@ -0,0 +1,61 @@
+diff --git a/charts/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
+index bd0a64a..08833a5 100644
+--- a/charts/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
++++ b/charts/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
+@@ -196,6 +196,12 @@ function process_dpdk_nics {
+ while IFS= read -r nic; do
+ local port_name=$(get_dpdk_config_value ${nic} '.name')
+ local pci_id=$(get_dpdk_config_value ${nic} '.pci_id')
++ local iface=$(get_dpdk_config_value ${nic} '.iface')
++ if [ -n ${iface} ] && [ -z ${pci_id} ]; then
++ local pci_id=$(get_address_by_nicname ${iface})
++ else
++ iface=$(get_name_by_pci_id "${pci_id}")
++ fi
+ local bridge=$(get_dpdk_config_value ${nic} '.bridge')
+ local vf_index=$(get_dpdk_config_value ${nic} '.vf_index')
+
+@@ -203,8 +209,6 @@ function process_dpdk_nics {
+ migrate_ip "${pci_id}" "${bridge}"
+ fi
+
+- iface=$(get_name_by_pci_id "${pci_id}")
+-
+ if [ -n "${iface}" ]; then
+ ip link set ${iface} promisc on
+ if [ -n "${vf_index}" ]; then
+@@ -292,6 +296,12 @@ function process_dpdk_bonds {
+ echo $bond | jq -r -c '.nics[]' > /tmp/nics_array
+ while IFS= read -r nic; do
+ local pci_id=$(get_dpdk_config_value ${nic} '.pci_id')
++ local iface=$(get_dpdk_config_value ${nic} '.iface')
++ if [ -n ${iface} ] && [ -z ${pci_id} ]; then
++ local pci_id=$(get_address_by_nicname ${iface})
++ else
++ iface=$(get_name_by_pci_id "${pci_id}")
++ fi
+ local nic_name=$(get_dpdk_config_value ${nic} '.name')
+ local pmd_rxq_affinity=$(get_dpdk_config_value ${nic} '.pmd_rxq_affinity')
+ local vf_index=$(get_dpdk_config_value ${nic} '.vf_index')
+@@ -302,8 +312,6 @@ function process_dpdk_bonds {
+ ip_migrated=true
+ fi
+
+- iface=$(get_name_by_pci_id "${pci_id}")
+-
+ if [ -n "${iface}" ]; then
+ ip link set ${iface} promisc on
+ if [ -n "${vf_index}" ]; then
+@@ -407,6 +415,12 @@ function get_driver_by_address {
+ fi
+ }
+
++function get_address_by_nicname {
++ if [[ -e /sys/class/net/$1/device ]]; then
++ readlink -f /sys/class/net/$1/device | xargs basename
++ fi
++}
++
+ function init_ovs_dpdk_bridge {
+ bridge=$1
+ ovs-vsctl --db=unix:${OVS_SOCKET} --may-exist add-br ${bridge} \
diff --git a/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch b/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch
new file mode 100644
index 0000000..e76bfde
--- /dev/null
+++ b/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch
@@ -0,0 +1,25 @@
+From f2940941f44ee41bc631941ea5fc316ac8b8253b Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 15:19:31 +0000
+Subject: [PATCH] Resolve two redundant securityContext problems
+
+---
+ nova/templates/statefulset-compute-ironic.yaml | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml
+index 377555d6..37d3fc5a 100644
+--- a/nova/templates/statefulset-compute-ironic.yaml
++++ b/nova/templates/statefulset-compute-ironic.yaml
+@@ -51,8 +51,6 @@ spec:
+ {{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.agent.compute_ironic.node_selector_key }}: {{ .Values.labels.agent.compute_ironic.node_selector_value }}
+- securityContext:
+- runAsUser: 0
+ hostPID: true
+ dnsPolicy: ClusterFirstWithHostNet
+ initContainers:
+--
+2.34.1
+
diff --git a/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml b/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml
new file mode 100644
index 0000000..cb2d445
--- /dev/null
+++ b/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Keystone role now supports configuring multi-factor authentication for
+ the users within the Atmosphere realm.
diff --git a/releasenotes/notes/adding-nicname-as-an-option-f7e790ea8174e6af.yaml b/releasenotes/notes/adding-nicname-as-an-option-f7e790ea8174e6af.yaml
new file mode 100644
index 0000000..103a6db
--- /dev/null
+++ b/releasenotes/notes/adding-nicname-as-an-option-f7e790ea8174e6af.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ It is now possible to configure DPDK interfaces using the interface names in addition to
+ possibly being able to use the ``pci_id`` to ease deploying in heterogeneous environments.
diff --git a/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml b/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml
new file mode 100644
index 0000000..4414c45
--- /dev/null
+++ b/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Barbican role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml b/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml
new file mode 100644
index 0000000..a42e7c2
--- /dev/null
+++ b/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Designate role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml b/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml
new file mode 100644
index 0000000..799899e
--- /dev/null
+++ b/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - |
+ Fix two redundant securityContext problems in
+ statefulset-compute-ironic.yaml template.
diff --git a/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml b/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml
new file mode 100644
index 0000000..2b52c90
--- /dev/null
+++ b/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml
@@ -0,0 +1,8 @@
+---
+security:
+ - The Horizon service now runs as the non-privileged user `horizon` in the
+ container.
+ - The Horizon service ``ALLOWED_HOSTS`` setting is now configured to point
+ to the configured endpoints for the service.
+ - The CORS headers are now configured to only allow requests from the
+ configured endpoints for the service.
diff --git a/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml b/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml
new file mode 100644
index 0000000..ed17275
--- /dev/null
+++ b/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Ironic role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml b/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml
new file mode 100644
index 0000000..90ff058
--- /dev/null
+++ b/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Manila role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/roles/barbican/tests/priorityclass_test.yaml b/roles/barbican/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..cebccc4
--- /dev/null
+++ b/roles/barbican/tests/priorityclass_test.yaml
@@ -0,0 +1,48 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ barbican_api: platform
+ barbican_tests: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/barbican/tests/runtimeclass_test.yaml b/roles/barbican/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..2ee6b08
--- /dev/null
+++ b/roles/barbican/tests/runtimeclass_test.yaml
@@ -0,0 +1,48 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ barbican_api: kata-clh
+ barbican_tests: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/designate/tests/priorityclass_test.yaml b/roles/designate/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..c8de434
--- /dev/null
+++ b/roles/designate/tests/priorityclass_test.yaml
@@ -0,0 +1,96 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # notExists:
+ # path: spec.template.spec.priorityClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ designate_api: platform
+ designate_central: platform
+ designate_mdns: platform
+ designate_producer: platform
+ designate_sink: platform
+ designate_worker: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # equal:
+ # path: spec.template.spec.priorityClassName
+ # value: platform
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/designate/tests/runtimeclass_test.yaml b/roles/designate/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..ac10d05
--- /dev/null
+++ b/roles/designate/tests/runtimeclass_test.yaml
@@ -0,0 +1,96 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # notExists:
+ # path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ designate_api: kata-clh
+ designate_central: kata-clh
+ designate_mdns: kata-clh
+ designate_producer: kata-clh
+ designate_sink: kata-clh
+ designate_worker: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # equal:
+ # path: spec.template.spec.runtimeClassName
+ # value: kata-clh
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/horizon/vars/main.yml b/roles/horizon/vars/main.yml
index 3e4f541..e0499bb 100644
--- a/roles/horizon/vars/main.yml
+++ b/roles/horizon/vars/main.yml
@@ -17,6 +17,16 @@
images:
tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('horizon') }}"
pod:
+ security_context:
+ horizon:
+ pod:
+ fsGroup: 42424
+ db_sync:
+ pod:
+ fsGroup: 42424
+ tests:
+ pod:
+ fsGroup: 42424
replicas:
server: 3
conf:
@@ -24,6 +34,8 @@
local_settings:
config:
disallow_iframe_embed: "True"
+ allowed_hosts:
+ - "{{ openstack_helm_endpoints_horizon_api_host }}"
secure_proxy_ssl_header: "True"
horizon_images_upload_mode: direct
openstack_enable_password_retrieve: "True"
@@ -55,3 +67,5 @@
_horizon_ingress_annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "5000m"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+ nginx.ingress.kubernetes.io/enable-cors: "true"
+ nginx.ingress.kubernetes.io/cors-allow-origin: "{{ openstack_helm_endpoints_horizon_api_host }}"
diff --git a/roles/ironic/tests/priorityclass_test.yaml b/roles/ironic/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..7bd89b3
--- /dev/null
+++ b/roles/ironic/tests/priorityclass_test.yaml
@@ -0,0 +1,36 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ ironic_api: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/ironic/tests/runtimeclass_test.yaml b/roles/ironic/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..d93e9df
--- /dev/null
+++ b/roles/ironic/tests/runtimeclass_test.yaml
@@ -0,0 +1,36 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ ironic_api: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/keystone/defaults/main.yml b/roles/keystone/defaults/main.yml
index 92465c6..0e7144e 100644
--- a/roles/keystone/defaults/main.yml
+++ b/roles/keystone/defaults/main.yml
@@ -44,6 +44,7 @@
# keystone_keycloak_realm_default_brute_force_max_delta_time_seconds:
# keystone_keycloak_realm_default_minimum_quick_login_wait_seconds:
# keystone_keycloak_realm_default_quick_login_check_milli_seconds:
+# keystone_keycloak_realm_default_totp_default_action:
keystone_keycloak_client_id: keystone
# keystone_keycloak_client_secret:
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index 84dc047..d900ed7 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -41,6 +41,28 @@
loop_control:
label: "{{ item.name }}"
+- name: Setup Keycloak Authentication Required Actions (MFA)
+ community.general.keycloak_authentication_required_actions:
+ # Keycloak settings
+ auth_keycloak_url: "{{ item.keycloak_server_url }}"
+ auth_realm: "{{ item.keycloak_user_realm_name }}"
+ auth_client_id: "{{ item.keycloak_admin_client_id }}"
+ auth_username: "{{ item.keycloak_admin_user }}"
+ auth_password: "{{ item.keycloak_admin_password }}"
+ validate_certs: "{{ cluster_issuer_type != 'self-signed' }}"
+ # Realm settings
+ realm: "{{ item.name }}"
+ required_actions:
+ - alias: "CONFIGURE_TOTP"
+ name: "Configure OTP"
+ providerId: "CONFIGURE_TOTP"
+ defaultAction: "{{ item.keycloak_totp_default_action | default(keystone_keycloak_realm_default_totp_default_action | default(omit)) }}"
+ enabled: true
+ state: present
+ loop: "{{ keystone_domains }}"
+ loop_control:
+ label: "{{ item.name }}"
+
- name: Create ConfigMap with all OpenID connect configurations
run_once: true
kubernetes.core.k8s:
diff --git a/roles/manila/tests/priorityclass_test.yaml b/roles/manila/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..397d8ea
--- /dev/null
+++ b/roles/manila/tests/priorityclass_test.yaml
@@ -0,0 +1,84 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ manila_api: platform
+ manila_data: platform
+ manila_scheduler: platform
+ manila_share: platform
+ manila_tests: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/manila/tests/runtimeclass_test.yaml b/roles/manila/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..080d6c1
--- /dev/null
+++ b/roles/manila/tests/runtimeclass_test.yaml
@@ -0,0 +1,84 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ manila_api: kata-clh
+ manila_data: kata-clh
+ manila_scheduler: kata-clh
+ manila_tests: kata-clh
+ manila_share: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/tempest/vars/main.yml b/roles/tempest/vars/main.yml
index 39eb424..068cd87 100644
--- a/roles/tempest/vars/main.yml
+++ b/roles/tempest/vars/main.yml
@@ -33,7 +33,8 @@
endpoint_type: internal
fixed_network_name: public
dashboard:
- dashboard_url: "http://horizon-int.openstack.svc.cluster.local"
+ dashboard_url: "https://{{ openstack_helm_endpoints_horizon_api_host }}"
+ disable_ssl_certificate_validation: "{{ cluster_issuer_type == 'self-signed' }}"
identity:
v3_endpoint_type: internal
image: