chore: Set openstack version Zed (#310)
* chore: Set openstack version Zed
* Update chart versions
* Fixes after e2e test
- Add python-binary-memcached as default pip package (required for oslo_cache.memcache_pool backend)
- install nova first then neutron because network creation requires az creation first by nova helmrelease
- update registry url for some images
* Update charts
Apply horizon patch for mysqlclient version upgrade
* Add neutron patchset to add placement auth config
* Add neutron patch and set nova-ssh tag as latest
* Update horizon chart
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index e43c866..818a9b9 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/nova
- https://opendev.org/openstack/openstack-helm
-version: 0.2.32
+version: 0.3.1
diff --git a/charts/nova/charts/helm-toolkit/Chart.yaml b/charts/nova/charts/helm-toolkit/Chart.yaml
index 751c291..c1296b9 100644
--- a/charts/nova/charts/helm-toolkit/Chart.yaml
+++ b/charts/nova/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.38
+version: 0.2.51
diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl
index c1693aa..4c476b2 100644
--- a/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/manifests/_ingress.tpl
@@ -685,7 +685,9 @@
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
{{- end }}
{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }}
-{{- range $key2, $ingressController := tuple "namespace" "cluster" }}
+{{- $ingressConf := $envAll.Values.network -}}
+{{- $ingressClasses := ternary (tuple "namespace") (tuple "namespace" "cluster") (and (hasKey $ingressConf "use_external_ingress_controller") $ingressConf.use_external_ingress_controller) }}
+{{- range $key2, $ingressController := $ingressClasses }}
{{- $vHosts := list $hostNameFull }}
---
apiVersion: networking.k8s.io/v1
@@ -704,7 +706,6 @@
{{- range $v := without (index $endpointHost.tls "dnsNames" | default list) $hostNameFull }}
{{- $vHosts = append $vHosts $v }}
{{- end }}
-{{- if and ( not ( empty $endpointHost.tls.key ) ) ( not ( empty $endpointHost.tls.crt ) ) }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
{{- $_ := required "You need to specify a secret in your values for the endpoint" $secretName }}
tls:
@@ -716,7 +717,6 @@
{{- end }}
{{- end }}
{{- end }}
-{{- end }}
rules:
{{- range $vHost := $vHosts }}
{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
new file mode 100644
index 0000000..4854bb1
--- /dev/null
+++ b/charts/nova/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
@@ -0,0 +1,93 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+ Creates a manifest for a authenticating a registry with a secret
+examples:
+ - values: |
+ secrets:
+ oci_image_registry:
+ {{ $serviceName }}: {{ $keyName }}
+ endpoints:
+ oci_image_registry:
+ name: oci-image-registry
+ auth:
+ enabled: true
+ {{ $serviceName }}:
+ name: {{ $userName }}
+ password: {{ $password }}
+ usage: |
+ {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
+ return: |
+ ---
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: {{ $secretName }}
+ type: kubernetes.io/dockerconfigjson
+ data:
+ dockerconfigjson: {{ $dockerAuth }}
+
+ - values: |
+ secrets:
+ oci_image_registry:
+ {{ $serviceName }}: {{ $keyName }}
+ endpoints:
+ oci_image_registry:
+ name: oci-image-registry
+ auth:
+ enabled: true
+ {{ $serviceName }}:
+ name: {{ $userName }}
+ password: {{ $password }}
+ usage: |
+ {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
+ return: |
+ ---
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: {{ $secretName }}
+ type: kubernetes.io/dockerconfigjson
+ data:
+ dockerconfigjson: {{ $dockerAuth }}
+*/}}
+
+{{- define "helm-toolkit.manifests.secret_registry" }}
+{{- $envAll := index . "envAll" }}
+{{- $registryUser := index . "registryUser" }}
+{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }}
+{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
+{{/*
+We only use "host:port" when port is non-null, else just use "host"
+*/}}
+{{- $registryPort := "" }}
+{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }}
+{{- if $port }}
+{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- $registryPort = printf ":%s" $port }}
+{{- end }}
+{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }}
+{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }}
+{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ $dockerAuth }}
+{{- end -}}
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
index 87872d6..3739f95 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/_rabbit-init.sh.tpl
@@ -77,6 +77,11 @@
password="${RABBITMQ_PASSWORD}" \
tags="user"
+echo "Deleting Guest User"
+rabbitmqadmin_cli \
+ delete user \
+ name="guest" || true
+
if [ "${RABBITMQ_VHOST}" != "/" ]
then
echo "Managing: vHost: ${RABBITMQ_VHOST}"
diff --git a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index db12915..9597d34 100644
--- a/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -66,6 +66,14 @@
# framework will automatically tar/zip the files in that directory and
# name the tarball appropriately according to the proper conventions.
#
+# verify_databases_backup_archives [scope]
+# returns: 0 if no errors; 1 if any errors occurred
+#
+# This function is expected to verify the database backup archives. If this function
+# completes successfully (returns 0), the
+# framework will automatically starts remote backup upload.
+#
+#
# The functions in this file will take care of:
# 1) Calling "dump_databases_to_directory" and then compressing the files,
# naming the tarball properly, and then storing it locally at the specified
@@ -90,6 +98,16 @@
exit $ERRCODE
}
+log_verify_backup_exit() {
+ MSG=$1
+ ERRCODE=${2:-0}
+ log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}"
+ rm -f $ERR_LOG_FILE
+ # rm -rf $TMP_DIR
+ exit $ERRCODE
+}
+
+
log() {
#Log message to a file or stdout
#TODO: This can be convert into mail alert of alert send to a monitoring system
@@ -195,18 +213,52 @@
fi
fi
+ # load balance delay
+ DELAY=$((1 + ${RANDOM} % 300))
+ echo "Sleeping for ${DELAY} seconds to spread the load in time..."
+ sleep ${DELAY}
+
# Create an object to store the file
openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE
if [[ $? -ne 0 ]]; then
log WARN "${DB_NAME}_backup" "Cannot create container object ${FILE}!"
return 2
fi
+
openstack object show $CONTAINER_NAME $FILE
if [[ $? -ne 0 ]]; then
log WARN "${DB_NAME}_backup" "Unable to retrieve container object $FILE after creation."
return 2
fi
+ # load balance delay
+ DELAY=$((1 + ${RANDOM} % 300))
+ echo "Sleeping for ${DELAY} seconds to spread the load in time..."
+ sleep ${DELAY}
+
+ # Calculation remote file SHA256 hash
+ REMOTE_FILE=$(mktemp -p /tmp)
+ openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
+ rm -rf ${REMOTE_FILE}
+ return 1
+ fi
+
+ # Remote backup verification
+ SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
+ SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
+ if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ else
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
+ return 1
+ fi
+ rm -rf ${REMOTE_FILE}
+
log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully."
return 0
}
@@ -253,6 +305,16 @@
return 1
}
+
+function get_archive_date(){
+# get_archive_date function returns correct archive date
+# for different formats of archives' names
+# the old one: <database name>.<namespace>.<table name | all>.<date-time>.tar.gz
+# the new one: <database name>.<namespace>.<table name | all>.<backup mode>.<date-time>.tar.gz
+ local A_FILE="$1"
+ awk -F. '{print $(NF-2)}' <<< ${A_FILE} | tr -d "Z"
+}
+
# This function takes a list of archives' names as an input
# and creates a hash table where keys are number of seconds
# between current date and archive date (see seconds_difference),
@@ -271,21 +333,6 @@
# possible case, when we have several backups of the same date. E.g.
# one manual, and one automatic.
-function get_archive_date(){
-# get_archive_date function returns correct archive date
-# for different formats of archives' names
-# the old one: <database name>.<namespace>.<table name | all>.<date-time>.tar.gz
-# the new one: <database name>.<namespace>.<table name | all>.<backup mode>.<date-time>.tar.gz
-local A_FILE="$1"
-local A_DATE=""
-if [[ -z ${BACK_UP_MODE} ]]; then
- A_DATE=$( awk -F/ '{print $NF}' <<< ${ARCHIVE_FILE} | cut -d'.' -f 4 | tr -d "Z")
-else
- A_DATE=$( awk -F/ '{print $NF}' <<< ${ARCHIVE_FILE} | cut -d'.' -f 5 | tr -d "Z")
-fi
-echo ${A_DATE}
-}
-
declare -A fileTable
create_hash_table() {
unset fileTable
@@ -329,33 +376,6 @@
}
remove_old_local_archives() {
- if [[ -d $ARCHIVE_DIR ]]; then
- count=0
- SECONDS_TO_KEEP=$((${LOCAL_DAYS_TO_KEEP}*86400))
- log INFO "${DB_NAME}_backup" "Deleting backups older than ${LOCAL_DAYS_TO_KEEP} days"
- # We iterate over the hash table, checking the delta in seconds (hash keys),
- # and minimum number of backups we must have in place. List of keys has to be sorted.
- for INDEX in $(tr " " "\n" <<< ${!FILETABLE[@]} | sort -n -); do
- ARCHIVE_FILE=${FILETABLE[${INDEX}]}
- if [[ ${INDEX} -le ${SECONDS_TO_KEEP} || ${count} -lt ${LOCAL_DAYS_TO_KEEP} ]]; then
- ((count++))
- log INFO "${DB_NAME}_backup" "Keeping file(s) ${ARCHIVE_FILE}."
- else
- log INFO "${DB_NAME}_backup" "Deleting file(s) ${ARCHIVE_FILE}."
- rm -rf $ARCHIVE_FILE
- if [[ $? -ne 0 ]]; then
- # Log error but don't exit so we can finish the script
- # because at this point we haven't sent backup to RGW yet
- log ERROR "${DB_NAME}_backup" "Failed to cleanup local backup. Cannot remove some of ${ARCHIVE_FILE}"
- fi
- fi
- done
- else
- log WARN "${DB_NAME}_backup" "The local backup directory ${$ARCHIVE_DIR} does not exist."
- fi
-}
-
-remove_old_local_archives() {
SECONDS_TO_KEEP=$(( $((${LOCAL_DAYS_TO_KEEP}))*86400))
log INFO "${DB_NAME}_backup" "Deleting backups older than ${LOCAL_DAYS_TO_KEEP} days (${SECONDS_TO_KEEP} seconds)"
if [[ -d $ARCHIVE_DIR ]]; then
@@ -400,8 +420,8 @@
count=0
SECONDS_TO_KEEP=$((${REMOTE_DAYS_TO_KEEP}*86400))
log INFO "${DB_NAME}_backup" "Deleting backups older than ${REMOTE_DAYS_TO_KEEP} days (${SECONDS_TO_KEEP} seconds)"
- for INDEX in $(tr " " "\n" <<< ${!FILETABLE[@]} | sort -n -); do
- ARCHIVE_FILE=${FILETABLE[${INDEX}]}
+ for INDEX in $(tr " " "\n" <<< ${!fileTable[@]} | sort -n -); do
+ ARCHIVE_FILE=${fileTable[${INDEX}]}
if [[ ${INDEX} -lt ${SECONDS_TO_KEEP} || ${count} -lt ${REMOTE_DAYS_TO_KEEP} ]]; then
((count++))
log INFO "${DB_NAME}_backup" "Keeping remote backup(s) ${ARCHIVE_FILE}."
@@ -414,10 +434,12 @@
# Cleanup now that we're done.
for fd in ${BACKUP_FILES} ${DB_BACKUP_FILES}; do
- if [[ -f fd ]]; then
- rm -f fd
- else
- log WARN "${DB_NAME}_backup" "Can not delete a temporary file ${fd}"
+ if [[ -f ${fd} ]]; then
+ rm -f ${fd}
+ else
+ log WARN "${DB_NAME}_backup" "Can not delete a temporary file ${fd}"
+ fi
+ done
}
# Main function to backup the databases. Calling functions need to supply:
@@ -474,10 +496,6 @@
cd $ARCHIVE_DIR
- # Remove the temporary directory and files as they are no longer needed.
- rm -rf $TMP_DIR
- rm -f $ERR_LOG_FILE
-
#Only delete the old archive after a successful archive
export LOCAL_DAYS_TO_KEEP=$(echo $LOCAL_DAYS_TO_KEEP | sed 's/"//g')
if [[ "$LOCAL_DAYS_TO_KEEP" -gt 0 ]]; then
@@ -489,6 +507,25 @@
done
fi
+ # Local backup verification process
+
+ # It is expected that this function will verify the database backup files
+ if verify_databases_backup_archives ${SCOPE}; then
+ log INFO "${DB_NAME}_backup_verify" "Databases backup verified successfully. Uploading verified backups to remote location..."
+ else
+ # If successful, there should be at least one file in the TMP_DIR
+ if [[ $(ls $TMP_DIR | wc -w) -eq 0 ]]; then
+ cat $ERR_LOG_FILE
+ fi
+ log_verify_backup_exit "Verify of the ${DB_NAME} database backup failed and needs attention."
+ exit 1
+ fi
+
+ # Remove the temporary directory and files as they are no longer needed.
+ rm -rf $TMP_DIR
+ rm -f $ERR_LOG_FILE
+
+ # Remote backup
REMOTE_BACKUP=$(echo $REMOTE_BACKUP_ENABLED | sed 's/"//g')
if $REMOTE_BACKUP; then
# Remove Quotes from the constants which were added due to reading
@@ -517,8 +554,12 @@
#Only delete the old archive after a successful archive
if [[ "$REMOTE_DAYS_TO_KEEP" -gt 0 ]]; then
prepare_list_of_remote_backups
- create_hash_table $(cat $DB_BACKUP_FILES)
- remove_old_remote_archives
+ get_backup_prefix $(cat $DB_BACKUP_FILES)
+ for ((i=0; i<${#PREFIXES[@]}; i++)); do
+ echo "Working with prefix: ${PREFIXES[i]}"
+ create_hash_table $(cat ${DB_BACKUP_FILES} | grep ${PREFIXES[i]})
+ remove_old_remote_archives
+ done
fi
echo "=================================================================="
@@ -537,4 +578,4 @@
echo "=================================================================="
fi
}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_configmap.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_configmap.tpl
index aa656c1..8ca1028 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_configmap.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_configmap.tpl
@@ -49,7 +49,7 @@
{{- if eq $envAll.Values.pod.mandatory_access_control.type "apparmor" -}}
{{- if hasKey $envAll.Values.pod.mandatory_access_control "configmap_apparmor" -}}
{{- if $envAll.Values.pod.mandatory_access_control.configmap_apparmor }}
-{{- $mapName := printf "%s-%s-%s" $envAll.Chart.Name $component "apparmor" -}}
+{{- $mapName := printf "%s-%s-%s" $envAll.Release.Name $component "apparmor" -}}
{{- if $envAll.Values.conf.apparmor_profiles }}
---
apiVersion: v1
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_volumes.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_volumes.tpl
index c5e07ee..baebaa3 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_volumes.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_apparmor_volumes.tpl
@@ -42,7 +42,7 @@
{{- $envAll := index . "envAll" -}}
{{- $component := index . "component" -}}
{{- $requireSys := index . "requireSys" | default false -}}
-{{- $configName := printf "%s-%s-%s" $envAll.Chart.Name $component "apparmor" -}}
+{{- $configName := printf "%s-%s-%s" $envAll.Release.Name $component "apparmor" -}}
{{- if hasKey $envAll.Values.pod "mandatory_access_control" -}}
{{- if hasKey $envAll.Values.pod.mandatory_access_control "type" -}}
{{- if hasKey $envAll.Values.pod.mandatory_access_control "configmap_apparmor" -}}
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl
index b8493b3..48b53fa 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_metadata_labels.tpl
@@ -37,7 +37,7 @@
{{- $envAll := index . 0 -}}
{{- $application := index . 1 -}}
{{- $component := index . 2 -}}
-release_group: {{ $envAll.Values.release_group | default $envAll.Chart.Name }}
+release_group: {{ $envAll.Values.release_group | default $envAll.Release.Name }}
application: {{ $application }}
component: {{ $component }}
{{- if ($envAll.Values.pod).labels }}
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl
index f1ad580..fabbcf8 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_anti_affinity.tpl
@@ -53,7 +53,7 @@
{{- $envAll := index . "envAll" -}}
{{- $application := index . "application" -}}
{{- $component := index . "component" -}}
-{{- $expressionRelease := dict "key" "release_group" "operator" "In" "values" ( list ( $envAll.Values.release_group | default $envAll.Chart.Name ) ) -}}
+{{- $expressionRelease := dict "key" "release_group" "operator" "In" "values" ( list ( $envAll.Values.release_group | default $envAll.Release.Name ) ) -}}
{{- $expressionApplication := dict "key" "application" "operator" "In" "values" ( list $application ) -}}
{{- $expressionComponent := dict "key" "component" "operator" "In" "values" ( list $component ) -}}
{{- list $expressionRelease $expressionApplication $expressionComponent | toYaml }}
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
index c2576d5..90a7a65 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_roles.tpl
@@ -17,7 +17,7 @@
{{- $deps := index . 1 -}}
{{- $saName := index . 2 | replace "_" "-" }}
{{- $saNamespace := index . 3 -}}
-{{- $releaseName := $envAll.Chart.Name }}
+{{- $releaseName := $envAll.Release.Name }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index 4cc898d..bc2045e 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -42,6 +42,12 @@
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+{{- if $envAll.Values.manifests.secret_registry }}
+{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }}
+imagePullSecrets:
+ - name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }}
+{{- end -}}
+{{- end -}}
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
diff --git a/charts/nova/charts/helm-toolkit/templates/snippets/_values_template_renderer.tpl b/charts/nova/charts/helm-toolkit/templates/snippets/_values_template_renderer.tpl
index 7fa180a..6e9d5a1 100644
--- a/charts/nova/charts/helm-toolkit/templates/snippets/_values_template_renderer.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/snippets/_values_template_renderer.tpl
@@ -28,7 +28,7 @@
{{ include "helm-toolkit.utils.joinListWithComma" .Values.conf.inputs }}
config_to_complete:
#here we can fill out params, but things need to be valid yaml as input
- '{{ .Chart.Name }}': '{{ printf "%s-%s" .Release.Namespace "namespace" }}'
+ '{{ .Release.Name }}': '{{ printf "%s-%s" .Release.Namespace "namespace" }}'
static_config:
#this is just passed though as yaml to the configmap
foo: bar
diff --git a/charts/nova/charts/helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl b/charts/nova/charts/helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl
index d66663f..885a86c 100644
--- a/charts/nova/charts/helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/utils/_to_k8s_env_secret_vars.tpl
@@ -40,7 +40,7 @@
- name: {{ $key }}
valueFrom:
secretKeyRef:
- name: {{ printf "%s-%s" $context.Chart.Name "env-secret" | quote }}
+ name: {{ printf "%s-%s" $context.Release.Name "env-secret" | quote }}
key: {{ $key }}
{{ end -}}
{{- end -}}
diff --git a/charts/nova/requirements.lock b/charts/nova/requirements.lock
index 159c53a..75ab5ad 100644
--- a/charts/nova/requirements.lock
+++ b/charts/nova/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.38
-digest: sha256:5e8c9ccd0834d092abdcf29f1a6d79c906d4aa9f61c375d617f69a342c40747f
-generated: "2022-03-25T19:12:55.919908558Z"
+ version: 0.2.51
+digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
+generated: "2023-01-30T23:09:59.565900423Z"
diff --git a/charts/nova/templates/bin/_health-probe.py.tpl b/charts/nova/templates/bin/_health-probe.py.tpl
index 0185319..4034df7 100644
--- a/charts/nova/templates/bin/_health-probe.py.tpl
+++ b/charts/nova/templates/bin/_health-probe.py.tpl
@@ -154,7 +154,6 @@
dict_services = {
"compute": "nova-compute",
"conductor": "nova-conductor",
- "consoleauth": "nova-consoleaut",
"scheduler": "nova-scheduler"
}
r_ports, d_ports = configured_port_in_conf()
diff --git a/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl b/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
index 6218d29..1663692 100644
--- a/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
+++ b/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
@@ -51,6 +51,7 @@
[vnc]
vncserver_proxyclient_address = $client_address
vncserver_listen = $listen_ip
+novncproxy_host = $listen_ip
EOF
elif [ "${console_kind}" == "spice" ] ; then
cat <<EOF>/tmp/pod-shared/nova-spice.ini
diff --git a/charts/nova/templates/bin/_nova-placement-api.sh.tpl b/charts/nova/templates/bin/_nova-placement-api.sh.tpl
deleted file mode 100644
index 762af44..0000000
--- a/charts/nova/templates/bin/_nova-placement-api.sh.tpl
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-COMMAND="${@:-start}"
-
-function start () {
-
- cp -a $(type -p nova-placement-api) /var/www/cgi-bin/nova/
-
- if [ -f /etc/apache2/envvars ]; then
- # Loading Apache2 ENV variables
- source /etc/apache2/envvars
- # The directory below has to be created due to the fact that
- # libapache2-mod-wsgi-py3 doesn't create it in contrary by libapache2-mod-wsgi
- if [ ! -d ${APACHE_RUN_DIR} ]; then
- mkdir -p ${APACHE_RUN_DIR}
- fi
- fi
-
- # Start Apache2
- {{- if .Values.conf.software.apache2.a2enmod }}
- {{- range .Values.conf.software.apache2.a2enmod }}
- a2enmod {{ . }}
- {{- end }}
- {{- end }}
- {{- if .Values.conf.software.apache2.a2dismod }}
- {{- range .Values.conf.software.apache2.a2dismod }}
- a2dismod {{ . }}
- {{- end }}
- {{- end }}
- exec {{ .Values.conf.software.apache2.binary }} {{ .Values.conf.software.apache2.start_parameters }}
-}
-
-function stop () {
- if [ -f /etc/apache2/envvars ]; then
- source /etc/apache2/envvars
- fi
- {{ .Values.conf.software.apache2.binary }} -k graceful-stop
-}
-
-$COMMAND
diff --git a/charts/nova/templates/configmap-bin.yaml b/charts/nova/templates/configmap-bin.yaml
index 141130a..90a91a9 100644
--- a/charts/nova/templates/configmap-bin.yaml
+++ b/charts/nova/templates/configmap-bin.yaml
@@ -69,8 +69,6 @@
{{ tuple "bin/_nova-api-metadata.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-api-metadata-init.sh: |
{{ tuple "bin/_nova-api-metadata-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- nova-placement-api.sh: |
-{{ tuple "bin/_nova-placement-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-compute.sh: |
{{ tuple "bin/_nova-compute.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-compute-init.sh: |
@@ -79,8 +77,6 @@
{{ tuple "bin/_nova-compute-ironic.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-conductor.sh: |
{{ tuple "bin/_nova-conductor.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- nova-consoleauth.sh: |
-{{ tuple "bin/_nova-consoleauth.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
nova-scheduler.sh: |
{{ tuple "bin/_nova-scheduler.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
fake-iptables.sh: |
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index c92fd93..12ad86c 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -11,6 +11,11 @@
See the License for the specific language governing permissions and
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
{{- define "nova.configmap.etc" }}
{{- $configMapName := index . 0 }}
@@ -236,13 +241,13 @@
{{- end -}}
{{- if empty .Values.conf.nova.DEFAULT.osapi_compute_listen_port -}}
-{{- $_ := tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
+{{- $_ := tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "osapi_compute_listen_port" -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .deployment_name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
@@ -278,7 +283,6 @@
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
nova-ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.nova_ironic | b64enc }}
-{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_placement "key" "wsgi-nova-placement.conf" "format" "Secret" ) | indent 2 }}
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.mpm_event "key" "mpm_event.conf" "format" "Secret" ) | indent 2 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.wsgi_nova_api "key" "wsgi-api.conf" "format" "Secret" ) | indent 2 }}
diff --git a/charts/nova/templates/cron-job-archive-deleted-rows.yaml b/charts/nova/templates/cron-job-archive-deleted-rows.yaml
index 7baa330..7316b3a 100644
--- a/charts/nova/templates/cron-job-archive-deleted-rows.yaml
+++ b/charts/nova/templates/cron-job-archive-deleted-rows.yaml
@@ -18,7 +18,7 @@
{{- $serviceAccountName := "nova-archive-deleted-rows-cron" }}
{{ tuple $envAll "archive_deleted_rows" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
kind: CronJob
metadata:
name: nova-archive-deleted-rows
@@ -47,6 +47,9 @@
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
initContainers:
{{ tuple $envAll "archive-deleted-rows" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
containers:
@@ -56,6 +59,11 @@
{{ dict "envAll" $envAll "application" "archive_deleted_rows" "container" "nova_archive_deleted_rows" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
command:
- /tmp/archive-deleted-rows.sh
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/nova/certs/ca.crt"
+{{- end }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
@@ -71,6 +79,7 @@
mountPath: /tmp/archive-deleted-rows.sh
readOnly: true
subPath: archive-deleted-rows.sh
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
volumes:
- name: pod-tmp
@@ -82,4 +91,6 @@
- name: archive-deleted-rows-conf
secret:
secretName: nova-etc
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }}
diff --git a/charts/nova/templates/cron-job-cell-setup.yaml b/charts/nova/templates/cron-job-cell-setup.yaml
index 18b661a..b90b84e 100644
--- a/charts/nova/templates/cron-job-cell-setup.yaml
+++ b/charts/nova/templates/cron-job-cell-setup.yaml
@@ -18,7 +18,7 @@
{{- $serviceAccountName := "nova-cell-setup-cron" }}
{{ tuple $envAll "cell_setup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
kind: CronJob
metadata:
name: nova-cell-setup
@@ -47,6 +47,9 @@
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
initContainers:
{{ tuple $envAll "cell_setup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
containers:
@@ -56,6 +59,11 @@
{{ dict "envAll" $envAll "application" "cell_setup" "container" "nova_cell_setup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
command:
- /tmp/cell-setup.sh
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/nova/certs/ca.crt"
+{{- end }}
volumeMounts:
- name: pod-tmp
mountPath: /tmp
@@ -79,7 +87,9 @@
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
+
volumes:
- name: pod-tmp
emptyDir: {}
@@ -93,5 +103,7 @@
configMap:
name: nova-bin
defaultMode: 0555
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
+
{{- end }}
diff --git a/charts/nova/templates/cron-job-service-cleaner.yaml b/charts/nova/templates/cron-job-service-cleaner.yaml
index bbe3fab..dd61db7 100644
--- a/charts/nova/templates/cron-job-service-cleaner.yaml
+++ b/charts/nova/templates/cron-job-service-cleaner.yaml
@@ -18,7 +18,7 @@
{{- $serviceAccountName := "nova-service-cleaner" }}
{{ tuple $envAll "service_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
-apiVersion: batch/v1beta1
+apiVersion: batch/v1
kind: CronJob
metadata:
name: nova-service-cleaner
@@ -47,6 +47,9 @@
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
initContainers:
{{ tuple $envAll "service_cleaner" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
containers:
@@ -55,7 +58,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.jobs.service_cleaner | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "service_cleaner" "container" "nova_service_cleaner" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.nova "useCA" .Values.manifests.certificates}}
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.nova "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 14 }}
{{- end }}
command:
@@ -69,7 +72,7 @@
readOnly: true
- name: etcnova
mountPath: /etc/nova
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -83,5 +86,5 @@
configMap:
name: nova-bin
defaultMode: 0555
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- end }}
diff --git a/charts/nova/templates/daemonset-compute.yaml b/charts/nova/templates/daemonset-compute.yaml
index e600e58..f6bab51 100644
--- a/charts/nova/templates/daemonset-compute.yaml
+++ b/charts/nova/templates/daemonset-compute.yaml
@@ -78,6 +78,9 @@
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
hostNetwork: true
hostPID: true
hostIPC: true
@@ -273,7 +276,7 @@
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
-{{- if .Values.manifests.certificates }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
value: "/etc/nova/certs/ca.crt"
{{- end }}
@@ -428,7 +431,7 @@
subPath: tf-plugin.pth
readOnly: true
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.network.ssh.enabled }}
@@ -441,7 +444,7 @@
value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.network.ssh.key_types | quote }}
- name: SSH_PORT
value: {{ .Values.network.ssh.port | quote }}
-{{- if .Values.manifests.certificates }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
value: "/etc/nova/certs/ca.crt"
{{- end }}
@@ -457,7 +460,7 @@
mountPath: /tmp/ssh-start.sh
subPath: ssh-start.sh
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
{{ end }}
volumes:
@@ -543,7 +546,7 @@
- name: tf-plugin-bin
emptyDir: {}
{{- end }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index c663a23..e7039f5 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -13,12 +13,16 @@
*/}}
{{- define "novaApiMetadataLivenessProbeTemplate" }}
-tcpSocket:
+httpGet:
+ scheme: {{ tuple "compute_metadata" "service" "metadata" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
port: {{ .Values.network.metadata.port }}
{{- end }}
{{- define "novaApiMetadataReadinessProbeTemplate" }}
-tcpSocket:
+httpGet:
+ scheme: {{ tuple "compute_metadata" "service" "metadata" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
port: {{ .Values.network.metadata.port }}
{{- end }}
@@ -61,6 +65,9 @@
{{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.api_metadata.node_selector_key }}: {{ .Values.labels.api_metadata.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.metadata.timeout | default "30" }}
initContainers:
{{ tuple $envAll "api_metadata" $mounts_nova_api_metadata_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@@ -88,6 +95,11 @@
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/nova/certs/ca.crt"
+{{- end }}
command:
- /tmp/nova-api-metadata.sh
- start
@@ -179,7 +191,7 @@
readOnly: true
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: pod-tmp
@@ -199,6 +211,6 @@
- name: pod-shared
emptyDir: {}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index 41c1faf..4cb6744 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -13,13 +13,17 @@
*/}}
{{- define "novaApiOsapiLivenessProbeTemplate" }}
-tcpSocket:
- port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+httpGet:
+ scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
+ port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- define "novaApiOsapiReadinessProbeTemplate" }}
-tcpSocket:
- port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+httpGet:
+ scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
+ path: /
+ port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
{{- if .Values.manifests.deployment_api_osapi }}
@@ -61,6 +65,9 @@
{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.osapi.node_selector_key }}: {{ .Values.labels.osapi.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.osapi.timeout | default "30" }}
initContainers:
{{ tuple $envAll "api" $mounts_nova_api_osapi_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
@@ -69,6 +76,11 @@
{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova" "container" "nova_osapi" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/nova/certs/ca.crt"
+{{- end }}
command:
- /tmp/nova-api.sh
- start
@@ -80,7 +92,7 @@
- stop
ports:
- name: n-api
- containerPort: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ containerPort: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "liveness" "probeTemplate" (include "novaApiOsapiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "readiness" "probeTemplate" (include "novaApiOsapiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
volumeMounts:
@@ -127,7 +139,7 @@
readOnly: true
{{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -148,7 +160,7 @@
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/nova/templates/deployment-conductor.yaml b/charts/nova/templates/deployment-conductor.yaml
index 5335a4c..df07583 100644
--- a/charts/nova/templates/deployment-conductor.yaml
+++ b/charts/nova/templates/deployment-conductor.yaml
@@ -74,6 +74,9 @@
{{ tuple $envAll "nova" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
initContainers:
{{ tuple $envAll "conductor" $mounts_nova_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
@@ -88,7 +91,7 @@
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
-{{- if .Values.manifests.certificates }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
value: "/etc/nova/certs/ca.crt"
{{- end }}
@@ -119,7 +122,7 @@
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" "certs" (tuple "ca.crt") | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" "certs" (tuple "ca.crt") | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
@@ -134,7 +137,7 @@
secret:
secretName: nova-etc
defaultMode: 0444
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_conductor.volumes }}{{ toYaml $mounts_nova_conductor.volumes | indent 8 }}{{ end }}
diff --git a/charts/nova/templates/deployment-consoleauth.yaml b/charts/nova/templates/deployment-consoleauth.yaml
deleted file mode 100644
index c4a781f..0000000
--- a/charts/nova/templates/deployment-consoleauth.yaml
+++ /dev/null
@@ -1,133 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "novaConsoleauthLivenessProbeTemplate" }}
-exec:
- command:
- - python
- - /tmp/health-probe.py
- - --config-file
- - /etc/nova/nova.conf
- - --service-queue-name
- - consoleauth
- - --liveness-probe
-{{- end }}
-
-{{- define "novaConsoleauthReadinessProbeTemplate" }}
-exec:
- command:
- - python
- - /tmp/health-probe.py
- - --config-file
- - /etc/nova/nova.conf
- - --service-queue-name
- - consoleauth
-{{- end }}
-
-{{- if .Values.manifests.deployment_consoleauth }}
-{{- $envAll := . }}
-
-{{- $mounts_nova_consoleauth := .Values.pod.mounts.nova_consoleauth.nova_consoleauth }}
-{{- $mounts_nova_consoleauth_init := .Values.pod.mounts.nova_consoleauth.init_container }}
-
-{{- $serviceAccountName := "nova-consoleauth" }}
-{{ tuple $envAll "consoleauth" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nova-consoleauth
- annotations:
- {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
- labels:
-{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-spec:
- replicas: {{ .Values.pod.replicas.consoleauth }}
- selector:
- matchLabels:
-{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
-{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
- template:
- metadata:
- labels:
-{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- annotations:
-{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
-{{ dict "envAll" $envAll "podName" "nova-consoleauth" "containerNames" (list "nova-consoleauth" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
- spec:
- serviceAccountName: {{ $serviceAccountName }}
-{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
- affinity:
-{{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
- nodeSelector:
- {{ .Values.labels.consoleauth.node_selector_key }}: {{ .Values.labels.consoleauth.node_selector_value }}
- initContainers:
-{{ tuple $envAll "consoleauth" $mounts_nova_consoleauth_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- containers:
- - name: nova-consoleauth
-{{ tuple $envAll "nova_consoleauth" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.consoleauth | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "nova" "container" "nova_consoleauth" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-{{ dict "envAll" $envAll "component" "consoleauth" "container" "default" "type" "liveness" "probeTemplate" (include "novaConsoleauthLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-{{ dict "envAll" $envAll "component" "consoleauth" "container" "default" "type" "readiness" "probeTemplate" (include "novaConsoleauthReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- env:
- - name: RPC_PROBE_TIMEOUT
- value: "{{ .Values.pod.probes.rpc_timeout }}"
- - name: RPC_PROBE_RETRIES
- value: "{{ .Values.pod.probes.rpc_retries }}"
- command:
- - /tmp/nova-consoleauth.sh
- volumeMounts:
- - name: pod-tmp
- mountPath: /tmp
- - name: nova-bin
- mountPath: /tmp/nova-consoleauth.sh
- subPath: nova-consoleauth.sh
- readOnly: true
- - name: nova-bin
- mountPath: /tmp/health-probe.py
- subPath: health-probe.py
- readOnly: true
- - name: nova-etc
- mountPath: /etc/nova/nova.conf
- subPath: nova.conf
- readOnly: true
- {{- if .Values.conf.nova.DEFAULT.log_config_append }}
- - name: nova-etc
- mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
- subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
- readOnly: true
- {{- end }}
- - name: nova-etc
- mountPath: /etc/nova/policy.yaml
- subPath: policy.yaml
- readOnly: true
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }}
- volumes:
- - name: pod-tmp
- emptyDir: {}
- - name: nova-bin
- configMap:
- name: nova-bin
- defaultMode: 0555
- - name: nova-etc
- secret:
- secretName: nova-etc
- defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{ if $mounts_nova_consoleauth.volumes }}{{ toYaml $mounts_nova_consoleauth.volumes | indent 8 }}{{ end }}
-{{- end }}
diff --git a/charts/nova/templates/deployment-novncproxy.yaml b/charts/nova/templates/deployment-novncproxy.yaml
index 68db32a..517005d 100644
--- a/charts/nova/templates/deployment-novncproxy.yaml
+++ b/charts/nova/templates/deployment-novncproxy.yaml
@@ -61,6 +61,9 @@
{{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
{{- if .Values.pod.useHostNetwork.novncproxy }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
diff --git a/charts/nova/templates/deployment-placement.yaml b/charts/nova/templates/deployment-placement.yaml
deleted file mode 100644
index 1391cd9..0000000
--- a/charts/nova/templates/deployment-placement.yaml
+++ /dev/null
@@ -1,142 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "novaPlacementLivenessProbeTemplate" }}
-tcpSocket:
- port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{- end }}
-
-{{- define "novaPlacementReadinessProbeTemplate" }}
-#NOTE(portdirect): use tcpSocket check as HTTP will return 401
-tcpSocket:
- port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{- end }}
-
-{{- if .Values.manifests.deployment_placement }}
-{{- $envAll := . }}
-
-{{- $mounts_nova_placement := .Values.pod.mounts.nova_placement.nova_placement }}
-{{- $mounts_nova_placement_init := .Values.pod.mounts.nova_placement.init_container }}
-
-{{- $serviceAccountName := "nova-placement-api" }}
-{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nova-placement-api
- annotations:
- {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
- labels:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
-spec:
- replicas: {{ .Values.pod.replicas.placement }}
- selector:
- matchLabels:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
-{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
- template:
- metadata:
- labels:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- annotations:
-{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
-{{ dict "envAll" $envAll "podName" "nova-placement" "containerNames" (list "nova-placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
- spec:
- serviceAccountName: {{ $serviceAccountName }}
- affinity:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
- nodeSelector:
- {{ .Values.labels.placement.node_selector_key }}: {{ .Values.labels.placement.node_selector_value }}
- terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.placement.timeout | default "30" }}
- initContainers:
-{{ tuple $envAll "api" $mounts_nova_placement_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- containers:
- - name: nova-placement-api
-{{ tuple $envAll "nova_placement" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.placement | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "nova" "container" "nova_placement_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/nova-placement-api.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/nova-placement-api.sh
- - stop
- ports:
- - name: p-api
- containerPort: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-{{ dict "envAll" $envAll "component" "placement" "container" "default" "type" "liveness" "probeTemplate" (include "novaPlacementLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-{{ dict "envAll" $envAll "component" "placement" "container" "default" "type" "readiness" "probeTemplate" (include "novaPlacementReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- volumeMounts:
- - name: pod-tmp
- mountPath: /tmp
- - name: wsgi-nova
- mountPath: /var/www/cgi-bin/nova
- - name: nova-bin
- mountPath: /tmp/nova-placement-api.sh
- subPath: nova-placement-api.sh
- readOnly: true
- - name: nova-etc
- mountPath: /etc/nova/nova.conf
- subPath: nova.conf
- readOnly: true
- {{- if .Values.conf.nova.DEFAULT.log_config_append }}
- - name: nova-etc
- mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
- subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
- readOnly: true
- {{- end }}
- - name: nova-etc
- mountPath: /etc/nova/api-paste.ini
- subPath: api-paste.ini
- readOnly: true
- - name: nova-etc
- mountPath: /etc/nova/policy.yaml
- subPath: policy.yaml
- readOnly: true
- - name: nova-etc
- mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-nova-placement.conf
- subPath: wsgi-nova-placement.conf
- readOnly: true
-{{- if .Values.conf.security }}
- - name: nova-etc
- mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf
- subPath: security.conf
- readOnly: true
-{{- end }}
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.placement.placement.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{ if $mounts_nova_placement.volumeMounts }}{{ toYaml $mounts_nova_placement.volumeMounts | indent 12 }}{{ end }}
- volumes:
- - name: pod-tmp
- emptyDir: {}
- - name: wsgi-nova
- emptyDir: {}
- - name: nova-bin
- configMap:
- name: nova-bin
- defaultMode: 0555
- - name: nova-etc
- secret:
- secretName: nova-etc
- defaultMode: 0444
-{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.placement.placement.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{ if $mounts_nova_placement.volumes }}{{ toYaml $mounts_nova_placement.volumes | indent 8 }}{{ end }}
-{{- end }}
diff --git a/charts/nova/templates/deployment-scheduler.yaml b/charts/nova/templates/deployment-scheduler.yaml
index b8a465e..e8a63a2 100644
--- a/charts/nova/templates/deployment-scheduler.yaml
+++ b/charts/nova/templates/deployment-scheduler.yaml
@@ -74,6 +74,9 @@
{{ tuple $envAll "nova" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
initContainers:
{{ tuple $envAll "scheduler" $mounts_nova_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
@@ -88,7 +91,7 @@
value: "{{ .Values.pod.probes.rpc_timeout }}"
- name: RPC_PROBE_RETRIES
value: "{{ .Values.pod.probes.rpc_retries }}"
-{{- if .Values.manifests.certificates }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
- name: REQUESTS_CA_BUNDLE
value: "/etc/nova/certs/ca.crt"
{{- end }}
@@ -120,7 +123,7 @@
subPath: policy.yaml
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -135,7 +138,7 @@
secretName: nova-etc
defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_scheduler.volumes }}{{ toYaml $mounts_nova_scheduler.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index 98046a0..e430d25 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -60,6 +60,9 @@
{{ tuple $envAll "nova" "spice-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.spiceproxy.node_selector_key }}: {{ .Values.labels.spiceproxy.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
diff --git a/charts/nova/templates/ingress-placement.yaml b/charts/nova/templates/ingress-placement.yaml
deleted file mode 100644
index 28b0f0d..0000000
--- a/charts/nova/templates/ingress-placement.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.manifests.ingress_placement .Values.network.placement.ingress.public }}
-{{- $envAll := . -}}
-{{- $ingressOpts := dict "envAll" $envAll "backendService" "placement" "backendServiceType" "placement" "backendPort" "p-api" -}}
-{{- $secretName := $envAll.Values.secrets.tls.placement.placement.internal -}}
-{{- if and .Values.manifests.certificates $secretName }}
-{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.placement.host_fqdn_override.default.tls.issuerRef.name -}}
-{{- end }}
-{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
-{{- end }}
diff --git a/charts/nova/templates/job-bootstrap.yaml b/charts/nova/templates/job-bootstrap.yaml
index c105f56..eb5e602 100644
--- a/charts/nova/templates/job-bootstrap.yaml
+++ b/charts/nova/templates/job-bootstrap.yaml
@@ -16,6 +16,7 @@
{{- if and $envAll.Values.manifests.job_bootstrap $envAll.Values.bootstrap.enabled }}
{{- $serviceName := "nova" -}}
{{- $keystoneUser := $envAll.Values.bootstrap.ks_user -}}
+{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
@@ -31,6 +32,7 @@
labels:
{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
+ backoffLimit: {{ $backoffLimit }}
template:
metadata:
labels:
@@ -43,6 +45,9 @@
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
initContainers:
{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
@@ -68,7 +73,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
-{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" .Values.manifests.certificates }}
+{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: WAIT_PERCENTAGE
@@ -96,7 +101,7 @@
mountPath: {{ $logConfigFile | quote }}
subPath: {{ base $logConfigFile | quote }}
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -110,7 +115,7 @@
secret:
secretName: {{ $configMapEtc | quote }}
defaultMode: 0444
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/charts/nova/templates/job-cell-setup.yaml b/charts/nova/templates/job-cell-setup.yaml
index cdcdf25..1ba49cb 100644
--- a/charts/nova/templates/job-cell-setup.yaml
+++ b/charts/nova/templates/job-cell-setup.yaml
@@ -38,6 +38,9 @@
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
initContainers:
{{ tuple $envAll "cell_setup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
@@ -61,7 +64,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.jobs.cell_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova_cell_setup" "container" "nova_cell_setup_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
-{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" .Values.manifests.certificates }}
+{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
command:
@@ -73,12 +76,17 @@
mountPath: /tmp/cell-setup-init.sh
subPath: cell-setup-init.sh
readOnly: true
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal (tuple "ca.crt") | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
containers:
- name: nova-cell-setup
{{ tuple $envAll "nova_cell_setup" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.cell_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "nova_cell_setup" "container" "nova_cell_setup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ env:
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/nova/certs/ca.crt"
+{{- end }}
command:
- /tmp/cell-setup.sh
volumeMounts:
@@ -105,6 +113,7 @@
subPath: policy.yaml
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
@@ -119,7 +128,7 @@
name: nova-bin
defaultMode: 0555
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
diff --git a/charts/nova/templates/job-db-drop.yaml b/charts/nova/templates/job-db-drop.yaml
index 9a6b1a0..b0471ef 100644
--- a/charts/nova/templates/job-db-drop.yaml
+++ b/charts/nova/templates/job-db-drop.yaml
@@ -22,5 +22,8 @@
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}
diff --git a/charts/nova/templates/job-db-init.yaml b/charts/nova/templates/job-db-init.yaml
index b1ca870..72b0a80 100644
--- a/charts/nova/templates/job-db-init.yaml
+++ b/charts/nova/templates/job-db-init.yaml
@@ -30,5 +30,8 @@
{{- if .Values.helm3_hook }}
{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}
diff --git a/charts/nova/templates/job-db-sync.yaml b/charts/nova/templates/job-db-sync.yaml
index 3cd8cac..061e18f 100644
--- a/charts/nova/templates/job-db-sync.yaml
+++ b/charts/nova/templates/job-db-sync.yaml
@@ -46,5 +46,8 @@
{{- if .Values.helm3_hook }}
{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}
diff --git a/charts/nova/templates/job-image-repo-sync.yaml b/charts/nova/templates/job-image-repo-sync.yaml
index fe488dd..e2ee66d 100644
--- a/charts/nova/templates/job-image-repo-sync.yaml
+++ b/charts/nova/templates/job-image-repo-sync.yaml
@@ -21,5 +21,8 @@
{{- if .Values.helm3_hook }}
{{- $_ := set $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/charts/nova/templates/job-ks-endpoints.yaml b/charts/nova/templates/job-ks-endpoints.yaml
index 5057ebc..1e41ec4 100644
--- a/charts/nova/templates/job-ks-endpoints.yaml
+++ b/charts/nova/templates/job-ks-endpoints.yaml
@@ -19,11 +19,14 @@
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "nova" "serviceTypes" ( tuple "compute" ) -}}
-{{- if .Values.manifests.certificates -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.compute.osapi.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}
diff --git a/charts/nova/templates/job-ks-placement-endpoints.yaml b/charts/nova/templates/job-ks-placement-endpoints.yaml
deleted file mode 100644
index 2147f3c..0000000
--- a/charts/nova/templates/job-ks-placement-endpoints.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.job_ks_placement_endpoints }}
-{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "configMapBin" "nova-bin" "serviceTypes" ( tuple "placement" ) -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}}
-{{- end -}}
-{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
-{{- end }}
diff --git a/charts/nova/templates/job-ks-placement-service.yaml b/charts/nova/templates/job-ks-placement-service.yaml
deleted file mode 100644
index c2c8865..0000000
--- a/charts/nova/templates/job-ks-placement-service.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.job_ks_placement_service }}
-{{- $ksServiceJob := dict "envAll" . "serviceName" "placement" "configMapBin" "nova-bin" "serviceTypes" ( tuple "placement" ) -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}}
-{{- end -}}
-{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
-{{- end }}
diff --git a/charts/nova/templates/job-ks-placement-user.yaml b/charts/nova/templates/job-ks-placement-user.yaml
deleted file mode 100644
index 035c2f0..0000000
--- a/charts/nova/templates/job-ks-placement-user.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.job_ks_placement_user }}
-{{- $ksUserJob := dict "envAll" . "serviceName" "placement" "serviceUser" "placement" "configMapBin" "nova-bin" -}}
-{{- if .Values.manifests.certificates -}}
-{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}}
-{{- end -}}
-{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
-{{- end }}
diff --git a/charts/nova/templates/job-ks-service.yaml b/charts/nova/templates/job-ks-service.yaml
index d9eb3b5..9e7a551 100644
--- a/charts/nova/templates/job-ks-service.yaml
+++ b/charts/nova/templates/job-ks-service.yaml
@@ -19,11 +19,14 @@
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "nova" "serviceTypes" ( tuple "compute" ) -}}
-{{- if .Values.manifests.certificates -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.compute.osapi.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}
diff --git a/charts/nova/templates/job-ks-user.yaml b/charts/nova/templates/job-ks-user.yaml
index e5613cc..7d0f019 100644
--- a/charts/nova/templates/job-ks-user.yaml
+++ b/charts/nova/templates/job-ks-user.yaml
@@ -19,11 +19,14 @@
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "nova" -}}
-{{- if .Values.manifests.certificates -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.compute.osapi.internal -}}
{{- end -}}
{{- if .Values.helm3_hook }}
{{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
diff --git a/charts/nova/templates/job-rabbit-init.yaml b/charts/nova/templates/job-rabbit-init.yaml
index ffbb270..b5133d3 100644
--- a/charts/nova/templates/job-rabbit-init.yaml
+++ b/charts/nova/templates/job-rabbit-init.yaml
@@ -25,5 +25,8 @@
{{- if .Values.helm3_hook }}
{{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }}
{{- end }}
+{{- if .Values.pod.tolerations.nova.enabled -}}
+{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}
diff --git a/charts/nova/templates/netpol-placement.yaml b/charts/nova/templates/netpol-placement.yaml
deleted file mode 100644
index 18feb04..0000000
--- a/charts/nova/templates/netpol-placement.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.network_policy -}}
-{{- if .Values.manifests.deployment_placement -}}
-{{- $netpol_opts := dict "envAll" . "name" "application" "label" "placement" }}
-{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
-{{- end -}}
-{{- end -}}
diff --git a/charts/nova/templates/pdb-metadata.yaml b/charts/nova/templates/pdb-metadata.yaml
index 6fba271..e2c9a12 100644
--- a/charts/nova/templates/pdb-metadata.yaml
+++ b/charts/nova/templates/pdb-metadata.yaml
@@ -15,7 +15,7 @@
{{- if .Values.manifests.pdb_metadata }}
{{- $envAll := . }}
---
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nova-api-metadata
diff --git a/charts/nova/templates/pdb-osapi.yaml b/charts/nova/templates/pdb-osapi.yaml
index 81971d1..a095d5f 100644
--- a/charts/nova/templates/pdb-osapi.yaml
+++ b/charts/nova/templates/pdb-osapi.yaml
@@ -15,7 +15,7 @@
{{- if .Values.manifests.pdb_osapi }}
{{- $envAll := . }}
---
-apiVersion: policy/v1beta1
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: nova-api-osapi
diff --git a/charts/nova/templates/pdb-placement.yaml b/charts/nova/templates/pdb-placement.yaml
deleted file mode 100644
index db7e1c7..0000000
--- a/charts/nova/templates/pdb-placement.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.pdb_placement }}
-{{- $envAll := . }}
----
-apiVersion: policy/v1beta1
-kind: PodDisruptionBudget
-metadata:
- name: nova-placement-api
-spec:
- minAvailable: {{ .Values.pod.lifecycle.disruption_budget.placement.min_available }}
- selector:
- matchLabels:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
-{{- end }}
diff --git a/charts/nova/templates/pod-rally-test.yaml b/charts/nova/templates/pod-rally-test.yaml
index eabe8b6..d53f204 100644
--- a/charts/nova/templates/pod-rally-test.yaml
+++ b/charts/nova/templates/pod-rally-test.yaml
@@ -12,19 +12,25 @@
limitations under the License.
*/}}
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
+
{{- if .Values.manifests.pod_rally_test }}
{{- $envAll := . }}
{{- $mounts_tests := .Values.pod.mounts.nova_tests.nova_tests }}
{{- $mounts_tests_init := .Values.pod.mounts.nova_tests.init_container }}
-{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
+{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: v1
kind: Pod
metadata:
- name: {{ print $envAll.Release.Name "-test" }}
+ name: {{ print $envAll.deployment_name "-test" }}
labels:
{{ tuple $envAll "nova" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
annotations:
@@ -34,6 +40,9 @@
spec:
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+{{ end }}
restartPolicy: Never
serviceAccountName: {{ $serviceAccountName }}
initContainers:
@@ -74,7 +83,7 @@
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
- value: {{.Release.Name}}
+ value: {{.deployment_name}}
command:
- /tmp/rally-test.sh
volumeMounts:
diff --git a/charts/nova/templates/secret-keystone-placement.yaml b/charts/nova/templates/secret-keystone-placement.yaml
deleted file mode 100644
index bdce9b5..0000000
--- a/charts/nova/templates/secret-keystone-placement.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.secret_keystone_placement }}
-{{- $envAll := . }}
-{{- range $key1, $userClass := tuple "placement" }}
-{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ $secretName }}
-type: Opaque
-data:
-{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
-{{- end }}
-{{- end }}
diff --git a/charts/nova/templates/bin/_nova-consoleauth.sh.tpl b/charts/nova/templates/secret-registry.yaml
similarity index 71%
rename from charts/nova/templates/bin/_nova-consoleauth.sh.tpl
rename to charts/nova/templates/secret-registry.yaml
index 97c4195..da979b3 100644
--- a/charts/nova/templates/bin/_nova-consoleauth.sh.tpl
+++ b/charts/nova/templates/secret-registry.yaml
@@ -1,5 +1,3 @@
-#!/bin/bash
-
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -14,6 +12,6 @@
limitations under the License.
*/}}
-set -x
-exec nova-consoleauth \
- --config-file /etc/nova/nova.conf
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}
diff --git a/charts/nova/templates/service-ingress-placement.yaml b/charts/nova/templates/service-ingress-placement.yaml
deleted file mode 100644
index 5d9e6a6..0000000
--- a/charts/nova/templates/service-ingress-placement.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if and .Values.manifests.service_ingress_placement .Values.network.placement.ingress.public }}
-{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "placement" -}}
-{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
-{{- end }}
diff --git a/charts/nova/templates/service-osapi.yaml b/charts/nova/templates/service-osapi.yaml
index 91ab52c..4aa1d4f 100644
--- a/charts/nova/templates/service-osapi.yaml
+++ b/charts/nova/templates/service-osapi.yaml
@@ -22,7 +22,7 @@
spec:
ports:
- name: n-api
- port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ if .Values.network.osapi.node_port.enabled }}
nodePort: {{ .Values.network.osapi.node_port.port }}
{{ end }}
diff --git a/charts/nova/templates/service-placement.yaml b/charts/nova/templates/service-placement.yaml
deleted file mode 100644
index 8e1f3d5..0000000
--- a/charts/nova/templates/service-placement.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.service_placement }}
-{{- $envAll := . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ tuple "placement" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
-spec:
- ports:
- - name: p-api
- port: {{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- {{ if .Values.network.placement.node_port.enabled }}
- nodePort: {{ .Values.network.placement.node_port.port }}
- {{ end }}
- selector:
-{{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- {{ if .Values.network.placement.node_port.enabled }}
- type: NodePort
- {{ end }}
-{{- end }}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index 7d4c1e5..8609d41 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -32,9 +32,6 @@
conductor:
node_selector_key: openstack-control-plane
node_selector_value: enabled
- consoleauth:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
job:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@@ -44,9 +41,6 @@
osapi:
node_selector_key: openstack-control-plane
node_selector_value: enabled
- placement:
- node_selector_key: openstack-control-plane
- node_selector_value: enabled
scheduler:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@@ -60,33 +54,31 @@
images:
pull_policy: IfNotPresent
tags:
- bootstrap: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- db_drop: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- db_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
+ bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
rabbit_init: docker.io/rabbitmq:3.7-management
- ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- ks_service: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- nova_archive_deleted_rows: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- ks_endpoints: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- nova_api: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_cell_setup: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_cell_setup_init: docker.io/openstackhelm/heat:stein-ubuntu_bionic
- nova_compute: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:ocata'
- nova_compute_ssh: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_conductor: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_consoleauth: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_db_sync: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_novncproxy: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:ocata'
- nova_placement: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_scheduler: docker.io/openstackhelm/nova:stein-ubuntu_bionic
+ ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ nova_archive_deleted_rows: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ nova_api: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_cell_setup: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_cell_setup_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
+ nova_compute: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:wallaby'
+ nova_compute_ssh: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_conductor: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_db_sync: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_novncproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:wallaby'
+ nova_scheduler: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
# NOTE(portdirect): we simply use the ceph config helper here,
# as it has both oscli and jq.
- nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_xenial'
- nova_spiceproxy: docker.io/openstackhelm/nova:stein-ubuntu_bionic
- nova_spiceproxy_assets: docker.io/openstackhelm/nova:stein-ubuntu_bionic
+ nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal'
+ nova_spiceproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_spiceproxy_assets: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
test: docker.io/xrally/xrally-openstack:2.0.0
image_repo_sync: docker.io/docker:17.07.0
nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
@@ -240,18 +232,6 @@
node_port:
enabled: false
port: 30775
- placement:
- port: 8778
- ingress:
- public: true
- classes:
- namespace: "nginx"
- cluster: "nginx-cluster"
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
- node_port:
- enabled: false
- port: 30778
novncproxy:
ingress:
public: true
@@ -383,7 +363,6 @@
jobs:
- nova-db-sync
- nova-rabbit-init
- - placement-ks-endpoints
services:
- endpoint: internal
service: oslo_messaging
@@ -414,20 +393,6 @@
jobs:
- nova-db-sync
- nova-rabbit-init
- - placement-ks-endpoints
- services:
- - endpoint: internal
- service: oslo_messaging
- - endpoint: internal
- service: oslo_db
- - endpoint: internal
- service: identity
- - endpoint: internal
- service: compute
- consoleauth:
- jobs:
- - nova-db-sync
- - nova-rabbit-init
services:
- endpoint: internal
service: oslo_messaging
@@ -489,7 +454,6 @@
jobs:
- nova-db-sync
- nova-rabbit-init
- - placement-ks-endpoints
services:
- endpoint: internal
service: oslo_messaging
@@ -636,14 +600,6 @@
echo $IMAGES | xargs openstack image delete
fi
tests:
- NovaAgents.list_agents:
- - runner:
- concurrency: 1
- times: 1
- type: constant
- sla:
- failure_rate:
- max: 0
NovaAggregates.create_and_get_aggregate_details:
- args:
availability_zone: nova
@@ -991,41 +947,6 @@
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
- wsgi_placement: |
- Listen 0.0.0.0:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
-
- <VirtualHost *:{{ tuple "placement" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}>
- WSGIDaemonProcess placement-api processes=4 threads=1 user=nova group=nova display-name=%{GROUP}
- WSGIProcessGroup placement-api
- WSGIScriptAlias / /var/www/cgi-bin/nova/nova-placement-api
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- <IfVersion >= 2.4>
- ErrorLogFormat "%{cu}t %M"
- </IfVersion>
- ErrorLog /dev/stdout
-
- SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
- CustomLog /dev/stdout combined env=!forwarded
- CustomLog /dev/stdout proxy env=forwarded
- </VirtualHost>
-
- Alias /placement /var/www/cgi-bin/nova/nova-placement-api
- <Location /placement>
- SetHandler wsgi-script
- Options +ExecCGI
-
- WSGIProcessGroup placement-api
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- </Location>
rootwrap_filters:
api_metadata:
pods:
@@ -1605,7 +1526,6 @@
identity:
admin: nova-keystone-admin
nova: nova-keystone-user
- placement: nova-keystone-placement
test: nova-keystone-test
oslo_db:
admin: nova-db-admin
@@ -1628,10 +1548,6 @@
novncproxy:
public: nova-novncproxy-tls-public
internal: nova-novncproxy-tls-proxy
- placement:
- placement:
- public: placement-tls-public
- internal: placement-tls-api
compute_metadata:
metadata:
public: metadata-tls-public
@@ -1639,6 +1555,8 @@
compute_spice_proxy:
spiceproxy:
internal: nova-tls-spiceproxy
+ oci_image_registry:
+ nova: nova-oci-image-registry
# typically overridden by environmental
# values, but should include all endpoints
@@ -1657,6 +1575,21 @@
port:
registry:
node: 5000
+ oci_image_registry:
+ name: oci-image-registry
+ namespace: oci-image-registry
+ auth:
+ enabled: false
+ nova:
+ username: nova
+ password: password
+ hosts:
+ default: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ default: null
oslo_db:
auth:
admin:
@@ -1851,10 +1784,12 @@
default: "/v2.1/%(tenant_id)s"
scheme:
default: 'http'
+ service: 'http'
port:
api:
default: 8774
public: 80
+ service: 8774
novncproxy:
default: 6080
compute_metadata:
@@ -1922,10 +1857,12 @@
default: /
scheme:
default: 'http'
+ service: 'http'
port:
api:
default: 8778
public: 80
+ service: 8778
network:
name: neutron
hosts:
@@ -2056,20 +1993,6 @@
initialDelaySeconds: 80
periodSeconds: 90
timeoutSeconds: 70
- consoleauth:
- default:
- liveness:
- enabled: True
- params:
- initialDelaySeconds: 120
- periodSeconds: 90
- timeoutSeconds: 70
- readiness:
- enabled: True
- params:
- initialDelaySeconds: 80
- periodSeconds: 90
- timeoutSeconds: 70
novncproxy:
default:
liveness:
@@ -2084,20 +2007,6 @@
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 15
- placement:
- default:
- liveness:
- enabled: True
- params:
- initialDelaySeconds: 50
- periodSeconds: 30
- timeoutSeconds: 10
- readiness:
- enabled: True
- params:
- initialDelaySeconds: 15
- periodSeconds: 30
- timeoutSeconds: 10
scheduler:
default:
liveness:
@@ -2140,11 +2049,6 @@
ceph_perms:
readOnlyRootFilesystem: true
runAsUser: 0
- ceph_admin_keyring_placement:
- readOnlyRootFilesystem: true
- ceph_keyring_placement:
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
nova_compute_vnc_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
@@ -2171,9 +2075,6 @@
nova_conductor:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
- nova_consoleauth:
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
nova_novncproxy_init:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
@@ -2183,9 +2084,6 @@
nova_novncproxy:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
- nova_placement_api:
- readOnlyRootFilesystem: false
- allowPrivilegeEscalation: false
nova_scheduler:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
@@ -2261,6 +2159,13 @@
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ nova:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
mounts:
nova_compute:
init_container: null
@@ -2277,21 +2182,11 @@
nova_api_metadata:
volumeMounts:
volumes:
- nova_placement:
- init_container: null
- nova_placement:
- volumeMounts:
- volumes:
nova_api_osapi:
init_container: null
nova_api_osapi:
volumeMounts:
volumes:
- nova_consoleauth:
- init_container: null
- nova_consoleauth:
- volumeMounts:
- volumes:
nova_conductor:
init_container: null
nova_conductor:
@@ -2331,10 +2226,8 @@
replicas:
api_metadata: 1
compute_ironic: 1
- placement: 1
osapi: 1
conductor: 1
- consoleauth: 1
scheduler: 1
novncproxy: 1
spiceproxy: 1
@@ -2355,15 +2248,11 @@
disruption_budget:
metadata:
min_available: 0
- placement:
- min_available: 0
osapi:
min_available: 0
termination_grace_period:
metadata:
timeout: 30
- placement:
- timeout: 30
osapi:
timeout: 30
resources:
@@ -2389,13 +2278,6 @@
limits:
memory: "1024Mi"
cpu: "2000m"
- placement:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
api:
requests:
memory: "128Mi"
@@ -2410,13 +2292,6 @@
limits:
memory: "1024Mi"
cpu: "2000m"
- consoleauth:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
scheduler:
requests:
memory: "128Mi"
@@ -2545,12 +2420,6 @@
- {}
egress:
- {}
- placement:
- # TODO(lamt): Need to tighten this ingress for security.
- ingress:
- - {}
- egress:
- - {}
# NOTE(helm_hook): helm_hook might break for helm2 binary.
# set helm3_hook: false when using the helm2 binary.
@@ -2560,6 +2429,11 @@
logging:
level: ERROR
+tls:
+ identity: false
+ oslo_messaging: false
+ oslo_db: false
+
manifests:
certificates: false
configmap_bin: true
@@ -2570,19 +2444,15 @@
daemonset_compute: true
deployment_api_metadata: true
deployment_api_osapi: true
- deployment_placement: true
deployment_conductor: true
- deployment_consoleauth: true
deployment_novncproxy: true
deployment_spiceproxy: true
deployment_scheduler: true
ingress_metadata: true
ingress_novncproxy: true
- ingress_placement: true
ingress_osapi: true
job_bootstrap: true
job_db_init: true
- job_db_init_placement: true
job_db_sync: true
job_db_drop: false
job_image_repo_sync: true
@@ -2590,12 +2460,8 @@
job_ks_endpoints: true
job_ks_service: true
job_ks_user: true
- job_ks_placement_endpoints: true
- job_ks_placement_service: true
- job_ks_placement_user: true
job_cell_setup: true
pdb_metadata: true
- pdb_placement: true
pdb_osapi: true
pod_rally_test: true
network_policy: false
@@ -2604,14 +2470,12 @@
secret_db: true
secret_ingress_tls: true
secret_keystone: true
- secret_keystone_placement: true
secret_rabbitmq: true
+ secret_registry: true
service_ingress_metadata: true
service_ingress_novncproxy: true
- service_ingress_placement: true
service_ingress_osapi: true
service_metadata: true
- service_placement: true
service_novncproxy: true
service_spiceproxy: true
service_osapi: true