Merge "fix dpdk nic name support chart patch" into stable/2024.1
diff --git a/.ansible-lint b/.ansible-lint
index 2776884..d6ddfd2 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -7,6 +7,7 @@
- molecule
- playbooks
- plugins/filter
+ - plugins/modules/subnet.py
- roles/defaults/vars/main.yml
- roles/kube_prometheus_stack/files/jsonnet
- roles/storpool_csi/files
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 2c0ca4e..0fe99aa 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,4 @@
-exclude: "^(roles/kube_prometheus_stack/files/jsonnet|charts)"
+exclude: "^(roles/kube_prometheus_stack/files/jsonnet|charts|plugins/modules/subnet.py)"
repos:
- repo: local
diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/barbican/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/barbican/templates/deployment-api.yaml b/charts/barbican/templates/deployment-api.yaml
index 8ae9ea4..1e5cbba 100644
--- a/charts/barbican/templates/deployment-api.yaml
+++ b/charts/barbican/templates/deployment-api.yaml
@@ -47,6 +47,12 @@
{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.barbican_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.barbican_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/barbican/templates/pod-test.yaml b/charts/barbican/templates/pod-test.yaml
index f414356..783d328 100644
--- a/charts/barbican/templates/pod-test.yaml
+++ b/charts/barbican/templates/pod-test.yaml
@@ -33,6 +33,12 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
{{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
spec:
+{{ with .Values.pod.priorityClassName.barbican_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.barbican_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
diff --git a/charts/barbican/values.yaml b/charts/barbican/values.yaml
index e2e87bf..67bdbbc 100644
--- a/charts/barbican/values.yaml
+++ b/charts/barbican/values.yaml
@@ -55,6 +55,16 @@
- image_repo_sync
pod:
+ priorityClassName:
+ barbican_api: null
+ barbican_tests: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ barbican_api: null
+ barbican_tests: null
+ bootstrap: null
+ db_sync: null
security_context:
barbican:
pod:
diff --git a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/ceph-provisioners/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/cinder/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/charts/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
index 897b5b6..14c18f5 100644
--- a/charts/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
+++ b/charts/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
@@ -50,6 +50,12 @@
{{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "cinder-volume-usage-audit" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 12 }}
spec:
{{ dict "envAll" $envAll "application" "volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+{{ with .Values.pod.priorityClassName.cinder_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
diff --git a/charts/cinder/templates/deployment-api.yaml b/charts/cinder/templates/deployment-api.yaml
index feab3ef..13087e7 100644
--- a/charts/cinder/templates/deployment-api.yaml
+++ b/charts/cinder/templates/deployment-api.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "cinder-api" "containerNames" (list "cinder-api" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.cinder_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "cinder_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/cinder/templates/deployment-backup.yaml b/charts/cinder/templates/deployment-backup.yaml
index 47fac40..6e69c8e 100644
--- a/charts/cinder/templates/deployment-backup.yaml
+++ b/charts/cinder/templates/deployment-backup.yaml
@@ -47,6 +47,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "cinder-backup" "containerNames" (list "cinder-backup" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.cinder_backup }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_backup }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/cinder/templates/deployment-scheduler.yaml b/charts/cinder/templates/deployment-scheduler.yaml
index cf69dd1..a19be9d 100644
--- a/charts/cinder/templates/deployment-scheduler.yaml
+++ b/charts/cinder/templates/deployment-scheduler.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "cinder-scheduler" "containerNames" (list "cinder-scheduler" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.cinder_scheduler }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_scheduler }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "cinder_scheduler" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/cinder/templates/deployment-volume.yaml b/charts/cinder/templates/deployment-volume.yaml
index f029aff..b39cd2b 100644
--- a/charts/cinder/templates/deployment-volume.yaml
+++ b/charts/cinder/templates/deployment-volume.yaml
@@ -47,6 +47,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "cinder-volume" "containerNames" (list "cinder-volume" "ceph-coordination-volume-perms" "init-cinder-conf" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.cinder_volume }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_volume }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "cinder_volume" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/cinder/templates/pod-rally-test.yaml b/charts/cinder/templates/pod-rally-test.yaml
index 3ed52cd..e44bdcf 100644
--- a/charts/cinder/templates/pod-rally-test.yaml
+++ b/charts/cinder/templates/pod-rally-test.yaml
@@ -38,6 +38,12 @@
{{ end }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ with .Values.pod.priorityClassName.cinder_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.cinder_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/cinder/values.yaml b/charts/cinder/values.yaml
index 12351a6..23bcc8f 100644
--- a/charts/cinder/values.yaml
+++ b/charts/cinder/values.yaml
@@ -76,6 +76,22 @@
failed: 1
pod:
+ priorityClassName:
+ cinder_api: null
+ cinder_backup: null
+ cinder_scheduler: null
+ cinder_tests: null
+ cinder_volume_usage_audit: null
+ cinder_volume: null
+ db_sync: null
+ runtimeClassName:
+ cinder_api: null
+ cinder_backup: null
+ cinder_scheduler: null
+ cinder_tests: null
+ cinder_volume_usage_audit: null
+ cinder_volume: null
+ db_sync: null
security_context:
volume_usage_audit:
pod:
diff --git a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/designate/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/designate/templates/deployment-api.yaml b/charts/designate/templates/deployment-api.yaml
index e9df6b6..2f6ed7c 100644
--- a/charts/designate/templates/deployment-api.yaml
+++ b/charts/designate/templates/deployment-api.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/designate/templates/deployment-central.yaml b/charts/designate/templates/deployment-central.yaml
index 02d9f3c..c3e7dcd 100644
--- a/charts/designate/templates/deployment-central.yaml
+++ b/charts/designate/templates/deployment-central.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_central }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_central }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-mdns.yaml b/charts/designate/templates/deployment-mdns.yaml
index d58f630..9312bc7 100644
--- a/charts/designate/templates/deployment-mdns.yaml
+++ b/charts/designate/templates/deployment-mdns.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_mdns }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_mdns }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/designate/templates/deployment-producer.yaml b/charts/designate/templates/deployment-producer.yaml
index 491dbad..68e46fb 100644
--- a/charts/designate/templates/deployment-producer.yaml
+++ b/charts/designate/templates/deployment-producer.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_producer }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_producer }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-sink.yaml b/charts/designate/templates/deployment-sink.yaml
index e577d9d..63222a1 100644
--- a/charts/designate/templates/deployment-sink.yaml
+++ b/charts/designate/templates/deployment-sink.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_sink }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_sink }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/templates/deployment-worker.yaml b/charts/designate/templates/deployment-worker.yaml
index 74f9c99..12d0b96 100644
--- a/charts/designate/templates/deployment-worker.yaml
+++ b/charts/designate/templates/deployment-worker.yaml
@@ -41,6 +41,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.designate_worker }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.designate_worker }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/designate/values.yaml b/charts/designate/values.yaml
index 7169414..6e520ca 100644
--- a/charts/designate/values.yaml
+++ b/charts/designate/values.yaml
@@ -66,6 +66,22 @@
- image_repo_sync
pod:
+ priorityClassName:
+ designate_api: null
+ designate_central: null
+ designate_mdns: null
+ designate_producer: null
+ designate_sink: null
+ designate_worker: null
+ db_sync: null
+ runtimeClassName:
+ designate_api: null
+ designate_central: null
+ designate_mdns: null
+ designate_producer: null
+ designate_sink: null
+ designate_worker: null
+ db_sync: null
affinity:
anti:
type:
diff --git a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/glance/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/glance/templates/deployment-api.yaml b/charts/glance/templates/deployment-api.yaml
index d88856f..9f14d1b 100644
--- a/charts/glance/templates/deployment-api.yaml
+++ b/charts/glance/templates/deployment-api.yaml
@@ -75,6 +75,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "glance-api" "containerNames" ( list "glance-perms" "glance-api" "init" "nginx" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.glance_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.glance_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/glance/templates/pod-rally-test.yaml b/charts/glance/templates/pod-rally-test.yaml
index 0ca17eb..1148e8a 100644
--- a/charts/glance/templates/pod-rally-test.yaml
+++ b/charts/glance/templates/pod-rally-test.yaml
@@ -44,6 +44,12 @@
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never
+{{ with .Values.pod.priorityClassName.glance_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.glance_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/glance/values.yaml b/charts/glance/values.yaml
index 85ddf18..6eae655 100644
--- a/charts/glance/values.yaml
+++ b/charts/glance/values.yaml
@@ -795,6 +795,14 @@
default: 80
pod:
+ priorityClassName:
+ glance_api: null
+ glance_tests: null
+ db_sync: null
+ runtimeClassName:
+ glance_api: null
+ glance_tests: null
+ db_sync: null
security_context:
glance:
pod:
diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/heat/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/heat/templates/cron-job-engine-cleaner.yaml b/charts/heat/templates/cron-job-engine-cleaner.yaml
index a7eded4..32674b6 100644
--- a/charts/heat/templates/cron-job-engine-cleaner.yaml
+++ b/charts/heat/templates/cron-job-engine-cleaner.yaml
@@ -52,6 +52,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "heat-engine-cleaner" "containerNames" (list "heat-engine-cleaner" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.heat_engine_cleaner }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_engine_cleaner }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "engine_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
restartPolicy: OnFailure
diff --git a/charts/heat/templates/cron-job-purge-deleted.yaml b/charts/heat/templates/cron-job-purge-deleted.yaml
index 4d83c29..285c2d3 100644
--- a/charts/heat/templates/cron-job-purge-deleted.yaml
+++ b/charts/heat/templates/cron-job-purge-deleted.yaml
@@ -47,6 +47,12 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 12 }}
{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.heat_purge_deleted }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_purge_deleted }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ if $envAll.Values.pod.tolerations.heat.enabled }}
diff --git a/charts/heat/templates/deployment-api.yaml b/charts/heat/templates/deployment-api.yaml
index ca34656..f737c84 100644
--- a/charts/heat/templates/deployment-api.yaml
+++ b/charts/heat/templates/deployment-api.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "heat-api" "containerNames" (list "heat-api" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.heat_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/heat/templates/deployment-cfn.yaml b/charts/heat/templates/deployment-cfn.yaml
index 8401543..5f5584e 100644
--- a/charts/heat/templates/deployment-cfn.yaml
+++ b/charts/heat/templates/deployment-cfn.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "heat-cfn" "containerNames" (list "heat-cfn" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.heat_cfn }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_cfn }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/heat/templates/deployment-cloudwatch.yaml b/charts/heat/templates/deployment-cloudwatch.yaml
index f1f7353..0c9dec5 100644
--- a/charts/heat/templates/deployment-cloudwatch.yaml
+++ b/charts/heat/templates/deployment-cloudwatch.yaml
@@ -44,6 +44,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.heat_cloudwatch }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_cloudwatch }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/heat/templates/deployment-engine.yaml b/charts/heat/templates/deployment-engine.yaml
index 7b7b8ad..d228a87 100644
--- a/charts/heat/templates/deployment-engine.yaml
+++ b/charts/heat/templates/deployment-engine.yaml
@@ -53,6 +53,12 @@
{{ dict "envAll" $envAll "podName" "heat-engine" "containerNames" (list "heat-engine" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
{{- end }}
spec:
+{{ with .Values.pod.priorityClassName.heat_engine }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_engine }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/heat/templates/job-trusts.yaml b/charts/heat/templates/job-trusts.yaml
index ae5bc64..e539e7f 100644
--- a/charts/heat/templates/job-trusts.yaml
+++ b/charts/heat/templates/job-trusts.yaml
@@ -43,6 +43,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "heat-trusts" "containerNames" (list "heat-trusts" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.heat_trusts }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.heat_trusts }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.heat_trusts }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.heat_trusts }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "trusts" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: OnFailure
diff --git a/charts/heat/templates/pod-rally-test.yaml b/charts/heat/templates/pod-rally-test.yaml
index ac6c636..610048c 100644
--- a/charts/heat/templates/pod-rally-test.yaml
+++ b/charts/heat/templates/pod-rally-test.yaml
@@ -43,6 +43,12 @@
{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
restartPolicy: Never
+{{ with .Values.pod.priorityClassName.heat_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.heat_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/heat/values.yaml b/charts/heat/values.yaml
index 1cf8bdc..e242d7d 100644
--- a/charts/heat/values.yaml
+++ b/charts/heat/values.yaml
@@ -1015,6 +1015,28 @@
default: 80
pod:
+ priorityClassName:
+ heat_api: null
+ heat_cfn: null
+ heat_cloudwatch: null
+ heat_tests: null
+ heat_engine_cleaner: null
+ heat_purge_deleted: null
+ heat_engine: null
+ heat_trusts: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ heat_api: null
+ heat_cfn: null
+ heat_cloudwatch: null
+ heat_tests: null
+ heat_engine_cleaner: null
+ heat_purge_deleted: null
+ heat_engine: null
+ heat_trusts: null
+ bootstrap: null
+ db_sync: null
security_context:
heat:
pod:
diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index b8a1dce..1db62b0 100644
--- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -71,6 +71,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_init }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_init }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_init }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_init }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/horizon/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/horizon/templates/deployment.yaml b/charts/horizon/templates/deployment.yaml
index 0037fef..666edd6 100644
--- a/charts/horizon/templates/deployment.yaml
+++ b/charts/horizon/templates/deployment.yaml
@@ -48,6 +48,12 @@
{{- end }}
{{ dict "envAll" $envAll "podName" "horizon" "containerNames" (list "horizon" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.horizon }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.horizon }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "horizon" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/horizon/templates/job-db-sync.yaml b/charts/horizon/templates/job-db-sync.yaml
index c2229cd..8ae8643 100644
--- a/charts/horizon/templates/job-db-sync.yaml
+++ b/charts/horizon/templates/job-db-sync.yaml
@@ -41,6 +41,12 @@
annotations:
{{ dict "envAll" $envAll "podName" "horizon-db-sync" "containerNames" (list "horizon-db-sync" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "db_sync" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: OnFailure
diff --git a/charts/horizon/templates/pod-helm-tests.yaml b/charts/horizon/templates/pod-helm-tests.yaml
index 7d16303..4513053 100644
--- a/charts/horizon/templates/pod-helm-tests.yaml
+++ b/charts/horizon/templates/pod-helm-tests.yaml
@@ -34,6 +34,12 @@
spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
restartPolicy: Never
+{{ with .Values.pod.priorityClassName.horizon_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.horizon_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.horizon.enabled }}
{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
diff --git a/charts/horizon/values.yaml b/charts/horizon/values.yaml
index 4a06045..33a74d2 100644
--- a/charts/horizon/values.yaml
+++ b/charts/horizon/values.yaml
@@ -1103,6 +1103,16 @@
service: dashboard
pod:
+ priorityClassName:
+ horizon: null
+ horizon_tests: null
+ db_init: null
+ db_sync: null
+ runtimeClassName:
+ horizon: null
+ horizon_tests: null
+ db_init: null
+ db_sync: null
security_context:
horizon:
pod:
diff --git a/charts/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/ironic/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/ironic/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/ironic/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/ironic/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/ironic/templates/deployment-api.yaml b/charts/ironic/templates/deployment-api.yaml
index 7d4b838..99e25b6 100644
--- a/charts/ironic/templates/deployment-api.yaml
+++ b/charts/ironic/templates/deployment-api.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ tuple "ironic_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.ironic_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.ironic_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/ironic/templates/statefulset-conductor.yaml b/charts/ironic/templates/statefulset-conductor.yaml
index bcf6238..fc0031e 100644
--- a/charts/ironic/templates/statefulset-conductor.yaml
+++ b/charts/ironic/templates/statefulset-conductor.yaml
@@ -44,6 +44,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.ironic_conductor }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.ironic_conductor }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "ironic" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/ironic/values.yaml b/charts/ironic/values.yaml
index a94bc3f..bc4b034 100644
--- a/charts/ironic/values.yaml
+++ b/charts/ironic/values.yaml
@@ -107,6 +107,7 @@
api_url: null
database:
connection: null
+ max_retries: -1
deploy:
http_root: /var/lib/openstack-helm/httpboot
glance:
@@ -639,6 +640,16 @@
default: 24220
pod:
+ priorityClassName:
+ ironic_api: null
+ ironic_conductor: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ ironic_api: null
+ ironic_conductor: null
+ bootstrap: null
+ db_sync: null
affinity:
anti:
type:
diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index b8a1dce..1db62b0 100644
--- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -71,6 +71,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_init }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_init }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_init }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_init }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/keystone/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/keystone/templates/cron-job-credential-rotate.yaml b/charts/keystone/templates/cron-job-credential-rotate.yaml
index 5906079..6fabd9d 100644
--- a/charts/keystone/templates/cron-job-credential-rotate.yaml
+++ b/charts/keystone/templates/cron-job-credential-rotate.yaml
@@ -70,6 +70,12 @@
labels:
{{ tuple $envAll "keystone" "credential-rotate" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_credential_rotate }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_credential_rotate }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "credential_rotate" $mounts_keystone_credential_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
diff --git a/charts/keystone/templates/cron-job-fernet-rotate.yaml b/charts/keystone/templates/cron-job-fernet-rotate.yaml
index a059f92..e911842 100644
--- a/charts/keystone/templates/cron-job-fernet-rotate.yaml
+++ b/charts/keystone/templates/cron-job-fernet-rotate.yaml
@@ -71,6 +71,12 @@
labels:
{{ tuple $envAll "keystone" "fernet-rotate" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_fernet_rotate }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_fernet_rotate }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "fernet_rotate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
initContainers:
diff --git a/charts/keystone/templates/deployment-api.yaml b/charts/keystone/templates/deployment-api.yaml
index ee4e13c..36050a5 100644
--- a/charts/keystone/templates/deployment-api.yaml
+++ b/charts/keystone/templates/deployment-api.yaml
@@ -54,6 +54,12 @@
{{ dict "envAll" $envAll "podName" "keystone-api" "containerNames" (list "keystone-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.keystone_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/keystone/templates/job-credential-cleanup.yaml b/charts/keystone/templates/job-credential-cleanup.yaml
index 9f26802..3eac2b3 100644
--- a/charts/keystone/templates/job-credential-cleanup.yaml
+++ b/charts/keystone/templates/job-credential-cleanup.yaml
@@ -45,6 +45,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "keystone-credential-cleanup" "containerNames" (list "keystone-credential-cleanup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_credential_cleanup }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_credential_cleanup }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceName }}
restartPolicy: Never
{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
diff --git a/charts/keystone/templates/job-credential-setup.yaml b/charts/keystone/templates/job-credential-setup.yaml
index 38ff3c8..c8710b6 100644
--- a/charts/keystone/templates/job-credential-setup.yaml
+++ b/charts/keystone/templates/job-credential-setup.yaml
@@ -74,6 +74,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "keystone-credential-setup" "containerNames" (list "keystone-credential-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_credential_setup }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_credential_setup }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "credential_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
initContainers:
diff --git a/charts/keystone/templates/job-domain-manage.yaml b/charts/keystone/templates/job-domain-manage.yaml
index 87c82eb..41bc9b1 100644
--- a/charts/keystone/templates/job-domain-manage.yaml
+++ b/charts/keystone/templates/job-domain-manage.yaml
@@ -42,6 +42,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "keystone-domain-manage" "containerNames" (list "keystone-domain-manage" "keystone-domain-manage-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_domain_manage }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_domain_manage }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "domain_manage" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: OnFailure
diff --git a/charts/keystone/templates/job-fernet-setup.yaml b/charts/keystone/templates/job-fernet-setup.yaml
index d52aa6c..f41e788 100644
--- a/charts/keystone/templates/job-fernet-setup.yaml
+++ b/charts/keystone/templates/job-fernet-setup.yaml
@@ -74,6 +74,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "keystone-fernet-setup" "containerNames" (list "keystone-fernet-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.keystone_fernet_setup }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_fernet_setup }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "fernet_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
initContainers:
diff --git a/charts/keystone/templates/pod-rally-test.yaml b/charts/keystone/templates/pod-rally-test.yaml
index ad5b23a..155dbae 100644
--- a/charts/keystone/templates/pod-rally-test.yaml
+++ b/charts/keystone/templates/pod-rally-test.yaml
@@ -42,6 +42,12 @@
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ with .Values.pod.priorityClassName.keystone_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.keystone_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/keystone/values.yaml b/charts/keystone/values.yaml
index 27e767c..65e6f65 100644
--- a/charts/keystone/values.yaml
+++ b/charts/keystone/values.yaml
@@ -158,6 +158,30 @@
service: local_image_registry
pod:
+ priorityClassName:
+ keystone_api: null
+ keystone_tests: null
+ keystone_credential_rotate: null
+ keystone_fernet_rotate: null
+ keystone_credential_setup: null
+ keystone_fernet_setup: null
+ keystone_domain_manage: null
+ keystone_credential_cleanup: null
+ bootstrap: null
+ db_init: null
+ db_sync: null
+ runtimeClassName:
+ keystone_api: null
+ keystone_tests: null
+ keystone_credential_rotate: null
+ keystone_fernet_rotate: null
+ keystone_credential_setup: null
+ keystone_fernet_setup: null
+ keystone_domain_manage: null
+ keystone_credential_cleanup: null
+ bootstrap: null
+ db_init: null
+ db_sync: null
security_context:
keystone:
pod:
diff --git a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/libvirt/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/magnum/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/magnum/templates/deployment-api.yaml b/charts/magnum/templates/deployment-api.yaml
index 9eb4967..720a4ba 100644
--- a/charts/magnum/templates/deployment-api.yaml
+++ b/charts/magnum/templates/deployment-api.yaml
@@ -44,6 +44,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.magnum_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.magnum_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "magnum" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/magnum/templates/statefulset-conductor.yaml b/charts/magnum/templates/statefulset-conductor.yaml
index 44d8b02..fe1cc84 100644
--- a/charts/magnum/templates/statefulset-conductor.yaml
+++ b/charts/magnum/templates/statefulset-conductor.yaml
@@ -45,6 +45,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.magnum_conductor }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.magnum_conductor }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "magnum" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/magnum/values.yaml b/charts/magnum/values.yaml
index 88b4203..29b8198 100644
--- a/charts/magnum/values.yaml
+++ b/charts/magnum/values.yaml
@@ -482,6 +482,16 @@
default: 24220
pod:
+ priorityClassName:
+ magnum_api: null
+ magnum_conductor: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ magnum_api: null
+ magnum_conductor: null
+ bootstrap: null
+ db_sync: null
user:
magnum:
uid: 42424
diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/manila/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/manila/templates/deployment-api.yaml b/charts/manila/templates/deployment-api.yaml
index bcc352f..0338ee1 100644
--- a/charts/manila/templates/deployment-api.yaml
+++ b/charts/manila/templates/deployment-api.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-data.yaml b/charts/manila/templates/deployment-data.yaml
index 21db299..6c981a6 100644
--- a/charts/manila/templates/deployment-data.yaml
+++ b/charts/manila/templates/deployment-data.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_data }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_data }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-scheduler.yaml b/charts/manila/templates/deployment-scheduler.yaml
index 4858dfc..c8749a2 100644
--- a/charts/manila/templates/deployment-scheduler.yaml
+++ b/charts/manila/templates/deployment-scheduler.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_scheduler }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_scheduler }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/deployment-share.yaml b/charts/manila/templates/deployment-share.yaml
index 87bff3b..2d7a6c1 100644
--- a/charts/manila/templates/deployment-share.yaml
+++ b/charts/manila/templates/deployment-share.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share" "manila-share-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.manila_share }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_share }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/manila/templates/pod-rally-test.yaml b/charts/manila/templates/pod-rally-test.yaml
index 928c183..940989b 100644
--- a/charts/manila/templates/pod-rally-test.yaml
+++ b/charts/manila/templates/pod-rally-test.yaml
@@ -42,6 +42,12 @@
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ with .Values.pod.priorityClassName.manila_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.manila_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
@@ -62,27 +68,27 @@
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
{{- end }}
env:
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "test"
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: SERVICE_OS_ROLE
- value: {{ .Values.endpoints.share.auth.test.role | quote }}
+ value: {{ .Values.endpoints.identity.auth.test.role | quote }}
containers:
- name: manila-test
{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
{{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}}
env:
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
{{- end }}
-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
+{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
{{- end }}
- name: RALLY_ENV_NAME
value: {{.deployment_name}}
diff --git a/charts/manila/values.yaml b/charts/manila/values.yaml
index f820bc1..4219862 100644
--- a/charts/manila/values.yaml
+++ b/charts/manila/values.yaml
@@ -66,6 +66,22 @@
- image_repo_sync
pod:
+ priorityClassName:
+ manila_api: null
+ manila_data: null
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ manila_api: null
+ manila_data: null
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
+ bootstrap: null
+ db_sync: null
security_context:
manila:
pod:
@@ -829,6 +845,7 @@
identity:
admin: manila-keystone-admin
manila: manila-keystone-user
+ test: manila-keystone-test
oslo_db:
admin: manila-db-admin
manila: manila-db-user
@@ -890,6 +907,14 @@
project_name: service
user_domain_name: service
project_domain_name: service
+ test:
+ role: admin
+ region_name: RegionOne
+ username: manila-test
+ password: password
+ project_name: test
+ user_domain_name: service
+ project_domain_name: service
hosts:
default: keystone
internal: keystone-api
@@ -1061,7 +1086,7 @@
job_ks_service: true
job_ks_user: true
pdb_api: true
- pod_test: true
+ pod_rally_test: true
secret_db: true
network_policy: false
secret_ingress_tls: true
diff --git a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/memcached/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-bagpipe-bgp.yaml b/charts/neutron/templates/daemonset-bagpipe-bgp.yaml
index b6d2157..e2bd90b 100644
--- a/charts/neutron/templates/daemonset-bagpipe-bgp.yaml
+++ b/charts/neutron/templates/daemonset-bagpipe-bgp.yaml
@@ -57,6 +57,12 @@
{{ tuple "neutron_bagpipe_bgp" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_bagpipe_bgp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.bagpipe_bgp }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.bagpipe_bgp }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-bgp-dragent.yaml b/charts/neutron/templates/daemonset-bgp-dragent.yaml
index b0494c3..8a6a309 100644
--- a/charts/neutron/templates/daemonset-bgp-dragent.yaml
+++ b/charts/neutron/templates/daemonset-bgp-dragent.yaml
@@ -56,6 +56,12 @@
{{ tuple "neutron_bgp_dragent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_bgp_dragent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.bgp_dragent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.bgp_dragent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-dhcp-agent.yaml b/charts/neutron/templates/daemonset-dhcp-agent.yaml
index af72487..9fe058d 100644
--- a/charts/neutron/templates/daemonset-dhcp-agent.yaml
+++ b/charts/neutron/templates/daemonset-dhcp-agent.yaml
@@ -79,6 +79,12 @@
{{ dict "envAll" $envAll "podName" "neutron-dhcp-agent-default" "containerNames" (list "neutron-dhcp-agent" "neutron-dhcp-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_dhcp_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_dhcp_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-l2gw-agent.yaml b/charts/neutron/templates/daemonset-l2gw-agent.yaml
index e948198..ab984a3 100644
--- a/charts/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/charts/neutron/templates/daemonset-l2gw-agent.yaml
@@ -80,6 +80,12 @@
{{ tuple "neutron_l2gw_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_l2gw_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_l2gw_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-l3-agent.yaml b/charts/neutron/templates/daemonset-l3-agent.yaml
index b4bbd09..21b45d7 100644
--- a/charts/neutron/templates/daemonset-l3-agent.yaml
+++ b/charts/neutron/templates/daemonset-l3-agent.yaml
@@ -80,6 +80,12 @@
{{ dict "envAll" $envAll "podName" "neutron-l3-agent-default" "containerNames" (list "neutron-l3-agent" "init" "neutron-l3-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_l3_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_l3_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-lb-agent.yaml b/charts/neutron/templates/daemonset-lb-agent.yaml
index 35ff8fe..77337f7 100644
--- a/charts/neutron/templates/daemonset-lb-agent.yaml
+++ b/charts/neutron/templates/daemonset-lb-agent.yaml
@@ -55,6 +55,12 @@
{{ tuple "neutron_lb_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_lb_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_lb_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_lb_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-metadata-agent.yaml b/charts/neutron/templates/daemonset-metadata-agent.yaml
index fc9a75e..229ed5c 100644
--- a/charts/neutron/templates/daemonset-metadata-agent.yaml
+++ b/charts/neutron/templates/daemonset-metadata-agent.yaml
@@ -76,6 +76,12 @@
{{ dict "envAll" $envAll "podName" "neutron-metadata-agent-default" "containerNames" (list "neutron-metadata-agent" "neutron-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_metadata_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_metadata_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-netns-cleanup-cron.yaml b/charts/neutron/templates/daemonset-netns-cleanup-cron.yaml
index d43c595..df50c45 100644
--- a/charts/neutron/templates/daemonset-netns-cleanup-cron.yaml
+++ b/charts/neutron/templates/daemonset-netns-cleanup-cron.yaml
@@ -48,6 +48,12 @@
{{ dict "envAll" $envAll "podName" "neutron-netns-cleanup-cron-default" "containerNames" (list "neutron-netns-cleanup-cron" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_netns_cleanup_cron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_netns_cleanup_cron }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_netns_cleanup_cron }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml b/charts/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
index fc6d805..c3af50b 100644
--- a/charts/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
+++ b/charts/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
@@ -78,6 +78,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.ovn_vpn_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.ovn_vpn_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
index 47e1256..80ca3f0 100644
--- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -76,6 +76,12 @@
{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_ovn_metadata_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_ovn_metadata_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
diff --git a/charts/neutron/templates/daemonset-ovs-agent.yaml b/charts/neutron/templates/daemonset-ovs-agent.yaml
index 0ea60f5..c6eb4c0 100644
--- a/charts/neutron/templates/daemonset-ovs-agent.yaml
+++ b/charts/neutron/templates/daemonset-ovs-agent.yaml
@@ -59,6 +59,12 @@
{{ dict "envAll" $envAll "podName" "$configMapName" "containerNames" (list "neutron-ovs-agent" "init" "neutron-openvswitch-agent-kernel-modules" "neutron-ovs-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ovs_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_ovs_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_ovs_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
diff --git a/charts/neutron/templates/daemonset-sriov-agent.yaml b/charts/neutron/templates/daemonset-sriov-agent.yaml
index 5b96cd7..efd48e0 100644
--- a/charts/neutron/templates/daemonset-sriov-agent.yaml
+++ b/charts/neutron/templates/daemonset-sriov-agent.yaml
@@ -62,6 +62,12 @@
{{ dict "envAll" $envAll "podName" "neutron-sriov-agent-default" "containerNames" (list "neutron-sriov-agent-init" "init" "neutron-sriov-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_sriov_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_sriov_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }}
diff --git a/charts/neutron/templates/deployment-ironic-agent.yaml b/charts/neutron/templates/deployment-ironic-agent.yaml
index 1b468e2..8d2663f 100644
--- a/charts/neutron/templates/deployment-ironic-agent.yaml
+++ b/charts/neutron/templates/deployment-ironic-agent.yaml
@@ -49,6 +49,12 @@
{{ tuple "neutron_ironic_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_ironic_agent }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_ironic_agent }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "neutron" "ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/neutron/templates/deployment-rpc_server.yaml b/charts/neutron/templates/deployment-rpc_server.yaml
index 1866e21..f5f7240 100644
--- a/charts/neutron/templates/deployment-rpc_server.yaml
+++ b/charts/neutron/templates/deployment-rpc_server.yaml
@@ -49,6 +49,12 @@
{{ dict "envAll" $envAll "podName" "neutron-rpc-server" "containerNames" (list "neutron-rpc-server" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_rpc_server }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_rpc_server }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/neutron/templates/deployment-server.yaml b/charts/neutron/templates/deployment-server.yaml
index 457401b..464b3c3 100644
--- a/charts/neutron/templates/deployment-server.yaml
+++ b/charts/neutron/templates/deployment-server.yaml
@@ -81,6 +81,12 @@
{{ dict "envAll" $envAll "podName" "neutron-server" "containerNames" (list "neutron-server" "init" "nginx") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "neutron_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.neutron_server }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_server }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/neutron/templates/pod-rally-test.yaml b/charts/neutron/templates/pod-rally-test.yaml
index 5ef57fa..a1e3e1a 100644
--- a/charts/neutron/templates/pod-rally-test.yaml
+++ b/charts/neutron/templates/pod-rally-test.yaml
@@ -44,6 +44,12 @@
{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
restartPolicy: Never
+{{ with .Values.pod.priorityClassName.neutron_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.neutron_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index 83e34c0..57cb3b7 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -389,6 +389,44 @@
service: local_image_registry
pod:
+ priorityClassName:
+ bagpipe_bgp: null
+ bgp_dragent: null
+ neutron_dhcp_agent: null
+ neutron_l2gw_agent: null
+ neutron_l3_agent: null
+ neutron_lb_agent: null
+ neutron_metadata_agent: null
+ neutron_netns_cleanup_cron: null
+ ovn_vpn_agent: null
+ neutron_ovn_metadata_agent: null
+ neutron_ovs_agent: null
+ neutron_sriov_agent: null
+ neutron_ironic_agent: null
+ neutron_rpc_server: null
+ neutron_server: null
+ neutron_tests: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ bagpipe_bgp: null
+ bgp_dragent: null
+ neutron_dhcp_agent: null
+ neutron_l2gw_agent: null
+ neutron_l3_agent: null
+ neutron_lb_agent: null
+ neutron_metadata_agent: null
+ neutron_netns_cleanup_cron: null
+ ovn_vpn_agent: null
+ neutron_ovn_metadata_agent: null
+ neutron_ovs_agent: null
+ neutron_sriov_agent: null
+ neutron_ironic_agent: null
+ neutron_rpc_server: null
+ neutron_server: null
+ neutron_tests: null
+ bootstrap: null
+ db_sync: null
sidecars:
neutron_policy_server: false
use_fqdn:
diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/nova/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/nova/templates/cron-job-archive-deleted-rows.yaml b/charts/nova/templates/cron-job-archive-deleted-rows.yaml
index 7316b3a..48e83ab 100644
--- a/charts/nova/templates/cron-job-archive-deleted-rows.yaml
+++ b/charts/nova/templates/cron-job-archive-deleted-rows.yaml
@@ -42,6 +42,12 @@
labels:
{{ tuple $envAll "nova" "archive-deleted-rows" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_archive_deleted_rows }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_archive_deleted_rows }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "archive_deleted_rows" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
restartPolicy: OnFailure
diff --git a/charts/nova/templates/cron-job-cell-setup.yaml b/charts/nova/templates/cron-job-cell-setup.yaml
index b90b84e..23840ce 100644
--- a/charts/nova/templates/cron-job-cell-setup.yaml
+++ b/charts/nova/templates/cron-job-cell-setup.yaml
@@ -42,6 +42,12 @@
labels:
{{ tuple $envAll "nova" "cell-setup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_cell_setup }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_cell_setup }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "cell_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
restartPolicy: OnFailure
diff --git a/charts/nova/templates/cron-job-service-cleaner.yaml b/charts/nova/templates/cron-job-service-cleaner.yaml
index dd61db7..c515304 100644
--- a/charts/nova/templates/cron-job-service-cleaner.yaml
+++ b/charts/nova/templates/cron-job-service-cleaner.yaml
@@ -42,6 +42,12 @@
labels:
{{ tuple $envAll "nova" "service-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_service_cleaner }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_service_cleaner }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "service_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
restartPolicy: OnFailure
diff --git a/charts/nova/templates/daemonset-compute.yaml b/charts/nova/templates/daemonset-compute.yaml
index 3ad00ff..e62ea76 100644
--- a/charts/nova/templates/daemonset-compute.yaml
+++ b/charts/nova/templates/daemonset-compute.yaml
@@ -90,6 +90,12 @@
{{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_compute }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_compute }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index 51e30c9..c4c64f9 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -60,6 +60,12 @@
{{ tuple "nova_api_metadata" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_api_metadata }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_api_metadata }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index b203ba6..70a65f5 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -60,6 +60,12 @@
{{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_api_osapi }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_api_osapi }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/deployment-conductor.yaml b/charts/nova/templates/deployment-conductor.yaml
index b58b385..50a7ddb 100644
--- a/charts/nova/templates/deployment-conductor.yaml
+++ b/charts/nova/templates/deployment-conductor.yaml
@@ -69,6 +69,12 @@
{{ tuple "nova_conductor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-conductor" "containerNames" (list "nova-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_conductor }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_conductor }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/deployment-novncproxy.yaml b/charts/nova/templates/deployment-novncproxy.yaml
index f4c1d8b..670e1cc 100644
--- a/charts/nova/templates/deployment-novncproxy.yaml
+++ b/charts/nova/templates/deployment-novncproxy.yaml
@@ -58,6 +58,12 @@
{{ tuple "nova_novncproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-novncproxy" "containerNames" (list "nova-novncproxy" "nova-novncproxy-init-assets" "nova-novncproxy-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_novncproxy }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_novncproxy }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/deployment-scheduler.yaml b/charts/nova/templates/deployment-scheduler.yaml
index bba444c..a8a529a 100644
--- a/charts/nova/templates/deployment-scheduler.yaml
+++ b/charts/nova/templates/deployment-scheduler.yaml
@@ -69,6 +69,12 @@
{{ tuple "nova_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-scheduler" "containerNames" (list "nova-scheduler" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_scheduler }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_scheduler }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index eca1628..68b3c00 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -55,6 +55,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ tuple "nova_spiceproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_spiceproxy }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_spiceproxy }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/nova/templates/job-bootstrap.yaml b/charts/nova/templates/job-bootstrap.yaml
index de8812d..72cc319 100644
--- a/charts/nova/templates/job-bootstrap.yaml
+++ b/charts/nova/templates/job-bootstrap.yaml
@@ -40,6 +40,12 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
diff --git a/charts/nova/templates/pod-rally-test.yaml b/charts/nova/templates/pod-rally-test.yaml
index d53f204..659d4b5 100644
--- a/charts/nova/templates/pod-rally-test.yaml
+++ b/charts/nova/templates/pod-rally-test.yaml
@@ -44,6 +44,12 @@
{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
{{ end }}
restartPolicy: Never
+{{ with .Values.pod.priorityClassName.nova_tests }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_tests }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
initContainers:
{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/charts/nova/templates/statefulset-compute-ironic.yaml b/charts/nova/templates/statefulset-compute-ironic.yaml
index 377555d..deb6c7c 100644
--- a/charts/nova/templates/statefulset-compute-ironic.yaml
+++ b/charts/nova/templates/statefulset-compute-ironic.yaml
@@ -45,14 +45,18 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.nova_compute_ironic }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.nova_compute_ironic }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.agent.compute_ironic.node_selector_key }}: {{ .Values.labels.agent.compute_ironic.node_selector_value }}
- securityContext:
- runAsUser: 0
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index e0c5866..2b1a924 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -2037,6 +2037,36 @@
default: 80
pod:
+ priorityClassName:
+ nova_compute: null
+ nova_api_metadata: null
+ nova_api_osapi: null
+ nova_conductor: null
+ nova_novncproxy: null
+ nova_scheduler: null
+ nova_spiceproxy: null
+ nova_archive_deleted_rows: null
+ nova_cell_setup: null
+ nova_service_cleaner: null
+ nova_compute_ironic: null
+ nova_tests: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ nova_compute: null
+ nova_api_metadata: null
+ nova_api_osapi: null
+ nova_conductor: null
+ nova_novncproxy: null
+ nova_scheduler: null
+ nova_spiceproxy: null
+ nova_archive_deleted_rows: null
+ nova_cell_setup: null
+ nova_service_cleaner: null
+ nova_compute_ironic: null
+ nova_tests: null
+ bootstrap: null
+ db_sync: null
probes:
rpc_timeout: 60
rpc_retries: 2
diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/octavia/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/octavia/templates/daemonset-health-manager.yaml b/charts/octavia/templates/daemonset-health-manager.yaml
index a355e86..1fcda41 100644
--- a/charts/octavia/templates/daemonset-health-manager.yaml
+++ b/charts/octavia/templates/daemonset-health-manager.yaml
@@ -46,6 +46,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.octavia_health_manager }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.octavia_health_manager }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
diff --git a/charts/octavia/templates/deployment-api.yaml b/charts/octavia/templates/deployment-api.yaml
index da15972..e584f76 100644
--- a/charts/octavia/templates/deployment-api.yaml
+++ b/charts/octavia/templates/deployment-api.yaml
@@ -45,6 +45,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.octavia_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.octavia_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "octavia" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/octavia/templates/deployment-housekeeping.yaml b/charts/octavia/templates/deployment-housekeeping.yaml
index 39903b6..584ca18 100644
--- a/charts/octavia/templates/deployment-housekeeping.yaml
+++ b/charts/octavia/templates/deployment-housekeeping.yaml
@@ -45,6 +45,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.octavia_housekeeping }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.octavia_housekeeping }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
diff --git a/charts/octavia/templates/deployment-worker.yaml b/charts/octavia/templates/deployment-worker.yaml
index 54cf68d..561a604 100644
--- a/charts/octavia/templates/deployment-worker.yaml
+++ b/charts/octavia/templates/deployment-worker.yaml
@@ -45,6 +45,12 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
+{{ with .Values.pod.priorityClassName.octavia_worker }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.octavia_worker }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
@@ -99,4 +105,4 @@
secretName: octavia-etc
defaultMode: 0444
{{ if $mounts_octavia_worker.volumes }}{{ toYaml $mounts_octavia_worker.volumes | indent 8 }}{{ end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/octavia/values.yaml b/charts/octavia/values.yaml
index b15114a..36fcbf0 100644
--- a/charts/octavia/values.yaml
+++ b/charts/octavia/values.yaml
@@ -526,6 +526,20 @@
public: 80
pod:
+ priorityClassName:
+ octavia_health_manager: null
+ octavia_api: null
+ octavia_housekeeping: null
+ octavia_worker: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ octavia_health_manager: null
+ octavia_api: null
+ octavia_housekeeping: null
+ octavia_worker: null
+ bootstrap: null
+ db_sync: null
user:
octavia:
uid: 42424
diff --git a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/openvswitch/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/ovn/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index 2dbbb68..baf5a0c 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -49,6 +49,8 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{- tuple $envAll "ovn" "ovn_northd" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ovn_northd.node_selector_key }}: {{ .Values.labels.ovn_northd.node_selector_value }}
initContainers:
diff --git a/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch b/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch
new file mode 100644
index 0000000..a956746
--- /dev/null
+++ b/charts/patches/barbican/0003-Enable-priority-runtime-ClassName-for-Barbican.patch
@@ -0,0 +1,63 @@
+From e7640e5fc0179fabfa063e89f7e7a7612e1c807e Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 06:32:12 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Barbican
+
+---
+ barbican/templates/deployment-api.yaml | 6 +++
+ barbican/templates/pod-test.yaml | 6 +++
+ barbican/values.yaml | 8 ++++
+
+diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
+index 8ae9ea42..1e5cbbac 100644
+--- a/barbican/templates/deployment-api.yaml
++++ b/barbican/templates/deployment-api.yaml
+@@ -47,6 +47,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.barbican_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.barbican_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml
+index f4143564..783d328b 100644
+--- a/barbican/templates/pod-test.yaml
++++ b/barbican/templates/pod-test.yaml
+@@ -33,6 +33,12 @@ metadata:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ {{ dict "envAll" $envAll "podName" "barbican-test" "containerNames" (list "init" "barbican-test") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
+ spec:
++{{ with .Values.pod.priorityClassName.barbican_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.barbican_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+diff --git a/barbican/values.yaml b/barbican/values.yaml
+index e2e87bf7..17aee723 100644
+--- a/barbican/values.yaml
++++ b/barbican/values.yaml
+@@ -55,6 +55,14 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ barbican_api: null
++ barbican_tests: null
++ db_sync: null
++ runtimeClassName:
++ barbican_api: null
++ barbican_tests: null
++ db_sync: null
+ security_context:
+ barbican:
+ pod:
diff --git a/charts/patches/barbican/0004-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/barbican/0004-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..ea1de3e
--- /dev/null
+++ b/charts/patches/barbican/0004-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,39 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/barbican/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/barbican/values.yaml b/barbican/values.yaml
+index 17aee723..67bdbbc1 100644
+--- a/barbican/values.yaml
++++ b/barbican/values.yaml
+@@ -58,10 +58,12 @@ pod:
+ priorityClassName:
+ barbican_api: null
+ barbican_tests: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ barbican_api: null
+ barbican_tests: null
++ bootstrap: null
+ db_sync: null
+ security_context:
+ barbican:
diff --git a/charts/patches/cinder/0003-Enable-priority-runtime-ClassName-for-Cinder.patch b/charts/patches/cinder/0003-Enable-priority-runtime-ClassName-for-Cinder.patch
new file mode 100644
index 0000000..7397b0e
--- /dev/null
+++ b/charts/patches/cinder/0003-Enable-priority-runtime-ClassName-for-Cinder.patch
@@ -0,0 +1,146 @@
+From 5fa9fbab45a5cd489007ca0286e7203accd1f398 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 6 Feb 2025 09:33:47 -0500
+Subject: [PATCH] Enable {priority,runtime}ClassName for Cinder
+
+---
+ .../cron-job-cinder-volume-usage-audit.yaml | 6 ++++++
+ cinder/templates/deployment-api.yaml | 6 ++++++
+ cinder/templates/deployment-backup.yaml | 6 ++++++
+ cinder/templates/deployment-scheduler.yaml | 6 ++++++
+ cinder/templates/deployment-volume.yaml | 6 ++++++
+ cinder/templates/pod-rally-test.yaml | 6 ++++++
+ cinder/values.yaml | 16 ++++++++++++++++
+ 7 files changed, 52 insertions(+)
+
+diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
+index 1d935f12..18d9e28e 100644
+--- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
++++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml
+@@ -50,6 +50,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "cinder-volume-usage-audit" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 12 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
++{{ with .Values.pod.priorityClassName.cinder_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ if $envAll.Values.pod.tolerations.cinder.enabled }}
+diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml
+index f29d103f..3b1a30d6 100644
+--- a/cinder/templates/deployment-api.yaml
++++ b/cinder/templates/deployment-api.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ tuple "cinder_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "cinder-api" "containerNames" (list "cinder-api" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.cinder_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "cinder_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml
+index ccd84fc0..617031a0 100644
+--- a/cinder/templates/deployment-backup.yaml
++++ b/cinder/templates/deployment-backup.yaml
+@@ -48,6 +48,12 @@ spec:
+ {{ tuple "cinder_backup" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "cinder-backup" "containerNames" (list "cinder-backup" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.cinder_backup }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_backup }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml
+index 73e14e55..016ade95 100644
+--- a/cinder/templates/deployment-scheduler.yaml
++++ b/cinder/templates/deployment-scheduler.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ tuple "cinder_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "cinder-scheduler" "containerNames" (list "cinder-scheduler" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.cinder_scheduler }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_scheduler }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "cinder_scheduler" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml
+index c28518da..83430c33 100644
+--- a/cinder/templates/deployment-volume.yaml
++++ b/cinder/templates/deployment-volume.yaml
+@@ -48,6 +48,12 @@ spec:
+ {{ tuple "cinder_volume" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "cinder-volume" "containerNames" (list "cinder-volume" "ceph-coordination-volume-perms" "init-cinder-conf" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.cinder_volume }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_volume }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "cinder_volume" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/cinder/templates/pod-rally-test.yaml b/cinder/templates/pod-rally-test.yaml
+index 34316c65..a2852359 100644
+--- a/cinder/templates/pod-rally-test.yaml
++++ b/cinder/templates/pod-rally-test.yaml
+@@ -38,6 +38,12 @@ spec:
+ {{ end }}
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
++{{ with .Values.pod.priorityClassName.cinder_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.cinder_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/cinder/values.yaml b/cinder/values.yaml
+index 6b335be1..1377e4cd 100644
+--- a/cinder/values.yaml
++++ b/cinder/values.yaml
+@@ -76,6 +76,22 @@ jobs:
+ failed: 1
+
+ pod:
++ priorityClassName:
++ cinder_api: null
++ cinder_backup: null
++ cinder_scheduler: null
++ cinder_tests: null
++ cinder_volume_usage_audit: null
++ cinder_volume: null
++ db_sync: null
++ runtimeClassName:
++ cinder_api: null
++ cinder_backup: null
++ cinder_scheduler: null
++ cinder_tests: null
++ cinder_volume_usage_audit: null
++ cinder_volume: null
++ db_sync: null
+ security_context:
+ volume_usage_audit:
+ pod:
+--
+2.43.0
diff --git a/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch b/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch
new file mode 100644
index 0000000..f8db3f7
--- /dev/null
+++ b/charts/patches/designate/0002-Enable-priority-runtime-ClassName-for-Designate.patch
@@ -0,0 +1,147 @@
+From 6d9700b99f7dc8462faed77ee404682c4c042c20 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 08:55:22 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Designate
+
+---
+ designate/templates/deployment-api.yaml | 6 ++++++
+ designate/templates/deployment-central.yaml | 6 ++++++
+ designate/templates/deployment-mdns.yaml | 6 ++++++
+ designate/templates/deployment-producer.yaml | 6 ++++++
+ designate/templates/deployment-sink.yaml | 6 ++++++
+ designate/templates/deployment-worker.yaml | 6 ++++++
+ designate/values.yaml | 16 ++++++++++++++++
+ 7 files changed, 52 insertions(+)
+
+diff --git a/designate/templates/deployment-api.yaml b/designate/templates/deployment-api.yaml
+index e9df6b6e..2f6ed7ca 100644
+--- a/designate/templates/deployment-api.yaml
++++ b/designate/templates/deployment-api.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/designate/templates/deployment-central.yaml b/designate/templates/deployment-central.yaml
+index 02d9f3ca..c3e7dcdb 100644
+--- a/designate/templates/deployment-central.yaml
++++ b/designate/templates/deployment-central.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_central }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_central }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-mdns.yaml b/designate/templates/deployment-mdns.yaml
+index d58f6304..9312bc7d 100644
+--- a/designate/templates/deployment-mdns.yaml
++++ b/designate/templates/deployment-mdns.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_mdns }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_mdns }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "designate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/designate/templates/deployment-producer.yaml b/designate/templates/deployment-producer.yaml
+index 491dbad8..68e46fb4 100644
+--- a/designate/templates/deployment-producer.yaml
++++ b/designate/templates/deployment-producer.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_producer }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_producer }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "producer" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-sink.yaml b/designate/templates/deployment-sink.yaml
+index e577d9d8..63222a1a 100644
+--- a/designate/templates/deployment-sink.yaml
++++ b/designate/templates/deployment-sink.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_sink }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_sink }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "sink" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/templates/deployment-worker.yaml b/designate/templates/deployment-worker.yaml
+index 74f9c998..12d0b96a 100644
+--- a/designate/templates/deployment-worker.yaml
++++ b/designate/templates/deployment-worker.yaml
+@@ -41,6 +41,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.designate_worker }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.designate_worker }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "designate" "worker" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/designate/values.yaml b/designate/values.yaml
+index 71694146..6e520ca4 100644
+--- a/designate/values.yaml
++++ b/designate/values.yaml
+@@ -66,6 +66,22 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ designate_api: null
++ designate_central: null
++ designate_mdns: null
++ designate_producer: null
++ designate_sink: null
++ designate_worker: null
++ db_sync: null
++ runtimeClassName:
++ designate_api: null
++ designate_central: null
++ designate_mdns: null
++ designate_producer: null
++ designate_sink: null
++ designate_worker: null
++ db_sync: null
+ affinity:
+ anti:
+ type:
+--
+2.34.1
+
diff --git a/charts/patches/glance/0002-Enable-priority-runtime-ClassName-for-Glance.patch b/charts/patches/glance/0002-Enable-priority-runtime-ClassName-for-Glance.patch
new file mode 100644
index 0000000..1f541ae
--- /dev/null
+++ b/charts/patches/glance/0002-Enable-priority-runtime-ClassName-for-Glance.patch
@@ -0,0 +1,67 @@
+From 20be35a44b530e59c93fd6cee36b6518308932bb Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 09:56:42 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Glance
+
+---
+ glance/templates/deployment-api.yaml | 6 ++++++
+ glance/templates/pod-rally-test.yaml | 6 ++++++
+ glance/values.yaml | 8 ++++++++
+ 3 files changed, 20 insertions(+)
+
+diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml
+index d88856ff..9f14d1b2 100644
+--- a/glance/templates/deployment-api.yaml
++++ b/glance/templates/deployment-api.yaml
+@@ -75,6 +75,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "glance-api" "containerNames" ( list "glance-perms" "glance-api" "init" "nginx" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.glance_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.glance_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/glance/templates/pod-rally-test.yaml b/glance/templates/pod-rally-test.yaml
+index 0ca17eb2..1148e8a9 100644
+--- a/glance/templates/pod-rally-test.yaml
++++ b/glance/templates/pod-rally-test.yaml
+@@ -44,6 +44,12 @@ spec:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ restartPolicy: Never
++{{ with .Values.pod.priorityClassName.glance_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.glance_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/glance/values.yaml b/glance/values.yaml
+index 85ddf18b..6eae655a 100644
+--- a/glance/values.yaml
++++ b/glance/values.yaml
+@@ -795,6 +795,14 @@ endpoints:
+ default: 80
+
+ pod:
++ priorityClassName:
++ glance_api: null
++ glance_tests: null
++ db_sync: null
++ runtimeClassName:
++ glance_api: null
++ glance_tests: null
++ db_sync: null
+ security_context:
+ glance:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/heat/0002-Enable-priority-runtime-ClassName-for-Heat.patch b/charts/patches/heat/0002-Enable-priority-runtime-ClassName-for-Heat.patch
new file mode 100644
index 0000000..bbcf954
--- /dev/null
+++ b/charts/patches/heat/0002-Enable-priority-runtime-ClassName-for-Heat.patch
@@ -0,0 +1,167 @@
+From 42c3cd6735ecc24f89ae3a0d83cf272eccfb343c Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 11:24:08 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Heat
+
+---
+ heat/templates/cron-job-engine-cleaner.yaml | 6 ++++++
+ heat/templates/cron-job-purge-deleted.yaml | 6 ++++++
+ heat/templates/deployment-api.yaml | 6 ++++++
+ heat/templates/deployment-cfn.yaml | 6 ++++++
+ heat/templates/deployment-cloudwatch.yaml | 6 ++++++
+ heat/templates/deployment-engine.yaml | 6 ++++++
+ heat/templates/pod-rally-test.yaml | 6 ++++++
+ heat/values.yaml | 18 ++++++++++++++++++
+ 8 files changed, 60 insertions(+)
+
+diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml
+index a7eded42..32674b6a 100644
+--- a/heat/templates/cron-job-engine-cleaner.yaml
++++ b/heat/templates/cron-job-engine-cleaner.yaml
+@@ -52,6 +52,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "heat-engine-cleaner" "containerNames" (list "heat-engine-cleaner" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_engine_cleaner }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_engine_cleaner }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "engine_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+ restartPolicy: OnFailure
+diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml
+index 4d83c294..285c2d3e 100644
+--- a/heat/templates/cron-job-purge-deleted.yaml
++++ b/heat/templates/cron-job-purge-deleted.yaml
+@@ -47,6 +47,12 @@ spec:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 12 }}
+ {{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_purge_deleted }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_purge_deleted }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ if $envAll.Values.pod.tolerations.heat.enabled }}
+diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml
+index ca346563..f737c84f 100644
+--- a/heat/templates/deployment-api.yaml
++++ b/heat/templates/deployment-api.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "heat-api" "containerNames" (list "heat-api" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml
+index 84015438..5f5584ef 100644
+--- a/heat/templates/deployment-cfn.yaml
++++ b/heat/templates/deployment-cfn.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "heat-cfn" "containerNames" (list "heat-cfn" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_cfn }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_cfn }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml
+index f1f73535..0c9dec54 100644
+--- a/heat/templates/deployment-cloudwatch.yaml
++++ b/heat/templates/deployment-cloudwatch.yaml
+@@ -44,6 +44,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_cloudwatch }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_cloudwatch }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml
+index 7b7b8adf..d228a876 100644
+--- a/heat/templates/deployment-engine.yaml
++++ b/heat/templates/deployment-engine.yaml
+@@ -53,6 +53,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "heat-engine" "containerNames" (list "heat-engine" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ {{- end }}
+ spec:
++{{ with .Values.pod.priorityClassName.heat_engine }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_engine }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/heat/templates/pod-rally-test.yaml b/heat/templates/pod-rally-test.yaml
+index ac6c636e..610048cf 100644
+--- a/heat/templates/pod-rally-test.yaml
++++ b/heat/templates/pod-rally-test.yaml
+@@ -43,6 +43,12 @@ spec:
+ {{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+ {{ end }}
+ restartPolicy: Never
++{{ with .Values.pod.priorityClassName.heat_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.heat_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/heat/values.yaml b/heat/values.yaml
+index 1cf8bdc4..af99c49c 100644
+--- a/heat/values.yaml
++++ b/heat/values.yaml
+@@ -1015,6 +1015,24 @@ endpoints:
+ default: 80
+
+ pod:
++ priorityClassName:
++ heat_api: null
++ heat_cfn: null
++ heat_cloudwatch: null
++ heat_tests: null
++ heat_engine_cleaner: null
++ heat_purge_deleted: null
++ heat_engine: null
++ db_sync: null
++ runtimeClassName:
++ heat_api: null
++ heat_cfn: null
++ heat_cloudwatch: null
++ heat_tests: null
++ heat_engine_cleaner: null
++ heat_purge_deleted: null
++ heat_engine: null
++ db_sync: null
+ security_context:
+ heat:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/heat/0003-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/heat/0003-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..7d29b82
--- /dev/null
+++ b/charts/patches/heat/0003-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,61 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/heat/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/heat/templates/job-trusts.yaml b/heat/templates/job-trusts.yaml
+index ae5bc644..e539e7f9 100644
+--- a/heat/templates/job-trusts.yaml
++++ b/heat/templates/job-trusts.yaml
+@@ -43,6 +43,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "heat-trusts" "containerNames" (list "heat-trusts" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.heat_trusts }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.heat_trusts }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.heat_trusts }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.heat_trusts }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "trusts" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+diff --git a/heat/values.yaml b/heat/values.yaml
+index af99c49c..e242d7d3 100644
+--- a/heat/values.yaml
++++ b/heat/values.yaml
+@@ -1023,6 +1023,8 @@ pod:
+ heat_engine_cleaner: null
+ heat_purge_deleted: null
+ heat_engine: null
++ heat_trusts: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ heat_api: null
+@@ -1032,6 +1034,8 @@ pod:
+ heat_engine_cleaner: null
+ heat_purge_deleted: null
+ heat_engine: null
++ heat_trusts: null
++ bootstrap: null
+ db_sync: null
+ security_context:
+ heat:
diff --git a/charts/patches/helm-toolkit/0002-Add-priority-runtime-ClassName-for-db_sync.patch b/charts/patches/helm-toolkit/0002-Add-priority-runtime-ClassName-for-db_sync.patch
new file mode 100644
index 0000000..1d32782
--- /dev/null
+++ b/charts/patches/helm-toolkit/0002-Add-priority-runtime-ClassName-for-db_sync.patch
@@ -0,0 +1,28 @@
+From ab35df279310c02396f3ef66e58949f3d6556105 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 6 Feb 2025 09:18:59 -0500
+Subject: [PATCH] Add {priority,runtime}ClassName for db_sync
+
+---
+ helm-toolkit/templates/manifests/_job-db-sync.tpl | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl
+index 4696c88f..67fac86b 100644
+--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
++++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
+@@ -68,6 +68,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+--
+2.43.0
diff --git a/charts/patches/horizon/0004-Enable-priority-runtime-ClassName-for-Horizon.patch b/charts/patches/horizon/0004-Enable-priority-runtime-ClassName-for-Horizon.patch
new file mode 100644
index 0000000..12f018f
--- /dev/null
+++ b/charts/patches/horizon/0004-Enable-priority-runtime-ClassName-for-Horizon.patch
@@ -0,0 +1,85 @@
+From 2db1eab6b5df7070e93d11cbbbcd492aa849ad9c Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 13:14:30 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Horizon
+
+---
+ horizon/templates/deployment.yaml | 6 ++++++
+ horizon/templates/job-db-sync.yaml | 6 ++++++
+ horizon/templates/pod-helm-tests.yaml | 6 ++++++
+ horizon/values.yaml | 8 ++++++++
+ 4 files changed, 26 insertions(+)
+
+diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml
+index 0037fef3..666edd65 100644
+--- a/horizon/templates/deployment.yaml
++++ b/horizon/templates/deployment.yaml
+@@ -48,6 +48,12 @@ spec:
+ {{- end }}
+ {{ dict "envAll" $envAll "podName" "horizon" "containerNames" (list "horizon" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.horizon }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.horizon }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "horizon" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/horizon/templates/job-db-sync.yaml b/horizon/templates/job-db-sync.yaml
+index c2229cdd..8ae8643f 100644
+--- a/horizon/templates/job-db-sync.yaml
++++ b/horizon/templates/job-db-sync.yaml
+@@ -41,6 +41,12 @@ spec:
+ annotations:
+ {{ dict "envAll" $envAll "podName" "horizon-db-sync" "containerNames" (list "horizon-db-sync" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.db_sync }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.db_sync }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "db_sync" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+diff --git a/horizon/templates/pod-helm-tests.yaml b/horizon/templates/pod-helm-tests.yaml
+index 7d163039..4513053b 100644
+--- a/horizon/templates/pod-helm-tests.yaml
++++ b/horizon/templates/pod-helm-tests.yaml
+@@ -34,6 +34,12 @@ metadata:
+ spec:
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ restartPolicy: Never
++{{ with .Values.pod.priorityClassName.horizon_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.horizon_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.horizon.enabled }}
+ {{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+diff --git a/horizon/values.yaml b/horizon/values.yaml
+index 4a060452..b3782c57 100644
+--- a/horizon/values.yaml
++++ b/horizon/values.yaml
+@@ -1103,6 +1103,14 @@ dependencies:
+ service: dashboard
+
+ pod:
++ priorityClassName:
++ horizon: null
++ horizon_tests: null
++ db_sync: null
++ runtimeClassName:
++ horizon: null
++ horizon_tests: null
++ db_sync: null
+ security_context:
+ horizon:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/horizon/0005-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/horizon/0005-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..80160cd
--- /dev/null
+++ b/charts/patches/horizon/0005-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,39 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+index b8a1dce3..1db62b01 100644
+--- a/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
++++ b/horizon/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+@@ -71,6 +71,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_init }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_init }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_init }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_init }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/horizon/values.yaml b/horizon/values.yaml
+index b3782c57..33a74d2e 100644
+--- a/horizon/values.yaml
++++ b/horizon/values.yaml
+@@ -1106,10 +1106,12 @@ pod:
+ priorityClassName:
+ horizon: null
+ horizon_tests: null
++ db_init: null
+ db_sync: null
+ runtimeClassName:
+ horizon: null
+ horizon_tests: null
++ db_init: null
+ db_sync: null
+ security_context:
+ horizon:
diff --git a/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch b/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch
new file mode 100644
index 0000000..71e821b
--- /dev/null
+++ b/charts/patches/ironic/0001-Enable-priority-runtime-ClassName-for-Ironic.patch
@@ -0,0 +1,47 @@
+From 0b672d9b62ce39a07969bb1910aba9c4c4cdadc1 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 13:28:41 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Ironic
+
+---
+ ironic/templates/deployment-api.yaml | 6 ++++++
+ ironic/values.yaml | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml
+index 7d4b8387..99e25b65 100644
+--- a/ironic/templates/deployment-api.yaml
++++ b/ironic/templates/deployment-api.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ tuple "ironic_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.ironic_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.ironic_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "ironic" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/ironic/values.yaml b/ironic/values.yaml
+index a94bc3f2..d28463aa 100644
+--- a/ironic/values.yaml
++++ b/ironic/values.yaml
+@@ -639,6 +639,12 @@ endpoints:
+ default: 24220
+
+ pod:
++ priorityClassName:
++ ironic_api: null
++ db_sync: null
++ runtimeClassName:
++ ironic_api: null
++ db_sync: null
+ affinity:
+ anti:
+ type:
+--
+2.34.1
+
diff --git a/charts/patches/ironic/0002-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/ironic/0002-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..9c908e0
--- /dev/null
+++ b/charts/patches/ironic/0002-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,65 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/ironic/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml
+index bcf6238c..fc0031ef 100644
+--- a/ironic/templates/statefulset-conductor.yaml
++++ b/ironic/templates/statefulset-conductor.yaml
+@@ -44,6 +44,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.ironic_conductor }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.ironic_conductor }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "ironic" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/ironic/values.yaml b/ironic/values.yaml
+index d28463aa..bc4b0349 100644
+--- a/ironic/values.yaml
++++ b/ironic/values.yaml
+@@ -107,6 +107,7 @@ conf:
+ api_url: null
+ database:
+ connection: null
++ max_retries: -1
+ deploy:
+ http_root: /var/lib/openstack-helm/httpboot
+ glance:
+@@ -641,9 +642,13 @@ endpoints:
+ pod:
+ priorityClassName:
+ ironic_api: null
++ ironic_conductor: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ ironic_api: null
++ ironic_conductor: null
++ bootstrap: null
+ db_sync: null
+ affinity:
+ anti:
diff --git a/charts/patches/keystone/0001-Enable-priority-runtime-ClassName-for-Keystone.patch b/charts/patches/keystone/0001-Enable-priority-runtime-ClassName-for-Keystone.patch
new file mode 100644
index 0000000..3212d71
--- /dev/null
+++ b/charts/patches/keystone/0001-Enable-priority-runtime-ClassName-for-Keystone.patch
@@ -0,0 +1,107 @@
+From 9f293fef1eed2e6ef7aa372ad5a7c9293b11a15f Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 14:58:50 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Keystone
+
+---
+ keystone/templates/cron-job-credential-rotate.yaml | 6 ++++++
+ keystone/templates/cron-job-fernet-rotate.yaml | 6 ++++++
+ keystone/templates/deployment-api.yaml | 6 ++++++
+ keystone/templates/pod-rally-test.yaml | 6 ++++++
+ keystone/values.yaml | 12 ++++++++++++
+ 5 files changed, 36 insertions(+)
+
+diff --git a/keystone/templates/cron-job-credential-rotate.yaml b/keystone/templates/cron-job-credential-rotate.yaml
+index 59060796..6fabd9dd 100644
+--- a/keystone/templates/cron-job-credential-rotate.yaml
++++ b/keystone/templates/cron-job-credential-rotate.yaml
+@@ -70,6 +70,12 @@ spec:
+ labels:
+ {{ tuple $envAll "keystone" "credential-rotate" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_credential_rotate }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_credential_rotate }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "credential_rotate" $mounts_keystone_credential_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
+diff --git a/keystone/templates/cron-job-fernet-rotate.yaml b/keystone/templates/cron-job-fernet-rotate.yaml
+index a059f929..e9118423 100644
+--- a/keystone/templates/cron-job-fernet-rotate.yaml
++++ b/keystone/templates/cron-job-fernet-rotate.yaml
+@@ -71,6 +71,12 @@ spec:
+ labels:
+ {{ tuple $envAll "keystone" "fernet-rotate" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_fernet_rotate }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_fernet_rotate }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "fernet_rotate" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+ initContainers:
+diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
+index ee4e13c9..36050a5c 100644
+--- a/keystone/templates/deployment-api.yaml
++++ b/keystone/templates/deployment-api.yaml
+@@ -54,6 +54,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "keystone-api" "containerNames" (list "keystone-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.keystone_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/keystone/templates/pod-rally-test.yaml b/keystone/templates/pod-rally-test.yaml
+index ad5b23a0..155dbae3 100644
+--- a/keystone/templates/pod-rally-test.yaml
++++ b/keystone/templates/pod-rally-test.yaml
+@@ -42,6 +42,12 @@ spec:
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
++{{ with .Values.pod.priorityClassName.keystone_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/keystone/values.yaml b/keystone/values.yaml
+index 27e767cf..c23a4ac0 100644
+--- a/keystone/values.yaml
++++ b/keystone/values.yaml
+@@ -158,6 +158,18 @@ dependencies:
+ service: local_image_registry
+
+ pod:
++ priorityClassName:
++ keystone_api: null
++ keystone_tests: null
++ keystone_credential_rotate: null
++ keystone_fernet_rotate: null
++ db_sync: null
++ runtimeClassName:
++ keystone_api: null
++ keystone_tests: null
++ keystone_credential_rotate: null
++ keystone_fernet_rotate: null
++ db_sync: null
+ security_context:
+ keystone:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/keystone/0002-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/keystone/0002-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..71059c7
--- /dev/null
+++ b/charts/patches/keystone/0002-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,136 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/keystone/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+index b8a1dce3..1db62b01 100644
+--- a/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
++++ b/keystone/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+@@ -71,6 +71,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_init }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_init }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_init }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_init }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml
+index 9f268027..3eac2b39 100644
+--- a/keystone/templates/job-credential-cleanup.yaml
++++ b/keystone/templates/job-credential-cleanup.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "keystone-credential-cleanup" "containerNames" (list "keystone-credential-cleanup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_credential_cleanup }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_credential_cleanup }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceName }}
+ restartPolicy: Never
+ {{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml
+index 38ff3c8b..c8710b63 100644
+--- a/keystone/templates/job-credential-setup.yaml
++++ b/keystone/templates/job-credential-setup.yaml
+@@ -74,6 +74,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "keystone-credential-setup" "containerNames" (list "keystone-credential-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_credential_setup }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_credential_setup }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "credential_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ initContainers:
+diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml
+index 87c82ebd..41bc9b11 100644
+--- a/keystone/templates/job-domain-manage.yaml
++++ b/keystone/templates/job-domain-manage.yaml
+@@ -42,6 +42,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "keystone-domain-manage" "containerNames" (list "keystone-domain-manage" "keystone-domain-manage-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_domain_manage }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_domain_manage }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "domain_manage" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml
+index d52aa6ce..f41e788d 100644
+--- a/keystone/templates/job-fernet-setup.yaml
++++ b/keystone/templates/job-fernet-setup.yaml
+@@ -74,6 +74,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "keystone-fernet-setup" "containerNames" (list "keystone-fernet-setup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.keystone_fernet_setup }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.keystone_fernet_setup }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "fernet_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ initContainers:
+diff --git a/keystone/values.yaml b/keystone/values.yaml
+index c23a4ac0..65e6f658 100644
+--- a/keystone/values.yaml
++++ b/keystone/values.yaml
+@@ -163,12 +163,24 @@ pod:
+ keystone_tests: null
+ keystone_credential_rotate: null
+ keystone_fernet_rotate: null
++ keystone_credential_setup: null
++ keystone_fernet_setup: null
++ keystone_domain_manage: null
++ keystone_credential_cleanup: null
++ bootstrap: null
++ db_init: null
+ db_sync: null
+ runtimeClassName:
+ keystone_api: null
+ keystone_tests: null
+ keystone_credential_rotate: null
+ keystone_fernet_rotate: null
++ keystone_credential_setup: null
++ keystone_fernet_setup: null
++ keystone_domain_manage: null
++ keystone_credential_cleanup: null
++ bootstrap: null
++ db_init: null
+ db_sync: null
+ security_context:
+ keystone:
diff --git a/charts/patches/magnum/0002-Enable-priority-runtime-ClassName-for-Magnum.patch b/charts/patches/magnum/0002-Enable-priority-runtime-ClassName-for-Magnum.patch
new file mode 100644
index 0000000..1cff876
--- /dev/null
+++ b/charts/patches/magnum/0002-Enable-priority-runtime-ClassName-for-Magnum.patch
@@ -0,0 +1,67 @@
+From 88432c586b587bdd7d44a8d529d62e88d811f281 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Mon, 10 Feb 2025 15:37:34 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Magnum
+
+---
+ magnum/templates/deployment-api.yaml | 6 ++++++
+ magnum/templates/statefulset-conductor.yaml | 6 ++++++
+ magnum/values.yaml | 8 ++++++++
+ 3 files changed, 20 insertions(+)
+
+diff --git a/magnum/templates/deployment-api.yaml b/magnum/templates/deployment-api.yaml
+index 9eb4967f..720a4bac 100644
+--- a/magnum/templates/deployment-api.yaml
++++ b/magnum/templates/deployment-api.yaml
+@@ -44,6 +44,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.magnum_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.magnum_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "magnum" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/magnum/templates/statefulset-conductor.yaml b/magnum/templates/statefulset-conductor.yaml
+index 44d8b027..fe1cc84e 100644
+--- a/magnum/templates/statefulset-conductor.yaml
++++ b/magnum/templates/statefulset-conductor.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.magnum_conductor }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.magnum_conductor }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "magnum" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/magnum/values.yaml b/magnum/values.yaml
+index 88b4203e..341f1ecd 100644
+--- a/magnum/values.yaml
++++ b/magnum/values.yaml
+@@ -482,6 +482,14 @@ endpoints:
+ default: 24220
+
+ pod:
++ priorityClassName:
++ magnum_api: null
++ magnum_conductor: null
++ db_sync: null
++ runtimeClassName:
++ magnum_api: null
++ magnum_conductor: null
++ db_sync: null
+ user:
+ magnum:
+ uid: 42424
+--
+2.34.1
+
diff --git a/charts/patches/magnum/0003-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/magnum/0003-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..9a80b3a
--- /dev/null
+++ b/charts/patches/magnum/0003-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,39 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/magnum/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/magnum/values.yaml b/magnum/values.yaml
+index 341f1ecd..29b8198b 100644
+--- a/magnum/values.yaml
++++ b/magnum/values.yaml
+@@ -485,10 +485,12 @@ pod:
+ priorityClassName:
+ magnum_api: null
+ magnum_conductor: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ magnum_api: null
+ magnum_conductor: null
++ bootstrap: null
+ db_sync: null
+ user:
+ magnum:
diff --git a/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch b/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch
new file mode 100644
index 0000000..50c5783
--- /dev/null
+++ b/charts/patches/manila/0003-Enable-priority-runtime-ClassName-for-Manila.patch
@@ -0,0 +1,198 @@
+From 01653c9c731dc2b66a79426f1021052186eebe40 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 05:18:42 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Manila
+
+Also fix pod-rally-test.yaml template
+
+---
+ manila/templates/deployment-api.yaml | 6 +++++
+ manila/templates/deployment-data.yaml | 6 +++++
+ manila/templates/deployment-scheduler.yaml | 6 +++++
+ manila/templates/deployment-share.yaml | 6 +++++
+ manila/templates/pod-rally-test.yaml | 24 +++++++++++-------
+ manila/values.yaml | 25 ++++++++++++++++++-
+ 6 files changed, 63 insertions(+), 10 deletions(-)
+
+diff --git a/manila/templates/deployment-api.yaml b/manila/templates/deployment-api.yaml
+index bcc352f0..0338ee17 100644
+--- a/manila/templates/deployment-api.yaml
++++ b/manila/templates/deployment-api.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-data.yaml b/manila/templates/deployment-data.yaml
+index 21db299e..6c981a67 100644
+--- a/manila/templates/deployment-data.yaml
++++ b/manila/templates/deployment-data.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_data }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_data }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-scheduler.yaml b/manila/templates/deployment-scheduler.yaml
+index 4858dfce..c8749a25 100644
+--- a/manila/templates/deployment-scheduler.yaml
++++ b/manila/templates/deployment-scheduler.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_scheduler }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_scheduler }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/deployment-share.yaml b/manila/templates/deployment-share.yaml
+index 87bff3b1..2d7a6c19 100644
+--- a/manila/templates/deployment-share.yaml
++++ b/manila/templates/deployment-share.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share" "manila-share-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.manila_share }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_share }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/manila/templates/pod-rally-test.yaml b/manila/templates/pod-rally-test.yaml
+index 928c1831..940989bb 100644
+--- a/manila/templates/pod-rally-test.yaml
++++ b/manila/templates/pod-rally-test.yaml
+@@ -42,6 +42,12 @@ spec:
+ {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
++{{ with .Values.pod.priorityClassName.manila_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.manila_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+@@ -62,27 +68,27 @@ spec:
+ {{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
+ {{- end }}
+ env:
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
++{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: SERVICE_OS_SERVICE_NAME
+ value: "test"
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
++{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: SERVICE_OS_ROLE
+- value: {{ .Values.endpoints.share.auth.test.role | quote }}
++ value: {{ .Values.endpoints.identity.auth.test.role | quote }}
+ containers:
+ - name: manila-test
+ {{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
+ {{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+ {{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}}
+ env:
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+-{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
++{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 8 }}
+ {{- end }}
+-{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+-{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
++{{- with $env := dict "ksUserSecret" .Values.secrets.identity.test }}
++{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 8 }}
+ {{- end }}
+ - name: RALLY_ENV_NAME
+ value: {{.deployment_name}}
+diff --git a/manila/values.yaml b/manila/values.yaml
+index f820bc1f..400d52da 100644
+--- a/manila/values.yaml
++++ b/manila/values.yaml
+@@ -66,6 +66,20 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ manila_api: null
++ manila_data: null
++ manila_scheduler: null
++ manila_tests: null
++ manila_share: null
++ db_sync: null
++ runtimeClassName:
++ manila_api: null
++ manila_data: null
++ manila_scheduler: null
++ manila_tests: null
++ manila_share: null
++ db_sync: null
+ security_context:
+ manila:
+ pod:
+@@ -829,6 +843,7 @@ secrets:
+ identity:
+ admin: manila-keystone-admin
+ manila: manila-keystone-user
++ test: manila-keystone-test
+ oslo_db:
+ admin: manila-db-admin
+ manila: manila-db-user
+@@ -890,6 +905,14 @@ endpoints:
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
++ test:
++ role: admin
++ region_name: RegionOne
++ username: manila-test
++ password: password
++ project_name: test
++ user_domain_name: service
++ project_domain_name: service
+ hosts:
+ default: keystone
+ internal: keystone-api
+@@ -1061,7 +1084,7 @@ manifests:
+ job_ks_service: true
+ job_ks_user: true
+ pdb_api: true
+- pod_test: true
++ pod_rally_test: true
+ secret_db: true
+ network_policy: false
+ secret_ingress_tls: true
+--
+2.34.1
+
diff --git a/charts/patches/manila/0004-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/manila/0004-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..ea30640
--- /dev/null
+++ b/charts/patches/manila/0004-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,42 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/manila/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/manila/values.yaml b/manila/values.yaml
+index 400d52da..42198625 100644
+--- a/manila/values.yaml
++++ b/manila/values.yaml
+@@ -72,6 +72,7 @@ pod:
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ manila_api: null
+@@ -79,6 +80,7 @@ pod:
+ manila_scheduler: null
+ manila_tests: null
+ manila_share: null
++ bootstrap: null
+ db_sync: null
+ security_context:
+ manila:
diff --git a/charts/patches/neutron/0005-Enable-priority-runtime-ClassName-for-Neutron.patch b/charts/patches/neutron/0005-Enable-priority-runtime-ClassName-for-Neutron.patch
new file mode 100644
index 0000000..83020c1
--- /dev/null
+++ b/charts/patches/neutron/0005-Enable-priority-runtime-ClassName-for-Neutron.patch
@@ -0,0 +1,347 @@
+From c11ca88302027988fa44059991141395475c103e Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 11:03:48 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Neutron
+
+---
+ .../templates/daemonset-bagpipe-bgp.yaml | 6 ++++
+ .../templates/daemonset-bgp-dragent.yaml | 6 ++++
+ .../templates/daemonset-dhcp-agent.yaml | 6 ++++
+ .../templates/daemonset-l2gw-agent.yaml | 6 ++++
+ .../neutron/templates/daemonset-l3-agent.yaml | 6 ++++
+ .../neutron/templates/daemonset-lb-agent.yaml | 6 ++++
+ .../templates/daemonset-metadata-agent.yaml | 6 ++++
+ .../daemonset-netns-cleanup-cron.yaml | 6 ++++
+ .../daemonset-neutron-ovn-vpn-agent.yaml | 6 ++++
+ .../daemonset-ovn-metadata-agent.yaml | 6 ++++
+ .../templates/daemonset-ovs-agent.yaml | 6 ++++
+ .../templates/daemonset-sriov-agent.yaml | 6 ++++
+ .../templates/deployment-ironic-agent.yaml | 6 ++++
+ .../templates/deployment-rpc_server.yaml | 6 ++++
+ .../neutron/templates/deployment-server.yaml | 6 ++++
+ neutron/templates/pod-rally-test.yaml | 6 ++++
+ neutron/values.yaml | 36 +++++++++++++++++++
+ 17 files changed, 132 insertions(+)
+
+diff --git a/neutron/templates/daemonset-bagpipe-bgp.yaml b/neutron/templates/daemonset-bagpipe-bgp.yaml
+index b6d2157e..fd4f0930 100644
+--- a/neutron/templates/daemonset-bagpipe-bgp.yaml
++++ b/neutron/templates/daemonset-bagpipe-bgp.yaml
+@@ -57,6 +57,12 @@ spec:
+ {{ tuple "neutron_bagpipe_bgp" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_bagpipe_bgp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_bagpipe_bgp }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_bagpipe_bgp }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-bgp-dragent.yaml b/neutron/templates/daemonset-bgp-dragent.yaml
+index b0494c3e..caa61391 100644
+--- a/neutron/templates/daemonset-bgp-dragent.yaml
++++ b/neutron/templates/daemonset-bgp-dragent.yaml
+@@ -56,6 +56,12 @@ spec:
+ {{ tuple "neutron_bgp_dragent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_bgp_dragent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_bgp_dragent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_bgp_dragent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml
+index 17e15f8e..b51d179d 100644
+--- a/neutron/templates/daemonset-dhcp-agent.yaml
++++ b/neutron/templates/daemonset-dhcp-agent.yaml
+@@ -79,6 +79,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-dhcp-agent-default" "containerNames" (list "neutron-dhcp-agent" "neutron-dhcp-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_dhcp_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_dhcp_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml
+index e9481981..ab984a30 100644
+--- a/neutron/templates/daemonset-l2gw-agent.yaml
++++ b/neutron/templates/daemonset-l2gw-agent.yaml
+@@ -80,6 +80,12 @@ spec:
+ {{ tuple "neutron_l2gw_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_l2gw_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_l2gw_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml
+index b4bbd096..21b45d71 100644
+--- a/neutron/templates/daemonset-l3-agent.yaml
++++ b/neutron/templates/daemonset-l3-agent.yaml
+@@ -80,6 +80,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-l3-agent-default" "containerNames" (list "neutron-l3-agent" "init" "neutron-l3-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_l3_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_l3_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml
+index 35ff8fe0..77337f7a 100644
+--- a/neutron/templates/daemonset-lb-agent.yaml
++++ b/neutron/templates/daemonset-lb-agent.yaml
+@@ -55,6 +55,12 @@ spec:
+ {{ tuple "neutron_lb_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_lb_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_lb_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_lb_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml
+index fc9a75ee..229ed5c6 100644
+--- a/neutron/templates/daemonset-metadata-agent.yaml
++++ b/neutron/templates/daemonset-metadata-agent.yaml
+@@ -76,6 +76,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-metadata-agent-default" "containerNames" (list "neutron-metadata-agent" "neutron-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_metadata_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_metadata_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-netns-cleanup-cron.yaml b/neutron/templates/daemonset-netns-cleanup-cron.yaml
+index d43c5950..df50c45a 100644
+--- a/neutron/templates/daemonset-netns-cleanup-cron.yaml
++++ b/neutron/templates/daemonset-netns-cleanup-cron.yaml
+@@ -48,6 +48,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-netns-cleanup-cron-default" "containerNames" (list "neutron-netns-cleanup-cron" "init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_netns_cleanup_cron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_netns_cleanup_cron }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_netns_cleanup_cron }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
+index fc6d8055..30c372f9 100644
+--- a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
++++ b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
+@@ -78,6 +78,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
+ {{ dict "envAll" $envAll "application" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_ovn_vpn_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_ovn_vpn_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml
+index 47e12567..80ca3f07 100644
+--- a/neutron/templates/daemonset-ovn-metadata-agent.yaml
++++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml
+@@ -76,6 +76,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_ovn_metadata_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_ovn_metadata_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
+index 0ea60f58..c6eb4c01 100644
+--- a/neutron/templates/daemonset-ovs-agent.yaml
++++ b/neutron/templates/daemonset-ovs-agent.yaml
+@@ -59,6 +59,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "$configMapName" "containerNames" (list "neutron-ovs-agent" "init" "neutron-openvswitch-agent-kernel-modules" "neutron-ovs-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_ovs_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_ovs_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_ovs_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ nodeSelector:
+ {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml
+index 5b96cd7c..efd48e01 100644
+--- a/neutron/templates/daemonset-sriov-agent.yaml
++++ b/neutron/templates/daemonset-sriov-agent.yaml
+@@ -62,6 +62,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-sriov-agent-default" "containerNames" (list "neutron-sriov-agent-init" "init" "neutron-sriov-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_sriov_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_sriov_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ nodeSelector:
+ {{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }}
+diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
+index 1b468e2b..8d2663f9 100644
+--- a/neutron/templates/deployment-ironic-agent.yaml
++++ b/neutron/templates/deployment-ironic-agent.yaml
+@@ -49,6 +49,12 @@ spec:
+ {{ tuple "neutron_ironic_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_ironic_agent }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_ironic_agent }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "neutron" "ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/neutron/templates/deployment-rpc_server.yaml b/neutron/templates/deployment-rpc_server.yaml
+index 1866e21e..f5f72403 100644
+--- a/neutron/templates/deployment-rpc_server.yaml
++++ b/neutron/templates/deployment-rpc_server.yaml
+@@ -49,6 +49,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-rpc-server" "containerNames" (list "neutron-rpc-server" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_rpc_server }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_rpc_server }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml
+index 457401b4..464b3c3c 100644
+--- a/neutron/templates/deployment-server.yaml
++++ b/neutron/templates/deployment-server.yaml
+@@ -81,6 +81,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "neutron-server" "containerNames" (list "neutron-server" "init" "nginx") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.neutron_server }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_server }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml
+index 5ef57fa3..a1e3e1ad 100644
+--- a/neutron/templates/pod-rally-test.yaml
++++ b/neutron/templates/pod-rally-test.yaml
+@@ -44,6 +44,12 @@ spec:
+ {{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+ {{ end }}
+ restartPolicy: Never
++{{ with .Values.pod.priorityClassName.neutron_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.neutron_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/neutron/values.yaml b/neutron/values.yaml
+index b1ff4569..0f559976 100644
+--- a/neutron/values.yaml
++++ b/neutron/values.yaml
+@@ -389,6 +389,42 @@ dependencies:
+ service: local_image_registry
+
+ pod:
++ priorityClassName:
++ neutron_bagpipe_bgp: null
++ neutron_bgp_dragent: null
++ neutron_dhcp_agent: null
++ neutron_l2gw_agent: null
++ neutron_l3_agent: null
++ neutron_lb_agent: null
++ neutron_metadata_agent: null
++ neutron_netns_cleanup_cron: null
++ neutron_ovn_vpn_agent: null
++ neutron_ovn_metadata_agent: null
++ neutron_ovs_agent: null
++ neutron_sriov_agent: null
++ neutron_ironic_agent: null
++ neutron_rpc_server: null
++ neutron_server: null
++ neutron_tests: null
++ db_sync: null
++ runtimeClassName:
++ neutron_bagpipe_bgp: null
++ neutron_bgp_dragent: null
++ neutron_dhcp_agent: null
++ neutron_l2gw_agent: null
++ neutron_l3_agent: null
++ neutron_lb_agent: null
++ neutron_metadata_agent: null
++ neutron_netns_cleanup_cron: null
++ neutron_ovn_vpn_agent: null
++ neutron_ovn_metadata_agent: null
++ neutron_ovs_agent: null
++ neutron_sriov_agent: null
++ neutron_ironic_agent: null
++ neutron_rpc_server: null
++ neutron_server: null
++ neutron_tests: null
++ db_sync: null
+ sidecars:
+ neutron_policy_server: false
+ use_fqdn:
+--
+2.34.1
+
diff --git a/charts/patches/neutron/0006-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/neutron/0006-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..10c015b
--- /dev/null
+++ b/charts/patches/neutron/0006-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,126 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/neutron/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/neutron/templates/daemonset-bagpipe-bgp.yaml b/neutron/templates/daemonset-bagpipe-bgp.yaml
+index fd4f0930..e2bd90b5 100644
+--- a/neutron/templates/daemonset-bagpipe-bgp.yaml
++++ b/neutron/templates/daemonset-bagpipe-bgp.yaml
+@@ -57,10 +57,10 @@ spec:
+ {{ tuple "neutron_bagpipe_bgp" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_bagpipe_bgp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+-{{ with .Values.pod.priorityClassName.neutron_bagpipe_bgp }}
++{{ with .Values.pod.priorityClassName.bagpipe_bgp }}
+ priorityClassName: {{ . }}
+ {{ end }}
+-{{ with .Values.pod.runtimeClassName.neutron_bagpipe_bgp }}
++{{ with .Values.pod.runtimeClassName.bagpipe_bgp }}
+ runtimeClassName: {{ . }}
+ {{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+diff --git a/neutron/templates/daemonset-bgp-dragent.yaml b/neutron/templates/daemonset-bgp-dragent.yaml
+index caa61391..8a6a3099 100644
+--- a/neutron/templates/daemonset-bgp-dragent.yaml
++++ b/neutron/templates/daemonset-bgp-dragent.yaml
+@@ -56,10 +56,10 @@ spec:
+ {{ tuple "neutron_bgp_dragent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "neutron_bgp_dragent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+-{{ with .Values.pod.priorityClassName.neutron_bgp_dragent }}
++{{ with .Values.pod.priorityClassName.bgp_dragent }}
+ priorityClassName: {{ . }}
+ {{ end }}
+-{{ with .Values.pod.runtimeClassName.neutron_bgp_dragent }}
++{{ with .Values.pod.runtimeClassName.bgp_dragent }}
+ runtimeClassName: {{ . }}
+ {{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+diff --git a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
+index 30c372f9..c3af50b6 100644
+--- a/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
++++ b/neutron/templates/daemonset-neutron-ovn-vpn-agent.yaml
+@@ -78,10 +78,10 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
+ {{ dict "envAll" $envAll "application" "ovn_vpn_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+-{{ with .Values.pod.priorityClassName.neutron_ovn_vpn_agent }}
++{{ with .Values.pod.priorityClassName.ovn_vpn_agent }}
+ priorityClassName: {{ . }}
+ {{ end }}
+-{{ with .Values.pod.runtimeClassName.neutron_ovn_vpn_agent }}
++{{ with .Values.pod.runtimeClassName.ovn_vpn_agent }}
+ runtimeClassName: {{ . }}
+ {{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+diff --git a/neutron/values.yaml b/neutron/values.yaml
+index dbb4fd00..57cb3b70 100644
+--- a/neutron/values.yaml
++++ b/neutron/values.yaml
+@@ -390,15 +390,15 @@ dependencies:
+
+ pod:
+ priorityClassName:
+- neutron_bagpipe_bgp: null
+- neutron_bgp_dragent: null
++ bagpipe_bgp: null
++ bgp_dragent: null
+ neutron_dhcp_agent: null
+ neutron_l2gw_agent: null
+ neutron_l3_agent: null
+ neutron_lb_agent: null
+ neutron_metadata_agent: null
+ neutron_netns_cleanup_cron: null
+- neutron_ovn_vpn_agent: null
++ ovn_vpn_agent: null
+ neutron_ovn_metadata_agent: null
+ neutron_ovs_agent: null
+ neutron_sriov_agent: null
+@@ -406,17 +406,18 @@ pod:
+ neutron_rpc_server: null
+ neutron_server: null
+ neutron_tests: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+- neutron_bagpipe_bgp: null
+- neutron_bgp_dragent: null
++ bagpipe_bgp: null
++ bgp_dragent: null
+ neutron_dhcp_agent: null
+ neutron_l2gw_agent: null
+ neutron_l3_agent: null
+ neutron_lb_agent: null
+ neutron_metadata_agent: null
+ neutron_netns_cleanup_cron: null
+- neutron_ovn_vpn_agent: null
++ ovn_vpn_agent: null
+ neutron_ovn_metadata_agent: null
+ neutron_ovs_agent: null
+ neutron_sriov_agent: null
+@@ -424,6 +425,7 @@ pod:
+ neutron_rpc_server: null
+ neutron_server: null
+ neutron_tests: null
++ bootstrap: null
+ db_sync: null
+ sidecars:
+ neutron_policy_server: false
diff --git a/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch b/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch
new file mode 100644
index 0000000..e76bfde
--- /dev/null
+++ b/charts/patches/nova/0001-Resolve-two-redundant-securityContext-problems.patch
@@ -0,0 +1,25 @@
+From f2940941f44ee41bc631941ea5fc316ac8b8253b Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 15:19:31 +0000
+Subject: [PATCH] Resolve two redundant securityContext problems
+
+---
+ nova/templates/statefulset-compute-ironic.yaml | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml
+index 377555d6..37d3fc5a 100644
+--- a/nova/templates/statefulset-compute-ironic.yaml
++++ b/nova/templates/statefulset-compute-ironic.yaml
+@@ -51,8 +51,6 @@ spec:
+ {{ tuple $envAll "nova" "compute-ironic" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.agent.compute_ironic.node_selector_key }}: {{ .Values.labels.agent.compute_ironic.node_selector_value }}
+- securityContext:
+- runAsUser: 0
+ hostPID: true
+ dnsPolicy: ClusterFirstWithHostNet
+ initContainers:
+--
+2.34.1
+
diff --git a/charts/patches/nova/0002-Enable-priority-runtime-ClassName-for-Nova.patch b/charts/patches/nova/0002-Enable-priority-runtime-ClassName-for-Nova.patch
new file mode 100644
index 0000000..ce6b1e0
--- /dev/null
+++ b/charts/patches/nova/0002-Enable-priority-runtime-ClassName-for-Nova.patch
@@ -0,0 +1,267 @@
+From 5be27382cc31cf6540abe3d6bcfd05f33ba1077e Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Tue, 11 Feb 2025 16:47:00 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Nova
+
+---
+ .../cron-job-archive-deleted-rows.yaml | 6 ++++
+ .../nova/templates/cron-job-cell-setup.yaml | 6 ++++
+ .../templates/cron-job-service-cleaner.yaml | 6 ++++
+ .../nova/templates/daemonset-compute.yaml | 6 ++++
+ .../templates/deployment-api-metadata.yaml | 6 ++++
+ .../nova/templates/deployment-api-osapi.yaml | 6 ++++
+ .../nova/templates/deployment-conductor.yaml | 6 ++++
+ .../nova/templates/deployment-novncproxy.yaml | 6 ++++
+ .../nova/templates/deployment-scheduler.yaml | 6 ++++
+ .../nova/templates/deployment-spiceproxy.yaml | 6 ++++
+ .../nova/templates/pod-rally-test.yaml | 6 ++++
+ .../templates/statefulset-compute-ironic.yaml | 6 ++++
+ .../nova/values.yaml | 28 +++++++++++++++++++
+ 13 files changed, 100 insertions(+)
+
+diff --git a/nova/templates/cron-job-archive-deleted-rows.yaml b/nova/templates/cron-job-archive-deleted-rows.yaml
+index 7316b3ac..48e83ab2 100644
+--- a/nova/templates/cron-job-archive-deleted-rows.yaml
++++ b/nova/templates/cron-job-archive-deleted-rows.yaml
+@@ -42,6 +42,12 @@ spec:
+ labels:
+ {{ tuple $envAll "nova" "archive-deleted-rows" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_archive_deleted_rows }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_archive_deleted_rows }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "archive_deleted_rows" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+ restartPolicy: OnFailure
+diff --git a/nova/templates/cron-job-cell-setup.yaml b/nova/templates/cron-job-cell-setup.yaml
+index b90b84e8..23840ce4 100644
+--- a/nova/templates/cron-job-cell-setup.yaml
++++ b/nova/templates/cron-job-cell-setup.yaml
+@@ -42,6 +42,12 @@ spec:
+ labels:
+ {{ tuple $envAll "nova" "cell-setup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_cell_setup }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_cell_setup }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "cell_setup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+ restartPolicy: OnFailure
+diff --git a/nova/templates/cron-job-service-cleaner.yaml b/nova/templates/cron-job-service-cleaner.yaml
+index dd61db79..c5153043 100644
+--- a/nova/templates/cron-job-service-cleaner.yaml
++++ b/nova/templates/cron-job-service-cleaner.yaml
+@@ -42,6 +42,12 @@ spec:
+ labels:
+ {{ tuple $envAll "nova" "service-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_service_cleaner }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_service_cleaner }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "service_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
+ restartPolicy: OnFailure
+diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml
+index 3ad00ff2..e62ea760 100644
+--- a/nova/templates/daemonset-compute.yaml
++++ b/nova/templates/daemonset-compute.yaml
+@@ -90,6 +90,12 @@ spec:
+ {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_compute }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_compute }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ nodeSelector:
+diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml
+index 51e30c9d..c4c64f92 100644
+--- a/nova/templates/deployment-api-metadata.yaml
++++ b/nova/templates/deployment-api-metadata.yaml
+@@ -60,6 +60,12 @@ spec:
+ {{ tuple "nova_api_metadata" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_api_metadata }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_api_metadata }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml
+index b203ba6c..70a65f59 100644
+--- a/nova/templates/deployment-api-osapi.yaml
++++ b/nova/templates/deployment-api-osapi.yaml
+@@ -60,6 +60,12 @@ spec:
+ {{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_api_osapi }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_api_osapi }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml
+index b58b3855..50a7ddbf 100644
+--- a/nova/templates/deployment-conductor.yaml
++++ b/nova/templates/deployment-conductor.yaml
+@@ -69,6 +69,12 @@ spec:
+ {{ tuple "nova_conductor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-conductor" "containerNames" (list "nova-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_conductor }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_conductor }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml
+index f4c1d8ba..670e1ccb 100644
+--- a/nova/templates/deployment-novncproxy.yaml
++++ b/nova/templates/deployment-novncproxy.yaml
+@@ -58,6 +58,12 @@ spec:
+ {{ tuple "nova_novncproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-novncproxy" "containerNames" (list "nova-novncproxy" "nova-novncproxy-init-assets" "nova-novncproxy-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_novncproxy }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_novncproxy }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml
+index bba444c9..a8a529a9 100644
+--- a/nova/templates/deployment-scheduler.yaml
++++ b/nova/templates/deployment-scheduler.yaml
+@@ -69,6 +69,12 @@ spec:
+ {{ tuple "nova_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ {{ dict "envAll" $envAll "podName" "nova-scheduler" "containerNames" (list "nova-scheduler" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_scheduler }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_scheduler }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml
+index eca1628e..68b3c004 100644
+--- a/nova/templates/deployment-spiceproxy.yaml
++++ b/nova/templates/deployment-spiceproxy.yaml
+@@ -55,6 +55,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ tuple "nova_spiceproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_spiceproxy }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_spiceproxy }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml
+index d53f2047..659d4b50 100644
+--- a/nova/templates/pod-rally-test.yaml
++++ b/nova/templates/pod-rally-test.yaml
+@@ -44,6 +44,12 @@ spec:
+ {{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+ {{ end }}
+ restartPolicy: Never
++{{ with .Values.pod.priorityClassName.nova_tests }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_tests }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+ {{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml
+index 37d3fc5a..deb6c7c0 100644
+--- a/nova/templates/statefulset-compute-ironic.yaml
++++ b/nova/templates/statefulset-compute-ironic.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.nova_compute_ironic }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.nova_compute_ironic }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/nova/values.yaml b/nova/values.yaml
+index e0c5866e..4967835c 100644
+--- a/nova/values.yaml
++++ b/nova/values.yaml
+@@ -2037,6 +2037,34 @@ endpoints:
+ default: 80
+
+ pod:
++ priorityClassName:
++ nova_compute: null
++ nova_api_metadata: null
++ nova_api_osapi: null
++ nova_conductor: null
++ nova_novncproxy: null
++ nova_scheduler: null
++ nova_spiceproxy: null
++ nova_archive_deleted_rows: null
++ nova_cell_setup: null
++ nova_service_cleaner: null
++ nova_compute_ironic: null
++ nova_tests: null
++ db_sync: null
++ runtimeClassName:
++ nova_compute: null
++ nova_api_metadata: null
++ nova_api_osapi: null
++ nova_conductor: null
++ nova_novncproxy: null
++ nova_scheduler: null
++ nova_spiceproxy: null
++ nova_archive_deleted_rows: null
++ nova_cell_setup: null
++ nova_service_cleaner: null
++ nova_compute_ironic: null
++ nova_tests: null
++ db_sync: null
+ probes:
+ rpc_timeout: 60
+ rpc_retries: 2
+--
+2.34.1
+
diff --git a/charts/patches/nova/0003-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/nova/0003-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..880ecc4
--- /dev/null
+++ b/charts/patches/nova/0003-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,59 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/nova/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml
+index de8812dd..72cc319d 100644
+--- a/nova/templates/job-bootstrap.yaml
++++ b/nova/templates/job-bootstrap.yaml
+@@ -40,6 +40,12 @@ spec:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ nodeSelector:
+diff --git a/nova/values.yaml b/nova/values.yaml
+index 4967835c..2b1a924a 100644
+--- a/nova/values.yaml
++++ b/nova/values.yaml
+@@ -2050,6 +2050,7 @@ pod:
+ nova_service_cleaner: null
+ nova_compute_ironic: null
+ nova_tests: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ nova_compute: null
+@@ -2064,6 +2065,7 @@ pod:
+ nova_service_cleaner: null
+ nova_compute_ironic: null
+ nova_tests: null
++ bootstrap: null
+ db_sync: null
+ probes:
+ rpc_timeout: 60
diff --git a/charts/patches/octavia/0002-Enable-priority-runtime-ClassName-for-Octavia.patch b/charts/patches/octavia/0002-Enable-priority-runtime-ClassName-for-Octavia.patch
new file mode 100644
index 0000000..842edd6
--- /dev/null
+++ b/charts/patches/octavia/0002-Enable-priority-runtime-ClassName-for-Octavia.patch
@@ -0,0 +1,114 @@
+From 128338c29bab59691b7a3bb610dc9f7889587871 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Wed, 12 Feb 2025 02:49:32 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Octavia
+
+---
+ .../octavia/templates/daemonset-health-manager.yaml | 6 ++++++
+ .../octavia/templates/deployment-api.yaml | 6 ++++++
+ .../octavia/templates/deployment-housekeeping.yaml | 6 ++++++
+ .../octavia/templates/deployment-worker.yaml | 8 +++++++-
+ .../octavia/values.yaml | 12 ++++++++++++
+ 5 files changed, 37 insertions(+), 1 deletion(-)
+
+diff --git a/octavia/templates/daemonset-health-manager.yaml b/octavia/templates/daemonset-health-manager.yaml
+index a355e86e..1fcda415 100644
+--- a/octavia/templates/daemonset-health-manager.yaml
++++ b/octavia/templates/daemonset-health-manager.yaml
+@@ -46,6 +46,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.octavia_health_manager }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.octavia_health_manager }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+diff --git a/octavia/templates/deployment-api.yaml b/octavia/templates/deployment-api.yaml
+index da159724..e584f768 100644
+--- a/octavia/templates/deployment-api.yaml
++++ b/octavia/templates/deployment-api.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.octavia_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.octavia_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "octavia" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/octavia/templates/deployment-housekeeping.yaml b/octavia/templates/deployment-housekeeping.yaml
+index 39903b6b..584ca180 100644
+--- a/octavia/templates/deployment-housekeeping.yaml
++++ b/octavia/templates/deployment-housekeeping.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.octavia_housekeeping }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.octavia_housekeeping }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+diff --git a/octavia/templates/deployment-worker.yaml b/octavia/templates/deployment-worker.yaml
+index 54cf68d7..561a604c 100644
+--- a/octavia/templates/deployment-worker.yaml
++++ b/octavia/templates/deployment-worker.yaml
+@@ -45,6 +45,12 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
++{{ with .Values.pod.priorityClassName.octavia_worker }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.octavia_worker }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+@@ -99,4 +105,4 @@ spec:
+ secretName: octavia-etc
+ defaultMode: 0444
+ {{ if $mounts_octavia_worker.volumes }}{{ toYaml $mounts_octavia_worker.volumes | indent 8 }}{{ end }}
+-{{- end }}
+\ No newline at end of file
++{{- end }}
+diff --git a/octavia/values.yaml b/octavia/values.yaml
+index b15114a5..448c781e 100644
+--- a/octavia/values.yaml
++++ b/octavia/values.yaml
+@@ -526,6 +526,18 @@ endpoints:
+ public: 80
+
+ pod:
++ priorityClassName:
++ octavia_health_manager: null
++ octavia_api: null
++ octavia_housekeeping: null
++ octavia_worker: null
++ db_sync: null
++ runtimeClassName:
++ octavia_health_manager: null
++ octavia_api: null
++ octavia_housekeeping: null
++ octavia_worker: null
++ db_sync: null
+ user:
+ octavia:
+ uid: 42424
+--
+2.34.1
+
diff --git a/charts/patches/octavia/0003-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/octavia/0003-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..84e16c1
--- /dev/null
+++ b/charts/patches/octavia/0003-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,41 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 6b77004f..da3c4819 100644
+--- a/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/octavia/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -70,6 +70,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/octavia/values.yaml b/octavia/values.yaml
+index 448c781e..36fcbf0b 100644
+--- a/octavia/values.yaml
++++ b/octavia/values.yaml
+@@ -531,12 +531,14 @@ pod:
+ octavia_api: null
+ octavia_housekeeping: null
+ octavia_worker: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ octavia_health_manager: null
+ octavia_api: null
+ octavia_housekeeping: null
+ octavia_worker: null
++ bootstrap: null
+ db_sync: null
+ user:
+ octavia:
diff --git a/charts/patches/ovn/0003-add-ovn-northd-pod-affinity.patch b/charts/patches/ovn/0003-add-ovn-northd-pod-affinity.patch
new file mode 100644
index 0000000..37acdae
--- /dev/null
+++ b/charts/patches/ovn/0003-add-ovn-northd-pod-affinity.patch
@@ -0,0 +1,13 @@
+diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
+index 2dbbb689..baf5a0c7 100644
+--- a/ovn/templates/deployment-northd.yaml
++++ b/ovn/templates/deployment-northd.yaml
+@@ -49,6 +49,8 @@ spec:
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
++ affinity:
++{{- tuple $envAll "ovn" "ovn_northd" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.ovn_northd.node_selector_key }}: {{ .Values.labels.ovn_northd.node_selector_value }}
+ initContainers:
diff --git a/charts/patches/placement/0002-Enable-priority-runtime-ClassName-for-Placement.patch b/charts/patches/placement/0002-Enable-priority-runtime-ClassName-for-Placement.patch
new file mode 100644
index 0000000..02041af
--- /dev/null
+++ b/charts/patches/placement/0002-Enable-priority-runtime-ClassName-for-Placement.patch
@@ -0,0 +1,47 @@
+From 9a7ec6f874f55d5c19068c54a1a2e0dc7f5f8235 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Wed, 12 Feb 2025 03:36:18 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Placement
+
+---
+ placement/templates/deployment.yaml | 6 ++++++
+ placement/values.yaml | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml
+index 3082216d..da02d33b 100644
+--- a/placement/templates/deployment.yaml
++++ b/placement/templates/deployment.yaml
+@@ -47,6 +47,12 @@ spec:
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+ {{ dict "envAll" $envAll "podName" "placement-api" "containerNames" (list "placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
++{{ with .Values.pod.priorityClassName.placement }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.placement }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ {{ dict "envAll" $envAll "application" "placement" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ affinity:
+diff --git a/placement/values.yaml b/placement/values.yaml
+index 0f27a247..20e46564 100644
+--- a/placement/values.yaml
++++ b/placement/values.yaml
+@@ -278,6 +278,12 @@ endpoints:
+ service: 8778
+
+ pod:
++ priorityClassName:
++ placement: null
++ db_sync: null
++ runtimeClassName:
++ placement: null
++ db_sync: null
+ security_context:
+ placement:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/staffeln/0001-Enable-priority-runtime-ClassName-for-Staffeln.patch b/charts/patches/staffeln/0001-Enable-priority-runtime-ClassName-for-Staffeln.patch
new file mode 100644
index 0000000..5b09cc2
--- /dev/null
+++ b/charts/patches/staffeln/0001-Enable-priority-runtime-ClassName-for-Staffeln.patch
@@ -0,0 +1,85 @@
+From b8a903ea2dc9d7d19c65e41b8f8ee8f782428f28 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Wed, 12 Feb 2025 04:24:30 +0000
+Subject: [PATCH] Enable {priority,runtime}ClassName for Staffeln
+
+---
+ .../helm-toolkit/templates/manifests/_job-db-sync.tpl | 6 ++++++
+ .../staffeln/templates/deployment-api.yaml | 6 ++++++
+ .../staffeln/templates/deployment-conductor.yaml | 6 ++++++
+ .../staffeln/values.yaml | 8 ++++++++
+ 4 files changed, 26 insertions(+)
+
+diff --git a/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+index 24d2496d..ae85b7ef 100644
+--- a/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
++++ b/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+@@ -67,6 +67,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/staffeln/templates/deployment-api.yaml b/staffeln/templates/deployment-api.yaml
+index 577a0620..e61236c9 100644
+--- a/staffeln/templates/deployment-api.yaml
++++ b/staffeln/templates/deployment-api.yaml
+@@ -46,6 +46,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "staffeln-api" "containerNames" (list "init" "staffeln-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "staffeln" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.staffeln_api }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.staffeln_api }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "staffeln" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/staffeln/templates/deployment-conductor.yaml b/staffeln/templates/deployment-conductor.yaml
+index cf0ad779..a88b97fb 100644
+--- a/staffeln/templates/deployment-conductor.yaml
++++ b/staffeln/templates/deployment-conductor.yaml
+@@ -79,6 +79,12 @@ spec:
+ {{ dict "envAll" $envAll "podName" "staffeln-conductor" "containerNames" (list "init" "staffeln-conductor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+ {{ dict "envAll" $envAll "application" "staffeln" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
++{{ with .Values.pod.priorityClassName.staffeln_conductor }}
++ priorityClassName: {{ . }}
++{{ end }}
++{{ with .Values.pod.runtimeClassName.staffeln_conductor }}
++ runtimeClassName: {{ . }}
++{{ end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+ {{ tuple $envAll "staffeln" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+diff --git a/staffeln/values.yaml b/staffeln/values.yaml
+index d7051158..a1a3e292 100644
+--- a/staffeln/values.yaml
++++ b/staffeln/values.yaml
+@@ -54,6 +54,14 @@ images:
+ - image_repo_sync
+
+ pod:
++ priorityClassName:
++ staffeln_api: null
++ staffeln_conductor: null
++ db_sync: null
++ runtimeClassName:
++ staffeln_api: null
++ staffeln_conductor: null
++ db_sync: null
+ security_context:
+ staffeln:
+ pod:
+--
+2.34.1
+
diff --git a/charts/patches/staffeln/0002-Fix-the-missing-priority-runtime-ClassName.patch b/charts/patches/staffeln/0002-Fix-the-missing-priority-runtime-ClassName.patch
new file mode 100644
index 0000000..1cf681e
--- /dev/null
+++ b/charts/patches/staffeln/0002-Fix-the-missing-priority-runtime-ClassName.patch
@@ -0,0 +1,41 @@
+From 1df9feeb330507bc2f988951e2b4813408621cb3 Mon Sep 17 00:00:00 2001
+From: Dong Ma <dong.ma@vexxhost.com>
+Date: Thu, 13 Feb 2025 16:15:52 +0000
+Subject: [PATCH] Fix the missing {priority,runtime}ClassName
+
+diff --git a/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+index 5d98c8b7..478721d5 100644
+--- a/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
++++ b/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+@@ -69,6 +69,12 @@ spec:
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ spec:
++{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
++ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
++{{- end }}
++{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
++ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
++{{- end }}
+ serviceAccountName: {{ $serviceAccountName }}
+ restartPolicy: OnFailure
+ {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
+diff --git a/staffeln/values.yaml b/staffeln/values.yaml
+index a1a3e292..e6e09c4b 100644
+--- a/staffeln/values.yaml
++++ b/staffeln/values.yaml
+@@ -57,10 +57,14 @@ pod:
+ priorityClassName:
+ staffeln_api: null
+ staffeln_conductor: null
++ staffeln_tests: null
++ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ staffeln_api: null
+ staffeln_conductor: null
++ staffeln_tests: null
++ bootstrap: null
+ db_sync: null
+ security_context:
+ staffeln:
diff --git a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/placement/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/placement/templates/deployment.yaml b/charts/placement/templates/deployment.yaml
index 3082216..da02d33 100644
--- a/charts/placement/templates/deployment.yaml
+++ b/charts/placement/templates/deployment.yaml
@@ -47,6 +47,12 @@
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
{{ dict "envAll" $envAll "podName" "placement-api" "containerNames" (list "placement-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
+{{ with .Values.pod.priorityClassName.placement }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.placement }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "placement" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
diff --git a/charts/placement/values.yaml b/charts/placement/values.yaml
index 0f27a24..20e4656 100644
--- a/charts/placement/values.yaml
+++ b/charts/placement/values.yaml
@@ -278,6 +278,12 @@
service: 8778
pod:
+ priorityClassName:
+ placement: null
+ db_sync: null
+ runtimeClassName:
+ placement: null
+ db_sync: null
security_context:
placement:
pod:
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 6b77004..da3c481 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.bootstrap }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.bootstrap }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.bootstrap }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.bootstrap }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/charts/staffeln/templates/deployment-api.yaml b/charts/staffeln/templates/deployment-api.yaml
index 577a062..e61236c 100644
--- a/charts/staffeln/templates/deployment-api.yaml
+++ b/charts/staffeln/templates/deployment-api.yaml
@@ -46,6 +46,12 @@
{{ dict "envAll" $envAll "podName" "staffeln-api" "containerNames" (list "init" "staffeln-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "staffeln" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.staffeln_api }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.staffeln_api }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "staffeln" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/staffeln/templates/deployment-conductor.yaml b/charts/staffeln/templates/deployment-conductor.yaml
index cf0ad77..a88b97f 100644
--- a/charts/staffeln/templates/deployment-conductor.yaml
+++ b/charts/staffeln/templates/deployment-conductor.yaml
@@ -79,6 +79,12 @@
{{ dict "envAll" $envAll "podName" "staffeln-conductor" "containerNames" (list "init" "staffeln-conductor") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "staffeln" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+{{ with .Values.pod.priorityClassName.staffeln_conductor }}
+ priorityClassName: {{ . }}
+{{ end }}
+{{ with .Values.pod.runtimeClassName.staffeln_conductor }}
+ runtimeClassName: {{ . }}
+{{ end }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "staffeln" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
diff --git a/charts/staffeln/values.yaml b/charts/staffeln/values.yaml
index d705115..e6e09c4 100644
--- a/charts/staffeln/values.yaml
+++ b/charts/staffeln/values.yaml
@@ -54,6 +54,18 @@
- image_repo_sync
pod:
+ priorityClassName:
+ staffeln_api: null
+ staffeln_conductor: null
+ staffeln_tests: null
+ bootstrap: null
+ db_sync: null
+ runtimeClassName:
+ staffeln_api: null
+ staffeln_conductor: null
+ staffeln_tests: null
+ bootstrap: null
+ db_sync: null
security_context:
staffeln:
pod:
diff --git a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 4696c88..5c35dd0 100644
--- a/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/tempest/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,12 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
+{{- if and $envAll.Values.pod.priorityClassName $envAll.Values.pod.priorityClassName.db_sync }}
+ priorityClassName: {{ $envAll.Values.pod.priorityClassName.db_sync }}
+{{- end }}
+{{- if and $envAll.Values.pod.runtimeClassName $envAll.Values.pod.runtimeClassName.db_sync }}
+ runtimeClassName: {{ $envAll.Values.pod.runtimeClassName.db_sync }}
+{{- end }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
diff --git a/flake.lock b/flake.lock
index 1f709e6..fd96ecb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1705309234,
- "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1706925685,
- "narHash": "sha256-hVInjWMmgH4yZgA4ZtbgJM1qEAel72SYhP5nOWX4UIM=",
+ "lastModified": 1740396192,
+ "narHash": "sha256-ATMHHrg3sG1KgpQA5x8I+zcYpp5Sf17FaFj/fN+8OoQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "79a13f1437e149dc7be2d1290c74d378dad60814",
+ "rev": "d9b69c3ec2a2e2e971c534065bdd53374bd68b97",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 467b8bb..6dcbfcd 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,6 +23,7 @@
nixpkgs-fmt
patchutils
python311Packages.tox
+ reno
];
};
}
diff --git a/galaxy.yml b/galaxy.yml
index ccbcf02..2a08f69 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
namespace: vexxhost
name: atmosphere
-version: 4.2.12
+version: 4.3.0
readme: README.md
authors:
- Mohammed Naser <mnaser@vexxhost.com>
@@ -15,7 +15,7 @@
community.general: 7.3.0
community.mysql: 3.6.0
kubernetes.core: 2.4.0
- openstack.cloud: 1.7.0
+ openstack.cloud: ">=2.0.0"
vexxhost.ceph: 3.0.1
vexxhost.kubernetes: ">=2.0.1"
tags:
diff --git a/images/magnum/Dockerfile b/images/magnum/Dockerfile
index 45616fc..b2a7f4c 100644
--- a/images/magnum/Dockerfile
+++ b/images/magnum/Dockerfile
@@ -21,7 +21,7 @@
pip3 install \
--constraint /upper-constraints.txt \
/src/magnum \
- magnum-cluster-api==0.24.2
+ magnum-cluster-api==0.26.2
EOF
FROM openstack-python-runtime
diff --git a/internal/openstack_helm/ironic.go b/internal/openstack_helm/ironic.go
new file mode 100644
index 0000000..ff19502
--- /dev/null
+++ b/internal/openstack_helm/ironic.go
@@ -0,0 +1,5 @@
+package openstack_helm
+
+type IronicConf struct {
+ Database *DatabaseConf `yaml:"database,omitempty"`
+}
diff --git a/internal/openstack_helm/memcached.go b/internal/openstack_helm/memcached.go
new file mode 100644
index 0000000..0051a08
--- /dev/null
+++ b/internal/openstack_helm/memcached.go
@@ -0,0 +1,5 @@
+package openstack_helm
+
+type MemcachedConf struct {
+ Database *DatabaseConf `yaml:"database,omitempty"`
+}
diff --git a/internal/openstack_helm/openstack_helm.go b/internal/openstack_helm/openstack_helm.go
index 5280e16..e7a509d 100644
--- a/internal/openstack_helm/openstack_helm.go
+++ b/internal/openstack_helm/openstack_helm.go
@@ -7,18 +7,35 @@
)
type HelmValues struct {
+ Pod `yaml:"pod"`
Conf `yaml:"conf"`
}
+type PodPriorityClassConfig map[string]string
+type PodRuntimeClassConfig map[string]string
+
+type PodMount map[string]interface{}
+
+type Pod struct {
+ PriorityClass PodPriorityClassConfig `yaml:"priorityClassName,omitempty"`
+ RuntimeClass PodRuntimeClassConfig `yaml:"runtimeClassName,omitempty"`
+ Mounts map[string]PodMount `yaml:"mounts,omitempty"`
+ AntiAffinityType PodAntiAffinityTypeConfig `yaml:"affinity.anti.type,omitempty"`
+}
+
+type PodAntiAffinityTypeConfig map[string]interface{}
+
type Conf struct {
Barbican *BarbicanConf `yaml:"barbican,omitempty"`
Cinder *CinderConf `yaml:"cinder,omitempty"`
Designate *DesignateConf `yaml:"designate,omitempty"`
Glance *GlanceConf `yaml:"glance,omitempty"`
Heat *HeatConf `yaml:"heat,omitempty"`
+ Ironic *IronicConf `yaml:"ironic,omitempty"`
Keystone *KeystoneConf `yaml:"keystone,omitempty"`
Magnum *MagnumConf `yaml:"magnum,omitempty"`
Manila *ManilaConf `yaml:"manila,omitempty"`
+ Memcached *MemcachedConf `yaml:"memcached,omitempty"`
Neutron *NeutronConf `yaml:"neutron,omitempty"`
Nova *NovaConf `yaml:"nova,omitempty"`
Octavia *OctaviaConf `yaml:"octavia,omitempty"`
diff --git a/internal/testutils/oslo_db.go b/internal/testutils/oslo_db.go
index b7aabd1..3a9159d 100644
--- a/internal/testutils/oslo_db.go
+++ b/internal/testutils/oslo_db.go
@@ -1,9 +1,11 @@
package testutils
import (
+ "strings"
"testing"
"github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
"github.com/vexxhost/atmosphere/internal/openstack_helm"
)
@@ -13,3 +15,49 @@
assert.Equal(t, 5, config.MaxPoolSize)
assert.Equal(t, -1, config.MaxRetries)
}
+
+func podNameForClass(pod string) string {
+ // There are a few pods which are built/created inside "helm-toolkit" so
+ // we cannot refer to them by their full name or the code will get real
+ // messy.
+ if strings.HasSuffix(pod, "db_init") {
+ return "db_init"
+ } else if strings.HasSuffix(pod, "db_sync") {
+ return "db_sync"
+ } else if strings.HasSuffix(pod, "_bootstrap") {
+ return "bootstrap"
+ }
+
+ return pod
+}
+
+func TestAllPodsHaveRuntimeClass(t *testing.T, vals *openstack_helm.HelmValues) {
+ for pod := range vals.Pod.Mounts {
+ podName := podNameForClass(pod)
+ assert.Contains(t, vals.Pod.RuntimeClass, podName)
+ }
+}
+
+func TestAllPodsHavePriorityClass(t *testing.T, vals *openstack_helm.HelmValues) {
+ for pod := range vals.Pod.Mounts {
+ podName := podNameForClass(pod)
+ assert.Contains(t, vals.Pod.PriorityClass, podName)
+ }
+}
+
+func TestAllPodsHaveAntiAffinityType(t *testing.T, vals *openstack_helm.HelmValues) {
+ for pod := range vals.Pod.AntiAffinityType {
+ podName := podNameForClass(pod)
+
+ expected := "requiredDuringSchedulingIgnoredDuringExecution"
+
+ defaultRaw, ok := vals.Pod.AntiAffinityType["default"]
+ require.True(t, ok, "default key not found in affinity.anti.type block")
+
+ actual, ok := defaultRaw.(string)
+ require.True(t, ok, "default anti affinity type is not a string")
+
+ assert.Equal(t, expected, actual, "anti affinity type does not match expected value")
+ assert.Contains(t, vals.Pod.AntiAffinityType, podName)
+ }
+}
diff --git a/molecule/default/requirements.txt b/molecule/default/requirements.txt
index 862d238..4544af7 100644
--- a/molecule/default/requirements.txt
+++ b/molecule/default/requirements.txt
@@ -1,3 +1,3 @@
molecule==3.5.2 # https://github.com/ansible-community/molecule/issues/3435
-openstacksdk==0.61.0
+openstacksdk
netaddr
diff --git a/molecule/keycloak/verify.yml b/molecule/keycloak/verify.yml
index e481319..7a4a179 100644
--- a/molecule/keycloak/verify.yml
+++ b/molecule/keycloak/verify.yml
@@ -48,15 +48,15 @@
# we try a few more times.
retries: 30
delay: 1
- until: identity_user_info_result.openstack_users | length > 0
+ until: identity_user_info_result.users | length > 0
- name: Assert that the user exists
run_once: true
ansible.builtin.assert:
that:
- - identity_user_info_result.openstack_users | length > 0
- - identity_user_info_result.openstack_users[0].id == keycloak_user_info.id | regex_replace('-', '')
- - identity_user_info_result.openstack_users[0].name == keycloak_user_info.username
+ - identity_user_info_result.users | length > 0
+ - identity_user_info_result.users[0].id == keycloak_user_info.id | regex_replace('-', '')
+ - identity_user_info_result.users[0].name == keycloak_user_info.username
# TODO: Simulate Keystone authentication
# TODO: Simulate Horizon login
diff --git a/plugins/modules/subnet.py b/plugins/modules/subnet.py
new file mode 100644
index 0000000..7c50aee
--- /dev/null
+++ b/plugins/modules/subnet.py
@@ -0,0 +1,486 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2013, Benno Joy <benno@ansible.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+DOCUMENTATION = '''
+---
+module: subnet
+short_description: Add/Remove subnet to an OpenStack network
+author: OpenStack Ansible SIG
+description:
+ - Add or Remove a subnet to an OpenStack network
+options:
+ state:
+ description:
+ - Indicate desired state of the resource
+ choices: ['present', 'absent']
+ default: present
+ type: str
+ allocation_pool_start:
+ description:
+ - From the subnet pool the starting address from which the IP
+ should be allocated.
+ type: str
+ allocation_pool_end:
+ description:
+ - From the subnet pool the last IP that should be assigned to the
+ virtual machines.
+ type: str
+ allocation_pools:
+ description:
+ - List of allocation pools to assign to the subnet. Each element
+ consists of a 'start' and 'end' value.
+ type: list
+ elements: dict
+ cidr:
+ description:
+ - The CIDR representation of the subnet that should be assigned to
+ the subnet. Required when I(state) is 'present' and a subnetpool
+ is not specified.
+ type: str
+ description:
+ description:
+ - Description of the subnet
+ type: str
+ disable_gateway_ip:
+ description:
+ - The gateway IP would not be assigned for this subnet
+ type: bool
+ aliases: ['no_gateway_ip']
+ default: 'false'
+ dns_nameservers:
+ description:
+ - List of DNS nameservers for this subnet.
+ type: list
+ elements: str
+ extra_attrs:
+ description:
+ - Dictionary with extra key/value pairs passed to the API
+ required: false
+ aliases: ['extra_specs']
+ default: {}
+ type: dict
+ host_routes:
+ description:
+ - A list of host route dictionaries for the subnet.
+ type: list
+ elements: dict
+ suboptions:
+ destination:
+ description: The destination network (CIDR).
+ type: str
+ required: true
+ nexthop:
+ description: The next hop (aka gateway) for the I(destination).
+ type: str
+ required: true
+ gateway_ip:
+ description:
+ - The ip that would be assigned to the gateway for this subnet
+ type: str
+ ip_version:
+ description:
+ - The IP version of the subnet 4 or 6
+ default: 4
+ type: int
+ choices: [4, 6]
+ is_dhcp_enabled:
+ description:
+ - Whether DHCP should be enabled for this subnet.
+ type: bool
+ aliases: ['enable_dhcp']
+ default: 'true'
+ ipv6_ra_mode:
+ description:
+ - IPv6 router advertisement mode
+ choices: ['dhcpv6-stateful', 'dhcpv6-stateless', 'slaac']
+ type: str
+ ipv6_address_mode:
+ description:
+ - IPv6 address mode
+ choices: ['dhcpv6-stateful', 'dhcpv6-stateless', 'slaac']
+ type: str
+ name:
+ description:
+ - The name of the subnet that should be created. Although Neutron
+ allows for non-unique subnet names, this module enforces subnet
+ name uniqueness.
+ required: true
+ type: str
+ network:
+ description:
+ - Name or id of the network to which the subnet should be attached
+ - Required when I(state) is 'present'
+ aliases: ['network_name']
+ type: str
+ project:
+ description:
+ - Project name or ID containing the subnet (name admin-only)
+ type: str
+ prefix_length:
+ description:
+ - The prefix length to use for subnet allocation from a subnet pool
+ type: str
+ use_default_subnet_pool:
+ description:
+ - Use the default subnetpool for I(ip_version) to obtain a CIDR.
+ type: bool
+ aliases: ['use_default_subnetpool']
+ subnet_pool:
+ description:
+ - The subnet pool name or ID from which to obtain a CIDR
+ type: str
+ required: false
+extends_documentation_fragment:
+- openstack.cloud.openstack
+'''
+
+EXAMPLES = '''
+# Create a new (or update an existing) subnet on the specified network
+- openstack.cloud.subnet:
+ state: present
+ network_name: network1
+ name: net1subnet
+ cidr: 192.168.0.0/24
+ dns_nameservers:
+ - 8.8.8.7
+ - 8.8.8.8
+ host_routes:
+ - destination: 0.0.0.0/0
+ nexthop: 12.34.56.78
+ - destination: 192.168.0.0/24
+ nexthop: 192.168.0.1
+
+# Delete a subnet
+- openstack.cloud.subnet:
+ state: absent
+ name: net1subnet
+
+# Create an ipv6 stateless subnet
+- openstack.cloud.subnet:
+ state: present
+ name: intv6
+ network_name: internal
+ ip_version: 6
+ cidr: 2db8:1::/64
+ dns_nameservers:
+ - 2001:4860:4860::8888
+ - 2001:4860:4860::8844
+ ipv6_ra_mode: dhcpv6-stateless
+ ipv6_address_mode: dhcpv6-stateless
+'''
+
+RETURN = '''
+id:
+ description: Id of subnet
+ returned: On success when subnet exists.
+ type: str
+subnet:
+ description: Dictionary describing the subnet.
+ returned: On success when subnet exists.
+ type: dict
+ contains:
+ allocation_pools:
+ description: Allocation pools associated with this subnet.
+ returned: success
+ type: list
+ elements: dict
+ cidr:
+ description: Subnet's CIDR.
+ returned: success
+ type: str
+ created_at:
+ description: Created at timestamp
+ type: str
+ description:
+ description: Description
+ type: str
+ dns_nameservers:
+ description: DNS name servers for this subnet.
+ returned: success
+ type: list
+ elements: str
+ dns_publish_fixed_ip:
+ description: Whether to publish DNS records for fixed IPs.
+ returned: success
+ type: bool
+ gateway_ip:
+ description: Subnet's gateway ip.
+ returned: success
+ type: str
+ host_routes:
+ description: A list of host routes.
+ returned: success
+ type: str
+ id:
+ description: Unique UUID.
+ returned: success
+ type: str
+ ip_version:
+ description: IP version for this subnet.
+ returned: success
+ type: int
+ ipv6_address_mode:
+ description: |
+ The IPv6 address modes which are 'dhcpv6-stateful',
+ 'dhcpv6-stateless' or 'slaac'.
+ returned: success
+ type: str
+ ipv6_ra_mode:
+ description: |
+ The IPv6 router advertisements modes which can be 'slaac',
+ 'dhcpv6-stateful', 'dhcpv6-stateless'.
+ returned: success
+ type: str
+ is_dhcp_enabled:
+ description: DHCP enable flag for this subnet.
+ returned: success
+ type: bool
+ name:
+ description: Name given to the subnet.
+ returned: success
+ type: str
+ network_id:
+ description: Network ID this subnet belongs in.
+ returned: success
+ type: str
+ prefix_length:
+ description: |
+ The prefix length to use for subnet allocation from a subnet
+ pool.
+ returned: success
+ type: str
+ project_id:
+ description: Project id associated with this subnet.
+ returned: success
+ type: str
+ revision_number:
+ description: Revision number of the resource
+ returned: success
+ type: int
+ segment_id:
+ description: The ID of the segment this subnet is associated with.
+ returned: success
+ type: str
+ service_types:
+ description: Service types for this subnet
+ returned: success
+ type: list
+ subnet_pool_id:
+ description: The subnet pool ID from which to obtain a CIDR.
+ returned: success
+ type: str
+ tags:
+ description: Tags
+ type: str
+ updated_at:
+ description: Timestamp when the subnet was last updated.
+ returned: success
+ type: str
+ use_default_subnet_pool:
+ description: |
+ Whether to use the default subnet pool to obtain a CIDR.
+ returned: success
+ type: bool
+'''
+
+from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
+
+
+class SubnetModule(OpenStackModule):
+ ipv6_mode_choices = ['dhcpv6-stateful', 'dhcpv6-stateless', 'slaac']
+ argument_spec = dict(
+ name=dict(required=True),
+ network=dict(aliases=['network_name']),
+ cidr=dict(),
+ description=dict(),
+ ip_version=dict(type='int', default=4, choices=[4, 6]),
+ is_dhcp_enabled=dict(type='bool', default=True,
+ aliases=['enable_dhcp']),
+ gateway_ip=dict(),
+ disable_gateway_ip=dict(
+ type='bool', default=False, aliases=['no_gateway_ip']),
+ dns_nameservers=dict(type='list', elements='str'),
+ allocation_pool_start=dict(),
+ allocation_pool_end=dict(),
+ allocation_pools=dict(type='list', elements='dict'),
+ host_routes=dict(type='list', elements='dict'),
+ ipv6_ra_mode=dict(choices=ipv6_mode_choices),
+ ipv6_address_mode=dict(choices=ipv6_mode_choices),
+ subnet_pool=dict(),
+ prefix_length=dict(),
+ use_default_subnet_pool=dict(
+ type='bool', aliases=['use_default_subnetpool']),
+ extra_attrs=dict(type='dict', default=dict(), aliases=['extra_specs']),
+ state=dict(default='present',
+ choices=['absent', 'present']),
+ project=dict(),
+ )
+
+ module_kwargs = dict(
+ supports_check_mode=True,
+ required_together=[['allocation_pool_end', 'allocation_pool_start']],
+ required_if=[
+ ('state', 'present', ('network',)),
+ ('state', 'present',
+ ('cidr', 'use_default_subnet_pool', 'subnet_pool'), True),
+ ],
+ mutually_exclusive=[
+ ('use_default_subnet_pool', 'subnet_pool'),
+ ('allocation_pool_start', 'allocation_pools'),
+ ('allocation_pool_end', 'allocation_pools')
+ ]
+ )
+
+ # resource attributes obtainable directly from params
+ attr_params = ('cidr', 'description',
+ 'dns_nameservers', 'gateway_ip', 'host_routes',
+ 'ip_version', 'ipv6_address_mode', 'ipv6_ra_mode',
+ 'is_dhcp_enabled', 'name', 'prefix_length',
+ 'use_default_subnet_pool',)
+
+ def _validate_update(self, subnet, update):
+ """ Check for differences in non-updatable values """
+ # Ref.: https://docs.openstack.org/api-ref/network/v2/index.html#update-subnet
+ for attr in ('cidr', 'ip_version', 'ipv6_ra_mode', 'ipv6_address_mode',
+ 'prefix_length', 'use_default_subnet_pool'):
+ if attr in update and update[attr] != subnet[attr]:
+ self.fail_json(
+ msg='Cannot update {0} in existing subnet'.format(attr))
+
+ def _system_state_change(self, subnet, network, project, subnet_pool):
+ state = self.params['state']
+ if state == 'absent':
+ return subnet is not None
+ # else state is present
+ if not subnet:
+ return True
+ params = self._build_params(network, project, subnet_pool)
+ updates = self._build_updates(subnet, params)
+ self._validate_update(subnet, updates)
+ return bool(updates)
+
+ def _build_pool(self):
+ pool_start = self.params['allocation_pool_start']
+ pool_end = self.params['allocation_pool_end']
+ if pool_start:
+ return [dict(start=pool_start, end=pool_end)]
+ return None
+
+ def _build_params(self, network, project, subnet_pool):
+ params = {attr: self.params[attr] for attr in self.attr_params}
+ params['network_id'] = network.id
+ if project:
+ params['project_id'] = project.id
+ if subnet_pool:
+ params['subnet_pool_id'] = subnet_pool.id
+ if self.params['allocation_pool_start']:
+ params['allocation_pools'] = self._build_pool()
+ else:
+ params['allocation_pools'] = self.params['allocation_pools']
+ params = self._add_extra_attrs(params)
+ params = {k: v for k, v in params.items() if v is not None}
+ if self.params['disable_gateway_ip']:
+ params['gateway_ip'] = None
+ return params
+
+ def _build_updates(self, subnet, params):
+ # Sort lists before doing comparisons comparisons
+ if 'dns_nameservers' in params:
+ params['dns_nameservers'].sort()
+ subnet['dns_nameservers'].sort()
+
+ if 'host_routes' in params:
+ params['host_routes'].sort(key=lambda r: sorted(r.items()))
+ subnet['host_routes'].sort(key=lambda r: sorted(r.items()))
+
+ if 'allocation_pools' in params:
+ params['allocation_pools'].sort(key=lambda r: sorted(r.items()))
+ subnet['allocation_pools'].sort(key=lambda r: sorted(r.items()))
+
+ updates = {k: params[k] for k in params if params[k] != subnet[k]}
+ if self.params['disable_gateway_ip'] and subnet.gateway_ip:
+ updates['gateway_ip'] = None
+ return updates
+
+ def _add_extra_attrs(self, params):
+ duplicates = set(self.params['extra_attrs']) & set(params)
+ if duplicates:
+ self.fail_json(msg='Duplicate key(s) {0} in extra_specs'
+ .format(list(duplicates)))
+ params.update(self.params['extra_attrs'])
+ return params
+
+ def run(self):
+ state = self.params['state']
+ network_name_or_id = self.params['network']
+ project_name_or_id = self.params['project']
+ subnet_pool_name_or_id = self.params['subnet_pool']
+ subnet_name = self.params['name']
+ gateway_ip = self.params['gateway_ip']
+ disable_gateway_ip = self.params['disable_gateway_ip']
+
+ # fail early if incompatible options have been specified
+ if disable_gateway_ip and gateway_ip:
+ self.fail_json(msg='no_gateway_ip is not allowed with gateway_ip')
+
+ subnet_pool_filters = {}
+ filters = {}
+
+ project = None
+ if project_name_or_id:
+ project = self.conn.identity.find_project(project_name_or_id,
+ ignore_missing=False)
+ subnet_pool_filters['project_id'] = project.id
+ filters['project_id'] = project.id
+
+ network = None
+ if network_name_or_id:
+ # At this point filters can only contain project_id
+ network = self.conn.network.find_network(network_name_or_id,
+ ignore_missing=False,
+ **filters)
+ filters['network_id'] = network.id
+
+ subnet_pool = None
+ if subnet_pool_name_or_id:
+ subnet_pool = self.conn.network.find_subnet_pool(
+ subnet_pool_name_or_id,
+ ignore_missing=False,
+ **subnet_pool_filters)
+ filters['subnet_pool_id'] = subnet_pool.id
+
+ subnet = self.conn.network.find_subnet(subnet_name, **filters)
+
+ if self.ansible.check_mode:
+ self.exit_json(changed=self._system_state_change(
+ subnet, network, project, subnet_pool))
+
+ changed = False
+ if state == 'present':
+ params = self._build_params(network, project, subnet_pool)
+ if subnet is None:
+ subnet = self.conn.network.create_subnet(**params)
+ changed = True
+ else:
+ updates = self._build_updates(subnet, params)
+ if updates:
+ self._validate_update(subnet, updates)
+ subnet = self.conn.network.update_subnet(subnet, **updates)
+ changed = True
+ self.exit_json(changed=changed, subnet=subnet, id=subnet.id)
+ elif state == 'absent' and subnet is not None:
+ self.conn.network.delete_subnet(subnet)
+ changed = True
+ self.exit_json(changed=changed)
+
+
+def main():
+ module = SubnetModule()
+ module()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml b/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml
new file mode 100644
index 0000000..4a7a43b
--- /dev/null
+++ b/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - The Keystone role now supports additional parameters when creating the
+ Keycloak realm to allow for the configuration of options such as password
+ policy, brute force protection, and more.
diff --git a/releasenotes/notes/add-glance-image-tempfile-path-6c1ec42dccba948a.yaml b/releasenotes/notes/add-glance-image-tempfile-path-6c1ec42dccba948a.yaml
new file mode 100644
index 0000000..370e0cb
--- /dev/null
+++ b/releasenotes/notes/add-glance-image-tempfile-path-6c1ec42dccba948a.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Add ``glance_image_tempfile_path`` variable to allow users for changing the
+ temporary path for downloading images before uploading them to Glance.
diff --git a/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml b/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml
new file mode 100644
index 0000000..cb2d445
--- /dev/null
+++ b/releasenotes/notes/add-mfa-config-options-6f2d6811bca1a789.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Keystone role now supports configuring multi-factor authentication for
+ the users within the Atmosphere realm.
diff --git a/releasenotes/notes/allow-configuring-ingress-class-name-0c50f395d9a1b213.yaml b/releasenotes/notes/allow-configuring-ingress-class-name-0c50f395d9a1b213.yaml
new file mode 100644
index 0000000..23172db
--- /dev/null
+++ b/releasenotes/notes/allow-configuring-ingress-class-name-0c50f395d9a1b213.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ All roles that deploy ``Ingress`` resources as part of the deployment
+ process now support the ability to specify the class name to use for the
+ ``Ingress`` resource. This is done by setting the
+ ``<role>_ingress_class_name`` variable to the desired class name.
diff --git a/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
new file mode 100644
index 0000000..aac6ce0
--- /dev/null
+++ b/releasenotes/notes/allow-using-default-cert-b28067c8a1525e1f.yaml
@@ -0,0 +1,7 @@
+---
+features:
+ - |
+ It's now possible to use the default TLS certificates configured within the
+ ingress by using the ``ingress_use_default_tls_certificate`` variable which
+ will omit the ``tls`` section from any ``Ingress`` resources managed by
+ Atmosphere.
diff --git a/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml b/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml
new file mode 100644
index 0000000..4414c45
--- /dev/null
+++ b/releasenotes/notes/barbican-priority-runtime-class-b84c8515f03e18c5.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Barbican role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/bump-mcapi-bde5d8909e7f6268.yaml b/releasenotes/notes/bump-mcapi-bde5d8909e7f6268.yaml
new file mode 100644
index 0000000..931d671
--- /dev/null
+++ b/releasenotes/notes/bump-mcapi-bde5d8909e7f6268.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - The Cluster API driver for Magnum has been bumped to 0.26.2 to address
+ bugs around cluster deletion.
diff --git a/releasenotes/notes/bump-openstack-collection-382923f617548b01.yaml b/releasenotes/notes/bump-openstack-collection-382923f617548b01.yaml
new file mode 100644
index 0000000..60eb020
--- /dev/null
+++ b/releasenotes/notes/bump-openstack-collection-382923f617548b01.yaml
@@ -0,0 +1,4 @@
+---
+other:
+ - The Atmosphere collection now uses the new major version of the OpenStack
+ collection as a dependency.
diff --git a/releasenotes/notes/cinder-priority-runtime-class-910112b1da7bd5c1.yaml b/releasenotes/notes/cinder-priority-runtime-class-910112b1da7bd5c1.yaml
new file mode 100644
index 0000000..6852e16
--- /dev/null
+++ b/releasenotes/notes/cinder-priority-runtime-class-910112b1da7bd5c1.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Cinder role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml b/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml
new file mode 100644
index 0000000..a42e7c2
--- /dev/null
+++ b/releasenotes/notes/designate-priority-runtime-class-63f9e7efe1b3e494.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Designate role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/enable-ovn-affinity-rules-54efa650be79426c.yaml b/releasenotes/notes/enable-ovn-affinity-rules-54efa650be79426c.yaml
new file mode 100644
index 0000000..601f254
--- /dev/null
+++ b/releasenotes/notes/enable-ovn-affinity-rules-54efa650be79426c.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Applied the same pod affinity rules used for OVN NB/SB sts's to northd deployment and
+ changed the default pod affinity rules from preferred during scheduling to required
+ during scheduling.
diff --git a/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml b/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml
new file mode 100644
index 0000000..799899e
--- /dev/null
+++ b/releasenotes/notes/fix-two-redundant-securityContext-problems-28bfb724627e8920.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - |
+ Fix two redundant securityContext problems in
+ statefulset-compute-ironic.yaml template.
diff --git a/releasenotes/notes/glance-priority-runtime-class-8902ce859fba65f6.yaml b/releasenotes/notes/glance-priority-runtime-class-8902ce859fba65f6.yaml
new file mode 100644
index 0000000..0f7dd5b
--- /dev/null
+++ b/releasenotes/notes/glance-priority-runtime-class-8902ce859fba65f6.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Glance role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/heat-priority-runtime-class-493ffeb8be07ac6a.yaml b/releasenotes/notes/heat-priority-runtime-class-493ffeb8be07ac6a.yaml
new file mode 100644
index 0000000..7bf3b8f
--- /dev/null
+++ b/releasenotes/notes/heat-priority-runtime-class-493ffeb8be07ac6a.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Heat role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/horizon-priority-runtime-class-0004e6be3fdeab2b.yaml b/releasenotes/notes/horizon-priority-runtime-class-0004e6be3fdeab2b.yaml
new file mode 100644
index 0000000..a6a4437
--- /dev/null
+++ b/releasenotes/notes/horizon-priority-runtime-class-0004e6be3fdeab2b.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Horizon role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml b/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml
new file mode 100644
index 0000000..2b52c90
--- /dev/null
+++ b/releasenotes/notes/horizon-security-improvements-22b2535a85daab75.yaml
@@ -0,0 +1,8 @@
+---
+security:
+ - The Horizon service now runs as the non-privileged user `horizon` in the
+ container.
+ - The Horizon service ``ALLOWED_HOSTS`` setting is now configured to point
+ to the configured endpoints for the service.
+ - The CORS headers are now configured to only allow requests from the
+ configured endpoints for the service.
diff --git a/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml b/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml
new file mode 100644
index 0000000..ed17275
--- /dev/null
+++ b/releasenotes/notes/ironic-priority-runtime-class-260a89c958179e92.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Ironic role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/keystone-priority-runtime-class-3d41226e8815f369.yaml b/releasenotes/notes/keystone-priority-runtime-class-3d41226e8815f369.yaml
new file mode 100644
index 0000000..81ffbc2
--- /dev/null
+++ b/releasenotes/notes/keystone-priority-runtime-class-3d41226e8815f369.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Keystone role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/magnum-priority-runtime-class-1fa01f838854cb94.yaml b/releasenotes/notes/magnum-priority-runtime-class-1fa01f838854cb94.yaml
new file mode 100644
index 0000000..246b3d2
--- /dev/null
+++ b/releasenotes/notes/magnum-priority-runtime-class-1fa01f838854cb94.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Magnum role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/magnum-update-mcapi-to-0.25.1-fbf7f3dd8b81489c.yaml b/releasenotes/notes/magnum-update-mcapi-to-0.25.1-fbf7f3dd8b81489c.yaml
new file mode 100644
index 0000000..c563d8c
--- /dev/null
+++ b/releasenotes/notes/magnum-update-mcapi-to-0.25.1-fbf7f3dd8b81489c.yaml
@@ -0,0 +1,3 @@
+---
+upgrade:
+ - Upgrade Cluster API driver for Magnum to 0.26.0.
diff --git a/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml b/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml
new file mode 100644
index 0000000..90ff058
--- /dev/null
+++ b/releasenotes/notes/manila-priority-runtime-class-2b73aa2ad577d258.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Manila role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/neutron-priority-runtime-class-b23c083ebd115e08.yaml b/releasenotes/notes/neutron-priority-runtime-class-b23c083ebd115e08.yaml
new file mode 100644
index 0000000..57f9400
--- /dev/null
+++ b/releasenotes/notes/neutron-priority-runtime-class-b23c083ebd115e08.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Neutron role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/nova-priority-runtime-class-97013402a7abf251.yaml b/releasenotes/notes/nova-priority-runtime-class-97013402a7abf251.yaml
new file mode 100644
index 0000000..a5b2aae
--- /dev/null
+++ b/releasenotes/notes/nova-priority-runtime-class-97013402a7abf251.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Nova role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/octavia-priority-runtime-class-3803f91e26a627a4.yaml b/releasenotes/notes/octavia-priority-runtime-class-3803f91e26a627a4.yaml
new file mode 100644
index 0000000..eb2bcce
--- /dev/null
+++ b/releasenotes/notes/octavia-priority-runtime-class-3803f91e26a627a4.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Octavia role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/placement-priority-runtime-class-3d5598c95c26dc32.yaml b/releasenotes/notes/placement-priority-runtime-class-3d5598c95c26dc32.yaml
new file mode 100644
index 0000000..6a60037
--- /dev/null
+++ b/releasenotes/notes/placement-priority-runtime-class-3d5598c95c26dc32.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Placement role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/releasenotes/notes/staffeln-priority-runtime-class-d7a4ae951ddcc214.yaml b/releasenotes/notes/staffeln-priority-runtime-class-d7a4ae951ddcc214.yaml
new file mode 100644
index 0000000..4a00dc6
--- /dev/null
+++ b/releasenotes/notes/staffeln-priority-runtime-class-d7a4ae951ddcc214.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - The Staffeln role now allows users to configure the ``priorityClassName`` and
+ the ``runtimeClassName`` for all of the different components of the service.
diff --git a/requirements.txt b/requirements.txt
index 9157d5b..038719c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
ansible-core>=2.15.9
jmespath>=1.0.1
-openstacksdk<0.99.0
+openstacksdk>1
docker-image-py>=0.1.12
rjsonnet>=0.5.2
netaddr>=0.8.0
diff --git a/roles/barbican/defaults/main.yml b/roles/barbican/defaults/main.yml
index 8d2abc6..011e4d6 100644
--- a/roles/barbican/defaults/main.yml
+++ b/roles/barbican/defaults/main.yml
@@ -20,7 +20,11 @@
barbican_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
barbican_helm_values: {}
+# Class name to use for the Ingress
+barbican_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
barbican_ingress_annotations: {}
+
# Barbican key encryption key
barbican_kek: "{{ undef(hint='You must specify a Barbican key encryption key') }}"
diff --git a/roles/barbican/tasks/main.yml b/roles/barbican/tasks/main.yml
index d7261dc..d4992b6 100644
--- a/roles/barbican/tasks/main.yml
+++ b/roles/barbican/tasks/main.yml
@@ -30,6 +30,7 @@
openstack_helm_ingress_service_name: barbican-api
openstack_helm_ingress_service_port: 9311
openstack_helm_ingress_annotations: "{{ barbican_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ barbican_ingress_class_name }}"
- name: Create creator role
openstack.cloud.identity_role:
diff --git a/roles/barbican/tests/priorityclass_test.yaml b/roles/barbican/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..21063c0
--- /dev/null
+++ b/roles/barbican/tests/priorityclass_test.yaml
@@ -0,0 +1,65 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ barbican_api: platform
+ barbican_tests: platform
+ db_sync: platform
+ bootstrap: platform
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/barbican/tests/runtimeclass_test.yaml b/roles/barbican/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..7c55c02
--- /dev/null
+++ b/roles/barbican/tests/runtimeclass_test.yaml
@@ -0,0 +1,65 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ barbican_api: kata-clh
+ barbican_tests: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/barbican/vars_test.go b/roles/barbican/vars_test.go
index 8a0dccc..ca6a897 100644
--- a/roles/barbican/vars_test.go
+++ b/roles/barbican/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Barbican.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/cinder/defaults/main.yml b/roles/cinder/defaults/main.yml
index 9a2012f..51ac2dc 100644
--- a/roles/cinder/defaults/main.yml
+++ b/roles/cinder/defaults/main.yml
@@ -20,5 +20,8 @@
cinder_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
cinder_helm_values: {}
+# Class name to use for the Ingress
+cinder_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
cinder_ingress_annotations: {}
diff --git a/roles/cinder/tasks/main.yml b/roles/cinder/tasks/main.yml
index aa7b213..cde4251 100644
--- a/roles/cinder/tasks/main.yml
+++ b/roles/cinder/tasks/main.yml
@@ -40,3 +40,4 @@
openstack_helm_ingress_service_name: cinder-api
openstack_helm_ingress_service_port: 8776
openstack_helm_ingress_annotations: "{{ _cinder_ingress_annotations | combine(cinder_ingress_annotations) }}"
+ openstack_helm_ingress_class_name: "{{ cinder_ingress_class_name }}"
diff --git a/roles/cinder/tests/priorityclass_test.yaml b/roles/cinder/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..4ca4967
--- /dev/null
+++ b/roles/cinder/tests/priorityclass_test.yaml
@@ -0,0 +1,96 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-volume.yaml
+ - templates/cron-job-cinder-volume-usage-audit.yaml
+ - templates/deployment-backup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-volume.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/cron-job-cinder-volume-usage-audit.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/deployment-backup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-volume.yaml
+ - templates/cron-job-cinder-volume-usage-audit.yaml
+ - templates/deployment-backup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ cinder_api: platform
+ cinder_backup: platform
+ cinder_scheduler: platform
+ cinder_tests: platform
+ cinder_volume_usage_audit: platform
+ cinder_volume: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-volume.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-cinder-volume-usage-audit.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-backup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/cinder/tests/runtimeclass_test.yaml b/roles/cinder/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..151958a
--- /dev/null
+++ b/roles/cinder/tests/runtimeclass_test.yaml
@@ -0,0 +1,96 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-volume.yaml
+ - templates/cron-job-cinder-volume-usage-audit.yaml
+ - templates/deployment-backup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-volume.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/cron-job-cinder-volume-usage-audit.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/deployment-backup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-volume.yaml
+ - templates/cron-job-cinder-volume-usage-audit.yaml
+ - templates/deployment-backup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ cinder_api: kata-clh
+ cinder_backup: kata-clh
+ cinder_scheduler: kata-clh
+ cinder_tests: kata-clh
+ cinder_volume_usage_audit: kata-clh
+ cinder_volume: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-volume.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-cinder-volume-usage-audit.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-backup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/cinder/vars_test.go b/roles/cinder/vars_test.go
index c501802..c2ba7d3 100644
--- a/roles/cinder/vars_test.go
+++ b/roles/cinder/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Cinder.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/defaults/defaults/main.yml b/roles/defaults/defaults/main.yml
index 938acd5..4b534b4 100644
--- a/roles/defaults/defaults/main.yml
+++ b/roles/defaults/defaults/main.yml
@@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-atmosphere_version: 4.2.12
+atmosphere_version: 4.3.0
# Ingress
atmosphere_ingress_class_name: atmosphere
diff --git a/roles/designate/defaults/main.yml b/roles/designate/defaults/main.yml
index 7932b41..91bf556 100644
--- a/roles/designate/defaults/main.yml
+++ b/roles/designate/defaults/main.yml
@@ -20,6 +20,9 @@
designate_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
designate_helm_values: {}
+# Class name to use for the Ingress
+designate_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
designate_ingress_annotations: {}
diff --git a/roles/designate/tasks/main.yml b/roles/designate/tasks/main.yml
index fe90969..e4c969d 100644
--- a/roles/designate/tasks/main.yml
+++ b/roles/designate/tasks/main.yml
@@ -34,3 +34,4 @@
openstack_helm_ingress_service_name: designate-api
openstack_helm_ingress_service_port: 9001
openstack_helm_ingress_annotations: "{{ designate_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ designate_ingress_class_name }}"
diff --git a/roles/designate/tests/priorityclass_test.yaml b/roles/designate/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..c8de434
--- /dev/null
+++ b/roles/designate/tests/priorityclass_test.yaml
@@ -0,0 +1,96 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # notExists:
+ # path: spec.template.spec.priorityClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ designate_api: platform
+ designate_central: platform
+ designate_mdns: platform
+ designate_producer: platform
+ designate_sink: platform
+ designate_worker: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # equal:
+ # path: spec.template.spec.priorityClassName
+ # value: platform
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/designate/tests/runtimeclass_test.yaml b/roles/designate/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..ac10d05
--- /dev/null
+++ b/roles/designate/tests/runtimeclass_test.yaml
@@ -0,0 +1,96 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # notExists:
+ # path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-central.yaml
+ - templates/deployment-mdns.yaml
+ - templates/deployment-producer.yaml
+ - templates/deployment-sink.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ designate_api: kata-clh
+ designate_central: kata-clh
+ designate_mdns: kata-clh
+ designate_producer: kata-clh
+ designate_sink: kata-clh
+ designate_worker: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-central.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-mdns.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-producer.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ # - template: templates/deployment-sink.yaml
+ # documentIndex: 3
+ # equal:
+ # path: spec.template.spec.runtimeClassName
+ # value: kata-clh
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/designate/vars/main.yml b/roles/designate/vars/main.yml
index e6bfe9b..1bf3970 100644
--- a/roles/designate/vars/main.yml
+++ b/roles/designate/vars/main.yml
@@ -26,7 +26,7 @@
max_pool_size: 5
pool_timeout: 30
service:central:
- managed_resource_tenant_id: "{{ _designate_project_info.openstack_projects[0].id }}"
+ managed_resource_tenant_id: "{{ _designate_project_info.projects[0].id }}"
pools: "{{ designate_pools | to_yaml }}"
pod:
replicas:
diff --git a/roles/designate/vars_test.go b/roles/designate/vars_test.go
index e3ec382..36be484 100644
--- a/roles/designate/vars_test.go
+++ b/roles/designate/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Designate.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/glance/defaults/main.yml b/roles/glance/defaults/main.yml
index d747588..62c026b 100644
--- a/roles/glance/defaults/main.yml
+++ b/roles/glance/defaults/main.yml
@@ -20,6 +20,9 @@
glance_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
glance_helm_values: {}
+# Class name to use for the Ingress
+glance_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
glance_ingress_annotations: {}
diff --git a/roles/glance/tasks/main.yml b/roles/glance/tasks/main.yml
index 32cf42c..c36357f 100644
--- a/roles/glance/tasks/main.yml
+++ b/roles/glance/tasks/main.yml
@@ -30,6 +30,7 @@
openstack_helm_ingress_service_name: glance-api
openstack_helm_ingress_service_port: 9292
openstack_helm_ingress_annotations: "{{ _glance_ingress_annotations | combine(glance_ingress_annotations) }}"
+ openstack_helm_ingress_class_name: "{{ glance_ingress_class_name }}"
- name: Create images
ansible.builtin.include_role:
diff --git a/roles/glance/tests/priorityclass_test.yaml b/roles/glance/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..deeed31
--- /dev/null
+++ b/roles/glance/tests/priorityclass_test.yaml
@@ -0,0 +1,48 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ glance_api: platform
+ glance_tests: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/glance/tests/runtimeclass_test.yaml b/roles/glance/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..282a1c8
--- /dev/null
+++ b/roles/glance/tests/runtimeclass_test.yaml
@@ -0,0 +1,48 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ glance_api: kata-clh
+ glance_tests: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/glance/vars_test.go b/roles/glance/vars_test.go
index aa0455c..9b95a4c 100644
--- a/roles/glance/vars_test.go
+++ b/roles/glance/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Glance.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/glance_image/defaults/main.yml b/roles/glance_image/defaults/main.yml
index d906e1f..92541d0 100644
--- a/roles/glance_image/defaults/main.yml
+++ b/roles/glance_image/defaults/main.yml
@@ -12,6 +12,8 @@
# License for the specific language governing permissions and limitations
# under the License.
+# glance_image_tempfile_path:
+
glance_image_http_proxy: "{{ http_proxy | default('') }}"
glance_image_https_proxy: "{{ https_proxy | default('') }}"
glance_image_no_proxy: "{{ no_proxy | default('') }}"
diff --git a/roles/glance_image/tasks/main.yml b/roles/glance_image/tasks/main.yml
index 5f56e55..1f0059a 100644
--- a/roles/glance_image/tasks/main.yml
+++ b/roles/glance_image/tasks/main.yml
@@ -26,10 +26,11 @@
- name: Download image and upload into Glance
run_once: true
- when: _image_info.openstack_image == None
+ when: _image_info.images | length == 0
block:
- name: Generate temporary work directory
ansible.builtin.tempfile:
+ path: "{{ glance_image_tempfile_path | default(omit) }}"
state: directory
register: _workdir
@@ -38,6 +39,7 @@
url: "{{ glance_image_url }}"
dest: "{{ _workdir.path }}/{{ glance_image_url | basename }}"
mode: "0600"
+ tmp_dest: "{{ _workdir.path }}"
register: _get_url
retries: 3
delay: "{{ 15 | random + 3 }}"
diff --git a/roles/heat/defaults/main.yml b/roles/heat/defaults/main.yml
index 3ea9ded..6a7173d 100644
--- a/roles/heat/defaults/main.yml
+++ b/roles/heat/defaults/main.yml
@@ -20,6 +20,10 @@
heat_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
heat_helm_values: {}
+# Class name to use for the Ingress
+heat_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
+# List of annotations to apply to the Ingress
heat_ingress_annotations: {}
# Encryption key for Heat to use for encrypting sensitive data
diff --git a/roles/heat/tasks/main.yml b/roles/heat/tasks/main.yml
index 96c301a..3a2790e 100644
--- a/roles/heat/tasks/main.yml
+++ b/roles/heat/tasks/main.yml
@@ -30,6 +30,7 @@
openstack_helm_ingress_service_name: heat-api
openstack_helm_ingress_service_port: 8004
openstack_helm_ingress_annotations: "{{ _heat_ingress_annotations | combine(heat_ingress_annotations, recursive=True) }}"
+ openstack_helm_ingress_class_name: "{{ heat_ingress_class_name }}"
- name: Create Ingress
ansible.builtin.include_role:
@@ -39,3 +40,4 @@
openstack_helm_ingress_service_name: heat-cfn
openstack_helm_ingress_service_port: 8000
openstack_helm_ingress_annotations: "{{ _heat_ingress_annotations | combine(heat_ingress_annotations, recursive=True) }}"
+ openstack_helm_ingress_class_name: "{{ heat_ingress_class_name }}"
diff --git a/roles/heat/tests/priorityclass_test.yaml b/roles/heat/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..bef0fb4
--- /dev/null
+++ b/roles/heat/tests/priorityclass_test.yaml
@@ -0,0 +1,123 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-cfn.yaml
+ - templates/deployment-cloudwatch.yaml
+ - templates/cron-job-engine-cleaner.yaml
+ - templates/cron-job-purge-deleted.yaml
+ - templates/deployment-engine.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ - templates/job-trusts.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-cfn.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/cron-job-engine-cleaner.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/cron-job-purge-deleted.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/deployment-engine.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-trusts.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-cfn.yaml
+ - templates/deployment-cloudwatch.yaml
+ - templates/cron-job-engine-cleaner.yaml
+ - templates/cron-job-purge-deleted.yaml
+ - templates/deployment-engine.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ - templates/job-trusts.yaml
+ set:
+ pod:
+ priorityClassName:
+ heat_api: platform
+ heat_cfn: platform
+ heat_cloudwatch: platform
+ heat_tests: platform
+ heat_engine_cleaner: platform
+ heat_purge_deleted: platform
+ heat_engine: platform
+ db_sync: platform
+ bootstrap: platform
+ heat_trusts: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-cfn.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-engine-cleaner.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-purge-deleted.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-engine.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-trusts.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/heat/tests/runtimeclass_test.yaml b/roles/heat/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..754538b
--- /dev/null
+++ b/roles/heat/tests/runtimeclass_test.yaml
@@ -0,0 +1,123 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-cfn.yaml
+ - templates/deployment-cloudwatch.yaml
+ - templates/cron-job-engine-cleaner.yaml
+ - templates/cron-job-purge-deleted.yaml
+ - templates/deployment-engine.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ - templates/job-trusts.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-cfn.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/cron-job-engine-cleaner.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/cron-job-purge-deleted.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/deployment-engine.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-trusts.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-cfn.yaml
+ - templates/deployment-cloudwatch.yaml
+ - templates/cron-job-engine-cleaner.yaml
+ - templates/cron-job-purge-deleted.yaml
+ - templates/deployment-engine.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ - templates/job-trusts.yaml
+ set:
+ pod:
+ runtimeClassName:
+ heat_api: kata-clh
+ heat_cfn: kata-clh
+ heat_cloudwatch: kata-clh
+ heat_tests: kata-clh
+ heat_engine_cleaner: kata-clh
+ heat_purge_deleted: kata-clh
+ heat_engine: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ heat_trusts: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-cfn.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-engine-cleaner.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-purge-deleted.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-engine.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-trusts.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/heat/vars_test.go b/roles/heat/vars_test.go
index a87f90c..be07332 100644
--- a/roles/heat/vars_test.go
+++ b/roles/heat/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Heat.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/horizon/defaults/main.yml b/roles/horizon/defaults/main.yml
index 116a87a..441fe4d 100644
--- a/roles/horizon/defaults/main.yml
+++ b/roles/horizon/defaults/main.yml
@@ -20,5 +20,8 @@
horizon_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
horizon_helm_values: {}
+# Class name to use for the Ingress
+horizon_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
horizon_ingress_annotations: {}
diff --git a/roles/horizon/tasks/main.yml b/roles/horizon/tasks/main.yml
index 3cd1653..5c9e4e0 100644
--- a/roles/horizon/tasks/main.yml
+++ b/roles/horizon/tasks/main.yml
@@ -30,3 +30,4 @@
openstack_helm_ingress_service_name: horizon-int
openstack_helm_ingress_service_port: 80
openstack_helm_ingress_annotations: "{{ _horizon_ingress_annotations | combine(horizon_ingress_annotations) }}"
+ openstack_helm_ingress_class_name: "{{ horizon_ingress_class_name }}"
diff --git a/roles/horizon/tests/priorityclass_test.yaml b/roles/horizon/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..08ec868
--- /dev/null
+++ b/roles/horizon/tests/priorityclass_test.yaml
@@ -0,0 +1,60 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment.yaml
+ - templates/pod-helm-tests.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-helm-tests.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment.yaml
+ - templates/pod-helm-tests.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ set:
+ pod:
+ priorityClassName:
+ horizon: platform
+ horizon_tests: platform
+ db_sync: platform
+ db_init: platform
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-helm-tests.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/horizon/tests/runtimeclass_test.yaml b/roles/horizon/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..d4dda15
--- /dev/null
+++ b/roles/horizon/tests/runtimeclass_test.yaml
@@ -0,0 +1,60 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment.yaml
+ - templates/pod-helm-tests.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-helm-tests.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment.yaml
+ - templates/pod-helm-tests.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ set:
+ pod:
+ runtimeClassName:
+ horizon: kata-clh
+ horizon_tests: kata-clh
+ db_sync: kata-clh
+ db_init: kata-clh
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-helm-tests.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/horizon/vars/main.yml b/roles/horizon/vars/main.yml
index 3e4f541..e0499bb 100644
--- a/roles/horizon/vars/main.yml
+++ b/roles/horizon/vars/main.yml
@@ -17,6 +17,16 @@
images:
tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('horizon') }}"
pod:
+ security_context:
+ horizon:
+ pod:
+ fsGroup: 42424
+ db_sync:
+ pod:
+ fsGroup: 42424
+ tests:
+ pod:
+ fsGroup: 42424
replicas:
server: 3
conf:
@@ -24,6 +34,8 @@
local_settings:
config:
disallow_iframe_embed: "True"
+ allowed_hosts:
+ - "{{ openstack_helm_endpoints_horizon_api_host }}"
secure_proxy_ssl_header: "True"
horizon_images_upload_mode: direct
openstack_enable_password_retrieve: "True"
@@ -55,3 +67,5 @@
_horizon_ingress_annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "5000m"
nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+ nginx.ingress.kubernetes.io/enable-cors: "true"
+ nginx.ingress.kubernetes.io/cors-allow-origin: "{{ openstack_helm_endpoints_horizon_api_host }}"
diff --git a/roles/horizon/vars_test.go b/roles/horizon/vars_test.go
new file mode 100644
index 0000000..0799720
--- /dev/null
+++ b/roles/horizon/vars_test.go
@@ -0,0 +1,40 @@
+package horizon
+
+import (
+ _ "embed"
+ "os"
+ "testing"
+
+ "github.com/goccy/go-yaml"
+ "github.com/stretchr/testify/require"
+
+ "github.com/vexxhost/atmosphere/internal/openstack_helm"
+ "github.com/vexxhost/atmosphere/internal/testutils"
+)
+
+var (
+ //go:embed vars/main.yml
+ varsFile []byte
+ vars Vars
+)
+
+type Vars struct {
+ openstack_helm.HelmValues `yaml:"_horizon_helm_values"`
+}
+
+func TestMain(m *testing.M) {
+ t := &testing.T{}
+ err := yaml.UnmarshalWithOptions(varsFile, &vars)
+ require.NoError(t, err)
+
+ code := m.Run()
+ os.Exit(code)
+}
+
+func TestHelmValues(t *testing.T) {
+ vals, err := openstack_helm.CoalescedHelmValues("../../charts/horizon", &vars.HelmValues)
+ require.NoError(t, err)
+
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
+}
diff --git a/roles/ingress/defaults/main.yml b/roles/ingress/defaults/main.yml
index 05a2cc3..82ea1e0 100644
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@@ -38,3 +38,6 @@
# List of annotations to apply to all Ingress resources as default
ingress_default_annotations: "{{ ingress_global_annotations | default(atmosphere_ingress_annotations) }}"
+
+# Use default TLS certificate
+ingress_use_default_tls_certificate: false
diff --git a/roles/ingress/templates/ingress.yml.j2 b/roles/ingress/templates/ingress.yml.j2
index 04135bc..6da2788 100644
--- a/roles/ingress/templates/ingress.yml.j2
+++ b/roles/ingress/templates/ingress.yml.j2
@@ -21,7 +21,9 @@
name: {{ ingress_service_name }}
port:
number: {{ ingress_service_port }}
+{% if not ingress_use_default_tls_certificate %}
tls:
- secretName: {{ ingress_secret_name | default(ingress_service_name ~ '-certs') }}
hosts:
- {{ ingress_host }}
+{% endif %}
diff --git a/roles/ironic/defaults/main.yml b/roles/ironic/defaults/main.yml
index 4df68da..3b0ef6d 100644
--- a/roles/ironic/defaults/main.yml
+++ b/roles/ironic/defaults/main.yml
@@ -20,6 +20,9 @@
ironic_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
ironic_helm_values: {}
+# Class name to use for the Ingress
+ironic_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
ironic_ingress_annotations: {}
diff --git a/roles/ironic/tasks/main.yml b/roles/ironic/tasks/main.yml
index bd975f1..a70ef8b 100644
--- a/roles/ironic/tasks/main.yml
+++ b/roles/ironic/tasks/main.yml
@@ -94,3 +94,4 @@
openstack_helm_ingress_service_name: ironic-api
openstack_helm_ingress_service_port: 6385
openstack_helm_ingress_annotations: "{{ ironic_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ ironic_ingress_class_name }}"
diff --git a/roles/ironic/tasks/network/create.yml b/roles/ironic/tasks/network/create.yml
index 8032983..a459b74 100644
--- a/roles/ironic/tasks/network/create.yml
+++ b/roles/ironic/tasks/network/create.yml
@@ -25,7 +25,7 @@
- name: Create bare metal network subnet
run_once: true
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ ironic_bare_metal_subnet_name }}"
diff --git a/roles/ironic/tasks/network/lookup.yml b/roles/ironic/tasks/network/lookup.yml
index 8838ac9..95a8f71 100644
--- a/roles/ironic/tasks/network/lookup.yml
+++ b/roles/ironic/tasks/network/lookup.yml
@@ -23,11 +23,11 @@
- name: Assert that we match a single network only
ansible.builtin.assert:
that:
- - ironic_bare_metal_networks_info.openstack_networks | length == 1
- fail_msg: "Expected exactly one network, but found {{ ironic_bare_metal_networks_info.openstack_networks | length }}"
+ - ironic_bare_metal_networks_info.networks | length == 1
+ fail_msg: "Expected exactly one network, but found {{ ironic_bare_metal_networks_info.networks | length }}"
success_msg: "Successfully matched a single network"
run_once: true
- name: Set fact with bare metal network information
ansible.builtin.set_fact:
- ironic_bare_metal_network: "{{ ironic_bare_metal_networks_info.openstack_networks[0] }}"
+ ironic_bare_metal_network: "{{ ironic_bare_metal_networks_info.networks[0] }}"
diff --git a/roles/ironic/tests/priorityclass_test.yaml b/roles/ironic/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..aeaba8f
--- /dev/null
+++ b/roles/ironic/tests/priorityclass_test.yaml
@@ -0,0 +1,60 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ ironic_api: platform
+ ironic_conductor: platform
+ db_sync: platform
+ bootstrap: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/ironic/tests/runtimeclass_test.yaml b/roles/ironic/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..f2a4c33
--- /dev/null
+++ b/roles/ironic/tests/runtimeclass_test.yaml
@@ -0,0 +1,60 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ ironic_api: kata-clh
+ ironic_conductor: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/ironic/vars/main.yml b/roles/ironic/vars/main.yml
index 51d32b4..94e01c8 100644
--- a/roles/ironic/vars/main.yml
+++ b/roles/ironic/vars/main.yml
@@ -50,8 +50,13 @@
rbac_service_role_elevated_access: true
conductor:
clean_step_priority_override: deploy.erase_devices_express:5
- deploy_kernel: "{{ ironic_python_agent_deploy_kernel.openstack_image.id }}"
- deploy_ramdisk: "{{ ironic_python_agent_deploy_ramdisk.openstack_image.id }}"
+ deploy_kernel: "{{ ironic_python_agent_deploy_kernel.images.0.id }}"
+ deploy_ramdisk: "{{ ironic_python_agent_deploy_ramdisk.images.0.id }}"
+ database:
+ connection_recycle_time: 600
+ max_overflow: 50
+ max_pool_size: 5
+ pool_timeout: 30
deploy:
erase_devices_priority: 0
erase_devices_metadata_priority: 0
diff --git a/roles/ironic/vars_test.go b/roles/ironic/vars_test.go
new file mode 100644
index 0000000..658e211
--- /dev/null
+++ b/roles/ironic/vars_test.go
@@ -0,0 +1,41 @@
+package ironic
+
+import (
+ _ "embed"
+ "os"
+ "testing"
+
+ "github.com/goccy/go-yaml"
+ "github.com/stretchr/testify/require"
+
+ "github.com/vexxhost/atmosphere/internal/openstack_helm"
+ "github.com/vexxhost/atmosphere/internal/testutils"
+)
+
+var (
+ //go:embed vars/main.yml
+ varsFile []byte
+ vars Vars
+)
+
+type Vars struct {
+ openstack_helm.HelmValues `yaml:"_ironic_helm_values"`
+}
+
+func TestMain(m *testing.M) {
+ t := &testing.T{}
+ err := yaml.UnmarshalWithOptions(varsFile, &vars)
+ require.NoError(t, err)
+
+ code := m.Run()
+ os.Exit(code)
+}
+
+func TestHelmValues(t *testing.T) {
+ vals, err := openstack_helm.CoalescedHelmValues("../../charts/ironic", &vars.HelmValues)
+ require.NoError(t, err)
+
+ testutils.TestDatabaseConf(t, vals.Conf.Ironic.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
+}
diff --git a/roles/keystone/defaults/main.yml b/roles/keystone/defaults/main.yml
index f71c59f..67031c5 100644
--- a/roles/keystone/defaults/main.yml
+++ b/roles/keystone/defaults/main.yml
@@ -20,6 +20,9 @@
keystone_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
keystone_helm_values: {}
+# Class name to use for the Ingress
+keystone_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
keystone_ingress_annotations: {}
@@ -34,6 +37,16 @@
keystone_keycloak_admin_password: "{{ keycloak_admin_password }}"
keystone_keycloak_realm: atmosphere
keystone_keycloak_realm_name: Atmosphere
+# keystone_keycloak_realm_default_password_policy:
+# keystone_keycloak_realm_default_brute_force_protected:
+# keystone_keycloak_realm_default_brute_force_failure_factor:
+# keystone_keycloak_realm_default_brute_force_wait_increment_seconds:
+# keystone_keycloak_realm_default_brute_force_max_failure_wait_seconds:
+# keystone_keycloak_realm_default_brute_force_max_delta_time_seconds:
+# keystone_keycloak_realm_default_minimum_quick_login_wait_seconds:
+# keystone_keycloak_realm_default_quick_login_check_milli_seconds:
+# keystone_keycloak_realm_default_totp_default_action:
+
keystone_keycloak_client_id: keystone
# keystone_keycloak_client_secret:
keystone_keycloak_scopes: "openid email profile"
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index a35a9ce..e5abcb0 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -29,6 +29,36 @@
realm: "{{ item.keycloak_realm }}"
display_name: "{{ item.label }}"
enabled: true
+ password_policy: "{{ item.keycloak_password_policy | default(keystone_keycloak_realm_default_password_policy | default(omit)) }}"
+ brute_force_protected: "{{ item.keycloak_brute_force_protected | default(keystone_keycloak_realm_default_brute_force_protected | default(omit)) }}"
+ failure_factor: "{{ item.keycloak_brute_force_failure_factor | default(keystone_keycloak_realm_default_brute_force_failure_factor | default(omit)) }}"
+ wait_increment_seconds: "{{ item.keycloak_brute_force_wait_increment_seconds | default(keystone_keycloak_realm_default_brute_force_wait_increment_seconds | default(omit)) }}"
+ max_failure_wait_seconds: "{{ item.keycloak_brute_force_max_failure_wait_seconds | default(keystone_keycloak_realm_default_brute_force_max_failure_wait_seconds | default(omit)) }}"
+ max_delta_time_seconds: "{{ item.keycloak_brute_force_max_delta_time_seconds | default(keystone_keycloak_realm_default_brute_force_max_delta_time_seconds | default(omit)) }}"
+ minimum_quick_login_wait_seconds: "{{ item.keycloak_minimum_quick_login_wait_seconds | default(keystone_keycloak_realm_default_minimum_quick_login_wait_seconds | default(omit)) }}"
+ quick_login_check_milli_seconds: "{{ item.keycloak_quick_login_check_milli_seconds | default(keystone_keycloak_realm_default_quick_login_check_milli_seconds | default(omit)) }}"
+ loop: "{{ keystone_domains }}"
+ loop_control:
+ label: "{{ item.name }}"
+
+- name: Setup Keycloak Authentication Required Actions (MFA)
+ community.general.keycloak_authentication_required_actions:
+ # Keycloak settings
+ auth_keycloak_url: "{{ item.keycloak_server_url }}"
+ auth_realm: "{{ item.keycloak_user_realm_name }}"
+ auth_client_id: "{{ item.keycloak_admin_client_id }}"
+ auth_username: "{{ item.keycloak_admin_user }}"
+ auth_password: "{{ item.keycloak_admin_password }}"
+ validate_certs: "{{ cluster_issuer_type != 'self-signed' }}"
+ # Realm settings
+ realm: "{{ item.name }}"
+ required_actions:
+ - alias: "CONFIGURE_TOTP"
+ name: "Configure OTP"
+ providerId: "CONFIGURE_TOTP"
+ defaultAction: "{{ item.keycloak_totp_default_action | default(keystone_keycloak_realm_default_totp_default_action | default(omit)) }}"
+ enabled: true
+ state: present
loop: "{{ keystone_domains }}"
loop_control:
label: "{{ item.name }}"
@@ -78,6 +108,7 @@
openstack_helm_ingress_service_name: keystone-api
openstack_helm_ingress_service_port: 5000
openstack_helm_ingress_annotations: "{{ keystone_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ keystone_ingress_class_name }}"
- name: Validate if ingress is reachable
ansible.builtin.uri:
@@ -119,6 +150,7 @@
vexxhost.atmosphere.federation_idp:
name: "{{ item.domain.name }}"
domain_id: "{{ item.domain.id }}"
+ is_enabled: true
remote_ids:
- "{{ item.item | vexxhost.atmosphere.issuer_from_domain }}"
loop: "{{ keystone_domains_result.results }}"
diff --git a/roles/keystone/tests/priorityclass_test.yaml b/roles/keystone/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..8524f9b
--- /dev/null
+++ b/roles/keystone/tests/priorityclass_test.yaml
@@ -0,0 +1,141 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/cron-job-credential-rotate.yaml
+ - templates/cron-job-fernet-rotate.yaml
+ - templates/job-credential-cleanup.yaml
+ - templates/job-credential-setup.yaml
+ - templates/job-domain-manage.yaml
+ - templates/job-fernet-setup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/cron-job-credential-rotate.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/cron-job-fernet-rotate.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/job-credential-cleanup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-fernet-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-credential-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-domain-manage.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/job-credential-cleanup.yaml
+ - templates/job-credential-setup.yaml
+ - templates/job-domain-manage.yaml
+ - templates/job-fernet-setup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ keystone_api: platform
+ keystone_tests: platform
+ keystone_credential_rotate: platform
+ keystone_fernet_rotate: platform
+ keystone_credential_setup: platform
+ keystone_fernet_setup: platform
+ keystone_credential_cleanup: platform
+ keystone_domain_manage: platform
+ db_sync: platform
+ db_init: platform
+ bootstrap: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-credential-rotate.yaml
+ documentIndex: 5
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-fernet-rotate.yaml
+ documentIndex: 5
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-credential-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-fernet-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-credential-cleanup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-domain-manage.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/keystone/tests/runtimeclass_test.yaml b/roles/keystone/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..4478d86
--- /dev/null
+++ b/roles/keystone/tests/runtimeclass_test.yaml
@@ -0,0 +1,144 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/cron-job-credential-rotate.yaml
+ - templates/cron-job-fernet-rotate.yaml
+ - templates/job-credential-cleanup.yaml
+ - templates/job-credential-setup.yaml
+ - templates/job-domain-manage.yaml
+ - templates/job-fernet-setup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/cron-job-credential-rotate.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/cron-job-fernet-rotate.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/job-credential-cleanup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-fernet-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-credential-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-domain-manage.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/cron-job-credential-rotate.yaml
+ - templates/cron-job-fernet-rotate.yaml
+ - templates/job-credential-cleanup.yaml
+ - templates/job-credential-setup.yaml
+ - templates/job-domain-manage.yaml
+ - templates/job-fernet-setup.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-db-init.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ keystone_api: kata-clh
+ keystone_tests: kata-clh
+ keystone_credential_rotate: kata-clh
+ keystone_fernet_rotate: kata-clh
+ keystone_credential_setup: kata-clh
+ keystone_fernet_setup: kata-clh
+ keystone_credential_cleanup: kata-clh
+ keystone_domain_manage: kata-clh
+ db_sync: kata-clh
+ db_init: kata-clh
+ bootstrap: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-credential-rotate.yaml
+ documentIndex: 5
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-fernet-rotate.yaml
+ documentIndex: 5
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-credential-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-fernet-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-credential-cleanup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-domain-manage.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-init.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/keystone/vars_test.go b/roles/keystone/vars_test.go
index c5bfe19..f79886a 100644
--- a/roles/keystone/vars_test.go
+++ b/roles/keystone/vars_test.go
@@ -29,4 +29,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Keystone.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/magnum/defaults/main.yml b/roles/magnum/defaults/main.yml
index 740fbb0..84355f7 100644
--- a/roles/magnum/defaults/main.yml
+++ b/roles/magnum/defaults/main.yml
@@ -20,6 +20,10 @@
magnum_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
magnum_helm_values: {}
+# Class name to use for the Ingress
+magnum_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+magnum_registry_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
magnum_ingress_annotations: {}
magnum_registry_ingress_annotations: {}
diff --git a/roles/magnum/tasks/main.yml b/roles/magnum/tasks/main.yml
index fc9b7a0..4805cbc 100644
--- a/roles/magnum/tasks/main.yml
+++ b/roles/magnum/tasks/main.yml
@@ -128,6 +128,7 @@
openstack_helm_ingress_service_name: magnum-api
openstack_helm_ingress_service_port: 9511
openstack_helm_ingress_annotations: "{{ magnum_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ magnum_ingress_class_name }}"
- name: Deploy magnum registry
run_once: true
@@ -204,6 +205,7 @@
openstack_helm_ingress_service_name: magnum-registry
openstack_helm_ingress_service_port: 5000
openstack_helm_ingress_annotations: "{{ _magnum_registry_ingress_annotations | combine(magnum_registry_ingress_annotations) }}"
+ openstack_helm_ingress_class_name: "{{ magnum_registry_ingress_class_name }}"
- name: Upload images
ansible.builtin.include_role:
diff --git a/roles/magnum/tests/priorityclass_test.yaml b/roles/magnum/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..2b69337
--- /dev/null
+++ b/roles/magnum/tests/priorityclass_test.yaml
@@ -0,0 +1,65 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ magnum_api: platform
+ magnum_conductor: platform
+ db_sync: platform
+ bootstrap: platform
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/magnum/tests/runtimeclass_test.yaml b/roles/magnum/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..b939eba
--- /dev/null
+++ b/roles/magnum/tests/runtimeclass_test.yaml
@@ -0,0 +1,65 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/statefulset-conductor.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ magnum_api: kata-clh
+ magnum_conductor: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ bootstrap:
+ enabled: true
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/statefulset-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/magnum/vars_test.go b/roles/magnum/vars_test.go
index 21e8fd6..c727b6c 100644
--- a/roles/magnum/vars_test.go
+++ b/roles/magnum/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Magnum.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/manila/defaults/main.yml b/roles/manila/defaults/main.yml
index f5b791f..ce4b014 100644
--- a/roles/manila/defaults/main.yml
+++ b/roles/manila/defaults/main.yml
@@ -20,6 +20,9 @@
manila_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
manila_helm_values: {}
+# Class name to use for the Ingress
+manila_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
manila_ingress_annotations: {}
diff --git a/roles/manila/tasks/generate_resources.yml b/roles/manila/tasks/generate_resources.yml
index 9bfa6c8..08c5278 100644
--- a/roles/manila/tasks/generate_resources.yml
+++ b/roles/manila/tasks/generate_resources.yml
@@ -43,7 +43,7 @@
- name: Create generic share driver security group tcp rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _manila_service_security_group.id }}"
+ security_group: "{{ _manila_service_security_group.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: tcp
@@ -58,7 +58,7 @@
- name: Create generic share driver security group icmp rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _manila_service_security_group.id }}"
+ security_group: "{{ _manila_service_security_group.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: icmp
diff --git a/roles/manila/tasks/main.yml b/roles/manila/tasks/main.yml
index 8ae97e8..540ce34 100644
--- a/roles/manila/tasks/main.yml
+++ b/roles/manila/tasks/main.yml
@@ -38,6 +38,7 @@
openstack_helm_ingress_service_name: manila-api
openstack_helm_ingress_service_port: 8786
openstack_helm_ingress_annotations: "{{ manila_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ manila_ingress_class_name }}"
- name: Update service tenant quotas
openstack.cloud.quota:
diff --git a/roles/manila/tests/priorityclass_test.yaml b/roles/manila/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..9591737
--- /dev/null
+++ b/roles/manila/tests/priorityclass_test.yaml
@@ -0,0 +1,96 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ manila_api: platform
+ manila_data: platform
+ manila_scheduler: platform
+ manila_share: platform
+ manila_tests: platform
+ db_sync: platform
+ bootstrap: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/manila/tests/runtimeclass_test.yaml b/roles/manila/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..1a80ac3
--- /dev/null
+++ b/roles/manila/tests/runtimeclass_test.yaml
@@ -0,0 +1,96 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-data.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-share.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ manila_api: kata-clh
+ manila_data: kata-clh
+ manila_scheduler: kata-clh
+ manila_tests: kata-clh
+ manila_share: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-data.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-share.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 1
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/manila/vars/main.yml b/roles/manila/vars/main.yml
index ce2175d..3c86604 100644
--- a/roles/manila/vars/main.yml
+++ b/roles/manila/vars/main.yml
@@ -58,7 +58,7 @@
path_to_private_key: /etc/manila/ssh-keys/id_rsa
path_to_public_key: /etc/manila/ssh-keys/id_rsa.pub
service_image_name: "{{ manila_image_name }}"
- service_instance_flavor_id: "{{ _manila_flavor.id }}"
+ service_instance_flavor_id: "{{ _manila_flavor.flavor.id }}"
service_instance_security_group: manila-service-security-group
oslo_messaging_notifications:
driver: noop
diff --git a/roles/manila/vars_test.go b/roles/manila/vars_test.go
index 627920b..14f578f 100644
--- a/roles/manila/vars_test.go
+++ b/roles/manila/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Manila.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/memcached/vars_test.go b/roles/memcached/vars_test.go
new file mode 100644
index 0000000..81062ef
--- /dev/null
+++ b/roles/memcached/vars_test.go
@@ -0,0 +1,40 @@
+package memcached
+
+import (
+ _ "embed"
+ "os"
+ "testing"
+
+ "github.com/goccy/go-yaml"
+ "github.com/stretchr/testify/require"
+
+ "github.com/vexxhost/atmosphere/internal/openstack_helm"
+ "github.com/vexxhost/atmosphere/internal/testutils"
+)
+
+var (
+ //go:embed vars/main.yml
+ varsFile []byte
+ vars Vars
+)
+
+type Vars struct {
+ openstack_helm.HelmValues `yaml:"_memcached_helm_values"`
+}
+
+func TestMain(m *testing.M) {
+ t := &testing.T{}
+ err := yaml.UnmarshalWithOptions(varsFile, &vars)
+ require.NoError(t, err)
+
+ code := m.Run()
+ os.Exit(code)
+}
+
+func TestHelmValues(t *testing.T) {
+ vals, err := openstack_helm.CoalescedHelmValues("../../charts/memcached", &vars.HelmValues)
+ require.NoError(t, err)
+
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
+}
diff --git a/roles/neutron/defaults/main.yml b/roles/neutron/defaults/main.yml
index 04d48ac..b8579eb 100644
--- a/roles/neutron/defaults/main.yml
+++ b/roles/neutron/defaults/main.yml
@@ -23,6 +23,9 @@
# List of networks to provision inside OpenStack
neutron_networks: []
+# Class name to use for the Ingress
+neutron_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
neutron_ingress_annotations: {}
diff --git a/roles/neutron/tasks/main.yml b/roles/neutron/tasks/main.yml
index 874ed3c..47ea874 100644
--- a/roles/neutron/tasks/main.yml
+++ b/roles/neutron/tasks/main.yml
@@ -49,6 +49,7 @@
openstack_helm_ingress_service_name: neutron-server
openstack_helm_ingress_service_port: 9696
openstack_helm_ingress_annotations: "{{ neutron_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ neutron_ingress_class_name }}"
- name: Create networks
when: neutron_networks | length > 0
@@ -87,7 +88,7 @@
until: _result is not failed
- name: Create subnets
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ item.0.name }}"
diff --git a/roles/neutron/tests/priorityclass_test.yaml b/roles/neutron/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..27e52b3
--- /dev/null
+++ b/roles/neutron/tests/priorityclass_test.yaml
@@ -0,0 +1,257 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/daemonset-bagpipe-bgp.yaml
+ - templates/daemonset-bgp-dragent.yaml
+ - templates/daemonset-dhcp-agent.yaml
+ - templates/daemonset-l2gw-agent.yaml
+ - templates/daemonset-l3-agent.yaml
+ - templates/daemonset-lb-agent.yaml
+ - templates/daemonset-metadata-agent.yaml
+ - templates/daemonset-netns-cleanup-cron.yaml
+ - templates/daemonset-neutron-ovn-vpn-agent.yaml
+ - templates/daemonset-ovn-metadata-agent.yaml
+ - templates/daemonset-ovs-agent.yaml
+ - templates/daemonset-sriov-agent.yaml
+ - templates/deployment-ironic-agent.yaml
+ - templates/deployment-rpc_server.yaml
+ - templates/deployment-server.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ - linuxbridge
+ manifests:
+ daemonset_l2gw_agent: true
+ daemonset_bagpipe_bgp: true
+ daemonset_bgp_dragent: true
+ daemonset_ovn_metadata_agent: true
+ daemonset_ovn_vpn_agent: true
+ deployment_ironic_agent: true
+ asserts:
+ - template: templates/daemonset-bagpipe-bgp.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-bgp-dragent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-dhcp-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-l2gw-agent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-l3-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-lb-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-metadata-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-netns-cleanup-cron.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-neutron-ovn-vpn-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-ovn-metadata-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-ovs-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/daemonset-sriov-agent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-ironic-agent.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-rpc_server.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-server.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/daemonset-bagpipe-bgp.yaml
+ - templates/daemonset-bgp-dragent.yaml
+ - templates/daemonset-dhcp-agent.yaml
+ - templates/daemonset-l2gw-agent.yaml
+ - templates/daemonset-l3-agent.yaml
+ - templates/daemonset-lb-agent.yaml
+ - templates/daemonset-metadata-agent.yaml
+ - templates/daemonset-netns-cleanup-cron.yaml
+ - templates/daemonset-neutron-ovn-vpn-agent.yaml
+ - templates/daemonset-ovn-metadata-agent.yaml
+ - templates/daemonset-ovs-agent.yaml
+ - templates/daemonset-sriov-agent.yaml
+ - templates/deployment-ironic-agent.yaml
+ - templates/deployment-rpc_server.yaml
+ - templates/deployment-server.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ - linuxbridge
+ pod:
+ priorityClassName:
+ bagpipe_bgp: platform
+ bgp_dragent: platform
+ neutron_dhcp_agent: platform
+ neutron_l2gw_agent: platform
+ neutron_l3_agent: platform
+ neutron_lb_agent: platform
+ neutron_metadata_agent: platform
+ neutron_netns_cleanup_cron: platform
+ ovn_vpn_agent: platform
+ neutron_ovn_metadata_agent: platform
+ neutron_ovs_agent: platform
+ neutron_sriov_agent: platform
+ neutron_ironic_agent: platform
+ neutron_rpc_server: platform
+ neutron_server: platform
+ neutron_tests: platform
+ db_sync: platform
+ bootstrap: platform
+ manifests:
+ daemonset_l2gw_agent: true
+ daemonset_bagpipe_bgp: true
+ daemonset_bgp_dragent: true
+ daemonset_ovn_metadata_agent: true
+ daemonset_ovn_vpn_agent: true
+ deployment_ironic_agent: true
+ asserts:
+ - template: templates/daemonset-bagpipe-bgp.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-bgp-dragent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-dhcp-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-l2gw-agent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-l3-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-lb-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-metadata-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-netns-cleanup-cron.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-neutron-ovn-vpn-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-ovn-metadata-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-ovs-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/daemonset-sriov-agent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-ironic-agent.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-rpc_server.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-server.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/neutron/tests/runtimeclass_test.yaml b/roles/neutron/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..c4efae7
--- /dev/null
+++ b/roles/neutron/tests/runtimeclass_test.yaml
@@ -0,0 +1,257 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/daemonset-bagpipe-bgp.yaml
+ - templates/daemonset-bgp-dragent.yaml
+ - templates/daemonset-dhcp-agent.yaml
+ - templates/daemonset-l2gw-agent.yaml
+ - templates/daemonset-l3-agent.yaml
+ - templates/daemonset-lb-agent.yaml
+ - templates/daemonset-metadata-agent.yaml
+ - templates/daemonset-netns-cleanup-cron.yaml
+ - templates/daemonset-neutron-ovn-vpn-agent.yaml
+ - templates/daemonset-ovn-metadata-agent.yaml
+ - templates/daemonset-ovs-agent.yaml
+ - templates/daemonset-sriov-agent.yaml
+ - templates/deployment-ironic-agent.yaml
+ - templates/deployment-rpc_server.yaml
+ - templates/deployment-server.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ - linuxbridge
+ manifests:
+ daemonset_l2gw_agent: true
+ daemonset_bagpipe_bgp: true
+ daemonset_bgp_dragent: true
+ daemonset_ovn_metadata_agent: true
+ daemonset_ovn_vpn_agent: true
+ deployment_ironic_agent: true
+ asserts:
+ - template: templates/daemonset-bagpipe-bgp.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-bgp-dragent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-dhcp-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-l2gw-agent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-l3-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-lb-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-metadata-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-netns-cleanup-cron.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-neutron-ovn-vpn-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-ovn-metadata-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-ovs-agent.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/daemonset-sriov-agent.yaml
+ documentIndex: 2
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-ironic-agent.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-rpc_server.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-server.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/daemonset-bagpipe-bgp.yaml
+ - templates/daemonset-bgp-dragent.yaml
+ - templates/daemonset-dhcp-agent.yaml
+ - templates/daemonset-l2gw-agent.yaml
+ - templates/daemonset-l3-agent.yaml
+ - templates/daemonset-lb-agent.yaml
+ - templates/daemonset-metadata-agent.yaml
+ - templates/daemonset-netns-cleanup-cron.yaml
+ - templates/daemonset-neutron-ovn-vpn-agent.yaml
+ - templates/daemonset-ovn-metadata-agent.yaml
+ - templates/daemonset-ovs-agent.yaml
+ - templates/daemonset-sriov-agent.yaml
+ - templates/deployment-ironic-agent.yaml
+ - templates/deployment-rpc_server.yaml
+ - templates/deployment-server.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ bootstrap:
+ enabled: true
+ network:
+ backend:
+ - openvswitch
+ - sriov
+ - linuxbridge
+ pod:
+ runtimeClassName:
+ bagpipe_bgp: kata-clh
+ bgp_dragent: kata-clh
+ neutron_dhcp_agent: kata-clh
+ neutron_l2gw_agent: kata-clh
+ neutron_l3_agent: kata-clh
+ neutron_lb_agent: kata-clh
+ neutron_metadata_agent: kata-clh
+ neutron_netns_cleanup_cron: kata-clh
+ ovn_vpn_agent: kata-clh
+ neutron_ovn_metadata_agent: kata-clh
+ neutron_ovs_agent: kata-clh
+ neutron_sriov_agent: kata-clh
+ neutron_ironic_agent: kata-clh
+ neutron_rpc_server: kata-clh
+ neutron_server: kata-clh
+ neutron_tests: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ manifests:
+ daemonset_l2gw_agent: true
+ daemonset_bagpipe_bgp: true
+ daemonset_bgp_dragent: true
+ daemonset_ovn_metadata_agent: true
+ daemonset_ovn_vpn_agent: true
+ deployment_ironic_agent: true
+ asserts:
+ - template: templates/daemonset-bagpipe-bgp.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-bgp-dragent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-dhcp-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-l2gw-agent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-l3-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-lb-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-metadata-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-netns-cleanup-cron.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-neutron-ovn-vpn-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-ovn-metadata-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-ovs-agent.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/daemonset-sriov-agent.yaml
+ documentIndex: 2
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-ironic-agent.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-rpc_server.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-server.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/neutron/vars_test.go b/roles/neutron/vars_test.go
index 8358366..1ce11e2 100644
--- a/roles/neutron/vars_test.go
+++ b/roles/neutron/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Neutron.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/nova/defaults/main.yml b/roles/nova/defaults/main.yml
index e02faac..a951a5f 100644
--- a/roles/nova/defaults/main.yml
+++ b/roles/nova/defaults/main.yml
@@ -26,6 +26,10 @@
# List of flavors to provision inside Nova
nova_flavors: []
+# Class name to use for the Ingress
+nova_api_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+nova_novnc_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
nova_api_ingress_annotations: {}
nova_novnc_ingress_annotations: {}
diff --git a/roles/nova/tasks/main.yml b/roles/nova/tasks/main.yml
index ed10aa5..a86aa0c 100644
--- a/roles/nova/tasks/main.yml
+++ b/roles/nova/tasks/main.yml
@@ -49,6 +49,7 @@
openstack_helm_ingress_service_name: nova-api
openstack_helm_ingress_service_port: 8774
openstack_helm_ingress_annotations: "{{ nova_api_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ nova_api_ingress_class_name }}"
- name: Create Ingress
ansible.builtin.include_role:
@@ -58,6 +59,7 @@
openstack_helm_ingress_service_name: nova-novncproxy
openstack_helm_ingress_service_port: 6080
openstack_helm_ingress_annotations: "{{ _nova_novnc_ingress_annotations | combine(nova_novnc_ingress_annotations) }}"
+ openstack_helm_ingress_class_name: "{{ nova_novnc_ingress_class_name }}"
- name: Create flavors
when: nova_flavors | length > 0
diff --git a/roles/nova/tests/priorityclass_test.yaml b/roles/nova/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..cf23b0a
--- /dev/null
+++ b/roles/nova/tests/priorityclass_test.yaml
@@ -0,0 +1,178 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/daemonset-compute.yaml
+ - templates/deployment-api-metadata.yaml
+ - templates/deployment-api-osapi.yaml
+ - templates/deployment-conductor.yaml
+ - templates/deployment-novncproxy.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-spiceproxy.yaml
+ - templates/cron-job-archive-deleted-rows.yaml
+ - templates/cron-job-cell-setup.yaml
+ - templates/cron-job-service-cleaner.yaml
+ - templates/statefulset-compute-ironic.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ manifests:
+ cron_job_archive_deleted_rows: true
+ statefulset_compute_ironic: true
+ asserts:
+ - template: templates/daemonset-compute.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-api-metadata.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-api-osapi.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-novncproxy.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/statefulset-compute-ironic.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/cron-job-archive-deleted-rows.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/cron-job-cell-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/cron-job-service-cleaner.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 5
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/daemonset-compute.yaml
+ - templates/deployment-api-metadata.yaml
+ - templates/deployment-api-osapi.yaml
+ - templates/deployment-conductor.yaml
+ - templates/deployment-novncproxy.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-spiceproxy.yaml
+ - templates/cron-job-archive-deleted-rows.yaml
+ - templates/cron-job-cell-setup.yaml
+ - templates/cron-job-service-cleaner.yaml
+ - templates/statefulset-compute-ironic.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ manifests:
+ cron_job_archive_deleted_rows: true
+ statefulset_compute_ironic: true
+ pod:
+ priorityClassName:
+ nova_compute: platform
+ nova_api_metadata: platform
+ nova_api_osapi: platform
+ nova_conductor: platform
+ nova_novncproxy: platform
+ nova_scheduler: platform
+ nova_spiceproxy: platform
+ nova_archive_deleted_rows: platform
+ nova_cell_setup: platform
+ nova_service_cleaner: platform
+ nova_compute_ironic: platform
+ nova_tests: platform
+ db_sync: platform
+ bootstrap: platform
+ asserts:
+ - template: templates/daemonset-compute.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-api-metadata.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-api-osapi.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-novncproxy.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-archive-deleted-rows.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-cell-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/cron-job-service-cleaner.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/statefulset-compute-ironic.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/nova/tests/runtimeclass_test.yaml b/roles/nova/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..3561a38
--- /dev/null
+++ b/roles/nova/tests/runtimeclass_test.yaml
@@ -0,0 +1,182 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/daemonset-compute.yaml
+ - templates/deployment-api-metadata.yaml
+ - templates/deployment-api-osapi.yaml
+ - templates/deployment-conductor.yaml
+ - templates/deployment-novncproxy.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-spiceproxy.yaml
+ - templates/cron-job-archive-deleted-rows.yaml
+ - templates/cron-job-cell-setup.yaml
+ - templates/cron-job-service-cleaner.yaml
+ - templates/statefulset-compute-ironic.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ console:
+ console_kind: spice
+ manifests:
+ cron_job_archive_deleted_rows: true
+ statefulset_compute_ironic: true
+ asserts:
+ - template: templates/daemonset-compute.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-api-metadata.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-api-osapi.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-spiceproxy.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/statefulset-compute-ironic.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/cron-job-archive-deleted-rows.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/cron-job-cell-setup.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/cron-job-service-cleaner.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/daemonset-compute.yaml
+ - templates/deployment-api-metadata.yaml
+ - templates/deployment-api-osapi.yaml
+ - templates/deployment-conductor.yaml
+ - templates/deployment-novncproxy.yaml
+ - templates/deployment-scheduler.yaml
+ - templates/deployment-spiceproxy.yaml
+ - templates/cron-job-archive-deleted-rows.yaml
+ - templates/cron-job-cell-setup.yaml
+ - templates/cron-job-service-cleaner.yaml
+ - templates/statefulset-compute-ironic.yaml
+ - templates/pod-rally-test.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ console:
+ console_kind: spice
+ manifests:
+ cron_job_archive_deleted_rows: true
+ statefulset_compute_ironic: true
+ pod:
+ runtimeClassName:
+ nova_compute: kata-clh
+ nova_api_metadata: kata-clh
+ nova_api_osapi: kata-clh
+ nova_conductor: kata-clh
+ nova_novncproxy: kata-clh
+ nova_scheduler: kata-clh
+ nova_spiceproxy: kata-clh
+ nova_archive_deleted_rows: kata-clh
+ nova_cell_setup: kata-clh
+ nova_service_cleaner: kata-clh
+ nova_compute_ironic: kata-clh
+ nova_tests: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ asserts:
+ - template: templates/daemonset-compute.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-api-metadata.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-api-osapi.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-scheduler.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-spiceproxy.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-archive-deleted-rows.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-cell-setup.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/cron-job-service-cleaner.yaml
+ documentIndex: 3
+ equal:
+ path: spec.jobTemplate.spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/statefulset-compute-ironic.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/pod-rally-test.yaml
+ documentIndex: 3
+ equal:
+ path: spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/nova/vars_test.go b/roles/nova/vars_test.go
index 716b946..93046f8 100644
--- a/roles/nova/vars_test.go
+++ b/roles/nova/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Nova.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/octavia/defaults/main.yml b/roles/octavia/defaults/main.yml
index 19b31f8..3f6427b 100644
--- a/roles/octavia/defaults/main.yml
+++ b/roles/octavia/defaults/main.yml
@@ -20,6 +20,9 @@
octavia_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
octavia_helm_values: {}
+# Class name to use for the Ingress
+octavia_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
octavia_ingress_annotations: {}
diff --git a/roles/octavia/tasks/generate_resources.yml b/roles/octavia/tasks/generate_resources.yml
index 5960aa1..e582be4 100644
--- a/roles/octavia/tasks/generate_resources.yml
+++ b/roles/octavia/tasks/generate_resources.yml
@@ -20,13 +20,13 @@
register: _octavia_management_network
- name: Create management subnet
- openstack.cloud.subnet:
+ vexxhost.atmosphere.subnet:
cloud: atmosphere
# Subnet settings
network_name: "{{ octavia_management_network_name }}"
name: "{{ octavia_management_subnet_name }}"
cidr: "{{ octavia_management_subnet_cidr }}"
- no_gateway_ip: true
+ disable_gateway_ip: true
- name: Create health manager security group
openstack.cloud.security_group:
@@ -37,7 +37,7 @@
- name: Create health manager security group rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _octavia_health_manager_sg.id }}"
+ security_group: "{{ _octavia_health_manager_sg.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: "{{ item.protocol }}"
@@ -67,7 +67,7 @@
if hostvars[item]['octavia_health_manager_ip'] is defined else omit
}}
security_groups:
- - "{{ _octavia_health_manager_sg.id }}"
+ - "{{ _octavia_health_manager_sg.security_group.id }}"
loop: "{{ groups['controllers'] }}"
loop_control:
index_var: _octavia_health_manager_port_index
@@ -110,10 +110,10 @@
- name: Set controller_ip_port_list
ansible.builtin.set_fact:
- _octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list | d([]) + [item.openstack_ports[0].fixed_ips[0].ip_address + ':5555']) | unique }}"
+ _octavia_controller_ip_port_list: "{{ (_octavia_controller_ip_port_list | d([]) + [item.ports[0].fixed_ips[0].ip_address + ':5555']) | unique }}"
loop: "{{ _octavia_health_manager_ports.results }}"
loop_control:
- label: "{{ item.openstack_ports[0].name }}"
+ label: "{{ item.ports[0].name }}"
- name: Create amphora security group
openstack.cloud.security_group:
@@ -124,13 +124,13 @@
- name: Create amphora security group rules
openstack.cloud.security_group_rule:
cloud: atmosphere
- security_group: "{{ _octavia_amphora_sg.id }}"
+ security_group: "{{ _octavia_amphora_sg.security_group.id }}"
direction: ingress
ethertype: IPv4
protocol: tcp
port_range_min: "{{ item.0 }}"
port_range_max: "{{ item.0 }}"
- remote_ip_prefix: "{{ item.1.openstack_ports[0].fixed_ips[0].ip_address }}/32"
+ remote_ip_prefix: "{{ item.1.ports[0].fixed_ips[0].ip_address }}/32"
with_nested:
- [22, 9443]
- "{{ _octavia_health_manager_ports.results }}"
diff --git a/roles/octavia/tasks/main.yml b/roles/octavia/tasks/main.yml
index b2c94fd..4432856 100644
--- a/roles/octavia/tasks/main.yml
+++ b/roles/octavia/tasks/main.yml
@@ -138,3 +138,4 @@
openstack_helm_ingress_service_name: octavia-api
openstack_helm_ingress_service_port: 9876
openstack_helm_ingress_annotations: "{{ octavia_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ octavia_ingress_class_name }}"
diff --git a/roles/octavia/tests/priorityclass_test.yaml b/roles/octavia/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..1732a9a
--- /dev/null
+++ b/roles/octavia/tests/priorityclass_test.yaml
@@ -0,0 +1,84 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/daemonset-health-manager.yaml
+ - templates/deployment-api.yaml
+ - templates/deployment-housekeeping.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/daemonset-health-manager.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-housekeeping.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/daemonset-health-manager.yaml
+ - templates/deployment-api.yaml
+ - templates/deployment-housekeeping.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ priorityClassName:
+ octavia_health_manager: platform
+ octavia_api: platform
+ octavia_housekeeping: platform
+ octavia_worker: platform
+ db_sync: platform
+ bootstrap: platform
+ asserts:
+ - template: templates/daemonset-health-manager.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-housekeeping.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/octavia/tests/runtimeclass_test.yaml b/roles/octavia/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..53f10fc
--- /dev/null
+++ b/roles/octavia/tests/runtimeclass_test.yaml
@@ -0,0 +1,84 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/daemonset-health-manager.yaml
+ - templates/deployment-api.yaml
+ - templates/deployment-housekeeping.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ asserts:
+ - template: templates/daemonset-health-manager.yaml
+ documentIndex: 4
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-housekeeping.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/daemonset-health-manager.yaml
+ - templates/deployment-api.yaml
+ - templates/deployment-housekeeping.yaml
+ - templates/deployment-worker.yaml
+ - templates/job-db-sync.yaml
+ - templates/job-bootstrap.yaml
+ set:
+ pod:
+ runtimeClassName:
+ octavia_health_manager: kata-clh
+ octavia_api: kata-clh
+ octavia_housekeeping: kata-clh
+ octavia_worker: kata-clh
+ db_sync: kata-clh
+ bootstrap: kata-clh
+ asserts:
+ - template: templates/daemonset-health-manager.yaml
+ documentIndex: 4
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-housekeeping.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-worker.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-bootstrap.yaml
+ documentIndex: 1
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index 8423aba..1f78f70 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -98,10 +98,10 @@
endpoint_type: internalURL
controller_worker:
amp_boot_network_list: "{{ _octavia_management_network.id }}"
- amp_flavor_id: "{{ _octavia_amphora_flavor.id }}"
- amp_image_owner_id: "{{ _octavia_amphora_image.openstack_image.owner }}"
- amp_secgroup_list: "{{ _octavia_amphora_sg.id }}"
- amp_ssh_key_name: "{{ octavia_amphora_ssh_keypair.key.name }}"
+ amp_flavor_id: "{{ _octavia_amphora_flavor.flavor.id }}"
+ amp_image_owner_id: "{{ _octavia_amphora_image.images.0.owner }}"
+ amp_secgroup_list: "{{ _octavia_amphora_sg.security_group.id }}"
+ amp_ssh_key_name: "{{ octavia_amphora_ssh_keypair.keypair.name }}"
client_ca: /etc/octavia/certs/client/ca.crt
volume_driver: volume_cinder_driver
workers: 4
diff --git a/roles/octavia/vars_test.go b/roles/octavia/vars_test.go
index 8c99a14..4e7068e 100644
--- a/roles/octavia/vars_test.go
+++ b/roles/octavia/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Octavia.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/openstack_helm_ingress/defaults/main.yml b/roles/openstack_helm_ingress/defaults/main.yml
index f3c0133..3e530ab 100644
--- a/roles/openstack_helm_ingress/defaults/main.yml
+++ b/roles/openstack_helm_ingress/defaults/main.yml
@@ -21,3 +21,6 @@
# this is useful when you want to use a single certificate for all services and
# use DNS-01 challenge to issue the certificate.
# openstack_helm_ingress_wildcard_domain: cloud.atmosphere.dev
+
+# Ingress class to use for the Ingress
+openstack_helm_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
diff --git a/roles/openstack_helm_ingress/tasks/main.yml b/roles/openstack_helm_ingress/tasks/main.yml
index bf1d770..ee9e0f7 100644
--- a/roles/openstack_helm_ingress/tasks/main.yml
+++ b/roles/openstack_helm_ingress/tasks/main.yml
@@ -56,3 +56,4 @@
ingress_service_name: "{{ openstack_helm_ingress_service_name }}"
ingress_service_port: "{{ openstack_helm_ingress_service_port }}"
ingress_secret_name: "{{ openstack_helm_ingress_secret_name | default(openstack_helm_ingress_service_name ~ '-certs') }}"
+ ingress_class_name: "{{ openstack_helm_ingress_class_name }}"
diff --git a/roles/openstacksdk/defaults/main.yml b/roles/openstacksdk/defaults/main.yml
index 27dc31a..96db768 100644
--- a/roles/openstacksdk/defaults/main.yml
+++ b/roles/openstacksdk/defaults/main.yml
@@ -12,4 +12,4 @@
# License for the specific language governing permissions and limitations
# under the License.
-openstacksdk_version: "0.61.0"
+# openstacksdk_version:
diff --git a/roles/openstacksdk/tasks/main.yml b/roles/openstacksdk/tasks/main.yml
index 1a4c3b4..5f082a1 100644
--- a/roles/openstacksdk/tasks/main.yml
+++ b/roles/openstacksdk/tasks/main.yml
@@ -15,7 +15,7 @@
- name: Install openstacksdk
ansible.builtin.pip:
name: openstacksdk
- version: "{{ openstacksdk_version }}"
+ version: "{{ openstacksdk_version | default(omit) }}"
- name: Create openstack config directory
become: true
diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
index b879919..a24b7e9 100644
--- a/roles/ovn/vars/main.yml
+++ b/roles/ovn/vars/main.yml
@@ -43,6 +43,14 @@
initialDelaySeconds: 30
timeoutSeconds: 30
periodSeconds: 60
+ affinity:
+ anti:
+ type:
+ default: requiredDuringSchedulingIgnoredDuringExecution
+ topologyKey:
+ default: kubernetes.io/hostname
+ weight:
+ default: 10
replicas:
ovn_ovsdb_nb: 3
ovn_ovsdb_sb: 3
diff --git a/roles/ovn/vars_test.go b/roles/ovn/vars_test.go
new file mode 100644
index 0000000..ee4d95b
--- /dev/null
+++ b/roles/ovn/vars_test.go
@@ -0,0 +1,39 @@
+package ovn
+
+import (
+ _ "embed"
+ "os"
+ "testing"
+
+ "github.com/goccy/go-yaml"
+ "github.com/stretchr/testify/require"
+
+ "github.com/vexxhost/atmosphere/internal/openstack_helm"
+ "github.com/vexxhost/atmosphere/internal/testutils"
+)
+
+var (
+ //go:embed vars/main.yml
+ varsFile []byte
+ vars Vars
+)
+
+type Vars struct {
+ openstack_helm.HelmValues `yaml:"_ovn_helm_values"`
+}
+
+func TestMain(m *testing.M) {
+ t := &testing.T{}
+ err := yaml.UnmarshalWithOptions(varsFile, &vars)
+ require.NoError(t, err)
+
+ code := m.Run()
+ os.Exit(code)
+}
+
+func TestHelmValues(t *testing.T) {
+ vals, err := openstack_helm.CoalescedHelmValues("../../charts/ovn", &vars.HelmValues)
+ require.NoError(t, err)
+
+ testutils.TestAllPodsHaveAntiAffinityType(t, vals)
+}
diff --git a/roles/placement/defaults/main.yml b/roles/placement/defaults/main.yml
index bc72b55..e29baa5 100644
--- a/roles/placement/defaults/main.yml
+++ b/roles/placement/defaults/main.yml
@@ -20,5 +20,8 @@
placement_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
placement_helm_values: {}
+# Class name to use for the Ingress
+placement_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
placement_ingress_annotations: {}
diff --git a/roles/placement/tasks/main.yml b/roles/placement/tasks/main.yml
index cebee35..cb33025 100644
--- a/roles/placement/tasks/main.yml
+++ b/roles/placement/tasks/main.yml
@@ -30,3 +30,4 @@
openstack_helm_ingress_service_name: placement-api
openstack_helm_ingress_service_port: 8778
openstack_helm_ingress_annotations: "{{ placement_ingress_annotations }}"
+ openstack_helm_ingress_class_name: "{{ placement_ingress_class_name }}"
diff --git a/roles/placement/tests/priorityclass_test.yaml b/roles/placement/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..e7e0900
--- /dev/null
+++ b/roles/placement/tests/priorityclass_test.yaml
@@ -0,0 +1,36 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ placement: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/placement/tests/runtimeclass_test.yaml b/roles/placement/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..79bf19d
--- /dev/null
+++ b/roles/placement/tests/runtimeclass_test.yaml
@@ -0,0 +1,36 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ placement: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/placement/vars_test.go b/roles/placement/vars_test.go
index fa3fac3..f0cb72f 100644
--- a/roles/placement/vars_test.go
+++ b/roles/placement/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Placement.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/rook_ceph_cluster/defaults/main.yml b/roles/rook_ceph_cluster/defaults/main.yml
index 4c2545b..d5b1c2d 100644
--- a/roles/rook_ceph_cluster/defaults/main.yml
+++ b/roles/rook_ceph_cluster/defaults/main.yml
@@ -22,6 +22,9 @@
rook_ceph_cluster_helm_kubeconfig: "{{ kubeconfig_path | default('/etc/kubernetes/admin.conf') }}"
rook_ceph_cluster_helm_values: {}
+# Class name to use for the Ingress
+rook_ceph_cluster_ingress_class_name: "{{ atmosphere_ingress_class_name }}"
+
# List of annotations to apply to the Ingress
rook_ceph_cluster_radosgw_annotations: {}
diff --git a/roles/rook_ceph_cluster/tasks/main.yml b/roles/rook_ceph_cluster/tasks/main.yml
index 92f3842..a957efb 100644
--- a/roles/rook_ceph_cluster/tasks/main.yml
+++ b/roles/rook_ceph_cluster/tasks/main.yml
@@ -96,13 +96,21 @@
password: "{{ openstack_helm_endpoints.identity.auth.rgw.password }}"
domain: service
+# NOTE(mnaser): https://storyboard.openstack.org/#!/story/2010579
- name: Grant access to "service" project
- openstack.cloud.role_assignment:
- cloud: atmosphere
- domain: service
- user: "{{ openstack_helm_endpoints.identity.auth.rgw.username }}"
- project: service
- role: admin
+ changed_when: false
+ ansible.builtin.shell: |
+ set -o posix
+ source /etc/profile.d/atmosphere.sh
+ openstack role add \
+ --user-domain service \
+ --project service \
+ --user {{ openstack_helm_endpoints.identity.auth.rgw.username }} \
+ admin
+ args:
+ executable: /bin/bash
+ environment:
+ OS_CLOUD: atmosphere
- name: Create OpenStack service
openstack.cloud.catalog_service:
@@ -132,3 +140,4 @@
openstack_helm_ingress_service_name: rook-ceph-rgw-{{ rook_ceph_cluster_name }}
openstack_helm_ingress_service_port: 80
openstack_helm_ingress_annotations: "{{ _rook_ceph_cluster_radosgw_annotations | combine(rook_ceph_cluster_radosgw_annotations, recursive=True) }}"
+ openstack_helm_ingress_class_name: "{{ rook_ceph_cluster_ingress_class_name }}"
diff --git a/roles/staffeln/tests/priorityclass_test.yaml b/roles/staffeln/tests/priorityclass_test.yaml
new file mode 100644
index 0000000..943c8ac
--- /dev/null
+++ b/roles/staffeln/tests/priorityclass_test.yaml
@@ -0,0 +1,48 @@
+suite: priorityclass
+tests:
+ - it: should support not having a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-conductor.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 5
+ notExists:
+ path: spec.template.spec.priorityClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.priorityClassName
+
+ - it: should support setting a priority class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-conductor.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ priorityClassName:
+ staffeln_api: platform
+ staffeln_conductor: platform
+ db_sync: platform
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 5
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.priorityClassName
+ value: platform
diff --git a/roles/staffeln/tests/runtimeclass_test.yaml b/roles/staffeln/tests/runtimeclass_test.yaml
new file mode 100644
index 0000000..4835aa1
--- /dev/null
+++ b/roles/staffeln/tests/runtimeclass_test.yaml
@@ -0,0 +1,48 @@
+suite: runtimeclass
+tests:
+ - it: should support not having a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-conductor.yaml
+ - templates/job-db-sync.yaml
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 5
+ notExists:
+ path: spec.template.spec.runtimeClassName
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ notExists:
+ path: spec.template.spec.runtimeClassName
+
+ - it: should support setting a runtime class
+ templates:
+ - templates/deployment-api.yaml
+ - templates/deployment-conductor.yaml
+ - templates/job-db-sync.yaml
+ set:
+ pod:
+ runtimeClassName:
+ staffeln_api: kata-clh
+ staffeln_conductor: kata-clh
+ db_sync: kata-clh
+ asserts:
+ - template: templates/deployment-api.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/deployment-conductor.yaml
+ documentIndex: 5
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
+ - template: templates/job-db-sync.yaml
+ documentIndex: 3
+ equal:
+ path: spec.template.spec.runtimeClassName
+ value: kata-clh
diff --git a/roles/staffeln/vars_test.go b/roles/staffeln/vars_test.go
index 07ec9ab..9377c01 100644
--- a/roles/staffeln/vars_test.go
+++ b/roles/staffeln/vars_test.go
@@ -36,4 +36,6 @@
require.NoError(t, err)
testutils.TestDatabaseConf(t, vals.Conf.Staffeln.Database)
+ testutils.TestAllPodsHaveRuntimeClass(t, vals)
+ testutils.TestAllPodsHavePriorityClass(t, vals)
}
diff --git a/roles/tempest/tasks/main.yml b/roles/tempest/tasks/main.yml
index 8ea8e8f..3440b2d 100644
--- a/roles/tempest/tasks/main.yml
+++ b/roles/tempest/tasks/main.yml
@@ -34,10 +34,10 @@
conf:
tempest:
compute:
- image_ref: "{{ _tempest_test_image.openstack_image.id }}"
+ image_ref: "{{ _tempest_test_image.images.0.id }}"
when:
- tempest_helm_values.conf.tempest.compute.image_ref is not defined
- - _tempest_test_image.openstack_image.id is defined
+ - _tempest_test_image.images | length > 0
- name: Get test flavor object
openstack.cloud.compute_flavor_info:
@@ -53,10 +53,10 @@
conf:
tempest:
compute:
- flavor_ref: "{{ _tempest_test_flavor.openstack_flavors[0].id }}"
+ flavor_ref: "{{ _tempest_test_flavor.flavors[0].id }}"
when:
- tempest_helm_values.conf.tempest.compute.flavor_ref is not defined
- - _tempest_test_flavor.openstack_flavors[0].id is defined
+ - _tempest_test_flavor.flavors[0].id is defined
- name: Get test network object
openstack.cloud.networks_info:
@@ -72,10 +72,10 @@
conf:
tempest:
network:
- public_network_id: "{{ _tempest_test_network.openstack_networks[0].id }}"
+ public_network_id: "{{ _tempest_test_network.networks[0].id }}"
when:
- tempest_helm_values.conf.tempest.network.public_network_id is not defined
- - _tempest_test_network.openstack_networks[0].id is defined
+ - _tempest_test_network.networks[0].id is defined
- name: Deploy Helm chart
failed_when: false
diff --git a/roles/tempest/vars/main.yml b/roles/tempest/vars/main.yml
index ea508f9..5c92ad6 100644
--- a/roles/tempest/vars/main.yml
+++ b/roles/tempest/vars/main.yml
@@ -33,7 +33,8 @@
endpoint_type: internal
fixed_network_name: public
dashboard:
- dashboard_url: "http://horizon-int.openstack.svc.cluster.local"
+ dashboard_url: "https://{{ openstack_helm_endpoints_horizon_api_host }}"
+ disable_ssl_certificate_validation: "{{ cluster_issuer_type == 'self-signed' }}"
identity:
v3_endpoint_type: internal
image: