[ATMOSPHERE-562] [stable/2023.1] chart/nova: update to the latest version (#2260)
This is an automated cherry-pick of #2087
/assign okozachenko1203
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/.charts.yml b/.charts.yml
index 140febd..e82ea2a 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -152,14 +152,9 @@
repository:
url: https://kubernetes-sigs.github.io/node-feature-discovery/charts
- name: nova
- version: 0.3.27
+ version: 0.3.46
repository: *openstack_helm_repository
dependencies: *openstack_helm_dependencies
- patches:
- gerrit:
- review.opendev.org:
- - 899809
- - 904250
- name: octavia
version: 0.2.9
repository: *openstack_helm_repository
diff --git a/charts/nova/Chart.yaml b/charts/nova/Chart.yaml
index e21ec81..0764f69 100644
--- a/charts/nova/Chart.yaml
+++ b/charts/nova/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/nova
- https://opendev.org/openstack/openstack-helm
-version: 0.3.27
+version: 0.3.46
diff --git a/charts/nova/templates/bin/_cell-setup-init.sh.tpl b/charts/nova/templates/bin/_cell-setup-init.sh.tpl
index 9535085..3b6f8e8 100644
--- a/charts/nova/templates/bin/_cell-setup-init.sh.tpl
+++ b/charts/nova/templates/bin/_cell-setup-init.sh.tpl
@@ -69,3 +69,7 @@
echo "Waiting for Nova Compute processes to register"
sleep 10
done
+
+{{- if .Values.jobs.cell_setup.extra_command }}
+{{ .Values.jobs.cell_setup.extra_command }}
+{{- end }}
diff --git a/charts/nova/templates/bin/_nova-compute-init.sh.tpl b/charts/nova/templates/bin/_nova-compute-init.sh.tpl
index 442e7d6..4bc71a3 100644
--- a/charts/nova/templates/bin/_nova-compute-init.sh.tpl
+++ b/charts/nova/templates/bin/_nova-compute-init.sh.tpl
@@ -26,7 +26,11 @@
if [[ -z $migration_interface ]]; then
# search for interface with default routing
# If there is not default gateway, exit
- migration_interface=$(ip -4 route list 0/0 | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
+ migration_network_cidr="{{- .Values.conf.libvirt.live_migration_network_cidr -}}"
+ if [ -z "${migration_network_cidr}" ] ; then
+ migration_network_cidr="0/0"
+ fi
+ migration_interface=$(ip -4 route list ${migration_network_cidr} | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
fi
migration_address=$(ip a s $migration_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -1)
@@ -45,7 +49,11 @@
if [[ -z $hypervisor_interface ]]; then
# search for interface with default routing
# If there is not default gateway, exit
- hypervisor_interface=$(ip -4 route list 0/0 | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
+ hypervisor_network_cidr="{{- .Values.conf.hypervisor.host_network_cidr -}}"
+ if [ -z "${hypervisor_network_cidr}" ] ; then
+ hypervisor_network_cidr="0/0"
+ fi
+ hypervisor_interface=$(ip -4 route list ${hypervisor_network_cidr} | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
fi
hypervisor_address=$(ip a s $hypervisor_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -1)
diff --git a/charts/nova/templates/bin/_nova-console-compute-init.sh.tpl b/charts/nova/templates/bin/_nova-console-compute-init.sh.tpl
index cb33330..b2fb92f 100644
--- a/charts/nova/templates/bin/_nova-console-compute-init.sh.tpl
+++ b/charts/nova/templates/bin/_nova-console-compute-init.sh.tpl
@@ -21,25 +21,25 @@
if [ "${console_kind}" == "novnc" ] ; then
client_address="{{- .Values.conf.nova.vnc.server_proxyclient_address -}}"
client_interface="{{- .Values.console.novnc.compute.vncserver_proxyclient_interface -}}"
+ client_network_cidr="{{- .Values.console.novnc.compute.vncserver_proxyclient_network_cidr -}}"
listen_ip="{{- .Values.conf.nova.vnc.server_listen -}}"
elif [ "${console_kind}" == "spice" ] ; then
client_address="{{- .Values.conf.nova.spice.server_proxyclient_address -}}"
client_interface="{{- .Values.console.spice.compute.server_proxyclient_interface -}}"
+ client_network_cidr="{{- .Values.console.spice.compute.server_proxyclient_network_cidr -}}"
listen_ip="{{- .Values.conf.nova.spice.server_listen -}}"
fi
if [ -z "${client_address}" ] ; then
if [ -z "${client_interface}" ] ; then
- if [ -x "$(command -v route)" ] ; then
- # search for interface with default routing, if multiple default routes exist then select the one with the lowest metric.
- client_interface=$(route -n | awk '/^0.0.0.0/ { print $5 " " $NF }' | sort | awk '{ print $NF; exit }')
- else
- client_interface=$(ip r | grep default | awk '{print $5}')
+ if [ -z "${client_network_cidr}" ] ; then
+ client_network_cidr="0/0"
fi
+ client_interface=$(ip -4 route list ${client_network_cidr} | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
fi
# determine client ip dynamically based on interface provided
- client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -n 1)
+ client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -1)
fi
if [ -z "${listen_ip}" ] ; then
diff --git a/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl b/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
index f3522c9..4eedda9 100644
--- a/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
+++ b/charts/nova/templates/bin/_nova-console-proxy-init.sh.tpl
@@ -21,25 +21,25 @@
if [ "${console_kind}" == "novnc" ] ; then
client_address="{{- .Values.conf.nova.vnc.server_proxyclient_address -}}"
client_interface="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_interface -}}"
+ client_network_cidr="{{- .Values.console.novnc.vncproxy.vncserver_proxyclient_network_cidr -}}"
listen_ip="{{- .Values.conf.nova.vnc.server_listen -}}"
elif [ "${console_kind}" == "spice" ] ; then
client_address="{{- .Values.conf.nova.spice.server_proxyclient_address -}}"
client_interface="{{- .Values.console.spice.proxy.server_proxyclient_interface -}}"
+ client_network_cidr="{{- .Values.console.spice.proxy.server_proxyclient_network_cidr -}}"
listen_ip="{{- .Values.conf.nova.spice.server_listen -}}"
fi
if [ -z "${client_address}" ] ; then
if [ -z "${client_interface}" ] ; then
- if [ -x "$(command -v route)" ] ; then
- # search for interface with default routing, if multiple default routes exist then select the one with the lowest metric.
- client_interface=$(route -n | awk '/^0.0.0.0/ { print $5 " " $NF }' | sort | awk '{ print $NF; exit }')
- else
- client_interface=$(ip r | grep default | awk '{print $5}')
+ if [ -z "${client_network_cidr}" ] ; then
+ client_network_cidr="0/0"
fi
+ client_interface=$(ip -4 route list ${client_network_cidr} | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
fi
# determine client ip dynamically based on interface provided
- client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -n 1)
+ client_address=$(ip a s $client_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -1)
fi
if [ -z "${listen_ip}" ] ; then
diff --git a/charts/nova/templates/bin/_nova-service-cleaner.sh.tpl b/charts/nova/templates/bin/_nova-service-cleaner.sh.tpl
index 2242757..978ca6d 100644
--- a/charts/nova/templates/bin/_nova-service-cleaner.sh.tpl
+++ b/charts/nova/templates/bin/_nova-service-cleaner.sh.tpl
@@ -30,3 +30,7 @@
openstack compute service delete "${SERVICE_ID}"
done
done
+
+{{- if .Values.jobs.service_cleaner.extra_command }}
+{{ .Values.jobs.service_cleaner.extra_command }}
+{{- end }}
diff --git a/charts/nova/templates/bin/_ssh-start.sh.tpl b/charts/nova/templates/bin/_ssh-start.sh.tpl
index 562da44..feca575 100644
--- a/charts/nova/templates/bin/_ssh-start.sh.tpl
+++ b/charts/nova/templates/bin/_ssh-start.sh.tpl
@@ -26,7 +26,15 @@
IFS=''
subnet_address="{{- .Values.network.ssh.from_subnet -}}"
+
+if [ -z "${subnet_address}" ] ; then
+ subnet_address="0.0.0.0/0"
+fi
+listen_interface=$(ip -4 route list ${subnet_address} | awk -F 'dev' '{ print $2; exit }' | awk '{ print $1 }') || exit 1
+listen_address=$(ip a s $listen_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}' | head -1)
+
cat > /tmp/sshd_config_extend <<EOF
+ListenAddress $listen_address
PasswordAuthentication no
Match Address $subnet_address
PermitRootLogin without-password
diff --git a/charts/nova/templates/bin/_storage-init.sh.tpl b/charts/nova/templates/bin/_storage-init.sh.tpl
new file mode 100644
index 0000000..cb3505d
--- /dev/null
+++ b/charts/nova/templates/bin/_storage-init.sh.tpl
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ SECRET=$(mktemp --suffix .yaml)
+ KEYRING=$(mktemp --suffix .keyring)
+ function cleanup {
+ rm -f ${SECRET} ${KEYRING}
+ }
+ trap cleanup EXIT
+fi
+
+set -ex
+if [ "x$STORAGE_BACKEND" == "xrbd" ]; then
+ ceph -s
+ function ensure_pool () {
+ ceph osd pool stats $1 || ceph osd pool create $1 $2
+ if [[ $(ceph mgr versions | awk '/version/{print $3}' | cut -d. -f1) -ge 12 ]]; then
+ ceph osd pool application enable $1 $3
+ fi
+ size_protection=$(ceph osd pool get $1 nosizechange | cut -f2 -d: | tr -d '[:space:]')
+ ceph osd pool set $1 nosizechange 0
+ ceph osd pool set $1 size ${RBD_POOL_REPLICATION}
+ ceph osd pool set $1 nosizechange ${size_protection}
+ ceph osd pool set $1 crush_rule "${RBD_POOL_CRUSH_RULE}"
+ }
+ ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} ${RBD_POOL_APP_NAME}
+fi
\ No newline at end of file
diff --git a/charts/nova/templates/configmap-bin.yaml b/charts/nova/templates/configmap-bin.yaml
index 90a91a9..564c230 100644
--- a/charts/nova/templates/configmap-bin.yaml
+++ b/charts/nova/templates/configmap-bin.yaml
@@ -39,6 +39,8 @@
{{- end }}
rally-test.sh: |
{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }}
+ storage-init.sh: |
+{{ tuple "bin/_storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
db-init.py: |
{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
db-sync.sh: |
diff --git a/charts/nova/templates/configmap-etc.yaml b/charts/nova/templates/configmap-etc.yaml
index a9e09ef..6f00a1c 100644
--- a/charts/nova/templates/configmap-etc.yaml
+++ b/charts/nova/templates/configmap-etc.yaml
@@ -151,8 +151,8 @@
{{- $_ := set .Values.conf.nova.DEFAULT "metadata_host" .Values.endpoints.compute_metadata.ip.ingress -}}
{{- end -}}
-{{- if empty .Values.conf.nova.DEFAULT.metadata_port -}}
-{{- $_ := tuple "compute_metadata" "public" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "metadata_port" -}}
+{{- if empty .Values.conf.nova.DEFAULT.metadata_listen_port -}}
+{{- $_ := tuple "compute_metadata" "internal" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.nova.DEFAULT "metadata_listen_port" -}}
{{- end -}}
{{- if empty .Values.conf.nova.placement.auth_url -}}
diff --git a/charts/nova/templates/daemonset-compute.yaml b/charts/nova/templates/daemonset-compute.yaml
index e1125f9..3ad00ff 100644
--- a/charts/nova/templates/daemonset-compute.yaml
+++ b/charts/nova/templates/daemonset-compute.yaml
@@ -87,6 +87,7 @@
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/charts/nova/templates/deployment-api-metadata.yaml b/charts/nova/templates/deployment-api-metadata.yaml
index 2f0463e..51e30c9 100644
--- a/charts/nova/templates/deployment-api-metadata.yaml
+++ b/charts/nova/templates/deployment-api-metadata.yaml
@@ -57,6 +57,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_api_metadata" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/charts/nova/templates/deployment-api-osapi.yaml b/charts/nova/templates/deployment-api-osapi.yaml
index 88bbf41..b203ba6 100644
--- a/charts/nova/templates/deployment-api-osapi.yaml
+++ b/charts/nova/templates/deployment-api-osapi.yaml
@@ -57,6 +57,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/charts/nova/templates/deployment-conductor.yaml b/charts/nova/templates/deployment-conductor.yaml
index df07583..b58b385 100644
--- a/charts/nova/templates/deployment-conductor.yaml
+++ b/charts/nova/templates/deployment-conductor.yaml
@@ -66,6 +66,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_conductor" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-conductor" "containerNames" (list "nova-conductor" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/charts/nova/templates/deployment-novncproxy.yaml b/charts/nova/templates/deployment-novncproxy.yaml
index e1c79ab..f4c1d8b 100644
--- a/charts/nova/templates/deployment-novncproxy.yaml
+++ b/charts/nova/templates/deployment-novncproxy.yaml
@@ -55,6 +55,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_novncproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-novncproxy" "containerNames" (list "nova-novncproxy" "nova-novncproxy-init-assets" "nova-novncproxy-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
@@ -144,9 +145,14 @@
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
+ {{- if $vencrypt_enabled }}
+ - name: {{ .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal }}
+ mountPath: /etc/pki/nova-novncproxy
+ readOnly: true
+ {{- end }}
+
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
-{{- dict "enabled" $vencrypt_enabled "name" .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal "path" "/etc/pki/nova-novncproxy" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
{{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }}
volumes:
@@ -164,9 +170,14 @@
emptyDir: {}
- name: pod-shared
emptyDir: {}
+ {{- if $vencrypt_enabled }}
+ - name: {{ .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal }}
+ secret:
+ secretName: {{ .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal }}
+ defaultMode: 0444
+ {{- end }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_novnc_proxy.novncproxy.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
-{{- dict "enabled" $vencrypt_enabled "name" .Values.secrets.tls.compute_novnc_proxy.vencrypt.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
{{ if $mounts_nova_novncproxy.volumes }}{{ toYaml $mounts_nova_novncproxy.volumes | indent 8 }}{{ end }}
{{- end }}
diff --git a/charts/nova/templates/deployment-scheduler.yaml b/charts/nova/templates/deployment-scheduler.yaml
index e8a63a2..bba444c 100644
--- a/charts/nova/templates/deployment-scheduler.yaml
+++ b/charts/nova/templates/deployment-scheduler.yaml
@@ -66,6 +66,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_scheduler" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
{{ dict "envAll" $envAll "podName" "nova-scheduler" "containerNames" (list "nova-scheduler" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
diff --git a/charts/nova/templates/deployment-spiceproxy.yaml b/charts/nova/templates/deployment-spiceproxy.yaml
index 2c65401..eca1628 100644
--- a/charts/nova/templates/deployment-spiceproxy.yaml
+++ b/charts/nova/templates/deployment-spiceproxy.yaml
@@ -53,6 +53,7 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ tuple "nova_spiceproxy" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
diff --git a/charts/nova/templates/ingress-novncproxy.yaml b/charts/nova/templates/ingress-novncproxy.yaml
index cad53cf..ec68fb6 100644
--- a/charts/nova/templates/ingress-novncproxy.yaml
+++ b/charts/nova/templates/ingress-novncproxy.yaml
@@ -12,7 +12,7 @@
limitations under the License.
*/}}
-{{- if and .Values.manifests.ingress_novncproxy .Values.network.novncproxy.ingress.public }}
+{{- if and .Values.manifests.ingress_novncproxy .Values.network.novncproxy.ingress.public (eq .Values.console.console_kind "novnc") }}
{{- $envAll := . }}
{{- $ingressOpts := dict "envAll" $envAll "backendService" "novncproxy" "backendServiceType" "compute_novnc_proxy" "backendPort" "n-novnc" -}}
{{- $secretName := $envAll.Values.secrets.tls.compute_novnc_proxy.novncproxy.internal -}}
diff --git a/charts/nova/templates/ingress-spiceproxy.yaml b/charts/nova/templates/ingress-spiceproxy.yaml
new file mode 100644
index 0000000..020797d
--- /dev/null
+++ b/charts/nova/templates/ingress-spiceproxy.yaml
@@ -0,0 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.ingress_spiceproxy .Values.network.spiceproxy.ingress.public (eq .Values.console.console_kind "spice") }}
+{{- $envAll := . }}
+{{- $ingressOpts := dict "envAll" $envAll "backendService" "spiceproxy" "backendServiceType" "compute_spice_proxy" "backendPort" "n-spice" -}}
+{{- $secretName := $envAll.Values.secrets.tls.compute_spice_proxy.spiceproxy.internal -}}
+{{- if and .Values.manifests.certificates $secretName }}
+{{- $_ := set $ingressOpts "certIssuer" .Values.endpoints.compute_spice_proxy.host_fqdn_override.default.tls.issuerRef.name -}}
+{{- end }}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
diff --git a/charts/nova/templates/job-bootstrap.yaml b/charts/nova/templates/job-bootstrap.yaml
index eb5e602..de8812d 100644
--- a/charts/nova/templates/job-bootstrap.yaml
+++ b/charts/nova/templates/job-bootstrap.yaml
@@ -20,7 +20,6 @@
{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
-{{- $logConfigFile := $envAll.Values.conf.nova.DEFAULT.log_config_append -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "bootstrap" -}}
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
@@ -97,10 +96,12 @@
mountPath: {{ $configFile | quote }}
subPath: {{ base $configFile | quote }}
readOnly: true
+ {{- if .Values.conf.nova.DEFAULT.log_config_append }}
- name: bootstrap-conf
- mountPath: {{ $logConfigFile | quote }}
- subPath: {{ base $logConfigFile | quote }}
+ mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append | quote }}
+ subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append | quote }}
readOnly: true
+ {{- end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
diff --git a/charts/nova/templates/job-nova-storage-init.yaml b/charts/nova/templates/job-nova-storage-init.yaml
new file mode 100644
index 0000000..9748a5f
--- /dev/null
+++ b/charts/nova/templates/job-nova-storage-init.yaml
@@ -0,0 +1,167 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.job_storage_init .Values.conf.ceph.enabled }}
+{{- $envAll := . }}
+
+{{- $serviceAccountName := "nova-storage-init" }}
+{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ $serviceAccountName }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - create
+ - update
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ $serviceAccountName }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $serviceAccountName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $envAll.Release.Namespace }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+{{- if .Values.helm3_hook }}
+ annotations:
+ helm.sh/hook: post-install,post-upgrade
+ helm.sh/hook-weight: "-6"
+{{- end }}
+ name: nova-storage-init
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ spec:
+ serviceAccountName: {{ $serviceAccountName }}
+{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{- if $envAll.Values.conf.ceph.enabled }}
+ - name: ceph-keyring-placement
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+ securityContext:
+ runAsUser: 0
+ command:
+ - /tmp/ceph-admin-keyring.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: nova-bin
+ mountPath: /tmp/ceph-admin-keyring.sh
+ subPath: ceph-admin-keyring.sh
+ readOnly: true
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{ end }}
+ {{ end }}
+ containers:
+ - name: nova-storage-init
+{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: STORAGE_BACKEND
+ value: {{ .Values.conf.nova.libvirt.images_type | quote }}
+ {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }}
+ - name: RBD_POOL_NAME
+ value: {{ .Values.conf.nova.libvirt.images_rbd_pool | quote }}
+ - name: RBD_POOL_APP_NAME
+ value: {{ .Values.rbd_pool.app_name | quote }}
+ - name: RBD_POOL_USER
+ value: {{ .Values.conf.nova.libvirt.rbd_user | quote }}
+ - name: RBD_POOL_CRUSH_RULE
+ value: {{ .Values.rbd_pool.crush_rule | quote }}
+ - name: RBD_POOL_REPLICATION
+ value: {{ .Values.rbd_pool.replication | quote }}
+ - name: RBD_POOL_CHUNK_SIZE
+ value: {{ .Values.rbd_pool.chunk_size | quote }}
+ {{ end }}
+ command:
+ - /tmp/storage-init.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: nova-bin
+ mountPath: /tmp/storage-init.sh
+ subPath: storage-init.sh
+ readOnly: true
+ {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }}
+ - name: etcceph
+ mountPath: /etc/ceph
+ - name: ceph-etc
+ mountPath: /etc/ceph/ceph.conf
+ subPath: ceph.conf
+ readOnly: true
+ {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ mountPath: /tmp/client-keyring
+ subPath: key
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: nova-bin
+ configMap:
+ name: nova-bin
+ defaultMode: 0555
+ {{- if $envAll.Values.conf.ceph.enabled }}
+ - name: etcceph
+ emptyDir: {}
+ - name: ceph-etc
+ configMap:
+ name: {{ .Values.ceph_client.configmap }}
+ defaultMode: 0444
+ {{- if empty .Values.conf.ceph.admin_keyring }}
+ - name: ceph-keyring
+ secret:
+ secretName: {{ .Values.ceph_client.user_secret_name }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/nova/templates/secret-db-api.yaml b/charts/nova/templates/secret-db-api.yaml
index baf75b1..de53703 100644
--- a/charts/nova/templates/secret-db-api.yaml
+++ b/charts/nova/templates/secret-db-api.yaml
@@ -22,6 +22,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "oslo_db_api" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- if $envAll.Values.manifests.certificates }}
diff --git a/charts/nova/templates/secret-db-cell0.yaml b/charts/nova/templates/secret-db-cell0.yaml
index 100b57f..ac74bf9 100644
--- a/charts/nova/templates/secret-db-cell0.yaml
+++ b/charts/nova/templates/secret-db-cell0.yaml
@@ -22,6 +22,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "oslo_db_cell0" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- if $envAll.Values.manifests.certificates }}
diff --git a/charts/nova/templates/secret-db.yaml b/charts/nova/templates/secret-db.yaml
index d9cbf8f..885cae1 100644
--- a/charts/nova/templates/secret-db.yaml
+++ b/charts/nova/templates/secret-db.yaml
@@ -22,6 +22,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "oslo_db" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- if $envAll.Values.manifests.certificates }}
diff --git a/charts/nova/templates/secret-keystone.yaml b/charts/nova/templates/secret-keystone.yaml
index beddb30..2d6560c 100644
--- a/charts/nova/templates/secret-keystone.yaml
+++ b/charts/nova/templates/secret-keystone.yaml
@@ -21,6 +21,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "identity" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
diff --git a/charts/nova/templates/secret_rabbitmq.yaml b/charts/nova/templates/secret-rabbitmq.yaml
similarity index 90%
rename from charts/nova/templates/secret_rabbitmq.yaml
rename to charts/nova/templates/secret-rabbitmq.yaml
index b49f84e..32f2169 100644
--- a/charts/nova/templates/secret_rabbitmq.yaml
+++ b/charts/nova/templates/secret-rabbitmq.yaml
@@ -25,6 +25,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "oslo_messaging" $userClass $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass $rabbitmqProtocol $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
diff --git a/charts/nova/templates/secret-ssh.yaml b/charts/nova/templates/secret-ssh.yaml
index 4811b2e..9654c8b 100644
--- a/charts/nova/templates/secret-ssh.yaml
+++ b/charts/nova/templates/secret-ssh.yaml
@@ -20,6 +20,8 @@
kind: Secret
metadata:
name: nova-ssh
+ annotations:
+{{ tuple "ssh" "keys" . | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: Opaque
data:
private-key: {{ .Values.network.ssh.private_key | b64enc }}
diff --git a/charts/nova/templates/service-ingress-novncproxy.yaml b/charts/nova/templates/service-ingress-novncproxy.yaml
index caae913..434cf33 100644
--- a/charts/nova/templates/service-ingress-novncproxy.yaml
+++ b/charts/nova/templates/service-ingress-novncproxy.yaml
@@ -12,7 +12,7 @@
limitations under the License.
*/}}
-{{- if and .Values.manifests.service_ingress_novncproxy .Values.network.novncproxy.ingress.public }}
+{{- if and .Values.manifests.service_ingress_novncproxy .Values.network.novncproxy.ingress.public (eq .Values.console.console_kind "novnc") }}
{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "compute_novnc_proxy" -}}
{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
{{- end }}
diff --git a/charts/nova/templates/service-ingress-spiceproxy.yaml b/charts/nova/templates/service-ingress-spiceproxy.yaml
new file mode 100644
index 0000000..e0bd3d5
--- /dev/null
+++ b/charts/nova/templates/service-ingress-spiceproxy.yaml
@@ -0,0 +1,18 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.service_ingress_spiceproxy .Values.network.spiceproxy.ingress.public (eq .Values.console.console_kind "spice") }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "compute_spice_proxy" -}}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
+{{- end }}
diff --git a/charts/nova/values.yaml b/charts/nova/values.yaml
index fe02e60..e0c5866 100644
--- a/charts/nova/values.yaml
+++ b/charts/nova/values.yaml
@@ -54,31 +54,32 @@
images:
pull_policy: IfNotPresent
tags:
- bootstrap: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- db_drop: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- db_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- dep_check: 'quay.io/airshipit/kubernetes-entrypoint:v1.0.0'
- rabbit_init: docker.io/rabbitmq:3.7-management
- ks_user: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- ks_service: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- nova_archive_deleted_rows: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- ks_endpoints: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- nova_api: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_cell_setup: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_cell_setup_init: docker.io/openstackhelm/heat:wallaby-ubuntu_focal
- nova_compute: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ bootstrap: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ db_drop: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ db_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ dep_check: 'quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal'
+ rabbit_init: docker.io/rabbitmq:3.13-management
+ ks_user: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ ks_service: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ nova_archive_deleted_rows: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ ks_endpoints: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ nova_api: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_cell_setup: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_cell_setup_init: docker.io/openstackhelm/heat:2024.1-ubuntu_jammy
+ nova_compute: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
nova_compute_ironic: 'docker.io/kolla/ubuntu-source-nova-compute-ironic:wallaby'
- nova_compute_ssh: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_conductor: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_db_sync: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_novncproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_compute_ssh: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_conductor: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_db_sync: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_novncproxy: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
nova_novncproxy_assets: 'docker.io/kolla/ubuntu-source-nova-novncproxy:wallaby'
- nova_scheduler: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_scheduler: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_storage_init: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy'
# NOTE(portdirect): we simply use the ceph config helper here,
# as it has both oscli and jq.
- nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_focal'
- nova_spiceproxy: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
- nova_spiceproxy_assets: docker.io/openstackhelm/nova:wallaby-ubuntu_focal
+ nova_service_cleaner: 'docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy'
+ nova_spiceproxy: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
+ nova_spiceproxy_assets: docker.io/openstackhelm/nova:2024.1-ubuntu_jammy
test: docker.io/xrally/xrally-openstack:2.0.0
image_repo_sync: docker.io/docker:17.07.0
nova_wait_for_computes_init: gcr.io/google_containers/hyperkube-amd64:v1.11.6
@@ -101,6 +102,7 @@
enabled: false
iteration: 3
duration: 5
+ extra_command: null
service_cleaner:
cron: "0 */1 * * *"
starting_deadline: 600
@@ -108,6 +110,7 @@
success: 3
failed: 1
sleep_time: 60
+ extra_command: null
archive_deleted_rows:
cron: "0 */1 * * *"
starting_deadline: 600
@@ -244,6 +247,13 @@
enabled: false
port: 30680
spiceproxy:
+ ingress:
+ public: true
+ classes:
+ namespace: "nginx"
+ cluster: "nginx-cluster"
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
node_port:
enabled: false
port: 30682
@@ -492,23 +502,37 @@
spice:
compute:
# IF blank, search default routing interface
- server_proxyclient_interface:
+ server_proxyclient_interface: null
+ # or set network cidr
+ server_proxyclient_network_cidr: 0/0
proxy:
# IF blank, search default routing interface
- server_proxyclient_interface:
+ server_proxyclient_interface: null
+ # or set network cidr
+ server_proxyclient_network_cidr: 0/0
novnc:
compute:
# IF blank, search default routing interface
- vncserver_proxyclient_interface:
+ vncserver_proxyclient_interface: null
+ # or set network cidr
+ vncserver_proxyclient_network_cidr: 0/0
vncproxy:
# IF blank, search default routing interface
- vncserver_proxyclient_interface:
+ vncserver_proxyclient_interface: null
+ # or set network cidr
+ vncserver_proxyclient_network_cidr: 0/0
address_search_enabled: true
ceph_client:
configmap: ceph-etc
user_secret_name: pvc-ceph-client-key
+rbd_pool:
+ app_name: nova-vms
+ replication: 3
+ crush_rule: replicated_rule
+ chunk_size: 8
+
conf:
security: |
#
@@ -1343,11 +1367,16 @@
# When "address_search_enabled", get the IP address to be used as the target for live migration
# traffic using interface name.
# If this option is set to None, the hostname of the migration target compute node will be used.
- live_migration_interface:
+ live_migration_interface: null
+ # or set cidr
+ live_migration_network_cidr: 0/0
hypervisor:
address_search_enabled: true
# my_ip can be set automatically through this interface name.
- host_interface:
+ host_interface: null
+ # If host_interface is null there is a fallback mechanism to search
+ # for interface with routing using host network cidr.
+ host_network_cidr: 0/0
# This list is the keys to exclude from the config file ingested by nova-compute
nova_compute_redactions:
- database
@@ -1385,6 +1414,10 @@
# server_proxyclient_address: 127.0.0.1
conductor:
workers: 1
+ scheduler:
+ max_attempts: 10
+ discover_hosts_in_cells_interval: -1
+ workers: 1
oslo_policy:
policy_file: /etc/nova/policy.yaml
oslo_concurrency:
@@ -1539,20 +1572,15 @@
uwsgi:
add-header: "Connection: close"
buffer-size: 65535
- chunked-input-limit: "4096000"
die-on-term: true
enable-threads: true
exit-on-reload: false
hook-master-start: unix_signal:15 gracefully_kill_them_all
- http-auto-chunked: true
- http-raw-body: true
lazy-apps: true
log-x-forwarded-for: true
master: true
- need-app: true
procname-prefix-spaced: "nova-api:"
route-user-agent: '^kube-probe.* donotlog:'
- socket-timeout: 10
thunder-lock: true
worker-reload-mercy: 80
wsgi-file: /var/lib/openstack/bin/nova-api-wsgi
@@ -1560,20 +1588,15 @@
uwsgi:
add-header: "Connection: close"
buffer-size: 65535
- chunked-input-limit: 4096000
die-on-term: true
enable-threads: true
exit-on-reload: false
hook-master-start: unix_signal:15 gracefully_kill_them_all
- http-auto-chunked: true
- http-raw-body: true
lazy-apps: true
log-x-forwarded-for: true
master: true
- need-app: true
procname-prefix-spaced: "nova-metadata:"
route-user-agent: '^kube-probe.* donotlog:'
- socket-timeout: 10
thunder-lock: true
worker-reload-mercy: 80
wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi
@@ -1613,7 +1636,8 @@
internal: metadata-tls-metadata
compute_spice_proxy:
spiceproxy:
- internal: nova-tls-spiceproxy
+ public: nova-spiceproxy-tls-public
+ internal: nova-spiceproxy-tls-proxy
oci_image_registry:
nova: nova-oci-image-registry
@@ -1914,7 +1938,7 @@
name: nova
hosts:
default: nova-spiceproxy
- public: placement
+ public: spiceproxy
host_fqdn_override:
default: null
path:
@@ -1924,6 +1948,7 @@
port:
spice_proxy:
default: 6082
+ public: 80
placement:
name: placement
hosts:
@@ -2414,6 +2439,13 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+ storage_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
db_init:
requests:
memory: "128Mi"
@@ -2536,8 +2568,10 @@
deployment_scheduler: true
ingress_metadata: true
ingress_novncproxy: true
+ ingress_spiceproxy: true
ingress_osapi: true
job_bootstrap: true
+ job_storage_init: true
job_db_init: true
job_db_sync: true
job_db_drop: false
@@ -2560,6 +2594,7 @@
secret_registry: true
service_ingress_metadata: true
service_ingress_novncproxy: true
+ service_ingress_spiceproxy: true
service_ingress_osapi: true
service_metadata: true
service_novncproxy: true
diff --git a/charts/patches/nova/0001-tune-uwsgi-config.patch b/charts/patches/nova/0001-tune-uwsgi-config.patch
deleted file mode 100644
index eb6e791..0000000
--- a/charts/patches/nova/0001-tune-uwsgi-config.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff --git b/nova/values.yaml a/charts/nova/values.yaml
-index df2e2ff6..fe02e605 100644
---- b/nova/values.yaml
-+++ a/nova/values.yaml
-@@ -1539,15 +1539,20 @@ conf:
- uwsgi:
- add-header: "Connection: close"
- buffer-size: 65535
-+ chunked-input-limit: "4096000"
- die-on-term: true
- enable-threads: true
- exit-on-reload: false
- hook-master-start: unix_signal:15 gracefully_kill_them_all
-+ http-auto-chunked: true
-+ http-raw-body: true
- lazy-apps: true
- log-x-forwarded-for: true
- master: true
-+ need-app: true
- procname-prefix-spaced: "nova-api:"
- route-user-agent: '^kube-probe.* donotlog:'
-+ socket-timeout: 10
- thunder-lock: true
- worker-reload-mercy: 80
- wsgi-file: /var/lib/openstack/bin/nova-api-wsgi
-@@ -1555,15 +1560,20 @@ conf:
- uwsgi:
- add-header: "Connection: close"
- buffer-size: 65535
-+ chunked-input-limit: 4096000
- die-on-term: true
- enable-threads: true
- exit-on-reload: false
- hook-master-start: unix_signal:15 gracefully_kill_them_all
-+ http-auto-chunked: true
-+ http-raw-body: true
- lazy-apps: true
- log-x-forwarded-for: true
- master: true
-+ need-app: true
- procname-prefix-spaced: "nova-metadata:"
- route-user-agent: '^kube-probe.* donotlog:'
-+ socket-timeout: 10
- thunder-lock: true
- worker-reload-mercy: 80
- wsgi-file: /var/lib/openstack/bin/nova-metadata-wsgi
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index b977649..86415bf 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -174,6 +174,7 @@
nova_service_cleaner: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
nova_spiceproxy_assets: "registry.atmosphere.dev/library/nova:{{ atmosphere_release }}"
nova_spiceproxy: "registry.atmosphere.dev/library/nova:{{ atmosphere_release }}"
+ nova_storage_init: "registry.atmosphere.dev/library/heat:{{ atmosphere_release }}"
oauth2_proxy: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
octavia_api: "registry.atmosphere.dev/library/octavia:{{ atmosphere_release }}"
octavia_db_sync: "registry.atmosphere.dev/library/octavia:{{ atmosphere_release }}"
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index a06ea22..9790b5f 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml
@@ -68,7 +68,6 @@
vpn_device_driver: neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
metadata_agent:
DEFAULT:
- nova_metadata_port: 8775
metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
plugins:
ml2_conf:
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
index b9fb880..71d980e 100644
--- a/roles/nova/vars/main.yml
+++ b/roles/nova/vars/main.yml
@@ -111,6 +111,7 @@
os_vif_ovs:
ovsdb_connection: unix:/run/openvswitch/db.sock
scheduler:
+ max_attempts: 3
workers: 8
discover_hosts_in_cells_interval: 30
vnc:
@@ -121,6 +122,20 @@
nova_ironic:
DEFAULT:
force_config_drive: true
+ nova_api_uwsgi:
+ uwsgi:
+ chunked-input-limit: "4096000"
+ http-auto-chunked: true
+ http-raw-body: true
+ need-app: true
+ socket-timeout: 10
+ nova_metadata_uwsgi:
+ uwsgi:
+ chunked-input-limit: "4096000"
+ http-auto-chunked: true
+ http-raw-body: true
+ need-app: true
+ socket-timeout: 10
manifests:
deployment_consoleauth: false
deployment_placement: false
@@ -128,16 +143,19 @@
ingress_novncproxy: false
ingress_osapi: false
ingress_placement: false
+ ingress_spiceproxy: false
job_db_init_placement: false
job_ks_placement_endpoints: false
job_ks_placement_service: false
job_ks_placement_user: false
+ job_storage_init: false
secret_keystone_placement: false
service_ingress_metadata: false
service_ingress_novncproxy: false
service_ingress_osapi: false
service_ingress_placement: false
service_placement: false
+ service_ingress_spiceproxy: false
# NOTE(mnaser): Enable this once we've got Ironic deployed.
statefulset_compute_ironic: false