Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / 05795e5c0f8147985ada144cea5976a8c4c19f4a / . / charts / neutron / templates / daemonset-sriov-agent.yaml
blob: 5b96cd7cb9829b0b9215407bd3874a9f0a2c0b46 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "sriovAgentReadinessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/neutron/neutron.conf
22 - --config-file
23 - /etc/neutron/sriov_agent.ini
24{{- if .Values.pod.use_fqdn.neutron_agent }}
25 - --use-fqdn
26{{- end }}
27{{- end }}
28
29{{- define "neutron.sriov_agent.daemonset" }}
30{{- $daemonset := index . 0 }}
31{{- $configMapName := index . 1 }}
32{{- $serviceAccountName := index . 2 }}
33{{- $envAll := index . 3 }}
34{{- with $envAll }}
35
36{{- $mounts_neutron_sriov_agent := .Values.pod.mounts.neutron_sriov_agent.neutron_sriov_agent }}
37{{- $mounts_neutron_sriov_agent_init := .Values.pod.mounts.neutron_sriov_agent.init_container }}
38
39---
40apiVersion: apps/v1
41kind: DaemonSet
42metadata:
43 name: neutron-sriov-agent
44 annotations:
45 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
46 labels:
47{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
48spec:
49 selector:
50 matchLabels:
51{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
52{{ tuple $envAll "sriov_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
53 template:
54 metadata:
55 labels:
56{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
57 annotations:
58{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
59 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
60 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]61{{ tuple "neutron_sriov_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]62{{ dict "envAll" $envAll "podName" "neutron-sriov-agent-default" "containerNames" (list "neutron-sriov-agent-init" "init" "neutron-sriov-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
63 spec:
64{{ dict "envAll" $envAll "application" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
65 serviceAccountName: {{ $serviceAccountName }}
66 nodeSelector:
67 {{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }}
68{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
69{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
70{{ end }}
71 dnsPolicy: ClusterFirstWithHostNet
72 hostNetwork: true
73 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
74 shareProcessNamespace: true
75 {{- else }}
76 hostPID: true
77 {{- end }}
78 initContainers:
79{{ tuple $envAll "pod_dependency" $mounts_neutron_sriov_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
80 - name: neutron-sriov-agent-init
81{{ tuple $envAll "neutron_sriov_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }}
82{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
83{{ dict "envAll" $envAll "application" "neutron_sriov_agent" "container" "neutron_sriov_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
84 command:
85 - /tmp/neutron-sriov-agent-init.sh
86 volumeMounts:
87 - name: pod-tmp
88 mountPath: /tmp
89 - name: neutron-bin
90 mountPath: /tmp/neutron-sriov-agent-init.sh
91 subPath: neutron-sriov-agent-init.sh
92 readOnly: true
93 - name: pod-shared
94 mountPath: /tmp/pod-shared
95 - name: neutron-etc
96 mountPath: /etc/neutron/neutron.conf
97 subPath: neutron.conf
98 readOnly: true
99 - name: neutron-etc
100 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
101 subPath: ml2_conf.ini
102 readOnly: true
103 - name: neutron-etc
104 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
105 subPath: sriov_agent.ini
106 readOnly: true
107 {{- if .Values.conf.plugins.taas.taas.enabled }}
108 - name: neutron-etc
109 mountPath: /etc/neutron/plugins/ml2/taas.ini
110 subPath: taas.ini
111 readOnly: true
112 {{- end }}
113 - name: neutron-etc
114 # NOTE (Portdirect): We mount here to override Kollas
115 # custom sudoers file when using Kolla images, this
116 # location will also work fine for other images.
117 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
118 subPath: neutron_sudoers
119 readOnly: true
120 - name: neutron-etc
121 mountPath: /etc/neutron/rootwrap.conf
122 subPath: rootwrap.conf
123 readOnly: true
124 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
125 {{- if ( has "sriov_agent" $value.pods ) }}
126 {{- $filePrefix := replace "_" "-" $key }}
127 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
128 - name: neutron-etc
129 mountPath: {{ $rootwrapFile }}
130 subPath: {{ base $rootwrapFile }}
131 readOnly: true
132 {{- end }}
133 {{- end }}
134 - name: run
135 mountPath: /run
136{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
137 containers:
138 - name: neutron-sriov-agent
139{{ tuple $envAll "neutron_sriov_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
140{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
141{{ dict "envAll" $envAll "application" "neutron_sriov_agent" "container" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
142 env:
143 - name: RPC_PROBE_TIMEOUT
144 value: "{{ .Values.pod.probes.rpc_timeout }}"
145 - name: RPC_PROBE_RETRIES
146 value: "{{ .Values.pod.probes.rpc_retries }}"
147{{ dict "envAll" $envAll "component" "sriov_agent" "container" "sriov_agent" "type" "readiness" "probeTemplate" (include "sriovAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
148 command:
149 - /tmp/neutron-sriov-agent.sh
150 volumeMounts:
151 - mountPath: /sys/class/net
152 name: host-sys-class-net
153 - mountPath: /sys/devices
154 name: host-sys-devices
155 - name: pod-tmp
156 mountPath: /tmp
157 - name: pod-var-neutron
158 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
159 - name: neutron-bin
160 mountPath: /tmp/neutron-sriov-agent.sh
161 subPath: neutron-sriov-agent.sh
162 readOnly: true
163 - name: neutron-bin
164 mountPath: /tmp/health-probe.py
165 subPath: health-probe.py
166 readOnly: true
167 - name: pod-shared
168 mountPath: /tmp/pod-shared
169 - name: neutron-etc
170 mountPath: /etc/neutron/neutron.conf
171 subPath: neutron.conf
172 readOnly: true
173 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
174 - name: neutron-etc
175 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
176 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
177 readOnly: true
178 {{- end }}
179 - name: neutron-etc
180 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
181 subPath: ml2_conf.ini
182 readOnly: true
183 - name: neutron-etc
184 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
185 subPath: sriov_agent.ini
186 readOnly: true
187 {{- if .Values.conf.plugins.taas.taas.enabled }}
188 - name: neutron-etc
189 mountPath: /etc/neutron/plugins/ml2/taas.ini
190 subPath: taas.ini
191 readOnly: true
192 {{- end }}
193 - name: neutron-etc
194 # NOTE (Portdirect): We mount here to override Kollas
195 # custom sudoers file when using Kolla images, this
196 # location will also work fine for other images.
197 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
198 subPath: neutron_sudoers
199 readOnly: true
200 - name: neutron-etc
201 mountPath: /etc/neutron/rootwrap.conf
202 subPath: rootwrap.conf
203 readOnly: true
204 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
205 {{- if ( has "sriov_agent" $value.pods ) }}
206 {{- $filePrefix := replace "_" "-" $key }}
207 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
208 - name: neutron-etc
209 mountPath: {{ $rootwrapFile }}
210 subPath: {{ base $rootwrapFile }}
211 readOnly: true
212 {{- end }}
213 {{- end }}
214 - name: run
215 mountPath: /run
216{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
217{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
218 volumes:
219 - name: host-sys-class-net
220 hostPath:
221 path: /sys/class/net
222 - name: host-sys-devices
223 hostPath:
224 path: /sys/devices
225 - name: pod-tmp
226 emptyDir: {}
227 - name: pod-var-neutron
228 emptyDir: {}
229 - name: pod-shared
230 emptyDir: {}
231 - name: neutron-bin
232 configMap:
233 name: neutron-bin
234 defaultMode: 0555
235 - name: neutron-etc
236 secret:
237 secretName: {{ $configMapName }}
238 defaultMode: 0444
239 - name: run
240 hostPath:
241 path: /run
242{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
243{{ if $mounts_neutron_sriov_agent.volumes }}{{ toYaml $mounts_neutron_sriov_agent.volumes | indent 8 }}{{ end }}
244{{- end }}
245{{- end }}
246
247{{- if and .Values.manifests.daemonset_sriov_agent ( has "sriov" .Values.network.backend ) }}
248{{- $envAll := . }}
249{{- $daemonset := "sriov-agent" }}
250{{- $configMapName := "neutron-etc" }}
251{{- $serviceAccountName := "neutron-sriov-agent" }}
252{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "sriov_agent" -}}
253{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
254{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
255{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.sriov_agent.daemonset" | toString | fromYaml }}
256{{- $configmap_yaml := "neutron.configmap.etc" }}
257{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
258{{- end }}