Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / neutron / templates / daemonset-dhcp-agent.yaml
blob: 9fe058dd28b602a72e62336eb8b4b7ff1aba7e37 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "dhcpAgentReadinessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/neutron/neutron.conf
22 - --config-file
23 - /etc/neutron/dhcp_agent.ini
24 - --agent-queue-name
25 - dhcp_agent
26{{- if .Values.pod.use_fqdn.neutron_agent }}
27 - --use-fqdn
28{{- end }}
29{{- end }}
30{{- define "dhcpAgentLivenessProbeTemplate" }}
31exec:
32 command:
33 - python
34 - /tmp/health-probe.py
35 - --config-file
36 - /etc/neutron/neutron.conf
37 - --config-file
38 - /etc/neutron/dhcp_agent.ini
39 - --agent-queue-name
40 - dhcp_agent
41{{- if .Values.pod.use_fqdn.neutron_agent }}
42 - --use-fqdn
43{{- end }}
44{{- end }}
45
46{{- define "neutron.dhcp_agent.daemonset" }}
47{{- $daemonset := index . 0 }}
48{{- $configMapName := index . 1 }}
49{{- $serviceAccountName := index . 2 }}
50{{- $envAll := index . 3 }}
51{{- with $envAll }}
52
53{{- $mounts_neutron_dhcp_agent := .Values.pod.mounts.neutron_dhcp_agent.neutron_dhcp_agent }}
54{{- $mounts_neutron_dhcp_agent_init := .Values.pod.mounts.neutron_dhcp_agent.init_container }}
55
56---
57apiVersion: apps/v1
58kind: DaemonSet
59metadata:
60 name: neutron-dhcp-agent
61 annotations:
62 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
63 labels:
64{{ tuple $envAll "neutron" "dhcp-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
65spec:
66 selector:
67 matchLabels:
68{{ tuple $envAll "neutron" "dhcp-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
69{{ tuple $envAll "dhcp_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
70 template:
71 metadata:
72 labels:
73{{ tuple $envAll "neutron" "dhcp-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
74 annotations:
75{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
76 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
77 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]78{{ tuple "neutron_dhcp_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]79{{ dict "envAll" $envAll "podName" "neutron-dhcp-agent-default" "containerNames" (list "neutron-dhcp-agent" "neutron-dhcp-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
80 spec:
81{{ dict "envAll" $envAll "application" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
Dong Mae5bd5a32025-02-11 11:03:48 +0000[diff] [blame]82{{ with .Values.pod.priorityClassName.neutron_dhcp_agent }}
83 priorityClassName: {{ . }}
84{{ end }}
85{{ with .Values.pod.runtimeClassName.neutron_dhcp_agent }}
86 runtimeClassName: {{ . }}
87{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]88 serviceAccountName: {{ $serviceAccountName }}
89{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
90{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
91{{ end }}
92 nodeSelector:
93 {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }}
94 dnsPolicy: ClusterFirstWithHostNet
95 hostNetwork: true
96 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
97 shareProcessNamespace: true
98 {{- else }}
99 hostPID: true
100 {{- end }}
101 initContainers:
102{{ tuple $envAll "pod_dependency" $mounts_neutron_dhcp_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
JustHumanz22d46722025-02-11 00:09:55 +0700[diff] [blame]103 {{- if ( has "ovn" .Values.network.backend ) }}
104 - name: ovn-neutron-init
105{{ tuple $envAll "neutron_dhcp" | include "helm-toolkit.snippets.image" | indent 10 }}
106 command:
107 - /tmp/neutron-ovn-init.sh
108 volumeMounts:
109 - name: pod-shared
110 mountPath: /tmp/pod-shared
111 - name: neutron-bin
112 mountPath: /tmp/neutron-ovn-init.sh
113 subPath: neutron-ovn-init.sh
114 readOnly: true
115 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]116 - name: neutron-dhcp-agent-init
117{{ tuple $envAll "neutron_dhcp" | include "helm-toolkit.snippets.image" | indent 10 }}
118{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
119{{ dict "envAll" $envAll "application" "neutron_dhcp_agent" "container" "neutron_dhcp_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
120 command:
121 - /tmp/neutron-dhcp-agent-init.sh
122 volumeMounts:
123 - name: pod-tmp
124 mountPath: /tmp
125 - name: pod-shared
126 mountPath: /tmp/pod-shared
127 - name: neutron-bin
128 mountPath: /tmp/neutron-dhcp-agent-init.sh
129 subPath: neutron-dhcp-agent-init.sh
130 readOnly: true
131 - name: neutron-etc
132 mountPath: /etc/neutron/neutron.conf
133 subPath: neutron.conf
134 readOnly: true
135 - name: neutron-etc
136 mountPath: /etc/neutron/dhcp_agent.ini
137 subPath: dhcp_agent.ini
138 readOnly: true
139 - name: neutron-etc
140 mountPath: /etc/neutron/metadata_agent.ini
141 subPath: metadata_agent.ini
142 readOnly: true
143 - name: neutron-etc
144 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
145 subPath: ml2_conf.ini
146 readOnly: true
147 - name: neutron-etc
148 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
149 subPath: openvswitch_agent.ini
150 readOnly: true
151 - name: neutron-etc
152 # NOTE (Portdirect): We mount here to override Kollas
153 # custom sudoers file when using Kolla images, this
154 # location will also work fine for other images.
155 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
156 subPath: neutron_sudoers
157 readOnly: true
158 - name: neutron-etc
159 mountPath: /tmp/auto_bridge_add
160 subPath: auto_bridge_add
161 readOnly: true
162 - name: neutron-etc
163 mountPath: /etc/neutron/rootwrap.conf
164 subPath: rootwrap.conf
165 readOnly: true
166 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
167 {{- if ( has "dhcp_agent" $value.pods ) }}
168 {{- $filePrefix := replace "_" "-" $key }}
169 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
170 - name: neutron-etc
171 mountPath: {{ $rootwrapFile }}
172 subPath: {{ base $rootwrapFile }}
173 readOnly: true
174 {{- end }}
175 {{- end }}
176 containers:
177 - name: neutron-dhcp-agent
178{{ tuple $envAll "neutron_dhcp" | include "helm-toolkit.snippets.image" | indent 10 }}
179{{ tuple $envAll $envAll.Values.pod.resources.agent.dhcp | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
180{{ dict "envAll" $envAll "application" "neutron_dhcp_agent" "container" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
181 env:
182 - name: RPC_PROBE_TIMEOUT
183 value: "{{ .Values.pod.probes.rpc_timeout }}"
184 - name: RPC_PROBE_RETRIES
185 value: "{{ .Values.pod.probes.rpc_retries }}"
186{{ dict "envAll" $envAll "component" "dhcp_agent" "container" "dhcp_agent" "type" "readiness" "probeTemplate" (include "dhcpAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
187{{ dict "envAll" $envAll "component" "dhcp_agent" "container" "dhcp_agent" "type" "liveness" "probeTemplate" (include "dhcpAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
188 command:
189 - /tmp/neutron-dhcp-agent.sh
190 volumeMounts:
191 - name: pod-tmp
192 mountPath: /tmp
193 - name: pod-shared
194 mountPath: /tmp/pod-shared
195 - name: pod-var-neutron
196 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
197 - name: neutron-bin
198 mountPath: /tmp/neutron-dhcp-agent.sh
199 subPath: neutron-dhcp-agent.sh
200 readOnly: true
201 - name: neutron-bin
202 mountPath: /tmp/health-probe.py
203 subPath: health-probe.py
204 readOnly: true
205 - name: neutron-etc
206 mountPath: /etc/neutron/neutron.conf
207 subPath: neutron.conf
208 readOnly: true
209 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
210 - name: neutron-etc
211 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
212 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
213 readOnly: true
214 {{- end }}
215 - name: neutron-etc
216 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
217 subPath: ml2_conf.ini
218 readOnly: true
219 {{- if ( has "openvswitch" .Values.network.backend ) }}
220 - name: neutron-etc
221 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
222 subPath: openvswitch_agent.ini
223 readOnly: true
224 {{- end }}
225 - name: neutron-etc
226 mountPath: /etc/neutron/dhcp_agent.ini
227 subPath: dhcp_agent.ini
228 readOnly: true
229 - name: neutron-etc
230 mountPath: /etc/neutron/dnsmasq.conf
231 subPath: dnsmasq.conf
232 readOnly: true
233 - name: neutron-etc
234 mountPath: /etc/neutron/metadata_agent.ini
235 subPath: metadata_agent.ini
236 readOnly: true
237 - name: neutron-etc
238 # NOTE (Portdirect): We mount here to override Kollas
239 # custom sudoers file when using Kolla images, this
240 # location will also work fine for other images.
241 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
242 subPath: neutron_sudoers
243 readOnly: true
244 - name: neutron-etc
245 mountPath: /etc/neutron/rootwrap.conf
246 subPath: rootwrap.conf
247 readOnly: true
248 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
249 {{- if ( has "dhcp_agent" $value.pods ) }}
250 {{- $filePrefix := replace "_" "-" $key }}
251 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
252 - name: neutron-etc
253 mountPath: {{ $rootwrapFile }}
254 subPath: {{ base $rootwrapFile }}
255 readOnly: true
256 {{- end }}
257 {{- end }}
258 - name: iptables-lockfile
259 mountPath: /run/xtables.lock
260 - name: socket
261 mountPath: /var/lib/neutron/openstack-helm
262 {{- if .Values.network.share_namespaces }}
263 - name: host-run-netns
264 mountPath: /run/netns
265 mountPropagation: Bidirectional
266 {{- end }}
JustHumanz22d46722025-02-11 00:09:55 +0700[diff] [blame]267 {{- if ( has "ovn" .Values.network.backend ) }}
268 - name: run-openvswitch
269 mountPath: /run/openvswitch
270 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]271{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
272{{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }}
273 volumes:
274 - name: pod-tmp
275 emptyDir: {}
276 - name: pod-var-neutron
277 emptyDir: {}
278 - name: neutron-bin
279 configMap:
280 name: neutron-bin
281 defaultMode: 0555
282 - name: neutron-etc
283 secret:
284 secretName: {{ $configMapName }}
285 defaultMode: 0444
286 - name: iptables-lockfile
287 hostPath:
288 path: /run/xtables.lock
289 type: FileOrCreate
290 - name: socket
291 hostPath:
292 path: /var/lib/neutron/openstack-helm
293 - name: pod-shared
294 emptyDir: {}
295 {{- if .Values.network.share_namespaces }}
296 - name: host-run-netns
297 hostPath:
298 path: /run/netns
299 {{- end }}
JustHumanz22d46722025-02-11 00:09:55 +0700[diff] [blame]300 {{- if ( has "ovn" .Values.network.backend ) }}
301 - name: run-openvswitch
302 hostPath:
303 path: /run/openvswitch
304 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]305{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
306{{ if $mounts_neutron_dhcp_agent.volumes }}{{ toYaml $mounts_neutron_dhcp_agent.volumes | indent 8 }}{{ end }}
307{{- end }}
308{{- end }}
309
310{{- if .Values.manifests.daemonset_dhcp_agent }}
311{{- $envAll := . }}
312{{- $daemonset := "dhcp-agent" }}
313{{- $configMapName := "neutron-etc" }}
314{{- $serviceAccountName := "neutron-dhcp-agent" }}
315{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "dhcp" -}}
316{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
317{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
318{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.dhcp_agent.daemonset" | toString | fromYaml }}
319{{- $configmap_yaml := "neutron.configmap.etc" }}
320{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
321{{- end }}