Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / neutron / templates / daemonset-l3-agent.yaml
blob: 21b45d71facc3b5dfb58ebe916fb9f218d783146 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "l3AgentReadinessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/neutron/neutron.conf
22 - --config-file
23 - /etc/neutron/l3_agent.ini
24 - --agent-queue-name
25 - l3_agent
26{{- if .Values.pod.use_fqdn.neutron_agent }}
27 - --use-fqdn
28{{- end }}
29{{- end }}
30{{- define "l3AgentLivenessProbeTemplate" }}
31exec:
32 command:
33 - python
34 - /tmp/health-probe.py
35 - --config-file
36 - /etc/neutron/neutron.conf
37 - --config-file
38 - /etc/neutron/l3_agent.ini
39 - --agent-queue-name
40 - l3_agent
41 - --liveness-probe
42{{- if .Values.pod.use_fqdn.neutron_agent }}
43 - --use-fqdn
44{{- end }}
45{{- end }}
46
47{{- define "neutron.l3_agent.daemonset" }}
48{{- $daemonset := index . 0 }}
49{{- $configMapName := index . 1 }}
50{{- $serviceAccountName := index . 2 }}
51{{- $envAll := index . 3 }}
52{{- with $envAll }}
53
54{{- $mounts_neutron_l3_agent := .Values.pod.mounts.neutron_l3_agent.neutron_l3_agent }}
55{{- $mounts_neutron_l3_agent_init := .Values.pod.mounts.neutron_l3_agent.init_container }}
56
57---
58apiVersion: apps/v1
59kind: DaemonSet
60metadata:
61 name: neutron-l3-agent
62 annotations:
63 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
64 labels:
65{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
66spec:
67 selector:
68 matchLabels:
69{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
70{{ tuple $envAll "l3_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
71 template:
72 metadata:
73 labels:
74{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
75 annotations:
76{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
77 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
78 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]79{{ tuple "neutron_l3_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]80{{ dict "envAll" $envAll "podName" "neutron-l3-agent-default" "containerNames" (list "neutron-l3-agent" "init" "neutron-l3-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
81 spec:
82{{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
Dong Mae5bd5a32025-02-11 11:03:48 +0000[diff] [blame]83{{ with .Values.pod.priorityClassName.neutron_l3_agent }}
84 priorityClassName: {{ . }}
85{{ end }}
86{{ with .Values.pod.runtimeClassName.neutron_l3_agent }}
87 runtimeClassName: {{ . }}
88{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]89 serviceAccountName: {{ $serviceAccountName }}
90{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
91{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
92{{ end }}
93 nodeSelector:
94 {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
95 dnsPolicy: ClusterFirstWithHostNet
96 hostNetwork: true
97 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
98 shareProcessNamespace: true
99 {{- else }}
100 hostPID: true
101 {{- end }}
102 initContainers:
103{{ tuple $envAll "pod_dependency" $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
104 - name: neutron-l3-agent-init
105{{ tuple $envAll "neutron_l3" | include "helm-toolkit.snippets.image" | indent 10 }}
106{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
107{{ dict "envAll" $envAll "application" "neutron_l3_agent" "container" "neutron_l3_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
108 command:
109 - /tmp/neutron-l3-agent-init.sh
110 volumeMounts:
111 - name: pod-tmp
112 mountPath: /tmp
113 - name: neutron-bin
114 mountPath: /tmp/neutron-l3-agent-init.sh
115 subPath: neutron-l3-agent-init.sh
116 readOnly: true
117 - name: pod-shared
118 mountPath: /tmp/pod-shared
119 - name: neutron-etc
120 mountPath: /etc/neutron/l3_agent.ini
121 subPath: l3_agent.ini
122 readOnly: true
123 - name: neutron-etc
124 mountPath: /etc/neutron/neutron.conf
125 subPath: neutron.conf
126 readOnly: true
127 - name: neutron-etc
128 mountPath: /etc/neutron/metadata_agent.ini
129 subPath: metadata_agent.ini
130 readOnly: true
131 - name: neutron-etc
132 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
133 subPath: ml2_conf.ini
134 readOnly: true
135 - name: neutron-etc
136 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
137 subPath: openvswitch_agent.ini
138 readOnly: true
139 - name: neutron-etc
140 # NOTE (Portdirect): We mount here to override Kollas
141 # custom sudoers file when using Kolla images, this
142 # location will also work fine for other images.
143 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
144 subPath: neutron_sudoers
145 readOnly: true
146 - name: neutron-etc
147 mountPath: /tmp/auto_bridge_add
148 subPath: auto_bridge_add
149 readOnly: true
150 - name: neutron-etc
151 mountPath: /etc/neutron/rootwrap.conf
152 subPath: rootwrap.conf
153 readOnly: true
154 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
155 {{- if ( has "l3_agent" $value.pods ) }}
156 {{- $filePrefix := replace "_" "-" $key }}
157 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
158 - name: neutron-etc
159 mountPath: {{ $rootwrapFile }}
160 subPath: {{ base $rootwrapFile }}
161 readOnly: true
162 {{- end }}
163 {{- end }}
164 containers:
165 - name: neutron-l3-agent
166{{ tuple $envAll "neutron_l3" | include "helm-toolkit.snippets.image" | indent 10 }}
167{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
168{{ dict "envAll" $envAll "application" "neutron_l3_agent" "container" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
169 env:
170 - name: RPC_PROBE_TIMEOUT
171 value: "{{ .Values.pod.probes.rpc_timeout }}"
172 - name: RPC_PROBE_RETRIES
173 value: "{{ .Values.pod.probes.rpc_retries }}"
174{{ dict "envAll" $envAll "component" "l3_agent" "container" "l3_agent" "type" "readiness" "probeTemplate" (include "l3AgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
175{{ dict "envAll" $envAll "component" "l3_agent" "container" "l3_agent" "type" "liveness" "probeTemplate" (include "l3AgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
176 command:
177 - /tmp/neutron-l3-agent.sh
178 volumeMounts:
179 - name: pod-tmp
180 mountPath: /tmp
181 - name: pod-shared
182 mountPath: /tmp/pod-shared
183 - name: pod-var-neutron
184 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
185 - name: neutron-bin
186 mountPath: /tmp/neutron-l3-agent.sh
187 subPath: neutron-l3-agent.sh
188 readOnly: true
189 - name: neutron-bin
190 mountPath: /tmp/health-probe.py
191 subPath: health-probe.py
192 readOnly: true
193 - name: neutron-etc
194 mountPath: /etc/neutron/neutron.conf
195 subPath: neutron.conf
196 readOnly: true
197 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
198 - name: neutron-etc
199 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
200 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
201 readOnly: true
202 {{- end }}
203 - name: neutron-etc
204 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
205 subPath: ml2_conf.ini
206 readOnly: true
207 {{- if ( has "openvswitch" .Values.network.backend ) }}
208 - name: neutron-etc
209 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
210 subPath: openvswitch_agent.ini
211 readOnly: true
212 {{- end }}
213 - name: neutron-etc
214 mountPath: /etc/neutron/l3_agent.ini
215 subPath: l3_agent.ini
216 readOnly: true
217 - name: neutron-etc
218 mountPath: /etc/neutron/metadata_agent.ini
219 subPath: metadata_agent.ini
220 readOnly: true
221 - name: neutron-etc
222 # NOTE (Portdirect): We mount here to override Kollas
223 # custom sudoers file when using Kolla images, this
224 # location will also work fine for other images.
225 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
226 subPath: neutron_sudoers
227 readOnly: true
228 - name: neutron-etc
229 mountPath: /etc/neutron/rootwrap.conf
230 subPath: rootwrap.conf
231 readOnly: true
232 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
233 {{- if ( has "l3_agent" $value.pods ) }}
234 {{- $filePrefix := replace "_" "-" $key }}
235 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
236 - name: neutron-etc
237 mountPath: {{ $rootwrapFile }}
238 subPath: {{ base $rootwrapFile }}
239 readOnly: true
240 {{- end }}
241 {{- end }}
242 - name: libmodules
243 mountPath: /lib/modules
244 readOnly: true
245 - name: iptables-lockfile
246 mountPath: /run/xtables.lock
247 - name: socket
248 mountPath: /var/lib/neutron/openstack-helm
249 {{- if .Values.network.share_namespaces }}
250 - name: host-run-netns
251 mountPath: /run/netns
252 mountPropagation: Bidirectional
253 {{- end }}
254{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
255{{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
256 volumes:
257 - name: pod-tmp
258 emptyDir: {}
259 - name: pod-var-neutron
260 emptyDir: {}
261 - name: neutron-bin
262 configMap:
263 name: neutron-bin
264 defaultMode: 0555
265 - name: neutron-etc
266 secret:
267 secretName: {{ $configMapName }}
268 defaultMode: 0444
269 - name: libmodules
270 hostPath:
271 path: /lib/modules
272 - name: iptables-lockfile
273 hostPath:
274 path: /run/xtables.lock
275 type: FileOrCreate
276 - name: pod-shared
277 emptyDir: {}
278 - name: socket
279 hostPath:
280 path: /var/lib/neutron/openstack-helm
281 {{- if .Values.network.share_namespaces }}
282 - name: host-run-netns
283 hostPath:
284 path: /run/netns
285 {{- end }}
286{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
287{{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }}
288{{- end }}
289{{- end }}
290
291{{- if .Values.manifests.daemonset_l3_agent }}
292{{- $envAll := . }}
293{{- $daemonset := "l3-agent" }}
294{{- $configMapName := "neutron-etc" }}
295{{- $serviceAccountName := "neutron-l3-agent" }}
296{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "l3" -}}
297{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
298{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
299{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.l3_agent.daemonset" | toString | fromYaml }}
300{{- $configmap_yaml := "neutron.configmap.etc" }}
301{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
302{{- end }}