Blame - charts/neutron/templates/daemonset-metadata-agent.yaml - atmosphere

{{ dict "envAll" $envAll "podName" "neutron-metadata-agent-default" "containerNames" (list "neutron-metadata-agent" "neutron-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}

77

spec:

78

{{ dict "envAll" $envAll "application" "neutron_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}

Dong Ma

e5bd5a3

2025-02-11 11:03:48 +0000

[diff] [blame]

79

80

priorityClassName: {{ . }}

81

82

83

runtimeClassName: {{ . }}

84

Mohammed Naser

f3f59a7

2023-01-15 21:02:04 -0500

[diff] [blame]

85

serviceAccountName: {{ $serviceAccountName }}

86

87

{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}

88

89

nodeSelector:

90

{{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }}

91

dnsPolicy: ClusterFirstWithHostNet

92

hostNetwork: true

93

{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}

94

shareProcessNamespace: true

hostPID: true

initContainers:

{{ tuple $envAll "pod_dependency" $mounts_neutron_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}

100

- name: neutron-metadata-agent-init

101

{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}

102

{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}

103

{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}

104

env:

105

- name: NEUTRON_USER_UID

106

value: "{{ .Values.pod.security_context.neutron_metadata_agent.pod.runAsUser }}"

107

command:

108

- /tmp/neutron-metadata-agent-init.sh

volumeMounts:

- name: pod-tmp

mountPath: /tmp

- name: neutron-bin

mountPath: /tmp/neutron-metadata-agent-init.sh

114

subPath: neutron-metadata-agent-init.sh

115

readOnly: true

116

- name: neutron-etc

117

mountPath: /etc/neutron/neutron.conf

118

subPath: neutron.conf

119

readOnly: true

120

- name: socket

121

mountPath: /var/lib/neutron/openstack-helm

122

containers:

123

- name: neutron-metadata-agent

124

{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}

125

{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}

126

env:

127

- name: RPC_PROBE_TIMEOUT

128

value: "{{ .Values.pod.probes.rpc_timeout }}"

129

- name: RPC_PROBE_RETRIES

130

value: "{{ .Values.pod.probes.rpc_retries }}"

131

{{ dict "envAll" $envAll "component" "metadata_agent" "container" "metadata_agent" "type" "readiness" "probeTemplate" (include "metadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}

132

{{ dict "envAll" $envAll "component" "metadata_agent" "container" "metadata_agent" "type" "liveness" "probeTemplate" (include "metadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}

securityContext:

privileged: true

command:

- /tmp/neutron-metadata-agent.sh

volumeMounts:

- name: pod-tmp

mountPath: /tmp

- name: pod-var-neutron

141

mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}

142

- name: neutron-bin

143

mountPath: /tmp/neutron-metadata-agent.sh

144

subPath: neutron-metadata-agent.sh

145

readOnly: true

146

- name: neutron-bin

147

mountPath: /tmp/health-probe.py

148

subPath: health-probe.py

149

readOnly: true

150

- name: neutron-etc

151

mountPath: /etc/neutron/neutron.conf

152

subPath: neutron.conf

readOnly: true

- name: neutron-etc

mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}

157

subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}

readOnly: true

- name: neutron-etc

mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini

162

subPath: ml2_conf.ini

readOnly: true

- name: neutron-etc

mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini

167

subPath: openvswitch_agent.ini

readOnly: true

- name: neutron-etc

mountPath: /etc/neutron/metadata_agent.ini

172

subPath: metadata_agent.ini

173

readOnly: true

174

- name: neutron-etc

175

# NOTE (Portdirect): We mount here to override Kollas

176

# custom sudoers file when using Kolla images, this

177

# location will also work fine for other images.

178

mountPath: /etc/sudoers.d/kolla_neutron_sudoers

179

subPath: neutron_sudoers

180

readOnly: true

181

- name: neutron-etc

182

mountPath: /etc/neutron/rootwrap.conf

183

subPath: rootwrap.conf

184

readOnly: true

185

{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}

186

187

188

{{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}

189

- name: neutron-etc

190

mountPath: {{ $rootwrapFile }}

191

subPath: {{ base $rootwrapFile }}

readOnly: true

- name: socket

mountPath: /var/lib/neutron/openstack-helm

197

198

- name: host-run-netns

199

mountPath: /run/netns

200

mountPropagation: Bidirectional

201

202

{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}

203

{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}

204

{{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }}

volumes:

- name: pod-tmp

emptyDir: {}

- name: pod-var-neutron

emptyDir: {}

- name: neutron-bin

configMap:

name: neutron-bin

defaultMode: 0555

- name: neutron-etc

secret:

secretName: {{ $configMapName }}

defaultMode: 0444

- name: socket

hostPath:

path: /var/lib/neutron/openstack-helm

221

222

- name: host-run-netns

hostPath:

path: /run/netns

{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}

227

{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}

{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "metadata" -}}

238

{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}

239

{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}

240

{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.metadata_agent.daemonset" | toString | fromYaml }}

241

242

{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}

243