Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / neutron / templates / daemonset-sriov-agent.yaml
blob: efd48e011d83ac7a9b8d7b0af0f3dc596fbd6256 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "sriovAgentReadinessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/neutron/neutron.conf
22 - --config-file
23 - /etc/neutron/sriov_agent.ini
24{{- if .Values.pod.use_fqdn.neutron_agent }}
25 - --use-fqdn
26{{- end }}
27{{- end }}
28
29{{- define "neutron.sriov_agent.daemonset" }}
30{{- $daemonset := index . 0 }}
31{{- $configMapName := index . 1 }}
32{{- $serviceAccountName := index . 2 }}
33{{- $envAll := index . 3 }}
34{{- with $envAll }}
35
36{{- $mounts_neutron_sriov_agent := .Values.pod.mounts.neutron_sriov_agent.neutron_sriov_agent }}
37{{- $mounts_neutron_sriov_agent_init := .Values.pod.mounts.neutron_sriov_agent.init_container }}
38
39---
40apiVersion: apps/v1
41kind: DaemonSet
42metadata:
43 name: neutron-sriov-agent
44 annotations:
45 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
46 labels:
47{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
48spec:
49 selector:
50 matchLabels:
51{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
52{{ tuple $envAll "sriov_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
53 template:
54 metadata:
55 labels:
56{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
57 annotations:
58{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
59 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
60 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]61{{ tuple "neutron_sriov_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]62{{ dict "envAll" $envAll "podName" "neutron-sriov-agent-default" "containerNames" (list "neutron-sriov-agent-init" "init" "neutron-sriov-agent") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
63 spec:
64{{ dict "envAll" $envAll "application" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
Dong Mae5bd5a32025-02-11 11:03:48 +0000[diff] [blame]65{{ with .Values.pod.priorityClassName.neutron_sriov_agent }}
66 priorityClassName: {{ . }}
67{{ end }}
68{{ with .Values.pod.runtimeClassName.neutron_sriov_agent }}
69 runtimeClassName: {{ . }}
70{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]71 serviceAccountName: {{ $serviceAccountName }}
72 nodeSelector:
73 {{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }}
74{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
75{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
76{{ end }}
77 dnsPolicy: ClusterFirstWithHostNet
78 hostNetwork: true
79 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
80 shareProcessNamespace: true
81 {{- else }}
82 hostPID: true
83 {{- end }}
84 initContainers:
85{{ tuple $envAll "pod_dependency" $mounts_neutron_sriov_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
86 - name: neutron-sriov-agent-init
87{{ tuple $envAll "neutron_sriov_agent_init" | include "helm-toolkit.snippets.image" | indent 10 }}
88{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
89{{ dict "envAll" $envAll "application" "neutron_sriov_agent" "container" "neutron_sriov_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
90 command:
91 - /tmp/neutron-sriov-agent-init.sh
92 volumeMounts:
93 - name: pod-tmp
94 mountPath: /tmp
95 - name: neutron-bin
96 mountPath: /tmp/neutron-sriov-agent-init.sh
97 subPath: neutron-sriov-agent-init.sh
98 readOnly: true
99 - name: pod-shared
100 mountPath: /tmp/pod-shared
101 - name: neutron-etc
102 mountPath: /etc/neutron/neutron.conf
103 subPath: neutron.conf
104 readOnly: true
105 - name: neutron-etc
106 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
107 subPath: ml2_conf.ini
108 readOnly: true
109 - name: neutron-etc
110 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
111 subPath: sriov_agent.ini
112 readOnly: true
113 {{- if .Values.conf.plugins.taas.taas.enabled }}
114 - name: neutron-etc
115 mountPath: /etc/neutron/plugins/ml2/taas.ini
116 subPath: taas.ini
117 readOnly: true
118 {{- end }}
119 - name: neutron-etc
120 # NOTE (Portdirect): We mount here to override Kollas
121 # custom sudoers file when using Kolla images, this
122 # location will also work fine for other images.
123 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
124 subPath: neutron_sudoers
125 readOnly: true
126 - name: neutron-etc
127 mountPath: /etc/neutron/rootwrap.conf
128 subPath: rootwrap.conf
129 readOnly: true
130 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
131 {{- if ( has "sriov_agent" $value.pods ) }}
132 {{- $filePrefix := replace "_" "-" $key }}
133 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
134 - name: neutron-etc
135 mountPath: {{ $rootwrapFile }}
136 subPath: {{ base $rootwrapFile }}
137 readOnly: true
138 {{- end }}
139 {{- end }}
140 - name: run
141 mountPath: /run
142{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
143 containers:
144 - name: neutron-sriov-agent
145{{ tuple $envAll "neutron_sriov_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
146{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
147{{ dict "envAll" $envAll "application" "neutron_sriov_agent" "container" "neutron_sriov_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
148 env:
149 - name: RPC_PROBE_TIMEOUT
150 value: "{{ .Values.pod.probes.rpc_timeout }}"
151 - name: RPC_PROBE_RETRIES
152 value: "{{ .Values.pod.probes.rpc_retries }}"
153{{ dict "envAll" $envAll "component" "sriov_agent" "container" "sriov_agent" "type" "readiness" "probeTemplate" (include "sriovAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
154 command:
155 - /tmp/neutron-sriov-agent.sh
156 volumeMounts:
157 - mountPath: /sys/class/net
158 name: host-sys-class-net
159 - mountPath: /sys/devices
160 name: host-sys-devices
161 - name: pod-tmp
162 mountPath: /tmp
163 - name: pod-var-neutron
164 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
165 - name: neutron-bin
166 mountPath: /tmp/neutron-sriov-agent.sh
167 subPath: neutron-sriov-agent.sh
168 readOnly: true
169 - name: neutron-bin
170 mountPath: /tmp/health-probe.py
171 subPath: health-probe.py
172 readOnly: true
173 - name: pod-shared
174 mountPath: /tmp/pod-shared
175 - name: neutron-etc
176 mountPath: /etc/neutron/neutron.conf
177 subPath: neutron.conf
178 readOnly: true
179 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
180 - name: neutron-etc
181 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
182 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
183 readOnly: true
184 {{- end }}
185 - name: neutron-etc
186 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
187 subPath: ml2_conf.ini
188 readOnly: true
189 - name: neutron-etc
190 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
191 subPath: sriov_agent.ini
192 readOnly: true
193 {{- if .Values.conf.plugins.taas.taas.enabled }}
194 - name: neutron-etc
195 mountPath: /etc/neutron/plugins/ml2/taas.ini
196 subPath: taas.ini
197 readOnly: true
198 {{- end }}
199 - name: neutron-etc
200 # NOTE (Portdirect): We mount here to override Kollas
201 # custom sudoers file when using Kolla images, this
202 # location will also work fine for other images.
203 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
204 subPath: neutron_sudoers
205 readOnly: true
206 - name: neutron-etc
207 mountPath: /etc/neutron/rootwrap.conf
208 subPath: rootwrap.conf
209 readOnly: true
210 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
211 {{- if ( has "sriov_agent" $value.pods ) }}
212 {{- $filePrefix := replace "_" "-" $key }}
213 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
214 - name: neutron-etc
215 mountPath: {{ $rootwrapFile }}
216 subPath: {{ base $rootwrapFile }}
217 readOnly: true
218 {{- end }}
219 {{- end }}
220 - name: run
221 mountPath: /run
222{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
223{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }}
224 volumes:
225 - name: host-sys-class-net
226 hostPath:
227 path: /sys/class/net
228 - name: host-sys-devices
229 hostPath:
230 path: /sys/devices
231 - name: pod-tmp
232 emptyDir: {}
233 - name: pod-var-neutron
234 emptyDir: {}
235 - name: pod-shared
236 emptyDir: {}
237 - name: neutron-bin
238 configMap:
239 name: neutron-bin
240 defaultMode: 0555
241 - name: neutron-etc
242 secret:
243 secretName: {{ $configMapName }}
244 defaultMode: 0444
245 - name: run
246 hostPath:
247 path: /run
248{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
249{{ if $mounts_neutron_sriov_agent.volumes }}{{ toYaml $mounts_neutron_sriov_agent.volumes | indent 8 }}{{ end }}
250{{- end }}
251{{- end }}
252
253{{- if and .Values.manifests.daemonset_sriov_agent ( has "sriov" .Values.network.backend ) }}
254{{- $envAll := . }}
255{{- $daemonset := "sriov-agent" }}
256{{- $configMapName := "neutron-etc" }}
257{{- $serviceAccountName := "neutron-sriov-agent" }}
258{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "sriov_agent" -}}
259{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
260{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
261{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.sriov_agent.daemonset" | toString | fromYaml }}
262{{- $configmap_yaml := "neutron.configmap.etc" }}
263{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
264{{- end }}