Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / nova / templates / daemonset-compute.yaml
blob: e62ea760a44b8f18e4f969ada253733601ced45a [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "novaComputeLivenessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/nova/nova.conf
22 - --service-queue-name
23 - compute
24 - --liveness-probe
25 {{- if .Values.pod.use_fqdn.compute }}
26 - --use-fqdn
27 {{- end }}
28{{- end }}
29
30{{- define "novaComputeReadinessProbeTemplate" }}
31exec:
32 command:
33 - python
34 - /tmp/health-probe.py
35 - --config-file
36 - /etc/nova/nova.conf
37 - --service-queue-name
38 - compute
39 {{- if .Values.pod.use_fqdn.compute }}
40 - --use-fqdn
41 {{- end }}
42{{- end }}
43
Oleksandr K177a7ae2023-12-28 14:22:03 +0100[diff] [blame]44{{- define "novaComputeStartupProbeTemplate" }}
45exec:
46 command:
47 - python
48 - /tmp/health-probe.py
49 - --config-file
50 - /etc/nova/nova.conf
51 - --service-queue-name
52 - compute
53 - --liveness-probe
54 {{- if .Values.pod.use_fqdn.compute }}
55 - --use-fqdn
56 {{- end }}
57{{- end }}
58
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]59{{- define "nova.compute.daemonset" }}
60{{- $daemonset := index . 0 }}
61{{- $configMapName := index . 1 }}
62{{- $serviceAccountName := index . 2 }}
63{{- $envAll := index . 3 }}
64{{- with $envAll }}
65
66{{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }}
67{{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }}
68
69---
70apiVersion: apps/v1
71kind: DaemonSet
72metadata:
73 name: nova-compute
74 annotations:
75 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
76 labels:
77{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
78spec:
79 selector:
80 matchLabels:
81{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
82{{ tuple $envAll $daemonset | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
83 template:
84 metadata:
85 labels:
86{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
87 annotations:
88{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
89 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]90{{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]91{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
92 spec:
Dong Mabb1ef1f2025-02-11 16:47:00 +0000[diff] [blame]93{{ with .Values.pod.priorityClassName.nova_compute }}
94 priorityClassName: {{ . }}
95{{ end }}
96{{ with .Values.pod.runtimeClassName.nova_compute }}
97 runtimeClassName: {{ . }}
98{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]99 serviceAccountName: {{ $serviceAccountName }}
100{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
101 nodeSelector:
102 {{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]103{{ if $envAll.Values.pod.tolerations.nova.enabled }}
104{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
105{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 hostNetwork: true
107 hostPID: true
108 hostIPC: true
109 dnsPolicy: ClusterFirstWithHostNet
110 initContainers:
111{{ tuple $envAll "pod_dependency" $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
112 - name: nova-compute-init
113{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
114{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
115 env:
116 - name: NOVA_USER_UID
117 value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
118 command:
119 - /tmp/nova-compute-init.sh
120 terminationMessagePath: /var/log/termination-log
121 volumeMounts:
122 - name: pod-tmp
123 mountPath: /tmp
124 - name: nova-bin
125 mountPath: /tmp/nova-compute-init.sh
126 subPath: nova-compute-init.sh
127 readOnly: true
128 - name: varlibnova
129 mountPath: /var/lib/nova
130 - name: pod-shared
131 mountPath: /tmp/pod-shared
132{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
133 {{- if .Values.conf.ceph.enabled }}
134 - name: ceph-perms
135{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
136{{ dict "envAll" $envAll "application" "nova" "container" "ceph_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
137 command:
138 - chown
139 - -R
140 - "nova:"
141 - /etc/ceph
142 terminationMessagePath: /var/log/termination-log
143 volumeMounts:
144 - name: pod-tmp
145 mountPath: /tmp
146 - name: etcceph
147 mountPath: /etc/ceph
148{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
149 {{- if empty .Values.conf.ceph.cinder.keyring }}
150 - name: ceph-admin-keyring-placement
151{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
152{{ dict "envAll" $envAll "application" "nova" "container" "ceph_admin_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
153 command:
154 - /tmp/ceph-admin-keyring.sh
155 terminationMessagePath: /var/log/termination-log
156 volumeMounts:
157 - name: pod-tmp
158 mountPath: /tmp
159 - name: etcceph
160 mountPath: /etc/ceph
161 - name: nova-bin
162 mountPath: /tmp/ceph-admin-keyring.sh
163 subPath: ceph-admin-keyring.sh
164 readOnly: true
165 {{- if empty .Values.conf.ceph.admin_keyring }}
166 - name: ceph-keyring
167 mountPath: /tmp/client-keyring
168 subPath: key
169 readOnly: true
170 {{ end }}
171{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
172 {{ end }}
173 - name: ceph-keyring-placement
174{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
175{{ dict "envAll" $envAll "application" "nova" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
176 env:
177 - name: CEPH_CINDER_USER
178 value: "{{ .Values.conf.ceph.cinder.user }}"
179 {{- if .Values.conf.ceph.cinder.keyring }}
180 - name: CEPH_CINDER_KEYRING
181 value: "{{ .Values.conf.ceph.cinder.keyring }}"
182 {{ end }}
183 - name: LIBVIRT_CEPH_SECRET_UUID
184 value: "{{ .Values.conf.ceph.secret_uuid }}"
185 command:
186 - /tmp/ceph-keyring.sh
187 terminationMessagePath: /var/log/termination-log
188 volumeMounts:
189 - name: pod-tmp
190 mountPath: /tmp
191 - name: etcceph
192 mountPath: /etc/ceph
193 - name: nova-bin
194 mountPath: /tmp/ceph-keyring.sh
195 subPath: ceph-keyring.sh
196 - name: ceph-etc
197 mountPath: /etc/ceph/ceph.conf.template
198 subPath: ceph.conf
199 readOnly: true
200{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
201 {{ end }}
202 {{- if eq .Values.console.console_kind "novnc"}}
203 - name: nova-compute-vnc-init
204{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
205{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
206{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_vnc_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
207 command:
208 - /tmp/nova-console-compute-init.sh
209 terminationMessagePath: /var/log/termination-log
210 volumeMounts:
211 - name: pod-tmp
212 mountPath: /tmp
213 - name: nova-bin
214 mountPath: /tmp/nova-console-compute-init.sh
215 subPath: nova-console-compute-init.sh
216 readOnly: true
217 - name: pod-shared
218 mountPath: /tmp/pod-shared
219{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
220 {{ end }}
221 {{- if eq .Values.console.console_kind "spice"}}
222 - name: nova-compute-spice-init
223{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
224{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
225{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_spice_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
226 command:
227 - /tmp/nova-console-compute-init.sh
228 terminationMessagePath: /var/log/termination-log
229 volumeMounts:
230 - name: pod-tmp
231 mountPath: /tmp
232 - name: nova-bin
233 mountPath: /tmp/nova-console-compute-init.sh
234 subPath: nova-console-compute-init.sh
235 readOnly: true
236 - name: pod-shared
237 mountPath: /tmp/pod-shared
238{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
239 {{ end }}
240 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
241 - name: tungstenfabric-compute-init
242 image: {{ .Values.images.tags.tf_compute_init }}
243 imagePullPolicy: {{ .Values.images.pull_policy }}
244{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
245{{ dict "envAll" $envAll "application" "nova" "container" "tungstenfabric_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
246 volumeMounts:
247 - name: tf-plugin-shared
248 mountPath: /opt/plugin
249 - name: tf-plugin-bin
250 mountPath: /opt/plugin/bin
251{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
252 {{- end }}
253 {{- if .Values.network.ssh.enabled }}
254 - name: nova-compute-ssh-init
255{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
256{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
257{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
258 terminationMessagePath: /var/log/termination-log
259 env:
260 - name: SSH_PORT
261 value: {{ .Values.network.ssh.port | quote }}
262 - name: NOVA_USER_UID
263 value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
264 command:
265 - /tmp/ssh-init.sh
266 volumeMounts:
267 - name: varlibnova
268 mountPath: /var/lib/nova
269 - name: nova-ssh
270 mountPath: /tmp/nova-ssh/authorized_keys
271 subPath: public-key
272 - name: nova-ssh
273 mountPath: /tmp/nova-ssh/id_rsa
274 subPath: private-key
275 - name: nova-bin
276 mountPath: /tmp/ssh-init.sh
277 subPath: ssh-init.sh
278 readOnly: true
279{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
280 {{- end }}
281 containers:
282 - name: nova-compute
283{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
284{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
285{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
286 env:
287 {{- if .Values.conf.ceph.enabled }}
288 - name: CEPH_CINDER_USER
289 value: "{{ .Values.conf.ceph.cinder.user }}"
290 {{- if .Values.conf.ceph.cinder.keyring }}
291 - name: CEPH_CINDER_KEYRING
292 value: "{{ .Values.conf.ceph.cinder.keyring }}"
293 {{ end }}
294 - name: LIBVIRT_CEPH_SECRET_UUID
295 value: "{{ .Values.conf.ceph.secret_uuid }}"
296 {{ end }}
297 - name: RPC_PROBE_TIMEOUT
298 value: "{{ .Values.pod.probes.rpc_timeout }}"
299 - name: RPC_PROBE_RETRIES
300 value: "{{ .Values.pod.probes.rpc_retries }}"
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]301{{- if or .Values.manifests.certificates .Values.tls.identity }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]302 - name: REQUESTS_CA_BUNDLE
303 value: "/etc/nova/certs/ca.crt"
304{{- end }}
305{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "liveness" "probeTemplate" (include "novaComputeLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
306{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "readiness" "probeTemplate" (include "novaComputeReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Oleksandr K177a7ae2023-12-28 14:22:03 +0100[diff] [blame]307{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "startup" "probeTemplate" (include "novaComputeStartupProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]308 command:
309 - /tmp/nova-compute.sh
310 terminationMessagePath: /var/log/termination-log
311 volumeMounts:
312 - name: dev-pts
313 mountPath: /dev/pts
314 - name: pod-tmp
315 mountPath: /tmp
316 - name: nova-bin
317 mountPath: /tmp/nova-compute.sh
318 subPath: nova-compute.sh
319 readOnly: true
320 - name: nova-bin
321 mountPath: /tmp/health-probe.py
322 subPath: health-probe.py
323 readOnly: true
324 - name: nova-etc
325 mountPath: /etc/nova/nova.conf
326 subPath: nova-compute.conf
327 readOnly: true
328 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
329 - name: nova-etc
330 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
331 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
332 readOnly: true
333 {{- end }}
334 - name: nova-etc
335 mountPath: /etc/nova/api-paste.ini
336 subPath: api-paste.ini
337 readOnly: true
338 - name: nova-etc
339 mountPath: /etc/nova/policy.yaml
340 subPath: policy.yaml
341 readOnly: true
342 - name: nova-etc
343 # NOTE (Portdirect): We mount here to override Kollas
344 # custom sudoers file when using Kolla images, this
345 # location will also work fine for other images.
346 mountPath: /etc/sudoers.d/kolla_nova_sudoers
347 subPath: nova_sudoers
348 readOnly: true
349 - name: nova-etc
350 mountPath: /etc/nova/rootwrap.conf
351 subPath: rootwrap.conf
352 readOnly: true
353 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
354 {{- if ( has "compute" $value.pods ) }}
355 {{- $filePrefix := replace "_" "-" $key }}
356 {{- $rootwrapFile := printf "/etc/nova/rootwrap.d/%s.filters" $filePrefix }}
357 - name: nova-etc
358 mountPath: {{ $rootwrapFile }}
359 subPath: {{ base $rootwrapFile }}
360 readOnly: true
361 {{- end }}
362 {{- end }}
363 {{- if .Values.conf.ceph.enabled }}
364 - name: etcceph
365 mountPath: /etc/ceph
366 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
367 mountPropagation: Bidirectional
368 {{- end }}
369 {{- if and ( empty .Values.conf.ceph.cinder.keyring ) ( empty .Values.conf.ceph.admin_keyring )}}
370 - name: ceph-keyring
371 mountPath: /tmp/client-keyring
372 subPath: key
373 readOnly: true
374 {{ end }}
375 {{ end }}
376 - mountPath: /lib/modules
377 name: libmodules
378 readOnly: true
379 - name: varlibnova
380 mountPath: /var/lib/nova
381 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
382 mountPropagation: Bidirectional
383 {{- end }}
384 - name: varliblibvirt
385 mountPath: /var/lib/libvirt
386 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
387 mountPropagation: Bidirectional
388 {{- end }}
389 - name: run
390 mountPath: /run
391 - name: cgroup
392 mountPath: /sys/fs/cgroup
393 readOnly: true
394 - name: pod-shared
395 mountPath: /tmp/pod-shared
396 - name: machine-id
397 mountPath: /etc/machine-id
398 readOnly: true
399 {{- if .Values.conf.enable_iscsi }}
400 - name: host-rootfs
401 mountPath: /mnt/host-rootfs
402 mountPropagation: HostToContainer
403 - name: usrlocalsbin
404 mountPath: /usr/local/sbin
405 - name: etciscsi
406 mountPath: /etc/iscsi
407 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
408 mountPropagation: HostToContainer
409 {{- end }}
410 - name: dev
411 mountPath: /dev
412 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
413 mountPropagation: HostToContainer
414 {{- end }}
415 - name: nova-bin
416 mountPath: /usr/local/sbin/iscsiadm
417 subPath: iscsiadm
418 - name: runlock
419 mountPath: /run/lock
420 - name: nova-bin
421 mountPath: /usr/local/sbin/multipath
422 subPath: multipath
423 - name: nova-bin
424 mountPath: /usr/local/sbin/multipathd
425 subPath: multipathd
426 - name: etcmultipath
427 mountPath: /etc/multipath
428 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
429 mountPropagation: Bidirectional
430 {{- end }}
431 - name: sysblock
432 mountPath: /sys/block
433 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
434 mountPropagation: HostToContainer
435 {{- end }}
436 {{- end }}
437 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
438 - name: tf-plugin-shared
439 mountPath: /opt/plugin
440 readOnly: true
441 - name: tf-plugin-bin
442 mountPath: /usr/sbin
443 readOnly: true
444 - name: nova-bin
445 mountPath: /usr/local/lib/python2.7/site-packages/tf-plugin.pth
446 subPath: tf-plugin.pth
447 readOnly: true
448 - name: nova-bin
449 mountPath: /var/lib/openstack/lib/python2.7/site-packages/tf-plugin.pth
450 subPath: tf-plugin.pth
451 readOnly: true
452 - name: nova-bin
453 mountPath: /var/lib/openstack/lib/python3.6/site-packages/tf-plugin.pth
454 subPath: tf-plugin.pth
455 readOnly: true
456 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]457{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]458{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
459{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
460 {{- if .Values.network.ssh.enabled }}
461 - name: nova-compute-ssh
462{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
463{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
464{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
465 env:
466 - name: KEY_TYPES
467 value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.network.ssh.key_types | quote }}
468 - name: SSH_PORT
469 value: {{ .Values.network.ssh.port | quote }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]470{{- if or .Values.manifests.certificates .Values.tls.identity }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]471 - name: REQUESTS_CA_BUNDLE
472 value: "/etc/nova/certs/ca.crt"
473{{- end }}
474 ports:
475 - containerPort: {{ .Values.network.ssh.port }}
476 command:
477 - /tmp/ssh-start.sh
478 terminationMessagePath: /var/log/termination-log
479 volumeMounts:
480 - name: varlibnova
481 mountPath: /var/lib/nova
482 - name: nova-bin
483 mountPath: /tmp/ssh-start.sh
484 subPath: ssh-start.sh
485 readOnly: true
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]486{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]487{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
488 {{ end }}
489 volumes:
490 - name: pod-tmp
491 emptyDir: {}
492 - name: nova-bin
493 configMap:
494 name: nova-bin
495 defaultMode: 0555
496 - name: nova-etc
497 secret:
498 secretName: {{ $configMapName }}
499 defaultMode: 0444
500 {{- if .Values.network.ssh.enabled }}
501 - name: nova-ssh
502 secret:
503 secretName: nova-ssh
504 defaultMode: 0644
505 {{ end }}
506 {{- if .Values.conf.ceph.enabled }}
507 - name: etcceph
508 hostPath:
509 path: /var/lib/openstack-helm/compute/nova
510 - name: ceph-etc
511 configMap:
512 name: {{ .Values.ceph_client.configmap }}
513 defaultMode: 0444
514 {{- if and ( empty .Values.conf.ceph.cinder.keyring ) ( empty .Values.conf.ceph.admin_keyring ) }}
515 - name: ceph-keyring
516 secret:
517 secretName: {{ .Values.ceph_client.user_secret_name }}
518 {{ end }}
519 {{ end }}
520 - name: dev-pts
521 hostPath:
522 path: /dev/pts
523 - name: libmodules
524 hostPath:
525 path: /lib/modules
526 - name: varlibnova
527 hostPath:
528 path: /var/lib/nova
529 - name: varliblibvirt
530 hostPath:
531 path: /var/lib/libvirt
532 - name: run
533 hostPath:
534 path: /run
535 - name: cgroup
536 hostPath:
537 path: /sys/fs/cgroup
538 - name: pod-shared
539 emptyDir: {}
540 - name: machine-id
541 hostPath:
542 path: /etc/machine-id
543 {{- if .Values.conf.enable_iscsi }}
544 - name: host-rootfs
545 hostPath:
546 path: /
547 - name: runlock
548 hostPath:
549 path: /run/lock
550 - name: etciscsi
551 hostPath:
552 path: /etc/iscsi
553 - name: dev
554 hostPath:
555 path: /dev
556 - name: usrlocalsbin
557 emptyDir: {}
558 - name: etcmultipath
559 hostPath:
560 path: /etc/multipath
561 - name: sysblock
562 hostPath:
563 path: /sys/block
564
565 {{- end }}
566 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
567 - name: tf-plugin-shared
568 emptyDir: {}
569 - name: tf-plugin-bin
570 emptyDir: {}
571 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]572{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]573{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
574{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
575{{- end }}
576{{- end }}
577
578{{- if .Values.manifests.daemonset_compute }}
579{{- $envAll := . }}
580{{- $daemonset := "compute" }}
581{{- $configMapName := "nova-etc" }}
582{{- $serviceAccountName := "nova-compute" }}
583
584{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "compute" -}}
585{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
586
587{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
588{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "nova.compute.daemonset" | toString | fromYaml }}
589{{- $configmap_yaml := "nova.configmap.etc" }}
590{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
591{{- end }}