Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / neutron / templates / daemonset-l3-agent.yaml
blob: b4bbd0969ed7158e4b3bda7856f667d801608576 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "l3AgentReadinessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/neutron/neutron.conf
22 - --config-file
23 - /etc/neutron/l3_agent.ini
24 - --agent-queue-name
25 - l3_agent
26{{- if .Values.pod.use_fqdn.neutron_agent }}
27 - --use-fqdn
28{{- end }}
29{{- end }}
30{{- define "l3AgentLivenessProbeTemplate" }}
31exec:
32 command:
33 - python
34 - /tmp/health-probe.py
35 - --config-file
36 - /etc/neutron/neutron.conf
37 - --config-file
38 - /etc/neutron/l3_agent.ini
39 - --agent-queue-name
40 - l3_agent
41 - --liveness-probe
42{{- if .Values.pod.use_fqdn.neutron_agent }}
43 - --use-fqdn
44{{- end }}
45{{- end }}
46
47{{- define "neutron.l3_agent.daemonset" }}
48{{- $daemonset := index . 0 }}
49{{- $configMapName := index . 1 }}
50{{- $serviceAccountName := index . 2 }}
51{{- $envAll := index . 3 }}
52{{- with $envAll }}
53
54{{- $mounts_neutron_l3_agent := .Values.pod.mounts.neutron_l3_agent.neutron_l3_agent }}
55{{- $mounts_neutron_l3_agent_init := .Values.pod.mounts.neutron_l3_agent.init_container }}
56
57---
58apiVersion: apps/v1
59kind: DaemonSet
60metadata:
61 name: neutron-l3-agent
62 annotations:
63 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
64 labels:
65{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
66spec:
67 selector:
68 matchLabels:
69{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
70{{ tuple $envAll "l3_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
71 template:
72 metadata:
73 labels:
74{{ tuple $envAll "neutron" "l3-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
75 annotations:
76{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
77 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
78 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Oleksandr K.10a2db72025-01-07 23:11:24 -0800[diff] [blame]79{{ tuple "neutron_l3_agent" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]80{{ dict "envAll" $envAll "podName" "neutron-l3-agent-default" "containerNames" (list "neutron-l3-agent" "init" "neutron-l3-agent-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
81 spec:
82{{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
83 serviceAccountName: {{ $serviceAccountName }}
84{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
85{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
86{{ end }}
87 nodeSelector:
88 {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }}
89 dnsPolicy: ClusterFirstWithHostNet
90 hostNetwork: true
91 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
92 shareProcessNamespace: true
93 {{- else }}
94 hostPID: true
95 {{- end }}
96 initContainers:
97{{ tuple $envAll "pod_dependency" $mounts_neutron_l3_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
98 - name: neutron-l3-agent-init
99{{ tuple $envAll "neutron_l3" | include "helm-toolkit.snippets.image" | indent 10 }}
100{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
101{{ dict "envAll" $envAll "application" "neutron_l3_agent" "container" "neutron_l3_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
102 command:
103 - /tmp/neutron-l3-agent-init.sh
104 volumeMounts:
105 - name: pod-tmp
106 mountPath: /tmp
107 - name: neutron-bin
108 mountPath: /tmp/neutron-l3-agent-init.sh
109 subPath: neutron-l3-agent-init.sh
110 readOnly: true
111 - name: pod-shared
112 mountPath: /tmp/pod-shared
113 - name: neutron-etc
114 mountPath: /etc/neutron/l3_agent.ini
115 subPath: l3_agent.ini
116 readOnly: true
117 - name: neutron-etc
118 mountPath: /etc/neutron/neutron.conf
119 subPath: neutron.conf
120 readOnly: true
121 - name: neutron-etc
122 mountPath: /etc/neutron/metadata_agent.ini
123 subPath: metadata_agent.ini
124 readOnly: true
125 - name: neutron-etc
126 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
127 subPath: ml2_conf.ini
128 readOnly: true
129 - name: neutron-etc
130 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
131 subPath: openvswitch_agent.ini
132 readOnly: true
133 - name: neutron-etc
134 # NOTE (Portdirect): We mount here to override Kollas
135 # custom sudoers file when using Kolla images, this
136 # location will also work fine for other images.
137 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
138 subPath: neutron_sudoers
139 readOnly: true
140 - name: neutron-etc
141 mountPath: /tmp/auto_bridge_add
142 subPath: auto_bridge_add
143 readOnly: true
144 - name: neutron-etc
145 mountPath: /etc/neutron/rootwrap.conf
146 subPath: rootwrap.conf
147 readOnly: true
148 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
149 {{- if ( has "l3_agent" $value.pods ) }}
150 {{- $filePrefix := replace "_" "-" $key }}
151 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
152 - name: neutron-etc
153 mountPath: {{ $rootwrapFile }}
154 subPath: {{ base $rootwrapFile }}
155 readOnly: true
156 {{- end }}
157 {{- end }}
158 containers:
159 - name: neutron-l3-agent
160{{ tuple $envAll "neutron_l3" | include "helm-toolkit.snippets.image" | indent 10 }}
161{{ tuple $envAll $envAll.Values.pod.resources.agent.l3 | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
162{{ dict "envAll" $envAll "application" "neutron_l3_agent" "container" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
163 env:
164 - name: RPC_PROBE_TIMEOUT
165 value: "{{ .Values.pod.probes.rpc_timeout }}"
166 - name: RPC_PROBE_RETRIES
167 value: "{{ .Values.pod.probes.rpc_retries }}"
168{{ dict "envAll" $envAll "component" "l3_agent" "container" "l3_agent" "type" "readiness" "probeTemplate" (include "l3AgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
169{{ dict "envAll" $envAll "component" "l3_agent" "container" "l3_agent" "type" "liveness" "probeTemplate" (include "l3AgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
170 command:
171 - /tmp/neutron-l3-agent.sh
172 volumeMounts:
173 - name: pod-tmp
174 mountPath: /tmp
175 - name: pod-shared
176 mountPath: /tmp/pod-shared
177 - name: pod-var-neutron
178 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
179 - name: neutron-bin
180 mountPath: /tmp/neutron-l3-agent.sh
181 subPath: neutron-l3-agent.sh
182 readOnly: true
183 - name: neutron-bin
184 mountPath: /tmp/health-probe.py
185 subPath: health-probe.py
186 readOnly: true
187 - name: neutron-etc
188 mountPath: /etc/neutron/neutron.conf
189 subPath: neutron.conf
190 readOnly: true
191 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
192 - name: neutron-etc
193 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
194 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
195 readOnly: true
196 {{- end }}
197 - name: neutron-etc
198 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
199 subPath: ml2_conf.ini
200 readOnly: true
201 {{- if ( has "openvswitch" .Values.network.backend ) }}
202 - name: neutron-etc
203 mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
204 subPath: openvswitch_agent.ini
205 readOnly: true
206 {{- end }}
207 - name: neutron-etc
208 mountPath: /etc/neutron/l3_agent.ini
209 subPath: l3_agent.ini
210 readOnly: true
211 - name: neutron-etc
212 mountPath: /etc/neutron/metadata_agent.ini
213 subPath: metadata_agent.ini
214 readOnly: true
215 - name: neutron-etc
216 # NOTE (Portdirect): We mount here to override Kollas
217 # custom sudoers file when using Kolla images, this
218 # location will also work fine for other images.
219 mountPath: /etc/sudoers.d/kolla_neutron_sudoers
220 subPath: neutron_sudoers
221 readOnly: true
222 - name: neutron-etc
223 mountPath: /etc/neutron/rootwrap.conf
224 subPath: rootwrap.conf
225 readOnly: true
226 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
227 {{- if ( has "l3_agent" $value.pods ) }}
228 {{- $filePrefix := replace "_" "-" $key }}
229 {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
230 - name: neutron-etc
231 mountPath: {{ $rootwrapFile }}
232 subPath: {{ base $rootwrapFile }}
233 readOnly: true
234 {{- end }}
235 {{- end }}
236 - name: libmodules
237 mountPath: /lib/modules
238 readOnly: true
239 - name: iptables-lockfile
240 mountPath: /run/xtables.lock
241 - name: socket
242 mountPath: /var/lib/neutron/openstack-helm
243 {{- if .Values.network.share_namespaces }}
244 - name: host-run-netns
245 mountPath: /run/netns
246 mountPropagation: Bidirectional
247 {{- end }}
248{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
249{{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }}
250 volumes:
251 - name: pod-tmp
252 emptyDir: {}
253 - name: pod-var-neutron
254 emptyDir: {}
255 - name: neutron-bin
256 configMap:
257 name: neutron-bin
258 defaultMode: 0555
259 - name: neutron-etc
260 secret:
261 secretName: {{ $configMapName }}
262 defaultMode: 0444
263 - name: libmodules
264 hostPath:
265 path: /lib/modules
266 - name: iptables-lockfile
267 hostPath:
268 path: /run/xtables.lock
269 type: FileOrCreate
270 - name: pod-shared
271 emptyDir: {}
272 - name: socket
273 hostPath:
274 path: /var/lib/neutron/openstack-helm
275 {{- if .Values.network.share_namespaces }}
276 - name: host-run-netns
277 hostPath:
278 path: /run/netns
279 {{- end }}
280{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
281{{ if $mounts_neutron_l3_agent.volumes }}{{ toYaml $mounts_neutron_l3_agent.volumes | indent 8 }}{{ end }}
282{{- end }}
283{{- end }}
284
285{{- if .Values.manifests.daemonset_l3_agent }}
286{{- $envAll := . }}
287{{- $daemonset := "l3-agent" }}
288{{- $configMapName := "neutron-etc" }}
289{{- $serviceAccountName := "neutron-l3-agent" }}
290{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "l3" -}}
291{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
292{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
293{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.l3_agent.daemonset" | toString | fromYaml }}
294{{- $configmap_yaml := "neutron.configmap.etc" }}
295{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
296{{- end }}