Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / nova / templates / daemonset-compute.yaml
blob: 3ad00ff2df5bd94e2a94faaf4a930d10f4d14af5 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "novaComputeLivenessProbeTemplate" }}
16exec:
17 command:
18 - python
19 - /tmp/health-probe.py
20 - --config-file
21 - /etc/nova/nova.conf
22 - --service-queue-name
23 - compute
24 - --liveness-probe
25 {{- if .Values.pod.use_fqdn.compute }}
26 - --use-fqdn
27 {{- end }}
28{{- end }}
29
30{{- define "novaComputeReadinessProbeTemplate" }}
31exec:
32 command:
33 - python
34 - /tmp/health-probe.py
35 - --config-file
36 - /etc/nova/nova.conf
37 - --service-queue-name
38 - compute
39 {{- if .Values.pod.use_fqdn.compute }}
40 - --use-fqdn
41 {{- end }}
42{{- end }}
43
Oleksandr K177a7ae2023-12-28 14:22:03 +0100[diff] [blame]44{{- define "novaComputeStartupProbeTemplate" }}
45exec:
46 command:
47 - python
48 - /tmp/health-probe.py
49 - --config-file
50 - /etc/nova/nova.conf
51 - --service-queue-name
52 - compute
53 - --liveness-probe
54 {{- if .Values.pod.use_fqdn.compute }}
55 - --use-fqdn
56 {{- end }}
57{{- end }}
58
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]59{{- define "nova.compute.daemonset" }}
60{{- $daemonset := index . 0 }}
61{{- $configMapName := index . 1 }}
62{{- $serviceAccountName := index . 2 }}
63{{- $envAll := index . 3 }}
64{{- with $envAll }}
65
66{{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }}
67{{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }}
68
69---
70apiVersion: apps/v1
71kind: DaemonSet
72metadata:
73 name: nova-compute
74 annotations:
75 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
76 labels:
77{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
78spec:
79 selector:
80 matchLabels:
81{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
82{{ tuple $envAll $daemonset | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
83 template:
84 metadata:
85 labels:
86{{ tuple $envAll .Chart.Name $daemonset | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
87 annotations:
88{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
89 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
vexxhost-bot502c9412025-01-08 03:45:26 -0500[diff] [blame]90{{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]91{{ dict "envAll" $envAll "podName" "nova-compute-default" "containerNames" (list "nova-compute" "init" "nova-compute-init" "nova-compute-vnc-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
92 spec:
93 serviceAccountName: {{ $serviceAccountName }}
94{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
95 nodeSelector:
96 {{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]97{{ if $envAll.Values.pod.tolerations.nova.enabled }}
98{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
99{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]100 hostNetwork: true
101 hostPID: true
102 hostIPC: true
103 dnsPolicy: ClusterFirstWithHostNet
104 initContainers:
105{{ tuple $envAll "pod_dependency" $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
106 - name: nova-compute-init
107{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
108{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
109 env:
110 - name: NOVA_USER_UID
111 value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
112 command:
113 - /tmp/nova-compute-init.sh
114 terminationMessagePath: /var/log/termination-log
115 volumeMounts:
116 - name: pod-tmp
117 mountPath: /tmp
118 - name: nova-bin
119 mountPath: /tmp/nova-compute-init.sh
120 subPath: nova-compute-init.sh
121 readOnly: true
122 - name: varlibnova
123 mountPath: /var/lib/nova
124 - name: pod-shared
125 mountPath: /tmp/pod-shared
126{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
127 {{- if .Values.conf.ceph.enabled }}
128 - name: ceph-perms
129{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
130{{ dict "envAll" $envAll "application" "nova" "container" "ceph_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
131 command:
132 - chown
133 - -R
134 - "nova:"
135 - /etc/ceph
136 terminationMessagePath: /var/log/termination-log
137 volumeMounts:
138 - name: pod-tmp
139 mountPath: /tmp
140 - name: etcceph
141 mountPath: /etc/ceph
142{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
143 {{- if empty .Values.conf.ceph.cinder.keyring }}
144 - name: ceph-admin-keyring-placement
145{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
146{{ dict "envAll" $envAll "application" "nova" "container" "ceph_admin_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
147 command:
148 - /tmp/ceph-admin-keyring.sh
149 terminationMessagePath: /var/log/termination-log
150 volumeMounts:
151 - name: pod-tmp
152 mountPath: /tmp
153 - name: etcceph
154 mountPath: /etc/ceph
155 - name: nova-bin
156 mountPath: /tmp/ceph-admin-keyring.sh
157 subPath: ceph-admin-keyring.sh
158 readOnly: true
159 {{- if empty .Values.conf.ceph.admin_keyring }}
160 - name: ceph-keyring
161 mountPath: /tmp/client-keyring
162 subPath: key
163 readOnly: true
164 {{ end }}
165{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
166 {{ end }}
167 - name: ceph-keyring-placement
168{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
169{{ dict "envAll" $envAll "application" "nova" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
170 env:
171 - name: CEPH_CINDER_USER
172 value: "{{ .Values.conf.ceph.cinder.user }}"
173 {{- if .Values.conf.ceph.cinder.keyring }}
174 - name: CEPH_CINDER_KEYRING
175 value: "{{ .Values.conf.ceph.cinder.keyring }}"
176 {{ end }}
177 - name: LIBVIRT_CEPH_SECRET_UUID
178 value: "{{ .Values.conf.ceph.secret_uuid }}"
179 command:
180 - /tmp/ceph-keyring.sh
181 terminationMessagePath: /var/log/termination-log
182 volumeMounts:
183 - name: pod-tmp
184 mountPath: /tmp
185 - name: etcceph
186 mountPath: /etc/ceph
187 - name: nova-bin
188 mountPath: /tmp/ceph-keyring.sh
189 subPath: ceph-keyring.sh
190 - name: ceph-etc
191 mountPath: /etc/ceph/ceph.conf.template
192 subPath: ceph.conf
193 readOnly: true
194{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
195 {{ end }}
196 {{- if eq .Values.console.console_kind "novnc"}}
197 - name: nova-compute-vnc-init
198{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
199{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
200{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_vnc_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
201 command:
202 - /tmp/nova-console-compute-init.sh
203 terminationMessagePath: /var/log/termination-log
204 volumeMounts:
205 - name: pod-tmp
206 mountPath: /tmp
207 - name: nova-bin
208 mountPath: /tmp/nova-console-compute-init.sh
209 subPath: nova-console-compute-init.sh
210 readOnly: true
211 - name: pod-shared
212 mountPath: /tmp/pod-shared
213{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
214 {{ end }}
215 {{- if eq .Values.console.console_kind "spice"}}
216 - name: nova-compute-spice-init
217{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
218{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
219{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_spice_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
220 command:
221 - /tmp/nova-console-compute-init.sh
222 terminationMessagePath: /var/log/termination-log
223 volumeMounts:
224 - name: pod-tmp
225 mountPath: /tmp
226 - name: nova-bin
227 mountPath: /tmp/nova-console-compute-init.sh
228 subPath: nova-console-compute-init.sh
229 readOnly: true
230 - name: pod-shared
231 mountPath: /tmp/pod-shared
232{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
233 {{ end }}
234 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
235 - name: tungstenfabric-compute-init
236 image: {{ .Values.images.tags.tf_compute_init }}
237 imagePullPolicy: {{ .Values.images.pull_policy }}
238{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
239{{ dict "envAll" $envAll "application" "nova" "container" "tungstenfabric_compute_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
240 volumeMounts:
241 - name: tf-plugin-shared
242 mountPath: /opt/plugin
243 - name: tf-plugin-bin
244 mountPath: /opt/plugin/bin
245{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
246 {{- end }}
247 {{- if .Values.network.ssh.enabled }}
248 - name: nova-compute-ssh-init
249{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
250{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
251{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
252 terminationMessagePath: /var/log/termination-log
253 env:
254 - name: SSH_PORT
255 value: {{ .Values.network.ssh.port | quote }}
256 - name: NOVA_USER_UID
257 value: "{{ .Values.pod.security_context.nova.pod.runAsUser }}"
258 command:
259 - /tmp/ssh-init.sh
260 volumeMounts:
261 - name: varlibnova
262 mountPath: /var/lib/nova
263 - name: nova-ssh
264 mountPath: /tmp/nova-ssh/authorized_keys
265 subPath: public-key
266 - name: nova-ssh
267 mountPath: /tmp/nova-ssh/id_rsa
268 subPath: private-key
269 - name: nova-bin
270 mountPath: /tmp/ssh-init.sh
271 subPath: ssh-init.sh
272 readOnly: true
273{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
274 {{- end }}
275 containers:
276 - name: nova-compute
277{{ tuple $envAll "nova_compute" | include "helm-toolkit.snippets.image" | indent 10 }}
278{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
279{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
280 env:
281 {{- if .Values.conf.ceph.enabled }}
282 - name: CEPH_CINDER_USER
283 value: "{{ .Values.conf.ceph.cinder.user }}"
284 {{- if .Values.conf.ceph.cinder.keyring }}
285 - name: CEPH_CINDER_KEYRING
286 value: "{{ .Values.conf.ceph.cinder.keyring }}"
287 {{ end }}
288 - name: LIBVIRT_CEPH_SECRET_UUID
289 value: "{{ .Values.conf.ceph.secret_uuid }}"
290 {{ end }}
291 - name: RPC_PROBE_TIMEOUT
292 value: "{{ .Values.pod.probes.rpc_timeout }}"
293 - name: RPC_PROBE_RETRIES
294 value: "{{ .Values.pod.probes.rpc_retries }}"
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]295{{- if or .Values.manifests.certificates .Values.tls.identity }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]296 - name: REQUESTS_CA_BUNDLE
297 value: "/etc/nova/certs/ca.crt"
298{{- end }}
299{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "liveness" "probeTemplate" (include "novaComputeLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
300{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "readiness" "probeTemplate" (include "novaComputeReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Oleksandr K177a7ae2023-12-28 14:22:03 +0100[diff] [blame]301{{ dict "envAll" $envAll "component" "compute" "container" "default" "type" "startup" "probeTemplate" (include "novaComputeStartupProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]302 command:
303 - /tmp/nova-compute.sh
304 terminationMessagePath: /var/log/termination-log
305 volumeMounts:
306 - name: dev-pts
307 mountPath: /dev/pts
308 - name: pod-tmp
309 mountPath: /tmp
310 - name: nova-bin
311 mountPath: /tmp/nova-compute.sh
312 subPath: nova-compute.sh
313 readOnly: true
314 - name: nova-bin
315 mountPath: /tmp/health-probe.py
316 subPath: health-probe.py
317 readOnly: true
318 - name: nova-etc
319 mountPath: /etc/nova/nova.conf
320 subPath: nova-compute.conf
321 readOnly: true
322 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
323 - name: nova-etc
324 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
325 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
326 readOnly: true
327 {{- end }}
328 - name: nova-etc
329 mountPath: /etc/nova/api-paste.ini
330 subPath: api-paste.ini
331 readOnly: true
332 - name: nova-etc
333 mountPath: /etc/nova/policy.yaml
334 subPath: policy.yaml
335 readOnly: true
336 - name: nova-etc
337 # NOTE (Portdirect): We mount here to override Kollas
338 # custom sudoers file when using Kolla images, this
339 # location will also work fine for other images.
340 mountPath: /etc/sudoers.d/kolla_nova_sudoers
341 subPath: nova_sudoers
342 readOnly: true
343 - name: nova-etc
344 mountPath: /etc/nova/rootwrap.conf
345 subPath: rootwrap.conf
346 readOnly: true
347 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
348 {{- if ( has "compute" $value.pods ) }}
349 {{- $filePrefix := replace "_" "-" $key }}
350 {{- $rootwrapFile := printf "/etc/nova/rootwrap.d/%s.filters" $filePrefix }}
351 - name: nova-etc
352 mountPath: {{ $rootwrapFile }}
353 subPath: {{ base $rootwrapFile }}
354 readOnly: true
355 {{- end }}
356 {{- end }}
357 {{- if .Values.conf.ceph.enabled }}
358 - name: etcceph
359 mountPath: /etc/ceph
360 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
361 mountPropagation: Bidirectional
362 {{- end }}
363 {{- if and ( empty .Values.conf.ceph.cinder.keyring ) ( empty .Values.conf.ceph.admin_keyring )}}
364 - name: ceph-keyring
365 mountPath: /tmp/client-keyring
366 subPath: key
367 readOnly: true
368 {{ end }}
369 {{ end }}
370 - mountPath: /lib/modules
371 name: libmodules
372 readOnly: true
373 - name: varlibnova
374 mountPath: /var/lib/nova
375 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
376 mountPropagation: Bidirectional
377 {{- end }}
378 - name: varliblibvirt
379 mountPath: /var/lib/libvirt
380 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
381 mountPropagation: Bidirectional
382 {{- end }}
383 - name: run
384 mountPath: /run
385 - name: cgroup
386 mountPath: /sys/fs/cgroup
387 readOnly: true
388 - name: pod-shared
389 mountPath: /tmp/pod-shared
390 - name: machine-id
391 mountPath: /etc/machine-id
392 readOnly: true
393 {{- if .Values.conf.enable_iscsi }}
394 - name: host-rootfs
395 mountPath: /mnt/host-rootfs
396 mountPropagation: HostToContainer
397 - name: usrlocalsbin
398 mountPath: /usr/local/sbin
399 - name: etciscsi
400 mountPath: /etc/iscsi
401 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
402 mountPropagation: HostToContainer
403 {{- end }}
404 - name: dev
405 mountPath: /dev
406 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
407 mountPropagation: HostToContainer
408 {{- end }}
409 - name: nova-bin
410 mountPath: /usr/local/sbin/iscsiadm
411 subPath: iscsiadm
412 - name: runlock
413 mountPath: /run/lock
414 - name: nova-bin
415 mountPath: /usr/local/sbin/multipath
416 subPath: multipath
417 - name: nova-bin
418 mountPath: /usr/local/sbin/multipathd
419 subPath: multipathd
420 - name: etcmultipath
421 mountPath: /etc/multipath
422 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
423 mountPropagation: Bidirectional
424 {{- end }}
425 - name: sysblock
426 mountPath: /sys/block
427 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
428 mountPropagation: HostToContainer
429 {{- end }}
430 {{- end }}
431 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
432 - name: tf-plugin-shared
433 mountPath: /opt/plugin
434 readOnly: true
435 - name: tf-plugin-bin
436 mountPath: /usr/sbin
437 readOnly: true
438 - name: nova-bin
439 mountPath: /usr/local/lib/python2.7/site-packages/tf-plugin.pth
440 subPath: tf-plugin.pth
441 readOnly: true
442 - name: nova-bin
443 mountPath: /var/lib/openstack/lib/python2.7/site-packages/tf-plugin.pth
444 subPath: tf-plugin.pth
445 readOnly: true
446 - name: nova-bin
447 mountPath: /var/lib/openstack/lib/python3.6/site-packages/tf-plugin.pth
448 subPath: tf-plugin.pth
449 readOnly: true
450 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]451{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]452{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
453{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
454 {{- if .Values.network.ssh.enabled }}
455 - name: nova-compute-ssh
456{{ tuple $envAll "nova_compute_ssh" | include "helm-toolkit.snippets.image" | indent 10 }}
457{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
458{{ dict "envAll" $envAll "application" "nova" "container" "nova_compute_ssh" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
459 env:
460 - name: KEY_TYPES
461 value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.network.ssh.key_types | quote }}
462 - name: SSH_PORT
463 value: {{ .Values.network.ssh.port | quote }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]464{{- if or .Values.manifests.certificates .Values.tls.identity }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]465 - name: REQUESTS_CA_BUNDLE
466 value: "/etc/nova/certs/ca.crt"
467{{- end }}
468 ports:
469 - containerPort: {{ .Values.network.ssh.port }}
470 command:
471 - /tmp/ssh-start.sh
472 terminationMessagePath: /var/log/termination-log
473 volumeMounts:
474 - name: varlibnova
475 mountPath: /var/lib/nova
476 - name: nova-bin
477 mountPath: /tmp/ssh-start.sh
478 subPath: ssh-start.sh
479 readOnly: true
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]480{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]481{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
482 {{ end }}
483 volumes:
484 - name: pod-tmp
485 emptyDir: {}
486 - name: nova-bin
487 configMap:
488 name: nova-bin
489 defaultMode: 0555
490 - name: nova-etc
491 secret:
492 secretName: {{ $configMapName }}
493 defaultMode: 0444
494 {{- if .Values.network.ssh.enabled }}
495 - name: nova-ssh
496 secret:
497 secretName: nova-ssh
498 defaultMode: 0644
499 {{ end }}
500 {{- if .Values.conf.ceph.enabled }}
501 - name: etcceph
502 hostPath:
503 path: /var/lib/openstack-helm/compute/nova
504 - name: ceph-etc
505 configMap:
506 name: {{ .Values.ceph_client.configmap }}
507 defaultMode: 0444
508 {{- if and ( empty .Values.conf.ceph.cinder.keyring ) ( empty .Values.conf.ceph.admin_keyring ) }}
509 - name: ceph-keyring
510 secret:
511 secretName: {{ .Values.ceph_client.user_secret_name }}
512 {{ end }}
513 {{ end }}
514 - name: dev-pts
515 hostPath:
516 path: /dev/pts
517 - name: libmodules
518 hostPath:
519 path: /lib/modules
520 - name: varlibnova
521 hostPath:
522 path: /var/lib/nova
523 - name: varliblibvirt
524 hostPath:
525 path: /var/lib/libvirt
526 - name: run
527 hostPath:
528 path: /run
529 - name: cgroup
530 hostPath:
531 path: /sys/fs/cgroup
532 - name: pod-shared
533 emptyDir: {}
534 - name: machine-id
535 hostPath:
536 path: /etc/machine-id
537 {{- if .Values.conf.enable_iscsi }}
538 - name: host-rootfs
539 hostPath:
540 path: /
541 - name: runlock
542 hostPath:
543 path: /run/lock
544 - name: etciscsi
545 hostPath:
546 path: /etc/iscsi
547 - name: dev
548 hostPath:
549 path: /dev
550 - name: usrlocalsbin
551 emptyDir: {}
552 - name: etcmultipath
553 hostPath:
554 path: /etc/multipath
555 - name: sysblock
556 hostPath:
557 path: /sys/block
558
559 {{- end }}
560 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
561 - name: tf-plugin-shared
562 emptyDir: {}
563 - name: tf-plugin-bin
564 emptyDir: {}
565 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]566{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]567{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
568{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
569{{- end }}
570{{- end }}
571
572{{- if .Values.manifests.daemonset_compute }}
573{{- $envAll := . }}
574{{- $daemonset := "compute" }}
575{{- $configMapName := "nova-etc" }}
576{{- $serviceAccountName := "nova-compute" }}
577
578{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "compute" -}}
579{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
580
581{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
582{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "nova.compute.daemonset" | toString | fromYaml }}
583{{- $configmap_yaml := "nova.configmap.etc" }}
584{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
585{{- end }}