{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.daemonset_compute }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.compute }}
{{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }}
{{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: nova-compute
spec:
{{ tuple $envAll "compute" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
template:
metadata:
labels:
{{ tuple $envAll "nova" "compute" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
nodeSelector:
{{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }}
hostNetwork: true
hostPID: true
dnsPolicy: ClusterFirstWithHostNet
initContainers:
{{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: nova-compute-init
image: {{ .Values.images.tags.compute }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: 0
env:
- name: NOVA_USER_UID
value: "{{ .Values.pod.user.nova.uid }}"
command:
- /tmp/nova-compute-init.sh
volumeMounts:
- name: nova-bin
mountPath: /tmp/nova-compute-init.sh
subPath: nova-compute-init.sh
readOnly: true
- name: varlibnova
mountPath: /var/lib/nova
{{- if .Values.ceph.enabled }}
- name: ceph-keyring-placement
image: {{ .Values.images.tags.compute }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: {{ .Values.pod.user.nova.uid }}
env:
- name: CEPH_CINDER_USER
value: "{{ .Values.ceph.cinder_user }}"
{{- if .Values.ceph.cinder_keyring }}
- name: CEPH_CINDER_KEYRING
value: "{{ .Values.ceph.cinder_keyring }}"
{{ end }}
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.ceph.secret_uuid }}"
command:
- /tmp/ceph-keyring.sh
volumeMounts:
- name: etcceph
mountPath: /etc/ceph
- name: nova-bin
mountPath: /tmp/ceph-keyring.sh
subPath: ceph-keyring.sh
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
{{ end }}
- name: nova-compute-vnc-init
image: {{ .Values.images.tags.compute }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.nova.uid }}
command:
- /tmp/nova-vnc-compute-init.sh
volumeMounts:
- name: nova-bin
mountPath: /tmp/nova-vnc-compute-init.sh
subPath: nova-vnc-compute-init.sh
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
containers:
- name: nova-compute
image: {{ .Values.images.tags.compute }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.nova.uid }}
privileged: true
{{- if .Values.ceph.enabled }}
env:
- name: CEPH_CINDER_USER
value: "{{ .Values.ceph.cinder_user }}"
{{- if .Values.ceph.cinder_keyring }}
- name: CEPH_CINDER_KEYRING
value: "{{ .Values.ceph.cinder_keyring }}"
{{ end }}
- name: LIBVIRT_CEPH_SECRET_UUID
value: "{{ .Values.ceph.secret_uuid }}"
{{ end }}
command:
- /tmp/nova-compute.sh
volumeMounts:
- name: nova-bin
mountPath: /tmp/nova-compute.sh
subPath: nova-compute.sh
readOnly: true
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/nova/policy.yaml
subPath: policy.yaml
readOnly: true
- name: nova-etc
# NOTE (Portdirect): We mount here to override Kollas
# custom sudoers file when using Kolla images, this
# location will also work fine for other images.
mountPath: /etc/sudoers.d/kolla_nova_sudoers
subPath: nova_sudoers
readOnly: true
- name: nova-etc
mountPath: /etc/nova/rootwrap.conf
subPath: rootwrap.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/rootwrap.d/api-metadata.filters
subPath: api-metadata.filters
readOnly: true
- name: nova-etc
mountPath: /etc/nova/rootwrap.d/compute.filters
subPath: compute.filters
readOnly: true
- name: nova-etc
mountPath: /etc/nova/rootwrap.d/network.filters
subPath: network.filters
readOnly: true
- name: nova-etc
mountPath: /root/.ssh/config
subPath: ssh-config
readOnly: true
{{- if .Values.ceph.enabled }}
- name: etcceph
mountPath: /etc/ceph
- name: ceph-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: ceph-keyring
mountPath: /tmp/client-keyring
subPath: key
readOnly: true
{{ end }}
- mountPath: /lib/modules
name: libmodules
readOnly: true
- name: varlibnova
mountPath: /var/lib/nova
- name: varliblibvirt
mountPath: /var/lib/libvirt
- name: run
mountPath: /run
- name: cgroup
mountPath: /sys/fs/cgroup
- name: pod-shared
mountPath: /tmp/pod-shared
- name: machine-id
mountPath: /etc/machine-id
readOnly: true
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
- name: nova-compute-ssh
image: {{ .Values.images.tags.compute_ssh }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
privileged: true
env:
- name: KEY_TYPES
value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.ssh.key_types | quote }}
- name: SSH_PORT
value: {{ .Values.network.ssh.port | quote }}
ports:
- containerPort: {{ .Values.network.ssh.port }}
command:
- /tmp/ssh-start.sh
volumeMounts:
- name: varlibnova
mountPath: /var/lib/nova
- name: varliblibvirt
mountPath: /var/lib/libvirt
- name: nova-etc
mountPath: /root/.ssh/id_rsa
subPath: ssh-key-private
- name: nova-etc
mountPath: /root/.ssh/id_rsa.pub
subPath: ssh-key-public
- name: nova-etc
mountPath: /root/.ssh/authorized_keys
subPath: ssh-key-public
- name: nova-bin
mountPath: /tmp/ssh-start.sh
subPath: ssh-start.sh
readOnly: true
volumes:
- name: nova-bin
configMap:
name: nova-bin
defaultMode: 0555
- name: nova-etc
configMap:
name: nova-etc
defaultMode: 0444
{{- if .Values.ceph.enabled }}
- name: etcceph
emptyDir: {}
- name: ceph-etc
configMap:
name: ceph-etc
defaultMode: 0444
- name: ceph-keyring
secret:
secretName: pvc-ceph-client-key
{{ end }}
- name: libmodules
hostPath:
path: /lib/modules
- name: varlibnova
hostPath:
path: /var/lib/nova
- name: varliblibvirt
hostPath:
path: /var/lib/libvirt
- name: run
hostPath:
path: /run
- name: cgroup
hostPath:
path: /sys/fs/cgroup
- name: pod-shared
emptyDir: {}
- name: machine-id
hostPath:
path: /etc/machine-id
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
{{- end }}