{{/* Copyright 2017 The Openstack-Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.manifests.daemonset_compute }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.compute }} {{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }} {{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }} --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: nova-compute spec: {{ tuple $envAll "compute" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} template: metadata: labels: {{ tuple $envAll "nova" "compute" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: nodeSelector: {{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }} hostNetwork: true hostPID: true dnsPolicy: ClusterFirstWithHostNet initContainers: {{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - name: nova-compute-init image: {{ .Values.images.tags.compute }} imagePullPolicy: {{ .Values.images.pull_policy }} securityContext: runAsUser: 0 env: - name: NOVA_USER_UID value: "{{ .Values.pod.user.nova.uid }}" command: - /tmp/nova-compute-init.sh volumeMounts: - name: nova-bin mountPath: /tmp/nova-compute-init.sh subPath: nova-compute-init.sh readOnly: true - name: varlibnova mountPath: /var/lib/nova {{- if .Values.ceph.enabled }} - name: ceph-keyring-placement image: {{ .Values.images.tags.compute }} imagePullPolicy: {{ .Values.images.pull_policy }} securityContext: runAsUser: {{ .Values.pod.user.nova.uid }} env: - name: CEPH_CINDER_USER value: "{{ .Values.ceph.cinder_user }}" {{- if .Values.ceph.cinder_keyring }} - name: CEPH_CINDER_KEYRING value: "{{ .Values.ceph.cinder_keyring }}" {{ end }} - name: LIBVIRT_CEPH_SECRET_UUID value: "{{ .Values.ceph.secret_uuid }}" command: - /tmp/ceph-keyring.sh volumeMounts: - name: etcceph mountPath: /etc/ceph - name: nova-bin mountPath: /tmp/ceph-keyring.sh subPath: ceph-keyring.sh - name: ceph-keyring mountPath: /tmp/client-keyring subPath: key readOnly: true {{ end }} - name: nova-compute-vnc-init image: {{ .Values.images.tags.compute }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: runAsUser: {{ .Values.pod.user.nova.uid }} command: - /tmp/nova-vnc-compute-init.sh volumeMounts: - name: nova-bin mountPath: /tmp/nova-vnc-compute-init.sh subPath: nova-vnc-compute-init.sh readOnly: true - name: pod-shared mountPath: /tmp/pod-shared containers: - name: nova-compute image: {{ .Values.images.tags.compute }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: runAsUser: {{ .Values.pod.user.nova.uid }} privileged: true {{- if .Values.ceph.enabled }} env: - name: CEPH_CINDER_USER value: "{{ .Values.ceph.cinder_user }}" {{- if .Values.ceph.cinder_keyring }} - name: CEPH_CINDER_KEYRING value: "{{ .Values.ceph.cinder_keyring }}" {{ end }} - name: LIBVIRT_CEPH_SECRET_UUID value: "{{ .Values.ceph.secret_uuid }}" {{ end }} command: - /tmp/nova-compute.sh volumeMounts: - name: nova-bin mountPath: /tmp/nova-compute.sh subPath: nova-compute.sh readOnly: true - name: nova-etc mountPath: /etc/nova/nova.conf subPath: nova.conf readOnly: true - name: nova-etc mountPath: /etc/nova/api-paste.ini subPath: api-paste.ini readOnly: true - name: nova-etc mountPath: /etc/nova/policy.yaml subPath: policy.yaml readOnly: true - name: nova-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this # location will also work fine for other images. mountPath: /etc/sudoers.d/kolla_nova_sudoers subPath: nova_sudoers readOnly: true - name: nova-etc mountPath: /etc/nova/rootwrap.conf subPath: rootwrap.conf readOnly: true - name: nova-etc mountPath: /etc/nova/rootwrap.d/api-metadata.filters subPath: api-metadata.filters readOnly: true - name: nova-etc mountPath: /etc/nova/rootwrap.d/compute.filters subPath: compute.filters readOnly: true - name: nova-etc mountPath: /etc/nova/rootwrap.d/network.filters subPath: network.filters readOnly: true - name: nova-etc mountPath: /root/.ssh/config subPath: ssh-config readOnly: true {{- if .Values.ceph.enabled }} - name: etcceph mountPath: /etc/ceph - name: ceph-etc mountPath: /etc/ceph/ceph.conf subPath: ceph.conf readOnly: true - name: ceph-keyring mountPath: /tmp/client-keyring subPath: key readOnly: true {{ end }} - mountPath: /lib/modules name: libmodules readOnly: true - name: varlibnova mountPath: /var/lib/nova - name: varliblibvirt mountPath: /var/lib/libvirt - name: run mountPath: /run - name: cgroup mountPath: /sys/fs/cgroup - name: pod-shared mountPath: /tmp/pod-shared - name: machine-id mountPath: /etc/machine-id readOnly: true {{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }} - name: nova-compute-ssh image: {{ .Values.images.tags.compute_ssh }} imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} securityContext: privileged: true env: - name: KEY_TYPES value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.ssh.key_types | quote }} - name: SSH_PORT value: {{ .Values.network.ssh.port | quote }} ports: - containerPort: {{ .Values.network.ssh.port }} command: - /tmp/ssh-start.sh volumeMounts: - name: varlibnova mountPath: /var/lib/nova - name: varliblibvirt mountPath: /var/lib/libvirt - name: nova-etc mountPath: /root/.ssh/id_rsa subPath: ssh-key-private - name: nova-etc mountPath: /root/.ssh/id_rsa.pub subPath: ssh-key-public - name: nova-etc mountPath: /root/.ssh/authorized_keys subPath: ssh-key-public - name: nova-bin mountPath: /tmp/ssh-start.sh subPath: ssh-start.sh readOnly: true volumes: - name: nova-bin configMap: name: nova-bin defaultMode: 0555 - name: nova-etc configMap: name: nova-etc defaultMode: 0444 {{- if .Values.ceph.enabled }} - name: etcceph emptyDir: {} - name: ceph-etc configMap: name: ceph-etc defaultMode: 0444 - name: ceph-keyring secret: secretName: pvc-ceph-client-key {{ end }} - name: libmodules hostPath: path: /lib/modules - name: varlibnova hostPath: path: /var/lib/nova - name: varliblibvirt hostPath: path: /var/lib/libvirt - name: run hostPath: path: /run - name: cgroup hostPath: path: /sys/fs/cgroup - name: pod-shared emptyDir: {} - name: machine-id hostPath: path: /etc/machine-id {{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }} {{- end }}