From 623c1312928832a7907e81889b0aa3e92ad9eed4 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Fri, 19 Apr 2019 18:06:06 -0500 Subject: [PATCH] OSH: Add emptydirs for tmp This PS adds emptydirs backing the /tmp directory in pods, which is required in most cases for full operation when using a read only filesystem backing the container. Additionally some yaml indent issues are resolved. Change-Id: I9df8f70e913b911ff755600fa2f669d9c5dcb928 Signed-off-by: Pete Birley --- aodh/templates/cron-job-alarms-cleaner.yaml | 56 +++--- aodh/templates/deployment-api.yaml | 4 + aodh/templates/deployment-evaluator.yaml | 4 + aodh/templates/deployment-listener.yaml | 4 + aodh/templates/deployment-notifier.yaml | 4 + aodh/templates/pod-aodh-test.yaml | 4 + barbican/templates/deployment-api.yaml | 4 + barbican/templates/pod-test.yaml | 4 + ceilometer/templates/daemonset-compute.yaml | 4 + ceilometer/templates/daemonset-ipmi.yaml | 4 + ceilometer/templates/deployment-api.yaml | 4 + ceilometer/templates/deployment-central.yaml | 4 + .../templates/deployment-collector.yaml | 4 + .../templates/deployment-notification.yaml | 4 + ceilometer/templates/job-db-init-mongodb.yaml | 4 + ceilometer/templates/pod-rally-test.yaml | 6 + .../cron-job-cinder-volume-usage-audit.yaml | 56 +++--- cinder/templates/deployment-api.yaml | 6 + cinder/templates/deployment-backup.yaml | 12 ++ cinder/templates/deployment-scheduler.yaml | 6 + cinder/templates/deployment-volume.yaml | 10 ++ cinder/templates/job-backup-storage-init.yaml | 6 + cinder/templates/job-clean.yaml | 6 + .../templates/job-create-internal-tenant.yaml | 4 + cinder/templates/job-storage-init.yaml | 6 + cinder/templates/pod-rally-test.yaml | 6 + congress/templates/deployment-api.yaml | 4 + congress/templates/deployment-datasource.yaml | 4 + .../templates/deployment-policy-engine.yaml | 4 + congress/templates/job-ds-create.yaml | 4 + congress/templates/pod-test.yaml | 4 + glance/templates/deployment-api.yaml | 8 + glance/templates/deployment-registry.yaml | 4 + glance/templates/job-clean.yaml | 6 + glance/templates/job-storage-init.yaml | 6 + glance/templates/pod-rally-test.yaml | 6 + heat/templates/cron-job-engine-cleaner.yaml | 26 +-- heat/templates/cron-job-purge-deleted.yaml | 26 +-- heat/templates/deployment-api.yaml | 4 + heat/templates/deployment-cfn.yaml | 4 + heat/templates/deployment-cloudwatch.yaml | 4 + heat/templates/deployment-engine.yaml | 4 + heat/templates/job-ks-user-domain.yaml | 4 + heat/templates/job-trusts.yaml | 4 + heat/templates/pod-rally-test.yaml | 6 + horizon/templates/deployment.yaml | 4 + ironic/templates/deployment-api.yaml | 8 + .../job-manage-cleaning-network.yaml | 4 + ironic/templates/statefulset-conductor.yaml | 18 ++ .../templates/cron-job-credential-rotate.yaml | 76 ++++---- .../templates/cron-job-fernet-rotate.yaml | 72 ++++---- keystone/templates/deployment-api.yaml | 170 +++++++++--------- .../templates/job-credential-cleanup.yaml | 4 + keystone/templates/job-credential-setup.yaml | 80 +++++---- keystone/templates/job-domain-manage.yaml | 6 + keystone/templates/job-fernet-setup.yaml | 80 +++++---- keystone/templates/pod-rally-test.yaml | 6 + magnum/templates/deployment-api.yaml | 4 + magnum/templates/job-ks-user-domain.yaml | 4 + magnum/templates/statefulset-conductor.yaml | 6 + mistral/templates/deployment-api.yaml | 4 + mistral/templates/deployment-executor.yaml | 4 + mistral/templates/pod-rally-test.yaml | 6 + mistral/templates/statefulset-engine.yaml | 4 + .../templates/statefulset-event-engine.yaml | 4 + neutron/templates/daemonset-dhcp-agent.yaml | 38 ++-- neutron/templates/daemonset-l3-agent.yaml | 38 ++-- neutron/templates/daemonset-lb-agent.yaml | 6 + .../templates/daemonset-metadata-agent.yaml | 32 ++-- neutron/templates/daemonset-ovs-agent.yaml | 26 ++- neutron/templates/daemonset-sriov-agent.yaml | 18 +- neutron/templates/deployment-server.yaml | 4 + neutron/templates/pod-rally-test.yaml | 6 + nova/templates/cron-job-cell-setup.yaml | 4 + nova/templates/cron-job-service-cleaner.yaml | 36 ++-- nova/templates/daemonset-compute.yaml | 44 +++-- nova/templates/deployment-api-metadata.yaml | 6 + nova/templates/deployment-api-osapi.yaml | 4 + nova/templates/deployment-conductor.yaml | 30 ++-- nova/templates/deployment-consoleauth.yaml | 30 ++-- nova/templates/deployment-novncproxy.yaml | 8 + nova/templates/deployment-placement.yaml | 4 + nova/templates/deployment-scheduler.yaml | 34 ++-- nova/templates/deployment-spiceproxy.yaml | 8 + nova/templates/job-cell-setup.yaml | 6 + nova/templates/pod-rally-test.yaml | 6 + .../templates/statefulset-compute-ironic.yaml | 4 + panko/templates/cron-job-events-cleaner.yaml | 56 +++--- panko/templates/deployment-api.yaml | 4 + panko/templates/pod-rally-test.yaml | 6 + rally/templates/job-bootstrap.yaml | 4 + rally/templates/job-ks-endpoints.yaml | 4 + rally/templates/job-ks-service.yaml | 4 + rally/templates/job-manage-db.yaml | 4 + rally/templates/job-run-task.yaml | 6 + senlin/templates/cron-job-engine-cleaner.yaml | 56 +++--- senlin/templates/deployment-api.yaml | 4 + senlin/templates/deployment-engine.yaml | 4 + senlin/templates/pod-test.yaml | 4 + tempest/templates/job-run-tests.yaml | 6 + 100 files changed, 999 insertions(+), 487 deletions(-) diff --git a/aodh/templates/cron-job-alarms-cleaner.yaml b/aodh/templates/cron-job-alarms-cleaner.yaml index a9b273d094..531e715898 100644 --- a/aodh/templates/cron-job-alarms-cleaner.yaml +++ b/aodh/templates/cron-job-alarms-cleaner.yaml @@ -54,31 +54,35 @@ spec: command: - /tmp/aodh-alarms-cleaner.sh volumeMounts: - - name: aodh-bin - mountPath: /tmp/aodh-alarms-cleaner.sh - subPath: aodh-alarms-cleaner.sh - readOnly: true - - name: pod-etc-aodh - mountPath: /etc/aodh - - name: aodh-etc - mountPath: /etc/aodh/aodh.conf - subPath: aodh.conf - readOnly: true - - name: aodh-etc - mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} - readOnly: true -{{ if $mounts_aodh_alarms_cleaner.volumeMounts }}{{ toYaml $mounts_aodh_alarms_cleaner.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: aodh-bin + mountPath: /tmp/aodh-alarms-cleaner.sh + subPath: aodh-alarms-cleaner.sh + readOnly: true + - name: pod-etc-aodh + mountPath: /etc/aodh + - name: aodh-etc + mountPath: /etc/aodh/aodh.conf + subPath: aodh.conf + readOnly: true + - name: aodh-etc + mountPath: {{ .Values.conf.aodh.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.aodh.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_aodh_alarms_cleaner.volumeMounts }}{{ toYaml $mounts_aodh_alarms_cleaner.volumeMounts | indent 16 }}{{ end }} volumes: - - name: pod-etc-aodh - emptyDir: {} - - name: aodh-etc - secret: - secretName: aodh-etc - defaultMode: 0444 - - name: aodh-bin - configMap: - name: aodh-bin - defaultMode: 0555 -{{ if $mounts_aodh_alarms_cleaner.volumes }}{{ toYaml $mounts_aodh_alarms_cleaner.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: pod-etc-aodh + emptyDir: {} + - name: aodh-etc + secret: + secretName: aodh-etc + defaultMode: 0444 + - name: aodh-bin + configMap: + name: aodh-bin + defaultMode: 0555 +{{ if $mounts_aodh_alarms_cleaner.volumes }}{{ toYaml $mounts_aodh_alarms_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/aodh/templates/deployment-api.yaml b/aodh/templates/deployment-api.yaml index 9f04ab71f4..707cfd2954 100644 --- a/aodh/templates/deployment-api.yaml +++ b/aodh/templates/deployment-api.yaml @@ -76,6 +76,8 @@ spec: tcpSocket: port: {{ tuple "alarming" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: wsgi-aodh mountPath: /var/www/cgi-bin/aodh - name: pod-etc-aodh @@ -106,6 +108,8 @@ spec: readOnly: true {{ if $mounts_aodh_api.volumeMounts }}{{ toYaml $mounts_aodh_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: wsgi-aodh emptyDir: {} - name: pod-etc-aodh diff --git a/aodh/templates/deployment-evaluator.yaml b/aodh/templates/deployment-evaluator.yaml index 2df99de65c..477f484ed5 100644 --- a/aodh/templates/deployment-evaluator.yaml +++ b/aodh/templates/deployment-evaluator.yaml @@ -69,6 +69,8 @@ spec: - /tmp/aodh-evaluator.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-aodh mountPath: /etc/aodh - name: aodh-etc @@ -89,6 +91,8 @@ spec: readOnly: true {{ if $mounts_aodh_evaluator.volumeMounts }}{{ toYaml $mounts_aodh_evaluator.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-aodh emptyDir: {} - name: aodh-etc diff --git a/aodh/templates/deployment-listener.yaml b/aodh/templates/deployment-listener.yaml index f24eb58471..794c780b30 100644 --- a/aodh/templates/deployment-listener.yaml +++ b/aodh/templates/deployment-listener.yaml @@ -69,6 +69,8 @@ spec: - /tmp/aodh-listener.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-aodh mountPath: /etc/aodh - name: aodh-etc @@ -89,6 +91,8 @@ spec: readOnly: true {{ if $mounts_aodh_listener.volumeMounts }}{{ toYaml $mounts_aodh_listener.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-aodh emptyDir: {} - name: aodh-etc diff --git a/aodh/templates/deployment-notifier.yaml b/aodh/templates/deployment-notifier.yaml index 860944432b..9a28c144bb 100644 --- a/aodh/templates/deployment-notifier.yaml +++ b/aodh/templates/deployment-notifier.yaml @@ -69,6 +69,8 @@ spec: - /tmp/aodh-notifier.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-aodh mountPath: /etc/aodh - name: aodh-etc @@ -89,6 +91,8 @@ spec: readOnly: true {{ if $mounts_aodh_notifier.volumeMounts }}{{ toYaml $mounts_aodh_notifier.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-aodh emptyDir: {} - name: aodh-etc diff --git a/aodh/templates/pod-aodh-test.yaml b/aodh/templates/pod-aodh-test.yaml index bb029b58c6..6e627b83f7 100644 --- a/aodh/templates/pod-aodh-test.yaml +++ b/aodh/templates/pod-aodh-test.yaml @@ -50,6 +50,8 @@ spec: command: - /tmp/aodh-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: aodh-etc mountPath: /etc/aodh/aodh.conf subPath: aodh.conf @@ -60,6 +62,8 @@ spec: readOnly: true {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: aodh-etc secret: secretName: aodh-etc diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml index 27a6c8f16f..1b1a5f4e14 100644 --- a/barbican/templates/deployment-api.yaml +++ b/barbican/templates/deployment-api.yaml @@ -75,6 +75,8 @@ spec: tcpSocket: port: {{ tuple "key_manager" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcbarbican mountPath: /etc/barbican - name: barbican-etc @@ -107,6 +109,8 @@ spec: readOnly: true {{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etcbarbican emptyDir: {} - name: barbican-etc diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml index 0124613f4b..b4605c8fed 100644 --- a/barbican/templates/pod-test.yaml +++ b/barbican/templates/pod-test.yaml @@ -50,12 +50,16 @@ spec: command: - /tmp/barbican-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: barbican-bin mountPath: /tmp/barbican-test.sh subPath: barbican-test.sh readOnly: true {{ if $mounts_barbican_tests.volumeMounts }}{{ toYaml $mounts_barbican_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: barbican-bin configMap: name: barbican-bin diff --git a/ceilometer/templates/daemonset-compute.yaml b/ceilometer/templates/daemonset-compute.yaml index db51482ab6..7e5bc9cacd 100644 --- a/ceilometer/templates/daemonset-compute.yaml +++ b/ceilometer/templates/daemonset-compute.yaml @@ -62,6 +62,8 @@ spec: command: - /tmp/ceilometer-compute.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -113,6 +115,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_compute.volumeMounts }}{{ toYaml $mounts_ceilometer_compute.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc diff --git a/ceilometer/templates/daemonset-ipmi.yaml b/ceilometer/templates/daemonset-ipmi.yaml index 15e58f302e..65bd609c3e 100644 --- a/ceilometer/templates/daemonset-ipmi.yaml +++ b/ceilometer/templates/daemonset-ipmi.yaml @@ -63,6 +63,8 @@ spec: command: - /tmp/ceilometer-ipmi.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -106,6 +108,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_ipmi.volumeMounts }}{{ toYaml $mounts_ceilometer_ipmi.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc diff --git a/ceilometer/templates/deployment-api.yaml b/ceilometer/templates/deployment-api.yaml index d1e97115aa..a54e769459 100644 --- a/ceilometer/templates/deployment-api.yaml +++ b/ceilometer/templates/deployment-api.yaml @@ -74,6 +74,8 @@ spec: tcpSocket: port: {{ tuple "metering" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -124,6 +126,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_api.volumeMounts }}{{ toYaml $mounts_ceilometer_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc diff --git a/ceilometer/templates/deployment-central.yaml b/ceilometer/templates/deployment-central.yaml index b546e1add7..c6259612d0 100644 --- a/ceilometer/templates/deployment-central.yaml +++ b/ceilometer/templates/deployment-central.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/ceilometer-central.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -100,6 +102,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_central.volumeMounts }}{{ toYaml $mounts_ceilometer_central.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc diff --git a/ceilometer/templates/deployment-collector.yaml b/ceilometer/templates/deployment-collector.yaml index 54bf288f97..f1e6d707f0 100644 --- a/ceilometer/templates/deployment-collector.yaml +++ b/ceilometer/templates/deployment-collector.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/ceilometer-collector.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -96,6 +98,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_collector.volumeMounts }}{{ toYaml $mounts_ceilometer_collector.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: ceilometer-etc diff --git a/ceilometer/templates/deployment-notification.yaml b/ceilometer/templates/deployment-notification.yaml index c6adca2fc7..bb1ea13121 100644 --- a/ceilometer/templates/deployment-notification.yaml +++ b/ceilometer/templates/deployment-notification.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/ceilometer-notification.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-ceilometer mountPath: /etc/ceilometer - name: ceilometer-etc @@ -102,6 +104,8 @@ spec: readOnly: true {{ if $mounts_ceilometer_notification.volumeMounts }}{{ toYaml $mounts_ceilometer_notification.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-ceilometer emptyDir: {} - name: etc-ceilometer-meters diff --git a/ceilometer/templates/job-db-init-mongodb.yaml b/ceilometer/templates/job-db-init-mongodb.yaml index 692d0c49bf..1f822576b4 100644 --- a/ceilometer/templates/job-db-init-mongodb.yaml +++ b/ceilometer/templates/job-db-init-mongodb.yaml @@ -53,11 +53,15 @@ spec: command: - /tmp/db-init-mongodb.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceilometer-bin mountPath: /tmp/db-init-mongodb.sh subPath: db-init-mongodb.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ceilometer-bin configMap: name: ceilometer-bin diff --git a/ceilometer/templates/pod-rally-test.yaml b/ceilometer/templates/pod-rally-test.yaml index 9cbf2fdd3a..726d8a70fa 100644 --- a/ceilometer/templates/pod-rally-test.yaml +++ b/ceilometer/templates/pod-rally-test.yaml @@ -43,6 +43,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceilometer-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -74,6 +76,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ceilometer-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -86,6 +90,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ceilometer-etc secret: secretName: ceilometer-etc diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml index a15d064f27..f7ecb3fecc 100644 --- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml +++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml @@ -60,31 +60,35 @@ spec: command: - /tmp/volume-usage-audit.sh volumeMounts: - - name: etccinder - mountPath: /etc/cinder - - name: cinder-etc - mountPath: /etc/cinder/cinder.conf - subPath: cinder.conf - readOnly: true - - name: cinder-etc - mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }} - readOnly: true - - name: cinder-bin - mountPath: /tmp/volume-usage-audit.sh - subPath: volume-usage-audit.sh - readOnly: true - {{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etccinder + mountPath: /etc/cinder + - name: cinder-etc + mountPath: /etc/cinder/cinder.conf + subPath: cinder.conf + readOnly: true + - name: cinder-etc + mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }} + readOnly: true + - name: cinder-bin + mountPath: /tmp/volume-usage-audit.sh + subPath: volume-usage-audit.sh + readOnly: true +{{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }} volumes: - - name: etccinder - emptyDir: {} - - name: cinder-etc - secret: - secretName: cinder-etc - defaultMode: 0444 - - name: cinder-bin - configMap: - name: cinder-bin - defaultMode: 0555 - {{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etccinder + emptyDir: {} + - name: cinder-etc + secret: + secretName: cinder-etc + defaultMode: 0444 + - name: cinder-bin + configMap: + name: cinder-bin + defaultMode: 0555 +{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index aef21a4df3..3692903852 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -66,6 +66,8 @@ spec: - "cinder:" - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-coordination mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} {{ end }} @@ -98,6 +100,8 @@ spec: successThreshold: 1 timeoutSeconds: 1 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/cinder-api.sh subPath: cinder-api.sh @@ -132,6 +136,8 @@ spec: {{- end }} {{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml index fdce03a9b6..0d67b7c020 100644 --- a/cinder/templates/deployment-backup.yaml +++ b/cinder/templates/deployment-backup.yaml @@ -65,6 +65,8 @@ spec: - name: RBD_USER value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: cinder-bin @@ -87,6 +89,8 @@ spec: - name: RBD_USER value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: cinder-bin @@ -109,6 +113,8 @@ spec: - "cinder:" - {{ .Values.conf.cinder.DEFAULT.backup_posix_path }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-backup mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }} {{ end }} @@ -123,6 +129,8 @@ spec: - "cinder:" - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-coordination mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} {{ end }} @@ -138,6 +146,8 @@ spec: command: - /tmp/cinder-backup.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/cinder-backup.sh subPath: cinder-backup.sh @@ -205,6 +215,8 @@ spec: readOnly: true {{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-etc secret: secretName: cinder-etc diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index 992883bb51..7aa9898c6b 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -65,6 +65,8 @@ spec: - "cinder:" - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-coordination mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} {{ end }} @@ -76,6 +78,8 @@ spec: command: - /tmp/cinder-scheduler.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/cinder-scheduler.sh subPath: cinder-scheduler.sh @@ -102,6 +106,8 @@ spec: {{- end }} {{ if $mounts_cinder_scheduler.volumeMounts }}{{ toYaml $mounts_cinder_scheduler.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index 17902c0296..711cf76f66 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -65,6 +65,8 @@ spec: - name: RBD_USER value: {{ index (index .Values.conf.backends (include "cinder.utils.ceph_volume_section_name" $envAll)) "rbd_user" | quote }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: cinder-bin @@ -87,6 +89,8 @@ spec: - "cinder:" - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-coordination mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }} {{ end }} @@ -98,6 +102,8 @@ spec: command: - /tmp/retrieve-internal-tenant.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/retrieve-internal-tenant.sh subPath: retrieve-internal-tenant.sh @@ -125,6 +131,8 @@ spec: command: - /tmp/cinder-volume.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/cinder-volume.sh subPath: cinder-volume.sh @@ -186,6 +194,8 @@ spec: {{- end }} {{ if $mounts_cinder_volume.volumeMounts }}{{ toYaml $mounts_cinder_volume.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml index a073940c6e..dd833ba3f5 100644 --- a/cinder/templates/job-backup-storage-init.yaml +++ b/cinder/templates/job-backup-storage-init.yaml @@ -75,6 +75,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph {{- if not .Values.backup.external_ceph_rbd.enabled }} @@ -123,6 +125,8 @@ spec: command: - /tmp/backup-storage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/backup-storage-init.sh subPath: backup-storage-init.sh @@ -149,6 +153,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml index d85234ed91..db44085871 100644 --- a/cinder/templates/job-clean.yaml +++ b/cinder/templates/job-clean.yaml @@ -82,6 +82,8 @@ spec: command: - /tmp/clean-secrets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/clean-secrets.sh subPath: clean-secrets.sh @@ -101,12 +103,16 @@ spec: command: - /tmp/clean-secrets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/clean-secrets.sh subPath: clean-secrets.sh readOnly: true {{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml index 2371a922b3..920e3d6393 100644 --- a/cinder/templates/job-create-internal-tenant.yaml +++ b/cinder/templates/job-create-internal-tenant.yaml @@ -50,6 +50,8 @@ spec: command: - /tmp/create-internal-tenant.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: create-internal-tenant-sh mountPath: /tmp/create-internal-tenant.sh subPath: create-internal-tenant.sh @@ -76,6 +78,8 @@ spec: value: {{ $serviceOsRoles | quote }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: create-internal-tenant-sh configMap: name: {{ $configMapBin | quote }} diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml index 1d4819c203..796de5b3e5 100644 --- a/cinder/templates/job-storage-init.yaml +++ b/cinder/templates/job-storage-init.yaml @@ -73,6 +73,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: cinder-bin @@ -114,6 +116,8 @@ spec: command: - /tmp/storage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/storage-init.sh subPath: storage-init.sh @@ -133,6 +137,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/pod-rally-test.yaml b/cinder/templates/pod-rally-test.yaml index f24e5aa4e8..4d1d098609 100644 --- a/cinder/templates/pod-rally-test.yaml +++ b/cinder/templates/pod-rally-test.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -76,6 +78,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cinder-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -88,6 +92,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cinder-etc secret: secretName: cinder-etc diff --git a/congress/templates/deployment-api.yaml b/congress/templates/deployment-api.yaml index 71e0124c8b..c5f44a6d42 100644 --- a/congress/templates/deployment-api.yaml +++ b/congress/templates/deployment-api.yaml @@ -65,6 +65,8 @@ spec: tcpSocket: port: {{ tuple "policy" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etccongress mountPath: /etc/congress - name: congress-bin @@ -88,6 +90,8 @@ spec: subPath: policy.json readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etccongress emptyDir: {} - name: congress-bin diff --git a/congress/templates/deployment-datasource.yaml b/congress/templates/deployment-datasource.yaml index 85b097d46d..ffe0389e25 100644 --- a/congress/templates/deployment-datasource.yaml +++ b/congress/templates/deployment-datasource.yaml @@ -59,6 +59,8 @@ spec: - /tmp/congress-datasource.sh - start volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etccongress mountPath: /etc/congress - name: congress-bin @@ -82,6 +84,8 @@ spec: subPath: policy.json readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etccongress emptyDir: {} - name: congress-bin diff --git a/congress/templates/deployment-policy-engine.yaml b/congress/templates/deployment-policy-engine.yaml index 0021a2f7d7..6fdb04a057 100644 --- a/congress/templates/deployment-policy-engine.yaml +++ b/congress/templates/deployment-policy-engine.yaml @@ -59,6 +59,8 @@ spec: - /tmp/congress-policy-engine.sh - start volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etccongress mountPath: /etc/congress - name: congress-bin @@ -82,6 +84,8 @@ spec: subPath: policy.json readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etccongress emptyDir: {} - name: congress-bin diff --git a/congress/templates/job-ds-create.yaml b/congress/templates/job-ds-create.yaml index 710870afe1..81aa7b511e 100644 --- a/congress/templates/job-ds-create.yaml +++ b/congress/templates/job-ds-create.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ds-create.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ds-create-sh mountPath: /tmp/ds-create.sh subPath: ds-create.sh @@ -56,6 +58,8 @@ spec: - name: SERVICE_OS_SERVICE_NAME value: "congress" volumes: + - name: pod-tmp + emptyDir: {} - name: ds-create-sh configMap: name: congress-bin diff --git a/congress/templates/pod-test.yaml b/congress/templates/pod-test.yaml index bad66b8275..7e9b35378b 100644 --- a/congress/templates/pod-test.yaml +++ b/congress/templates/pod-test.yaml @@ -43,11 +43,15 @@ spec: command: - /tmp/congress-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: congress-bin mountPath: /tmp/congress-test.sh subPath: congress-test.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: congress-bin configMap: name: congress-bin diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml index 21172f40e2..5655c3159b 100644 --- a/glance/templates/deployment-api.yaml +++ b/glance/templates/deployment-api.yaml @@ -66,6 +66,8 @@ spec: - "glance:" - {{ .Values.conf.glance.glance_store.filesystem_store_datadir }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-images mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }} {{ if eq .Values.storage "rbd" }} @@ -77,6 +79,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: glance-bin @@ -113,6 +117,8 @@ spec: port: {{ tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcglance mountPath: /etc/glance - name: glance-bin @@ -159,6 +165,8 @@ spec: {{- end }} {{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etcglance emptyDir: {} - name: glance-bin diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml index c83962dcd1..fa444f9b91 100644 --- a/glance/templates/deployment-registry.yaml +++ b/glance/templates/deployment-registry.yaml @@ -80,6 +80,8 @@ spec: port: {{ tuple "image_registry" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcglance mountPath: /etc/glance - name: glance-bin @@ -108,6 +110,8 @@ spec: readOnly: true {{ if $mounts_glance_registry.volumeMounts }}{{ toYaml $mounts_glance_registry.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etcglance emptyDir: {} - name: glance-bin diff --git a/glance/templates/job-clean.yaml b/glance/templates/job-clean.yaml index 9db6c734e1..f228c4499d 100644 --- a/glance/templates/job-clean.yaml +++ b/glance/templates/job-clean.yaml @@ -82,6 +82,8 @@ spec: command: - /tmp/clean-secrets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-bin mountPath: /tmp/clean-secrets.sh subPath: clean-secrets.sh @@ -97,11 +99,15 @@ spec: command: - /tmp/clean-image.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-bin mountPath: /tmp/clean-image.sh subPath: clean-image.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: glance-bin configMap: name: glance-bin diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml index f9e1123951..fd11cc11c3 100644 --- a/glance/templates/job-storage-init.yaml +++ b/glance/templates/job-storage-init.yaml @@ -75,6 +75,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: glance-bin @@ -131,6 +133,8 @@ spec: command: - /tmp/storage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-bin mountPath: /tmp/storage-init.sh subPath: storage-init.sh @@ -154,6 +158,8 @@ spec: mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }} {{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: glance-bin configMap: name: glance-bin diff --git a/glance/templates/pod-rally-test.yaml b/glance/templates/pod-rally-test.yaml index a0f992fbee..a0d99590ee 100644 --- a/glance/templates/pod-rally-test.yaml +++ b/glance/templates/pod-rally-test.yaml @@ -44,6 +44,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -75,6 +77,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: glance-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -87,6 +91,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: glance-etc secret: secretName: glance-etc diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml index 1a71a372d8..130f38df92 100644 --- a/heat/templates/cron-job-engine-cleaner.yaml +++ b/heat/templates/cron-job-engine-cleaner.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/heat-engine-cleaner.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: heat-bin mountPath: /tmp/heat-engine-cleaner.sh subPath: heat-engine-cleaner.sh @@ -78,15 +80,17 @@ spec: {{ end }} {{ if $mounts_heat_engine_cleaner.volumeMounts }}{{ toYaml $mounts_heat_engine_cleaner.volumeMounts | indent 14 }}{{ end }} volumes: - - name: etcheat - emptyDir: {} - - name: heat-etc - secret: - secretName: heat-etc - defaultMode: 0444 - - name: heat-bin - configMap: - name: heat-bin - defaultMode: 0555 -{{ if $mounts_heat_engine_cleaner.volumes }}{{ toYaml $mounts_heat_engine_cleaner.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etcheat + emptyDir: {} + - name: heat-etc + secret: + secretName: heat-etc + defaultMode: 0444 + - name: heat-bin + configMap: + name: heat-bin + defaultMode: 0555 +{{ if $mounts_heat_engine_cleaner.volumes }}{{ toYaml $mounts_heat_engine_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml index 0e0c2ce180..f76bb1a178 100644 --- a/heat/templates/cron-job-purge-deleted.yaml +++ b/heat/templates/cron-job-purge-deleted.yaml @@ -58,6 +58,8 @@ spec: - /tmp/heat-purge-deleted-active.sh - {{ quote .Values.jobs.purge_deleted.purge_age }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: heat-bin mountPath: /tmp/heat-purge-deleted-active.sh subPath: heat-purge-deleted-active.sh @@ -76,15 +78,17 @@ spec: {{ end }} {{ if $mounts_heat_purge_deleted.volumeMounts }}{{ toYaml $mounts_heat_purge_deleted.volumeMounts | indent 14 }}{{ end }} volumes: - - name: etcheat - emptyDir: {} - - name: heat-etc - secret: - secretName: heat-etc - defaultMode: 0444 - - name: heat-bin - configMap: - name: heat-bin - defaultMode: 0555 -{{ if $mounts_heat_purge_deleted.volumes }}{{ toYaml $mounts_heat_purge_deleted.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etcheat + emptyDir: {} + - name: heat-etc + secret: + secretName: heat-etc + defaultMode: 0444 + - name: heat-bin + configMap: + name: heat-bin + defaultMode: 0555 +{{ if $mounts_heat_purge_deleted.volumes }}{{ toYaml $mounts_heat_purge_deleted.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml index ff022d13ec..36834ee6d0 100644 --- a/heat/templates/deployment-api.yaml +++ b/heat/templates/deployment-api.yaml @@ -80,6 +80,8 @@ spec: port: {{ tuple "orchestration" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-heat mountPath: /etc/heat - name: heat-bin @@ -110,6 +112,8 @@ spec: readOnly: true {{ if $mounts_heat_api.volumeMounts }}{{ toYaml $mounts_heat_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-heat emptyDir: {} - name: heat-bin diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml index 817233612b..e21a48040b 100644 --- a/heat/templates/deployment-cfn.yaml +++ b/heat/templates/deployment-cfn.yaml @@ -80,6 +80,8 @@ spec: port: {{ tuple "cloudformation" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-heat mountPath: /etc/heat - name: heat-bin @@ -110,6 +112,8 @@ spec: readOnly: true {{ if $mounts_heat_cfn.volumeMounts }}{{ toYaml $mounts_heat_cfn.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-heat emptyDir: {} - name: heat-bin diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml index 837f11afb1..3794709d8e 100644 --- a/heat/templates/deployment-cloudwatch.yaml +++ b/heat/templates/deployment-cloudwatch.yaml @@ -76,6 +76,8 @@ spec: tcpSocket: port: {{ tuple "cloudwatch" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-heat mountPath: /etc/heat - name: heat-bin @@ -106,6 +108,8 @@ spec: readOnly: true {{ if $mounts_heat_cloudwatch.volumeMounts }}{{ toYaml $mounts_heat_cloudwatch.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-heat emptyDir: {} - name: heat-bin diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml index b595b088e7..43b4f30cdb 100644 --- a/heat/templates/deployment-engine.yaml +++ b/heat/templates/deployment-engine.yaml @@ -78,6 +78,8 @@ spec: - /tmp/heat-engine.sh - stop volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-heat mountPath: /etc/heat - name: heat-bin @@ -100,6 +102,8 @@ spec: readOnly: true {{ if $mounts_heat_engine.volumeMounts }}{{ toYaml $mounts_heat_engine.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-heat emptyDir: {} - name: heat-bin diff --git a/heat/templates/job-ks-user-domain.yaml b/heat/templates/job-ks-user-domain.yaml index b443a86c33..f8b685b86c 100644 --- a/heat/templates/job-ks-user-domain.yaml +++ b/heat/templates/job-ks-user-domain.yaml @@ -44,6 +44,8 @@ spec: command: - /tmp/ks-domain-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-user-sh mountPath: /tmp/ks-domain-user.sh subPath: ks-domain-user.sh @@ -77,6 +79,8 @@ spec: - name: SERVICE_OS_ROLE value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-user-sh configMap: name: heat-bin diff --git a/heat/templates/job-trusts.yaml b/heat/templates/job-trusts.yaml index f8ece8dab4..cff432ca22 100644 --- a/heat/templates/job-trusts.yaml +++ b/heat/templates/job-trusts.yaml @@ -48,6 +48,8 @@ spec: - bash - /tmp/trusts.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: heat-bin mountPath: /tmp/trusts.sh subPath: trusts.sh @@ -64,6 +66,8 @@ spec: - name: SERVICE_OS_TRUSTEE_DOMAIN value: {{ .Values.endpoints.identity.auth.heat_trustee.user_domain_name }} volumes: + - name: pod-tmp + emptyDir: {} - name: heat-bin configMap: name: heat-bin diff --git a/heat/templates/pod-rally-test.yaml b/heat/templates/pod-rally-test.yaml index 2db25a300e..0fbb968073 100644 --- a/heat/templates/pod-rally-test.yaml +++ b/heat/templates/pod-rally-test.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: heat-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -76,6 +78,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: heat-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -94,6 +98,8 @@ spec: {{- end }} {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: heat-etc secret: secretName: heat-etc diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml index 3baf1e294c..a0e0042a28 100644 --- a/horizon/templates/deployment.yaml +++ b/horizon/templates/deployment.yaml @@ -90,6 +90,8 @@ spec: periodSeconds: 60 timeoutSeconds: 5 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: static-horizon mountPath: /var/www/html/ - name: horizon-bin @@ -127,6 +129,8 @@ spec: {{- end }} {{ if $mounts_horizon.volumeMounts }}{{ toYaml $mounts_horizon.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: wsgi-horizon emptyDir: {} - name: static-horizon diff --git a/ironic/templates/deployment-api.yaml b/ironic/templates/deployment-api.yaml index 2f20d5d246..453d4acb00 100644 --- a/ironic/templates/deployment-api.yaml +++ b/ironic/templates/deployment-api.yaml @@ -67,6 +67,8 @@ spec: command: - /tmp/retreive-swift-config.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/retreive-swift-config.sh subPath: retreive-swift-config.sh @@ -86,6 +88,8 @@ spec: command: - /tmp/retreive-cleaning-network.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/retreive-cleaning-network.sh subPath: retreive-cleaning-network.sh @@ -112,6 +116,8 @@ spec: tcpSocket: port: {{ tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-api.sh subPath: ironic-api.sh @@ -132,6 +138,8 @@ spec: mountPath: /tmp/pod-shared {{ if $mounts_ironic_api.volumeMounts }}{{ toYaml $mounts_ironic_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ironic-bin configMap: name: ironic-bin diff --git a/ironic/templates/job-manage-cleaning-network.yaml b/ironic/templates/job-manage-cleaning-network.yaml index b79bca47e1..f2f77a9596 100644 --- a/ironic/templates/job-manage-cleaning-network.yaml +++ b/ironic/templates/job-manage-cleaning-network.yaml @@ -50,11 +50,15 @@ spec: command: - /tmp/manage-cleaning-network.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/manage-cleaning-network.sh subPath: manage-cleaning-network.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: ironic-bin configMap: name: ironic-bin diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml index 1fca3ea73d..2a4eff35d9 100644 --- a/ironic/templates/statefulset-conductor.yaml +++ b/ironic/templates/statefulset-conductor.yaml @@ -62,6 +62,8 @@ spec: command: - /tmp/ironic-conductor-pxe-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor-pxe-init.sh subPath: ironic-conductor-pxe-init.sh @@ -77,6 +79,8 @@ spec: command: - /tmp/ironic-conductor-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor-init.sh subPath: ironic-conductor-init.sh @@ -92,6 +96,8 @@ spec: command: - /tmp/ironic-conductor-http-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor-http-init.sh subPath: ironic-conductor-http-init.sh @@ -115,6 +121,8 @@ spec: command: - /tmp/retreive-swift-config.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/retreive-swift-config.sh subPath: retreive-swift-config.sh @@ -134,6 +142,8 @@ spec: command: - /tmp/retreive-cleaning-network.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/retreive-cleaning-network.sh subPath: retreive-cleaning-network.sh @@ -150,6 +160,8 @@ spec: command: - /tmp/ironic-conductor.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor.sh subPath: ironic-conductor.sh @@ -191,6 +203,8 @@ spec: command: - /tmp/ironic-conductor-pxe.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor-pxe.sh subPath: ironic-conductor-pxe.sh @@ -207,6 +221,8 @@ spec: command: - /tmp/ironic-conductor-http.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ironic-bin mountPath: /tmp/ironic-conductor-http.sh subPath: ironic-conductor-http.sh @@ -218,6 +234,8 @@ spec: mountPath: /var/lib/openstack-helm {{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-shared emptyDir: {} - name: pod-var-cache-ironic diff --git a/keystone/templates/cron-job-credential-rotate.yaml b/keystone/templates/cron-job-credential-rotate.yaml index 9249675e99..6330c1abeb 100644 --- a/keystone/templates/cron-job-credential-rotate.yaml +++ b/keystone/templates/cron-job-credential-rotate.yaml @@ -80,46 +80,50 @@ spec: {{ tuple $envAll "keystone_credential_rotate" | include "helm-toolkit.snippets.image" | indent 14 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.credential_rotate | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} env: - - name: KEYSTONE_USER - value: {{ .Values.jobs.credential_rotate.user | quote }} - - name: KEYSTONE_GROUP - value: {{ .Values.jobs.credential_rotate.group | quote }} - - name: KUBERNETES_NAMESPACE - value: {{ .Release.Namespace | quote }} - - name: KEYSTONE_KEYS_REPOSITORY - value: {{ .Values.conf.keystone.credential.key_repository | quote }} - - name: KEYSTONE_CREDENTIAL_MIGRATE_WAIT - value: {{ .Values.jobs.credential_rotate.migrate_wait | quote }} + - name: KEYSTONE_USER + value: {{ .Values.jobs.credential_rotate.user | quote }} + - name: KEYSTONE_GROUP + value: {{ .Values.jobs.credential_rotate.group | quote }} + - name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: KEYSTONE_KEYS_REPOSITORY + value: {{ .Values.conf.keystone.credential.key_repository | quote }} + - name: KEYSTONE_CREDENTIAL_MIGRATE_WAIT + value: {{ .Values.jobs.credential_rotate.migrate_wait | quote }} command: - python - /tmp/fernet-manage.py - credential_rotate volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} - readOnly: true - - name: keystone-bin - mountPath: /tmp/fernet-manage.py - subPath: fernet-manage.py - readOnly: true - {{ if $mounts_keystone_credential_rotate.volumeMounts }}{{ toYaml $mounts_keystone_credential_rotate.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etckeystone + mountPath: /etc/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} + readOnly: true + - name: keystone-bin + mountPath: /tmp/fernet-manage.py + subPath: fernet-manage.py + readOnly: true +{{ if $mounts_keystone_credential_rotate.volumeMounts }}{{ toYaml $mounts_keystone_credential_rotate.volumeMounts | indent 16 }}{{ end }} volumes: - - name: etckeystone - emptyDir: {} - - name: keystone-etc - secret: - secretName: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 - {{ if $mounts_keystone_credential_rotate.volumes }}{{ toYaml $mounts_keystone_credential_rotate.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etckeystone + emptyDir: {} + - name: keystone-etc + secret: + secretName: keystone-etc + defaultMode: 0444 + - name: keystone-bin + configMap: + name: keystone-bin + defaultMode: 0555 +{{ if $mounts_keystone_credential_rotate.volumes }}{{ toYaml $mounts_keystone_credential_rotate.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/keystone/templates/cron-job-fernet-rotate.yaml b/keystone/templates/cron-job-fernet-rotate.yaml index a61339ef85..ca2d41358f 100644 --- a/keystone/templates/cron-job-fernet-rotate.yaml +++ b/keystone/templates/cron-job-fernet-rotate.yaml @@ -81,45 +81,49 @@ spec: {{ tuple $envAll "keystone_fernet_rotate" | include "helm-toolkit.snippets.image" | indent 14 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.fernet_rotate | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }} env: - - name: KEYSTONE_USER - value: {{ .Values.jobs.fernet_rotate.user | quote }} - - name: KEYSTONE_GROUP - value: {{ .Values.jobs.fernet_rotate.group | quote }} - - name: KUBERNETES_NAMESPACE - value: {{ .Release.Namespace | quote }} - - name: KEYSTONE_KEYS_REPOSITORY - value: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} + - name: KEYSTONE_USER + value: {{ .Values.jobs.fernet_rotate.user | quote }} + - name: KEYSTONE_GROUP + value: {{ .Values.jobs.fernet_rotate.group | quote }} + - name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: KEYSTONE_KEYS_REPOSITORY + value: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} command: - python - /tmp/fernet-manage.py - fernet_rotate volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} - readOnly: true - - name: keystone-bin - mountPath: /tmp/fernet-manage.py - subPath: fernet-manage.py - readOnly: true - {{ if $mounts_keystone_fernet_rotate.volumeMounts }}{{ toYaml $mounts_keystone_fernet_rotate.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etckeystone + mountPath: /etc/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} + readOnly: true + - name: keystone-bin + mountPath: /tmp/fernet-manage.py + subPath: fernet-manage.py + readOnly: true +{{ if $mounts_keystone_fernet_rotate.volumeMounts }}{{ toYaml $mounts_keystone_fernet_rotate.volumeMounts | indent 16 }}{{ end }} volumes: - - name: etckeystone - emptyDir: {} - - name: keystone-etc - secret: - secretName: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 - {{ if $mounts_keystone_fernet_rotate.volumes }}{{ toYaml $mounts_keystone_fernet_rotate.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etckeystone + emptyDir: {} + - name: keystone-etc + secret: + secretName: keystone-etc + defaultMode: 0444 + - name: keystone-bin + configMap: + name: keystone-bin + defaultMode: 0555 +{{ if $mounts_keystone_fernet_rotate.volumes }}{{ toYaml $mounts_keystone_fernet_rotate.volumes | indent 12 }}{{ end }} {{- end }} {{- end }} diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml index 3069a2ad41..28ec10f9ef 100644 --- a/keystone/templates/deployment-api.yaml +++ b/keystone/templates/deployment-api.yaml @@ -89,98 +89,102 @@ spec: periodSeconds: 20 timeoutSeconds: 5 volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: logs-apache - mountPath: /var/log/apache2 - - name: run-apache - mountPath: /var/run/apache2 - - name: wsgi-keystone - mountPath: /var/www/cgi-bin/keystone - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-etc - mountPath: /etc/apache2/ports.conf - subPath: ports.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} - readOnly: true - - name: keystone-etc - mountPath: /etc/keystone/keystone-paste.ini - subPath: keystone-paste.ini - readOnly: true - - name: keystone-etc - mountPath: /etc/keystone/policy.json - subPath: policy.json - readOnly: true - - name: keystone-etc - mountPath: /etc/keystone/sso_callback_template.html - subPath: sso_callback_template.html - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-keystone.conf - subPath: wsgi-keystone.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf - subPath: mpm_event.conf - readOnly: true + - name: pod-tmp + mountPath: /tmp + - name: etckeystone + mountPath: /etc/keystone + - name: logs-apache + mountPath: /var/log/apache2 + - name: run-apache + mountPath: /var/run/apache2 + - name: wsgi-keystone + mountPath: /var/www/cgi-bin/keystone + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true + - name: keystone-etc + mountPath: /etc/apache2/ports.conf + subPath: ports.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} + readOnly: true + - name: keystone-etc + mountPath: /etc/keystone/keystone-paste.ini + subPath: keystone-paste.ini + readOnly: true + - name: keystone-etc + mountPath: /etc/keystone/policy.json + subPath: policy.json + readOnly: true + - name: keystone-etc + mountPath: /etc/keystone/sso_callback_template.html + subPath: sso_callback_template.html + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-keystone.conf + subPath: wsgi-keystone.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf + subPath: mpm_event.conf + readOnly: true {{- if .Values.conf.security }} - - name: keystone-etc - mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf - subPath: security.conf - readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf + subPath: security.conf + readOnly: true {{- end }} - - name: keystone-bin - mountPath: /tmp/keystone-api.sh - subPath: keystone-api.sh - readOnly: true + - name: keystone-bin + mountPath: /tmp/keystone-api.sh + subPath: keystone-api.sh + readOnly: true {{- if .Values.endpoints.ldap.auth.client.tls.ca }} - - name: keystone-ldap-tls - mountPath: /etc/keystone/ldap/tls.ca - subPath: tls.ca - readOnly: true + - name: keystone-ldap-tls + mountPath: /etc/keystone/ldap/tls.ca + subPath: tls.ca + readOnly: true {{- end }} {{- if eq .Values.conf.keystone.token.provider "fernet" }} - - name: keystone-fernet-keys - mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }} + - name: keystone-fernet-keys + mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }} {{- end }} - - name: keystone-credential-keys - mountPath: {{ .Values.conf.keystone.credential.key_repository }} -{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 10 }}{{ end }} + - name: keystone-credential-keys + mountPath: {{ .Values.conf.keystone.credential.key_repository }} +{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}{{ end }} volumes: - - name: etckeystone - emptyDir: {} - - name: wsgi-keystone - emptyDir: {} - - name: logs-apache - emptyDir: {} - - name: run-apache - emptyDir: {} - - name: keystone-etc - secret: - secretName: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: etckeystone + emptyDir: {} + - name: wsgi-keystone + emptyDir: {} + - name: logs-apache + emptyDir: {} + - name: run-apache + emptyDir: {} + - name: keystone-etc + secret: + secretName: keystone-etc + defaultMode: 0444 + - name: keystone-bin + configMap: + name: keystone-bin + defaultMode: 0555 {{- if .Values.endpoints.ldap.auth.client.tls.ca }} - - name: keystone-ldap-tls - secret: - secretName: keystone-ldap-tls + - name: keystone-ldap-tls + secret: + secretName: keystone-ldap-tls {{- end }} {{- if eq .Values.conf.keystone.token.provider "fernet" }} - - name: keystone-fernet-keys - secret: - secretName: keystone-fernet-keys + - name: keystone-fernet-keys + secret: + secretName: keystone-fernet-keys {{- end }} - - name: keystone-credential-keys - secret: - secretName: keystone-credential-keys -{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 6 }}{{ end }} + - name: keystone-credential-keys + secret: + secretName: keystone-credential-keys +{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml index 11fed66477..aad01bf842 100644 --- a/keystone/templates/job-credential-cleanup.yaml +++ b/keystone/templates/job-credential-cleanup.yaml @@ -69,6 +69,8 @@ spec: - python - /tmp/cred-clean.py volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: cred-clean-sh mountPath: /tmp/cred-clean.py subPath: cred-clean.py @@ -86,6 +88,8 @@ spec: readOnly: true {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: cred-clean-sh configMap: name: "keystone-bin" diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml index 4a212dcb5b..e53b0c1f57 100644 --- a/keystone/templates/job-credential-setup.yaml +++ b/keystone/templates/job-credential-setup.yaml @@ -74,48 +74,52 @@ spec: {{ tuple $envAll "keystone_credential_setup" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.credential_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: KEYSTONE_USER - value: {{ .Values.jobs.credential_setup.user | quote }} - - name: KEYSTONE_GROUP - value: {{ .Values.jobs.credential_setup.group | quote }} - - name: KUBERNETES_NAMESPACE - value: {{ .Release.Namespace | quote }} - - name: KEYSTONE_KEYS_REPOSITORY - value: {{ .Values.conf.keystone.credential.key_repository | quote }} + - name: KEYSTONE_USER + value: {{ .Values.jobs.credential_setup.user | quote }} + - name: KEYSTONE_GROUP + value: {{ .Values.jobs.credential_setup.group | quote }} + - name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: KEYSTONE_KEYS_REPOSITORY + value: {{ .Values.conf.keystone.credential.key_repository | quote }} command: - python - /tmp/fernet-manage.py - credential_setup volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: credential-keys - mountPath: {{ .Values.conf.keystone.credential.key_repository | quote }} - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} - readOnly: true - - name: keystone-bin - mountPath: /tmp/fernet-manage.py - subPath: fernet-manage.py - readOnly: true -{{ if $mounts_keystone_credential_setup.volumeMounts }}{{ toYaml $mounts_keystone_credential_setup.volumeMounts | indent 10 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etckeystone + mountPath: /etc/keystone + - name: credential-keys + mountPath: {{ .Values.conf.keystone.credential.key_repository | quote }} + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} + readOnly: true + - name: keystone-bin + mountPath: /tmp/fernet-manage.py + subPath: fernet-manage.py + readOnly: true +{{ if $mounts_keystone_credential_setup.volumeMounts }}{{ toYaml $mounts_keystone_credential_setup.volumeMounts | indent 12 }}{{ end }} volumes: - - name: etckeystone - emptyDir: {} - - name: credential-keys - emptyDir: {} - - name: keystone-etc - secret: - secretName: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 -{{ if $mounts_keystone_credential_setup.volumes }}{{ toYaml $mounts_keystone_credential_setup.volumes | indent 6 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etckeystone + emptyDir: {} + - name: credential-keys + emptyDir: {} + - name: keystone-etc + secret: + secretName: keystone-etc + defaultMode: 0444 + - name: keystone-bin + configMap: + name: keystone-bin + defaultMode: 0555 +{{ if $mounts_keystone_credential_setup.volumes }}{{ toYaml $mounts_keystone_credential_setup.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml index a2c8be84d2..86ee64763a 100644 --- a/keystone/templates/job-domain-manage.yaml +++ b/keystone/templates/job-domain-manage.yaml @@ -49,6 +49,8 @@ spec: command: - /tmp/domain-manage-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: keystone-bin mountPath: /tmp/domain-manage-init.sh subPath: domain-manage-init.sh @@ -64,6 +66,8 @@ spec: command: - /tmp/domain-manage.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etckeystonedomains mountPath: {{ .Values.conf.keystone.identity.domain_config_dir | default "/etc/keystonedomains" }} - name: etckeystone @@ -98,6 +102,8 @@ spec: mountPath: {{ .Values.conf.keystone.credential.key_repository }} {{ if $mounts_keystone_domain_manage.volumeMounts }}{{ toYaml $mounts_keystone_domain_manage.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: etckeystone emptyDir: {} - name: etckeystonedomains diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml index ebe9f2184f..81093720e9 100644 --- a/keystone/templates/job-fernet-setup.yaml +++ b/keystone/templates/job-fernet-setup.yaml @@ -73,49 +73,53 @@ spec: {{ tuple $envAll "keystone_fernet_setup" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.jobs.fernet_setup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} env: - - name: KEYSTONE_USER - value: {{ .Values.jobs.fernet_setup.user | quote }} - - name: KEYSTONE_GROUP - value: {{ .Values.jobs.fernet_setup.group | quote }} - - name: KUBERNETES_NAMESPACE - value: {{ .Release.Namespace | quote }} - - name: KEYSTONE_KEYS_REPOSITORY - value: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} + - name: KEYSTONE_USER + value: {{ .Values.jobs.fernet_setup.user | quote }} + - name: KEYSTONE_GROUP + value: {{ .Values.jobs.fernet_setup.group | quote }} + - name: KUBERNETES_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: KEYSTONE_KEYS_REPOSITORY + value: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} command: - python - /tmp/fernet-manage.py - fernet_setup volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: fernet-keys - mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-etc - mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} - readOnly: true - - name: keystone-bin - mountPath: /tmp/fernet-manage.py - subPath: fernet-manage.py - readOnly: true -{{ if $mounts_keystone_fernet_setup.volumeMounts }}{{ toYaml $mounts_keystone_fernet_setup.volumeMounts | indent 10 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etckeystone + mountPath: /etc/keystone + - name: fernet-keys + mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository | quote }} + - name: keystone-etc + mountPath: /etc/keystone/keystone.conf + subPath: keystone.conf + readOnly: true + - name: keystone-etc + mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }} + readOnly: true + - name: keystone-bin + mountPath: /tmp/fernet-manage.py + subPath: fernet-manage.py + readOnly: true +{{ if $mounts_keystone_fernet_setup.volumeMounts }}{{ toYaml $mounts_keystone_fernet_setup.volumeMounts | indent 12 }}{{ end }} volumes: - - name: etckeystone - emptyDir: {} - - name: fernet-keys - emptyDir: {} - - name: keystone-etc - secret: - secretName: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 -{{ if $mounts_keystone_fernet_setup.volumes }}{{ toYaml $mounts_keystone_fernet_setup.volumes | indent 6 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etckeystone + emptyDir: {} + - name: fernet-keys + emptyDir: {} + - name: keystone-etc + secret: + secretName: keystone-etc + defaultMode: 0444 + - name: keystone-bin + configMap: + name: keystone-bin + defaultMode: 0555 +{{ if $mounts_keystone_fernet_setup.volumes }}{{ toYaml $mounts_keystone_fernet_setup.volumes | indent 8 }}{{ end }} {{- end }} {{- end }} diff --git a/keystone/templates/pod-rally-test.yaml b/keystone/templates/pod-rally-test.yaml index d29bc0eb69..49501e98b0 100644 --- a/keystone/templates/pod-rally-test.yaml +++ b/keystone/templates/pod-rally-test.yaml @@ -43,6 +43,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: keystone-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -74,6 +76,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: keystone-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -86,6 +90,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: keystone-etc secret: secretName: keystone-etc diff --git a/magnum/templates/deployment-api.yaml b/magnum/templates/deployment-api.yaml index d5d4d4828f..bc28b58c2c 100644 --- a/magnum/templates/deployment-api.yaml +++ b/magnum/templates/deployment-api.yaml @@ -80,6 +80,8 @@ spec: initialDelaySeconds: 15 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: magnum-bin mountPath: /tmp/magnum-api.sh subPath: magnum-api.sh @@ -108,6 +110,8 @@ spec: mountPath: {{ .Values.conf.magnum.oslo_concurrency.lock_path }} {{ if $mounts_magnum_api.volumeMounts }}{{ toYaml $mounts_magnum_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-magnum emptyDir: {} - name: pod-var-cache-magnum diff --git a/magnum/templates/job-ks-user-domain.yaml b/magnum/templates/job-ks-user-domain.yaml index 3705e060a5..2e6f20a173 100644 --- a/magnum/templates/job-ks-user-domain.yaml +++ b/magnum/templates/job-ks-user-domain.yaml @@ -44,6 +44,8 @@ spec: command: - /tmp/ks-domain-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-user-sh mountPath: /tmp/ks-domain-user.sh subPath: ks-domain-user.sh @@ -77,6 +79,8 @@ spec: - name: SERVICE_OS_ROLE value: {{ .Values.endpoints.identity.auth.magnum_stack_user.role | quote }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-user-sh configMap: name: magnum-bin diff --git a/magnum/templates/statefulset-conductor.yaml b/magnum/templates/statefulset-conductor.yaml index 10f1cb288d..20a6c9541e 100644 --- a/magnum/templates/statefulset-conductor.yaml +++ b/magnum/templates/statefulset-conductor.yaml @@ -65,6 +65,8 @@ spec: command: - /tmp/magnum-conductor-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: magnum-bin mountPath: /tmp/magnum-conductor-init.sh subPath: magnum-conductor-init.sh @@ -80,6 +82,8 @@ spec: command: - /tmp/magnum-conductor.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: magnum-bin mountPath: /tmp/magnum-conductor.sh subPath: magnum-conductor.sh @@ -104,6 +108,8 @@ spec: mountPath: {{ .Values.conf.magnum.oslo_concurrency.lock_path }} {{ if $mounts_magnum_conductor.volumeMounts }}{{ toYaml $mounts_magnum_conductor.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-magnum emptyDir: {} - name: pod-shared diff --git a/mistral/templates/deployment-api.yaml b/mistral/templates/deployment-api.yaml index 65a9e844ef..9eb8029b95 100644 --- a/mistral/templates/deployment-api.yaml +++ b/mistral/templates/deployment-api.yaml @@ -76,6 +76,8 @@ spec: tcpSocket: port: {{ tuple "workflowv2" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-mistral mountPath: /etc/mistral - name: mistral-bin @@ -96,6 +98,8 @@ spec: readOnly: true {{ if $mounts_mistral_api.volumeMounts }}{{ toYaml $mounts_mistral_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-mistral emptyDir: {} - name: mistral-bin diff --git a/mistral/templates/deployment-executor.yaml b/mistral/templates/deployment-executor.yaml index 27bc70a0d9..0ea1a39744 100644 --- a/mistral/templates/deployment-executor.yaml +++ b/mistral/templates/deployment-executor.yaml @@ -62,6 +62,8 @@ spec: command: - /tmp/mistral-executor.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-mistral mountPath: /etc/mistral - name: mistral-bin @@ -78,6 +80,8 @@ spec: readOnly: true {{ if $mounts_mistral_executor.volumeMounts }}{{ toYaml $mounts_mistral_executor.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-mistral emptyDir: {} - name: mistral-bin diff --git a/mistral/templates/pod-rally-test.yaml b/mistral/templates/pod-rally-test.yaml index 70f85d96ec..d8c5121fc3 100644 --- a/mistral/templates/pod-rally-test.yaml +++ b/mistral/templates/pod-rally-test.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mistral-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -76,6 +78,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: mistral-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -94,6 +98,8 @@ spec: {{- end }} {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: mistral-etc secret: secretName: mistral-etc diff --git a/mistral/templates/statefulset-engine.yaml b/mistral/templates/statefulset-engine.yaml index 008e5afb0b..a63126ce8d 100644 --- a/mistral/templates/statefulset-engine.yaml +++ b/mistral/templates/statefulset-engine.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/mistral-engine.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-mistral mountPath: /etc/mistral - name: mistral-bin @@ -76,6 +78,8 @@ spec: readOnly: true {{ if $mounts_mistral_engine.volumeMounts }}{{ toYaml $mounts_mistral_engine.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-mistral emptyDir: {} - name: mistral-bin diff --git a/mistral/templates/statefulset-event-engine.yaml b/mistral/templates/statefulset-event-engine.yaml index 16bb8fac5d..7013be126b 100644 --- a/mistral/templates/statefulset-event-engine.yaml +++ b/mistral/templates/statefulset-event-engine.yaml @@ -60,6 +60,8 @@ spec: command: - /tmp/mistral-event-engine.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: pod-etc-mistral mountPath: /etc/mistral - name: mistral-bin @@ -76,6 +78,8 @@ spec: readOnly: true {{ if $mounts_mistral_event_engine.volumeMounts }}{{ toYaml $mounts_mistral_event_engine.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-mistral emptyDir: {} - name: mistral-bin diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index 49866f2aa5..f60bf03f54 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -69,35 +69,37 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/dhcp_agent.ini - - --agent-queue-name - - dhcp_agent + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/dhcp_agent.ini + - --agent-queue-name + - dhcp_agent initialDelaySeconds: 30 periodSeconds: 15 timeoutSeconds: 65 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/dhcp_agent.ini - - --agent-queue-name - - dhcp_agent - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/dhcp_agent.ini + - --agent-queue-name + - dhcp_agent + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/neutron-dhcp-agent.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-dhcp-agent.sh subPath: neutron-dhcp-agent.sh @@ -166,6 +168,8 @@ spec: {{- end }} {{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 5e0ec19437..cd5f2495fa 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -69,35 +69,37 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/l3_agent.ini - - --agent-queue-name - - l3_agent + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/l3_agent.ini + - --agent-queue-name + - l3_agent initialDelaySeconds: 30 periodSeconds: 15 timeoutSeconds: 65 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/l3_agent.ini - - --agent-queue-name - - l3_agent - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/l3_agent.ini + - --agent-queue-name + - l3_agent + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/neutron-l3-agent.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-l3-agent.sh subPath: neutron-l3-agent.sh @@ -165,6 +167,8 @@ spec: {{- end }} {{ if $mounts_neutron_l3_agent.volumeMounts }}{{ toYaml $mounts_neutron_l3_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml index c2b432f799..69050e2bec 100644 --- a/neutron/templates/daemonset-lb-agent.yaml +++ b/neutron/templates/daemonset-lb-agent.yaml @@ -86,6 +86,8 @@ spec: command: - /tmp/neutron-linuxbridge-agent-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-linuxbridge-agent-init.sh subPath: neutron-linuxbridge-agent-init.sh @@ -147,6 +149,8 @@ spec: - -c - 'brctl show' volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-linuxbridge-agent.sh subPath: neutron-linuxbridge-agent.sh @@ -194,6 +198,8 @@ spec: mountPath: /run {{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-shared emptyDir: {} - name: neutron-bin diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index 8e92a675d6..69c4a68d74 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -71,6 +71,8 @@ spec: command: - /tmp/neutron-metadata-agent-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-metadata-agent-init.sh subPath: neutron-metadata-agent-init.sh @@ -90,31 +92,33 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/metadata_agent.ini + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/metadata_agent.ini initialDelaySeconds: 30 periodSeconds: 15 timeoutSeconds: 35 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/metadata_agent.ini - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/metadata_agent.ini + - --liveness-probe initialDelaySeconds: 90 periodSeconds: 60 timeoutSeconds: 45 command: - /tmp/neutron-metadata-agent.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-metadata-agent.sh subPath: neutron-metadata-agent.sh @@ -175,6 +179,8 @@ spec: {{- end }} {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 56061e6325..5a4384815e 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -70,6 +70,8 @@ spec: command: - /tmp/neutron-openvswitch-agent-init-modules.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-openvswitch-agent-init-modules.sh subPath: neutron-openvswitch-agent-init-modules.sh @@ -86,6 +88,8 @@ spec: command: - /tmp/neutron-openvswitch-agent-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-openvswitch-agent-init.sh subPath: neutron-openvswitch-agent-init.sh @@ -165,19 +169,21 @@ spec: livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/plugins/ml2/openvswitch_agent.ini - - --agent-queue-name - - q-agent-notifier-tunnel-update - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/plugins/ml2/openvswitch_agent.ini + - --agent-queue-name + - q-agent-notifier-tunnel-update + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-openvswitch-agent.sh subPath: neutron-openvswitch-agent.sh @@ -239,6 +245,8 @@ spec: mountPath: /run {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: varlibopenvswitch emptyDir: {} - name: pod-shared diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml index a59e4100db..63471b06e0 100644 --- a/neutron/templates/daemonset-sriov-agent.yaml +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -69,6 +69,8 @@ spec: command: - /tmp/neutron-sriov-agent-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-sriov-agent-init.sh subPath: neutron-sriov-agent-init.sh @@ -132,16 +134,18 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/neutron/neutron.conf - - --config-file - - /etc/neutron/sriov_agent.ini + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/sriov_agent.ini initialDelaySeconds: 30 periodSeconds: 15 timeoutSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-sriov-agent.sh subPath: neutron-sriov-agent.sh @@ -203,6 +207,8 @@ spec: mountPath: /run {{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-shared emptyDir: {} - name: neutron-bin diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 56a9a41c04..9dea3a925a 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -84,6 +84,8 @@ spec: port: {{ tuple "network" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 60 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/neutron-server.sh subPath: neutron-server.sh @@ -126,6 +128,8 @@ spec: readOnly: true {{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: neutron-bin configMap: name: neutron-bin diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml index 15633d1871..374039af40 100644 --- a/neutron/templates/pod-rally-test.yaml +++ b/neutron/templates/pod-rally-test.yaml @@ -46,6 +46,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -77,6 +79,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: neutron-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -89,6 +93,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: neutron-etc secret: secretName: neutron-etc diff --git a/nova/templates/cron-job-cell-setup.yaml b/nova/templates/cron-job-cell-setup.yaml index ee86ca321f..0bc457bb6e 100644 --- a/nova/templates/cron-job-cell-setup.yaml +++ b/nova/templates/cron-job-cell-setup.yaml @@ -57,6 +57,8 @@ spec: command: - /tmp/cell-setup.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/cell-setup.sh subPath: cell-setup.sh @@ -76,6 +78,8 @@ spec: subPath: policy.yaml readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etcnova emptyDir: {} - name: nova-etc diff --git a/nova/templates/cron-job-service-cleaner.yaml b/nova/templates/cron-job-service-cleaner.yaml index 47fdad96ad..f23bd7105f 100644 --- a/nova/templates/cron-job-service-cleaner.yaml +++ b/nova/templates/cron-job-service-cleaner.yaml @@ -61,21 +61,25 @@ spec: command: - /tmp/nova-service-cleaner.sh volumeMounts: - - name: nova-bin - mountPath: /tmp/nova-service-cleaner.sh - subPath: nova-service-cleaner.sh - readOnly: true - - name: etcnova - mountPath: /etc/nova + - name: pod-tmp + mountPath: /tmp + - name: nova-bin + mountPath: /tmp/nova-service-cleaner.sh + subPath: nova-service-cleaner.sh + readOnly: true + - name: etcnova + mountPath: /etc/nova volumes: - - name: etcnova - emptyDir: {} - - name: nova-etc - secret: - secretName: nova-etc - defaultMode: 0444 - - name: nova-bin - configMap: - name: nova-bin - defaultMode: 0555 + - name: pod-tmp + emptyDir: {} + - name: etcnova + emptyDir: {} + - name: nova-etc + secret: + secretName: nova-etc + defaultMode: 0444 + - name: nova-bin + configMap: + name: nova-bin + defaultMode: 0555 {{- end }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 4a7b90b58c..8677f3fe80 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -66,6 +66,8 @@ spec: command: - /tmp/nova-compute-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-compute-init.sh subPath: nova-compute-init.sh @@ -85,6 +87,8 @@ spec: - "nova:" - /etc/ceph volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph {{- if empty .Values.conf.ceph.cinder.keyring }} @@ -93,6 +97,8 @@ spec: command: - /tmp/ceph-admin-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: nova-bin @@ -122,6 +128,8 @@ spec: command: - /tmp/ceph-keyring.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: etcceph mountPath: /etc/ceph - name: nova-bin @@ -141,6 +149,8 @@ spec: command: - /tmp/nova-console-compute-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-compute-init.sh subPath: nova-console-compute-init.sh @@ -157,6 +167,8 @@ spec: command: - /tmp/nova-console-compute-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-compute-init.sh subPath: nova-console-compute-init.sh @@ -184,31 +196,33 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - compute + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - compute initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - compute - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - compute + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/nova-compute.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-compute.sh subPath: nova-compute.sh @@ -313,6 +327,8 @@ spec: command: - /tmp/ssh-start.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: varlibnova mountPath: /var/lib/nova - name: varliblibvirt @@ -328,6 +344,8 @@ spec: subPath: ssh-start.sh readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 66927b727e..8a125a5afb 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -63,6 +63,8 @@ spec: command: - /tmp/nova-api-metadata-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-api-metadata-init.sh subPath: nova-api-metadata-init.sh @@ -98,6 +100,8 @@ spec: port: {{ .Values.network.metadata.port }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-api-metadata.sh subPath: nova-api-metadata.sh @@ -160,6 +164,8 @@ spec: readOnly: true {{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index ee6e18ea23..0f6ea37178 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -81,6 +81,8 @@ spec: port: {{ tuple "compute" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} initialDelaySeconds: 30 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-api.sh subPath: nova-api.sh @@ -107,6 +109,8 @@ spec: readOnly: true {{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 1e66e41932..900ff238a4 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -63,31 +63,33 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - conductor + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - conductor initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - conductor - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - conductor + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/nova-conductor.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-conductor.sh subPath: nova-conductor.sh @@ -110,6 +112,8 @@ spec: readOnly: true {{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml index 75b66e7939..dc15eadce2 100644 --- a/nova/templates/deployment-consoleauth.yaml +++ b/nova/templates/deployment-consoleauth.yaml @@ -63,31 +63,33 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - consoleauth + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - consoleauth initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - consoleauth - - --liveness-probe + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - consoleauth + - --liveness-probe initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/nova-consoleauth.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-consoleauth.sh subPath: nova-consoleauth.sh @@ -110,6 +112,8 @@ spec: readOnly: true {{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml index cf9fda0243..943156de10 100644 --- a/nova/templates/deployment-novncproxy.yaml +++ b/nova/templates/deployment-novncproxy.yaml @@ -64,6 +64,8 @@ spec: command: - /tmp/nova-console-proxy-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy-init.sh subPath: nova-console-proxy-init.sh @@ -84,6 +86,8 @@ spec: command: - /tmp/nova-console-proxy-init-assets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy-init-assets.sh subPath: nova-console-proxy-init-assets.sh @@ -108,6 +112,8 @@ spec: - name: n-novnc containerPort: {{ tuple "compute_novnc_proxy" "internal" "novnc_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy.sh subPath: nova-console-proxy.sh @@ -127,6 +133,8 @@ spec: mountPath: /tmp/pod-shared {{ if $mounts_nova_novncproxy.volumeMounts }}{{ toYaml $mounts_nova_novncproxy.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-placement.yaml b/nova/templates/deployment-placement.yaml index 64a4941244..555afd1ef6 100644 --- a/nova/templates/deployment-placement.yaml +++ b/nova/templates/deployment-placement.yaml @@ -82,6 +82,8 @@ spec: initialDelaySeconds: 50 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: wsgi-nova mountPath: /var/www/cgi-bin/nova - name: nova-bin @@ -116,6 +118,8 @@ spec: {{- end }} {{ if $mounts_nova_placement.volumeMounts }}{{ toYaml $mounts_nova_placement.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: wsgi-nova emptyDir: {} - name: nova-bin diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index c75eb02482..5a4c205a8f 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -63,33 +63,35 @@ spec: readinessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - scheduler - - --check-all-pids + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - scheduler + - --check-all-pids initialDelaySeconds: 80 periodSeconds: 90 timeoutSeconds: 70 livenessProbe: exec: command: - - python - - /tmp/health-probe.py - - --config-file - - /etc/nova/nova.conf - - --service-queue-name - - scheduler - - --liveness-probe - - --check-all-pids + - python + - /tmp/health-probe.py + - --config-file + - /etc/nova/nova.conf + - --service-queue-name + - scheduler + - --liveness-probe + - --check-all-pids initialDelaySeconds: 120 periodSeconds: 90 timeoutSeconds: 70 command: - /tmp/nova-scheduler.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-scheduler.sh subPath: nova-scheduler.sh @@ -112,6 +114,8 @@ spec: readOnly: true {{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml index 4507bde4ce..396dfef732 100644 --- a/nova/templates/deployment-spiceproxy.yaml +++ b/nova/templates/deployment-spiceproxy.yaml @@ -64,6 +64,8 @@ spec: command: - /tmp/nova-console-proxy-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy-init.sh subPath: nova-console-proxy-init.sh @@ -84,6 +86,8 @@ spec: command: - /tmp/nova-console-proxy-init-assets.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy-init-assets.sh subPath: nova-console-proxy-init-assets.sh @@ -108,6 +112,8 @@ spec: - name: n-spice containerPort: {{ tuple "compute_spice_proxy" "internal" "spice_proxy" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-console-proxy.sh subPath: nova-console-proxy.sh @@ -127,6 +133,8 @@ spec: mountPath: /tmp/pod-shared {{ if $mounts_nova_spiceproxy.volumeMounts }}{{ toYaml $mounts_nova_spiceproxy.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml index 4ad9509a19..be42b6f8a1 100644 --- a/nova/templates/job-cell-setup.yaml +++ b/nova/templates/job-cell-setup.yaml @@ -48,6 +48,8 @@ spec: command: - /tmp/cell-setup-init.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/cell-setup-init.sh subPath: cell-setup-init.sh @@ -59,6 +61,8 @@ spec: command: - /tmp/cell-setup.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/cell-setup.sh subPath: cell-setup.sh @@ -78,6 +82,8 @@ spec: subPath: policy.yaml readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etcnova emptyDir: {} - name: nova-etc diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml index f7b2e1b778..c445e4eedd 100644 --- a/nova/templates/pod-rally-test.yaml +++ b/nova/templates/pod-rally-test.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -76,6 +78,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -88,6 +92,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-etc secret: secretName: nova-etc diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml index d9a5ebc570..1814536abe 100644 --- a/nova/templates/statefulset-compute-ironic.yaml +++ b/nova/templates/statefulset-compute-ironic.yaml @@ -67,6 +67,8 @@ spec: command: - /tmp/nova-compute-ironic.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: nova-bin mountPath: /tmp/nova-compute-ironic.sh subPath: nova-compute-ironic.sh @@ -95,6 +97,8 @@ spec: mountPath: /var/lib/ironic {{ if $mounts_nova_compute_ironic.volumeMounts }}{{ toYaml $mounts_nova_compute_ironic.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: nova-bin configMap: name: nova-bin diff --git a/panko/templates/cron-job-events-cleaner.yaml b/panko/templates/cron-job-events-cleaner.yaml index 8c07ea723a..ac7a47ad9e 100644 --- a/panko/templates/cron-job-events-cleaner.yaml +++ b/panko/templates/cron-job-events-cleaner.yaml @@ -54,31 +54,35 @@ spec: command: - /tmp/panko-events-cleaner.sh volumeMounts: - - name: panko-bin - mountPath: /tmp/panko-events-cleaner.sh - subPath: panko-events-cleaner.sh - readOnly: true - - name: etcpanko - mountPath: /etc/panko - - name: panko-etc - mountPath: /etc/panko/panko.conf - subPath: panko.conf - readOnly: true - - name: panko-etc - mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} - readOnly: true -{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: panko-bin + mountPath: /tmp/panko-events-cleaner.sh + subPath: panko-events-cleaner.sh + readOnly: true + - name: etcpanko + mountPath: /etc/panko + - name: panko-etc + mountPath: /etc/panko/panko.conf + subPath: panko.conf + readOnly: true + - name: panko-etc + mountPath: {{ .Values.conf.panko.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.panko.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_panko_events_cleaner.volumeMounts }}{{ toYaml $mounts_panko_events_cleaner.volumeMounts | indent 16 }}{{ end }} volumes: - - name: etcpanko - emptyDir: {} - - name: panko-etc - secret: - secretName: panko-etc - defaultMode: 0444 - - name: panko-bin - configMap: - name: panko-bin - defaultMode: 0555 -{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 10 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: etcpanko + emptyDir: {} + - name: panko-etc + secret: + secretName: panko-etc + defaultMode: 0444 + - name: panko-bin + configMap: + name: panko-bin + defaultMode: 0555 +{{ if $mounts_panko_events_cleaner.volumes }}{{ toYaml $mounts_panko_events_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/panko/templates/deployment-api.yaml b/panko/templates/deployment-api.yaml index 06e6baf8a4..b1556d28ec 100644 --- a/panko/templates/deployment-api.yaml +++ b/panko/templates/deployment-api.yaml @@ -76,6 +76,8 @@ spec: tcpSocket: port: {{ tuple "event" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: wsgi-panko mountPath: /var/www/cgi-bin/panko - name: etcpanko @@ -110,6 +112,8 @@ spec: readOnly: true {{ if $mounts_panko_api.volumeMounts }}{{ toYaml $mounts_panko_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: wsgi-panko emptyDir: {} - name: etcpanko diff --git a/panko/templates/pod-rally-test.yaml b/panko/templates/pod-rally-test.yaml index ac6b27862f..55f3fd8be0 100644 --- a/panko/templates/pod-rally-test.yaml +++ b/panko/templates/pod-rally-test.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/ks-user.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: panko-bin mountPath: /tmp/ks-user.sh subPath: ks-user.sh @@ -76,6 +78,8 @@ spec: command: - /tmp/rally-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: panko-etc mountPath: /etc/rally/rally_tests.yaml subPath: rally_tests.yaml @@ -88,6 +92,8 @@ spec: mountPath: /var/lib/rally {{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: panko-etc secret: secretName: panko-etc diff --git a/rally/templates/job-bootstrap.yaml b/rally/templates/job-bootstrap.yaml index 2c892c9dfd..7b30bc295c 100644 --- a/rally/templates/job-bootstrap.yaml +++ b/rally/templates/job-bootstrap.yaml @@ -53,12 +53,16 @@ spec: command: - /tmp/bootstrap.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rally-bin mountPath: /tmp/bootstrap.sh subPath: bootstrap.sh readOnly: true {{ if $mounts_rally_bootstrap.volumeMounts }}{{ toYaml $mounts_rally_bootstrap.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: rally-bin configMap: name: rally-bin diff --git a/rally/templates/job-ks-endpoints.yaml b/rally/templates/job-ks-endpoints.yaml index e258734c85..18340ddbfd 100644 --- a/rally/templates/job-ks-endpoints.yaml +++ b/rally/templates/job-ks-endpoints.yaml @@ -47,6 +47,8 @@ spec: command: - /tmp/ks-endpoints.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-endpoints-sh mountPath: /tmp/ks-endpoints.sh subPath: ks-endpoints.sh @@ -66,6 +68,8 @@ spec: {{- end }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-endpoints-sh configMap: name: rally-bin diff --git a/rally/templates/job-ks-service.yaml b/rally/templates/job-ks-service.yaml index fa449bda3b..e3385c7ce6 100644 --- a/rally/templates/job-ks-service.yaml +++ b/rally/templates/job-ks-service.yaml @@ -46,6 +46,8 @@ spec: command: - /tmp/ks-service.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: ks-service-sh mountPath: /tmp/ks-service.sh subPath: ks-service.sh @@ -60,6 +62,8 @@ spec: value: {{ $osServiceType }} {{- end }} volumes: + - name: pod-tmp + emptyDir: {} - name: ks-service-sh configMap: name: rally-bin diff --git a/rally/templates/job-manage-db.yaml b/rally/templates/job-manage-db.yaml index 7510e6962d..d23036dc05 100644 --- a/rally/templates/job-manage-db.yaml +++ b/rally/templates/job-manage-db.yaml @@ -45,6 +45,8 @@ spec: command: - /tmp/manage-db.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rally-bin mountPath: /tmp/manage-db.sh subPath: manage-db.sh @@ -56,6 +58,8 @@ spec: subPath: rally.conf readOnly: true volumes: + - name: pod-tmp + emptyDir: {} - name: etcrally emptyDir: {} - name: rally-etc diff --git a/rally/templates/job-run-task.yaml b/rally/templates/job-run-task.yaml index ed147573e2..ff213ce7a1 100644 --- a/rally/templates/job-run-task.yaml +++ b/rally/templates/job-run-task.yaml @@ -49,6 +49,8 @@ spec: - "rally:" - /var/lib/rally/data volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rally-reports mountPath: /var/lib/rally/data containers: @@ -64,6 +66,8 @@ spec: - name: ENABLED_TESTS value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.enabled_tasks }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: rally-bin mountPath: /tmp/run-task.sh subPath: run-task.sh @@ -83,6 +87,8 @@ spec: - name: rally-reports mountPath: /var/lib/rally/data volumes: + - name: pod-tmp + emptyDir: {} - name: etcrally emptyDir: {} - name: rally-etc diff --git a/senlin/templates/cron-job-engine-cleaner.yaml b/senlin/templates/cron-job-engine-cleaner.yaml index 18883e4338..cede0dbd40 100644 --- a/senlin/templates/cron-job-engine-cleaner.yaml +++ b/senlin/templates/cron-job-engine-cleaner.yaml @@ -57,31 +57,35 @@ spec: command: - /tmp/senlin-engine-cleaner.sh volumeMounts: - - name: senlin-bin - mountPath: /tmp/senlin-engine-cleaner.sh - subPath: senlin-engine-cleaner.sh - readOnly: true - - name: etcsenlin - mountPath: /etc/senlin - - name: senlin-etc - mountPath: /etc/senlin/senlin.conf - subPath: senlin.conf - readOnly: true - - name: senlin-etc - mountPath: {{ .Values.conf.senlin.DEFAULT.log_config_append }} - subPath: {{ base .Values.conf.senlin.DEFAULT.log_config_append }} - readOnly: true -{{ if $mounts_senlin_engine_cleaner.volumeMounts }}{{ toYaml $mounts_senlin_engine_cleaner.volumeMounts | indent 14 }}{{ end }} + - name: pod-tmp + mountPath: /tmp + - name: senlin-bin + mountPath: /tmp/senlin-engine-cleaner.sh + subPath: senlin-engine-cleaner.sh + readOnly: true + - name: etcsenlin + mountPath: /etc/senlin + - name: senlin-etc + mountPath: /etc/senlin/senlin.conf + subPath: senlin.conf + readOnly: true + - name: senlin-etc + mountPath: {{ .Values.conf.senlin.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.senlin.DEFAULT.log_config_append }} + readOnly: true +{{ if $mounts_senlin_engine_cleaner.volumeMounts }}{{ toYaml $mounts_senlin_engine_cleaner.volumeMounts | indent 16 }}{{ end }} volumes: - - name: etcsenlin - emptyDir: {} - - name: senlin-etc - secret: - secretName: senlin-etc - defaultMode: 0444 - - name: senlin-bin - configMap: - name: senlin-bin - defaultMode: 0555 -{{ if $mounts_senlin_engine_cleaner.volumes }}{{ toYaml $mounts_senlin_engine_cleaner.volumes | indent 10 }}{{ end }} + - name: pod-tmp + emptyDir: {} + - name: etcsenlin + emptyDir: {} + - name: senlin-etc + secret: + secretName: senlin-etc + defaultMode: 0444 + - name: senlin-bin + configMap: + name: senlin-bin + defaultMode: 0555 +{{ if $mounts_senlin_engine_cleaner.volumes }}{{ toYaml $mounts_senlin_engine_cleaner.volumes | indent 12 }}{{ end }} {{- end }} diff --git a/senlin/templates/deployment-api.yaml b/senlin/templates/deployment-api.yaml index 0ad2de6980..b0319c0b29 100644 --- a/senlin/templates/deployment-api.yaml +++ b/senlin/templates/deployment-api.yaml @@ -80,6 +80,8 @@ spec: initialDelaySeconds: 15 periodSeconds: 10 volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: senlin-bin mountPath: /tmp/senlin-api.sh subPath: senlin-api.sh @@ -106,6 +108,8 @@ spec: readOnly: true {{ if $mounts_senlin_api.volumeMounts }}{{ toYaml $mounts_senlin_api.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-senlin emptyDir: {} - name: pod-var-cache-senlin diff --git a/senlin/templates/deployment-engine.yaml b/senlin/templates/deployment-engine.yaml index 3140398222..0cc6518d9f 100644 --- a/senlin/templates/deployment-engine.yaml +++ b/senlin/templates/deployment-engine.yaml @@ -61,6 +61,8 @@ spec: command: - /tmp/senlin-engine.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: senlin-bin mountPath: /tmp/senlin-engine.sh subPath: senlin-engine.sh @@ -81,6 +83,8 @@ spec: readOnly: true {{ if $mounts_senlin_engine.volumeMounts }}{{ toYaml $mounts_senlin_engine.volumeMounts | indent 12 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: pod-etc-senlin emptyDir: {} - name: senlin-bin diff --git a/senlin/templates/pod-test.yaml b/senlin/templates/pod-test.yaml index 4ef78029d4..f39276034e 100644 --- a/senlin/templates/pod-test.yaml +++ b/senlin/templates/pod-test.yaml @@ -49,12 +49,16 @@ spec: command: - /tmp/senlin-test.sh volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: senlin-bin mountPath: /tmp/senlin-test.sh subPath: senlin-test.sh readOnly: true {{ if $mounts_senlin_tests.volumeMounts }}{{ toYaml $mounts_senlin_tests.volumeMounts | indent 8 }}{{ end }} volumes: + - name: pod-tmp + emptyDir: {} - name: senlin-bin configMap: name: senlin-bin diff --git a/tempest/templates/job-run-tests.yaml b/tempest/templates/job-run-tests.yaml index 3f5458a2c0..f2ed054d7a 100644 --- a/tempest/templates/job-run-tests.yaml +++ b/tempest/templates/job-run-tests.yaml @@ -50,6 +50,8 @@ spec: - "root:" - /var/lib/tempest/data volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: tempest-reports mountPath: /var/lib/tempest/data containers: @@ -63,6 +65,8 @@ spec: {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} volumeMounts: + - name: pod-tmp + mountPath: /tmp - name: tempest-bin mountPath: /tmp/run-tests.sh subPath: run-tests.sh @@ -92,6 +96,8 @@ spec: - name: tempest-reports mountPath: /var/lib/tempest/data volumes: + - name: pod-tmp + emptyDir: {} - name: etctempest emptyDir: {} - name: tempest-etc