Merge "feat(nova): create a way for users to provide configs in nova.conf.d"
This commit is contained in:
Zuul
@@ -17,6 +17,10 @@ limitations under the License.
|
||||
|
||||
{{- $serviceAccountName := "nova-archive-deleted-rows-cron" }}
|
||||
{{ tuple $envAll "archive_deleted_rows" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_archive_deleted_rows }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
@@ -96,11 +100,12 @@ spec:
|
||||
- name: archive-deleted-rows-conf
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 18 }}
|
||||
{{ end }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -17,6 +17,10 @@ limitations under the License.
|
||||
|
||||
{{- $serviceAccountName := "nova-service-cleaner" }}
|
||||
{{ tuple $envAll "service_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_service_cleaner }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
@@ -91,10 +95,11 @@ spec:
|
||||
configMap:
|
||||
name: nova-bin
|
||||
defaultMode: 0555
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 18 }}
|
||||
{{ end }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -71,6 +71,10 @@ exec:
|
||||
|
||||
{{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }}
|
||||
{{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_compute }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
@@ -521,11 +525,12 @@ spec:
|
||||
secret:
|
||||
secretName: {{ $configMapName }}
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
{{- if .Values.network.ssh.enabled }}
|
||||
- name: nova-ssh
|
||||
secret:
|
||||
|
||||
@@ -31,6 +31,10 @@ httpGet:
|
||||
|
||||
{{- $mounts_nova_api_metadata := .Values.pod.mounts.nova_api_metadata.nova_api_metadata }}
|
||||
{{- $mounts_nova_api_metadata_init := .Values.pod.mounts.nova_api_metadata.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_api_metadata }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-api-metadata" }}
|
||||
{{ tuple $envAll "api_metadata" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -221,11 +225,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: pod-shared
|
||||
emptyDir: {}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
@@ -31,6 +31,10 @@ httpGet:
|
||||
|
||||
{{- $mounts_nova_api_osapi := .Values.pod.mounts.nova_api_osapi.nova_api_osapi }}
|
||||
{{- $mounts_nova_api_osapi_init := .Values.pod.mounts.nova_api_osapi.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_api_osapi }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-api-osapi" }}
|
||||
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -169,11 +173,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
@@ -44,6 +44,10 @@ exec:
|
||||
|
||||
{{- $mounts_nova_conductor := .Values.pod.mounts.nova_conductor.nova_conductor }}
|
||||
{{- $mounts_nova_conductor_init := .Values.pod.mounts.nova_conductor.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_conductor }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-conductor" }}
|
||||
{{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -147,11 +151,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
@@ -27,6 +27,10 @@ tcpSocket:
|
||||
|
||||
{{- $mounts_nova_novncproxy := .Values.pod.mounts.nova_novncproxy.nova_novncproxy }}
|
||||
{{- $mounts_nova_novncproxy_init := .Values.pod.mounts.nova_novncproxy.init_novncproxy }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_novncproxy }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $vencrypt_enabled := (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) }}
|
||||
|
||||
@@ -174,11 +178,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: pod-usr-share-novnc
|
||||
emptyDir: {}
|
||||
- name: pod-shared
|
||||
|
||||
@@ -44,6 +44,10 @@ exec:
|
||||
|
||||
{{- $mounts_nova_scheduler := .Values.pod.mounts.nova_scheduler.nova_scheduler }}
|
||||
{{- $mounts_nova_scheduler_init := .Values.pod.mounts.nova_scheduler.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_scheduler }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-scheduler" }}
|
||||
{{ tuple $envAll "scheduler" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -147,11 +151,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
||||
|
||||
@@ -27,6 +27,10 @@ tcpSocket:
|
||||
|
||||
{{- $mounts_nova_serialproxy := .Values.pod.mounts.nova_serialproxy.nova_serialproxy }}
|
||||
{{- $mounts_nova_serialproxy_init := .Values.pod.mounts.nova_serialproxy.init_serialproxy }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_serialproxy }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-serialproxy" }}
|
||||
{{ tuple $envAll "serialproxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -152,11 +156,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: pod-usr-share-serial
|
||||
emptyDir: {}
|
||||
- name: pod-shared
|
||||
|
||||
@@ -27,6 +27,10 @@ tcpSocket:
|
||||
|
||||
{{- $mounts_nova_spiceproxy := .Values.pod.mounts.nova_spiceproxy.nova_spiceproxy }}
|
||||
{{- $mounts_nova_spiceproxy_init := .Values.pod.mounts.nova_spiceproxy.init_spiceproxy }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_spiceproxy }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-spiceproxy" }}
|
||||
{{ tuple $envAll "spiceproxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -160,11 +164,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: pod-usr-share-spice-html5
|
||||
emptyDir: {}
|
||||
- name: pod-shared
|
||||
|
||||
@@ -17,6 +17,10 @@ limitations under the License.
|
||||
|
||||
{{- $serviceAccountName := "nova-cell-setup" }}
|
||||
{{ tuple $envAll "cell_setup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_cell_setup }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@@ -127,11 +131,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: nova-bin
|
||||
configMap:
|
||||
name: nova-bin
|
||||
|
||||
@@ -17,6 +17,10 @@ limitations under the License.
|
||||
|
||||
{{- $mounts_nova_compute_ironic := .Values.pod.mounts.nova_compute_ironic.nova_compute_ironic }}
|
||||
{{- $mounts_nova_compute_ironic_init := .Values.pod.mounts.nova_compute_ironic.init_container }}
|
||||
{{- $etcSources := .Values.pod.etcSources.nova_compute_ironic }}
|
||||
{{- if eq .Values.manifests.secret_ks_etc true }}
|
||||
{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }}
|
||||
{{- end }}
|
||||
|
||||
{{- $serviceAccountName := "nova-compute-ironic" }}
|
||||
{{ tuple $envAll "compute_ironic" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
@@ -109,11 +113,12 @@ spec:
|
||||
secret:
|
||||
secretName: nova-etc
|
||||
defaultMode: 0444
|
||||
{{- if $etcSources }}
|
||||
- name: nova-etc-snippets
|
||||
projected:
|
||||
sources:
|
||||
- secret:
|
||||
name: nova-ks-etc
|
||||
{{ toYaml $etcSources | indent 14 }}
|
||||
{{ end }}
|
||||
- name: varlibironic
|
||||
hostPath:
|
||||
path: /var/lib/ironic
|
||||
|
||||
@@ -2386,6 +2386,25 @@ pod:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
# -- This allows users to add Kubernetes Projected Volumes to be mounted at /etc/nova/nova.conf.d/
|
||||
## This is a list of projected volume source objects for each deployment/statefulset/job
|
||||
## https://kubernetes.io/docs/concepts/storage/projected-volumes/
|
||||
etcSources:
|
||||
nova_compute: []
|
||||
nova_compute_ironic: []
|
||||
nova_api_metadata: []
|
||||
nova_api_osapi: []
|
||||
nova_conductor: []
|
||||
nova_scheduler: []
|
||||
nova_bootstrap: []
|
||||
nova_tests: []
|
||||
nova_novncproxy: []
|
||||
nova_serialproxy: []
|
||||
nova_spiceproxy: []
|
||||
nova_db_sync: []
|
||||
nova_archive_deleted_rows: []
|
||||
nova_service_cleaner: []
|
||||
nova_cell_setup: []
|
||||
mounts:
|
||||
nova_compute:
|
||||
init_container: null
|
||||
|
||||
7
releasenotes/notes/nova-fc00bda9bb69988e.yaml
Normal file
7
releasenotes/notes/nova-fc00bda9bb69988e.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
nova:
|
||||
- |
|
||||
Allow users to add additional sources to the Projected Volume that is mounted
|
||||
at /etc/nova/nova.conf.d/ so they may more easily override configs or provide
|
||||
additional configs for the various services in the chart.
|
||||
...
|
||||
Reference in New Issue
Block a user