58ec7994b1
During the openstack-helm-infra upversion [1] it was noticed that the updated version of openvswitch chart (1.1.15) was missing the custom ServiceAccount definition for its DaemonSet template. This fix was proposed upstream [2] and currently implemented to stx-openstack via an OSH-I patch [3]. The patch though, was missing the serviceAccountNamedefinition in the daemonset template. This change fixes the stx-openstack patch, including the serviceAccountNamedefinition to openvswitch daemonset template. [1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/887637 [2] https://review.opendev.org/c/openstack/openstack-helm-infra/+/888504 [3] https://review.opendev.org/c/starlingx/openstack-armada-app/+/887637/16/openstack-helm-infra/debian/deb_folder/patches/0016-Add-ServiceAccount-to-openvswitch-pod.patch TEST PLAN: PASS - build-pkgs -c -p openstack-helm-infra,openstack-helm PASS - build-pkgs -c -p stx-openstack-helm-fluxcd PASS - Upload stx-openstack application PASS - Apply stx-openstack application Closes-Bug: 2030749 Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com> Change-Id: Ia0c42466cada50cb3af9490f5ff1b36e839a5915
50 lines
2.1 KiB
Diff
50 lines
2.1 KiB
Diff
From 1a16da4ed0913c2de36b070326277a3aa555e376 Mon Sep 17 00:00:00 2001
|
|
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
|
|
Date: Thu, 13 Jul 2023 16:35:40 -0300
|
|
Subject: [PATCH] Add ServiceAccount to openvswitch pod
|
|
|
|
This change includes back the the helm-toolkit snippet:
|
|
kubernetes_pod_rbac_serviceaccount to the openvswitch Daemonset
|
|
definition, since it is responsible for creating the POD's
|
|
ServiceAccount which contains imagePullSecrets that enable the POD to
|
|
retrieve images from private registries.
|
|
|
|
Originally openvswitch chart had two daemonset definitions: for the
|
|
db and for the server, but recently both were merged into a single
|
|
daemonset [1] and the template inclusion was dropped during this merge
|
|
|
|
[1] https://github.com/openstack/openstack-helm-infra/
|
|
commit/73e2b3322d3cc8ca4ee8453dd612266589d734b1
|
|
|
|
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
|
|
Change-Id: I59ef955529a34020d4bba0da0b48d1f47e2e1039
|
|
---
|
|
openvswitch/templates/daemonset.yaml | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/openvswitch/templates/daemonset.yaml b/openvswitch/templates/daemonset.yaml
|
|
index 244ffb8e..79840238 100644
|
|
--- a/openvswitch/templates/daemonset.yaml
|
|
+++ b/openvswitch/templates/daemonset.yaml
|
|
@@ -56,6 +56,9 @@ exec:
|
|
|
|
{{- if .Values.manifests.daemonset }}
|
|
{{- $envAll := . }}
|
|
+
|
|
+{{- $serviceAccountName := "openvswitch-server" }}
|
|
+{{ tuple $envAll "vswitchd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
@@ -80,6 +83,7 @@ spec:
|
|
{{ dict "envAll" $envAll "podName" "openvswitch" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
|
spec:
|
|
shareProcessNamespace: true
|
|
+ serviceAccountName: {{ $serviceAccountName }}
|
|
{{ dict "envAll" $envAll "application" "ovs" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
nodeSelector:
|
|
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
|
|
--
|
|
2.25.1
|
|
|