cc00e3fd92
This allows ntpd to be disabled in both the privileged rack and region controllers for use cases where we do not wish these processes to conflict with ntpd on the physical host running the containers. This method as opposed to overriding sysvinit style scripts and potentially other ways to launch ntpd that may exist appears to be the safest way to ensure it does not ever run. Change-Id: Ib52727becc1849a2a75d2d62d1c51553047a8fcf
121 lines
4.5 KiB
YAML
121 lines
4.5 KiB
YAML
{{/*
|
|
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License. */}}
|
|
{{- if .Values.manifests.region_statefulset }}
|
|
{{- $envAll := . }}
|
|
{{- $dependencies := .Values.dependencies.region_controller }}
|
|
{{- $serviceAccountName := "maas-region" }}
|
|
{{- $mounts_maas_region := .Values.pod.mounts.maas_region.maas_region }}
|
|
{{- $mounts_maas_region_init := .Values.pod.mounts.maas_region.init_container }}
|
|
|
|
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: apps/v1beta1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: maas-region
|
|
spec:
|
|
serviceName: maas-region-ui
|
|
replicas: {{ .Values.pod.replicas.region }}
|
|
updateStrategy:
|
|
type: 'RollingUpdate'
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
spec:
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
affinity:
|
|
{{ tuple $envAll "maas" "region" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
nodeSelector:
|
|
{{ .Values.labels.region.node_selector_key }}: {{ .Values.labels.region.node_selector_value }}
|
|
initContainers:
|
|
{{ tuple $envAll $dependencies $mounts_maas_region_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
containers:
|
|
{{- if .Values.conf.cache.enabled }}
|
|
- name: maas-cache
|
|
image: {{ .Values.images.tags.maas_cache }}
|
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
|
{{- end }}
|
|
- name: maas-region
|
|
image: {{ .Values.images.tags.maas_region }}
|
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
ports:
|
|
- name: r-ui
|
|
containerPort: {{ .Values.network.port.region_container }}
|
|
readinessProbe:
|
|
tcpSocket:
|
|
port: {{ .Values.network.port.region_container }}
|
|
securityContext:
|
|
privileged: true
|
|
command:
|
|
- /tmp/start.sh
|
|
volumeMounts:
|
|
- name: maas-region-secret
|
|
mountPath: /var/lib/maas/secret
|
|
subPath: REGION_SECRET
|
|
readOnly: true
|
|
- name: maas-etc
|
|
mountPath: /etc/bind/named.conf.options
|
|
subPath: named.conf.options
|
|
readOnly: true
|
|
- name: maas-etc
|
|
mountPath: /etc/maas/regiond.conf
|
|
subPath: regiond.conf
|
|
readOnly: true
|
|
{{- if .Values.conf.curtin.override }}
|
|
- name: maas-etc
|
|
mountPath: /etc/maas/preseeds/curtin_userdata
|
|
subPath: curtin_userdata
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.conf.drivers }}
|
|
- name: maas-etc
|
|
mountPath: /etc/maas/drivers.yaml
|
|
subPath: drivers.yaml
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: maas-bin
|
|
mountPath: /tmp/start.sh
|
|
subPath: start.sh
|
|
readOnly: true
|
|
- name: maas-etc
|
|
mountPath: /etc/nsswitch.conf
|
|
subPath: nsswitch.conf
|
|
readOnly: true
|
|
{{- if .Values.conf.maas.ntp.disable_ntpd_region }}
|
|
- name: maas-bin
|
|
mountPath: /usr/sbin/ntpd
|
|
subPath: ntpd.sh
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
|
|
volumes:
|
|
- name: maas-etc
|
|
configMap:
|
|
name: maas-etc
|
|
defaultMode: 0444
|
|
- name: maas-bin
|
|
configMap:
|
|
name: maas-bin
|
|
defaultMode: 0555
|
|
- name: maas-region-secret
|
|
secret:
|
|
secretName: {{ .Values.secrets.maas_region.name }}
|
|
{{- if $mounts_maas_region.volumes }}{{ toYaml $mounts_maas_region.volumes | indent 8 }}{{ end }}
|
|
...
|
|
{{- end }}
|