From 06a5261a0cf8eb37d3792adeceeadef110e41fe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Gagn=C3=A9?= Date: Wed, 18 Feb 2026 16:59:43 -0500 Subject: [PATCH] feat(cinder): allow users to provide configs in cinder.conf.d MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow users to provide additional projected volumes to be mounted into the various deployments, statefulsets, and jobs that the cinder chart has in the /etc/cinder/cinder.conf.d/ path. This allows for users to provide service account or database secrets via different operators as well as provide ways to use the chart to define common deployments while being able to have site specific overrides. Change-Id: Ibc35e4df73879ab3b48d4b0640c0b7b426175a77 Signed-off-by: Mathieu Gagné --- cinder/templates/bin/_cinder-backup.sh.tpl | 3 ++- cinder/templates/bin/_cinder-scheduler.sh.tpl | 3 ++- cinder/templates/bin/_cinder-volume.sh.tpl | 3 ++- cinder/templates/bin/_db-purge.sh.tpl | 5 ++++- cinder/templates/bin/_volume-usage-audit.sh.tpl | 5 ++++- cinder/templates/cron-job-cinder-db-purge.yaml | 13 +++++++++++++ .../cron-job-cinder-volume-usage-audit.yaml | 13 +++++++++++++ cinder/templates/deployment-api.yaml | 13 +++++++++++++ cinder/templates/deployment-backup.yaml | 13 +++++++++++++ cinder/templates/deployment-scheduler.yaml | 13 +++++++++++++ cinder/templates/deployment-volume.yaml | 13 +++++++++++++ cinder/values.yaml | 10 ++++++++++ releasenotes/notes/cinder-aca94f2247bcddcd.yaml | 7 +++++++ 13 files changed, 109 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/cinder-aca94f2247bcddcd.yaml diff --git a/cinder/templates/bin/_cinder-backup.sh.tpl b/cinder/templates/bin/_cinder-backup.sh.tpl index 77795e2dbc..391e1569f5 100644 --- a/cinder/templates/bin/_cinder-backup.sh.tpl +++ b/cinder/templates/bin/_cinder-backup.sh.tpl @@ -16,4 +16,5 @@ limitations under the License. set -ex exec cinder-backup \ - --config-file /etc/cinder/cinder.conf + --config-file /etc/cinder/cinder.conf \ + --config-dir /etc/cinder/cinder.conf.d diff --git a/cinder/templates/bin/_cinder-scheduler.sh.tpl b/cinder/templates/bin/_cinder-scheduler.sh.tpl index cf06388ffe..f3c1d01c86 100644 --- a/cinder/templates/bin/_cinder-scheduler.sh.tpl +++ b/cinder/templates/bin/_cinder-scheduler.sh.tpl @@ -16,4 +16,5 @@ limitations under the License. set -ex exec cinder-scheduler \ - --config-file /etc/cinder/cinder.conf + --config-file /etc/cinder/cinder.conf \ + --config-dir /etc/cinder/cinder.conf.d diff --git a/cinder/templates/bin/_cinder-volume.sh.tpl b/cinder/templates/bin/_cinder-volume.sh.tpl index 68186f3fc2..070d7be4f5 100644 --- a/cinder/templates/bin/_cinder-volume.sh.tpl +++ b/cinder/templates/bin/_cinder-volume.sh.tpl @@ -18,4 +18,5 @@ set -ex exec cinder-volume \ --config-file /etc/cinder/cinder.conf \ --config-file /etc/cinder/conf/backends.conf \ - --config-file /tmp/pod-shared/internal_tenant.conf + --config-file /tmp/pod-shared/internal_tenant.conf \ + --config-dir /etc/cinder/cinder.conf.d diff --git a/cinder/templates/bin/_db-purge.sh.tpl b/cinder/templates/bin/_db-purge.sh.tpl index a64c7c706c..44fd663c39 100644 --- a/cinder/templates/bin/_db-purge.sh.tpl +++ b/cinder/templates/bin/_db-purge.sh.tpl @@ -16,4 +16,7 @@ limitations under the License. set -ex -exec cinder-manage db purge {{ .Values.conf.db_purge.before }} +exec cinder-manage \ + --config-file /etc/cinder/cinder.conf \ + --config-dir /etc/cinder/cinder.conf.d \ + db purge {{ .Values.conf.db_purge.before }} diff --git a/cinder/templates/bin/_volume-usage-audit.sh.tpl b/cinder/templates/bin/_volume-usage-audit.sh.tpl index 4cdf7acd00..9c5b5b2923 100644 --- a/cinder/templates/bin/_volume-usage-audit.sh.tpl +++ b/cinder/templates/bin/_volume-usage-audit.sh.tpl @@ -16,4 +16,7 @@ limitations under the License. set -ex -exec cinder-volume-usage-audit --send_actions +exec cinder-volume-usage-audit \ + --config-file /etc/cinder/cinder.conf \ + --config-dir /etc/cinder/cinder.conf.d \ + --send_actions diff --git a/cinder/templates/cron-job-cinder-db-purge.yaml b/cinder/templates/cron-job-cinder-db-purge.yaml index 4671117fd0..67dc1be010 100644 --- a/cinder/templates/cron-job-cinder-db-purge.yaml +++ b/cinder/templates/cron-job-cinder-db-purge.yaml @@ -20,6 +20,8 @@ limitations under the License. {{- $serviceAccountName := "cinder-db-purge" }} {{ tuple $envAll "db_purge" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_db_purge }} --- apiVersion: batch/v1 kind: CronJob @@ -82,6 +84,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -105,6 +110,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 18 }} +{{- else }} + emptyDir: {} +{{ end }} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml index 1e62614c43..08ee779584 100644 --- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml +++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml @@ -20,6 +20,8 @@ limitations under the License. {{- $serviceAccountName := "cinder-volume-usage-audit" }} {{ tuple $envAll "volume_usage_audit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_volume_usage_audit }} --- apiVersion: batch/v1 kind: CronJob @@ -82,6 +84,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -105,6 +110,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 18 }} +{{- else }} + emptyDir: {} +{{ end }} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml index 0e135c0fb0..55d55e83b6 100644 --- a/cinder/templates/deployment-api.yaml +++ b/cinder/templates/deployment-api.yaml @@ -34,6 +34,8 @@ httpGet: {{- $serviceAccountName := "cinder-api" }} {{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_api }} --- apiVersion: apps/v1 kind: Deployment @@ -130,6 +132,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -189,6 +194,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 14 }} +{{- else }} + emptyDir: {} +{{ end }} {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder # pods for the coordination backend to be fully functional. diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml index f45f583a85..70772c30e8 100644 --- a/cinder/templates/deployment-backup.yaml +++ b/cinder/templates/deployment-backup.yaml @@ -22,6 +22,8 @@ limitations under the License. {{- $serviceAccountName := "cinder-backup" }} {{ tuple $envAll "backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_backup }} --- apiVersion: apps/v1 kind: Deployment @@ -178,6 +180,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -299,6 +304,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 14 }} +{{- else }} + emptyDir: {} +{{ end }} - name: cinder-bin configMap: name: cinder-bin diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml index 3321958e79..705f1c71fc 100644 --- a/cinder/templates/deployment-scheduler.yaml +++ b/cinder/templates/deployment-scheduler.yaml @@ -20,6 +20,8 @@ limitations under the License. {{- $serviceAccountName := "cinder-scheduler" }} {{ tuple $envAll "scheduler" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_scheduler }} --- apiVersion: apps/v1 kind: Deployment @@ -94,6 +96,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -129,6 +134,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 14 }} +{{- else }} + emptyDir: {} +{{ end }} {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }} # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder # pods for the coordination backend to be fully functional. diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml index d1cd918866..a787cb9d0f 100644 --- a/cinder/templates/deployment-volume.yaml +++ b/cinder/templates/deployment-volume.yaml @@ -22,6 +22,8 @@ limitations under the License. {{- $serviceAccountName := "cinder-volume" }} {{ tuple $envAll "volume" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{- $etcSources := .Values.pod.etcSources.cinder_volume }} --- apiVersion: apps/v1 kind: Deployment @@ -176,6 +178,9 @@ spec: mountPath: /etc/cinder/cinder.conf subPath: cinder.conf readOnly: true + - name: cinder-etc-snippets + mountPath: /etc/cinder/cinder.conf.d/ + readOnly: true {{- if .Values.conf.cinder.DEFAULT.log_config_append }} - name: cinder-etc mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }} @@ -305,6 +310,14 @@ spec: secret: secretName: cinder-etc defaultMode: 0444 + - name: cinder-etc-snippets +{{- if $etcSources }} + projected: + sources: +{{ toYaml $etcSources | indent 14 }} +{{- else }} + emptyDir: {} +{{ end }} - name: pod-shared emptyDir: {} - name: cinder-conversion diff --git a/cinder/values.yaml b/cinder/values.yaml index e0c79e4500..9794be2cf7 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -256,6 +256,16 @@ pod: cinder_db_sync: volumeMounts: volumes: + # -- This allows users to add Kubernetes Projected Volumes to be mounted at /etc/cinder/cinder.conf.d/ + ## This is a list of projected volume source objects for each deployment/statefulset/daemonset/cronjob + ## https://kubernetes.io/docs/concepts/storage/projected-volumes/ + etcSources: + cinder_api: [] + cinder_scheduler: [] + cinder_volume: [] + cinder_volume_usage_audit: [] + cinder_db_purge: [] + cinder_backup: [] replicas: api: 1 volume: 1 diff --git a/releasenotes/notes/cinder-aca94f2247bcddcd.yaml b/releasenotes/notes/cinder-aca94f2247bcddcd.yaml new file mode 100644 index 0000000000..fb6c3a979e --- /dev/null +++ b/releasenotes/notes/cinder-aca94f2247bcddcd.yaml @@ -0,0 +1,7 @@ +--- +cinder: + - | + Allow users to add additional sources to the Projected Volume that is mounted + at /etc/cinder/cinder.conf.d/ so they may more easily override configs or provide + additional configs for the various services in the chart. +...