openstack/openstack-helm
Code Issues Proposed changes

Deploy libvirt exporter sidecar from extraContainers

Browse Source 
We've been using extraContainers value for the Ironic chart
for quite a while. This is aligned with the Helm best
practices when users cacn inject optional snippets into
templates and exporter sidecars is exactly one of such
optional things.

Change-Id: Id76c766ce38acc01af4f48784c22dccd7386034c
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>
This commit is contained in:
Vladimir Kozhukalov
2026-02-23 14:44:53 -06:00
parent 055e90ea4c
commit 8ba8a37de6
6 changed files with 78 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
libvirt/templates/daemonset-libvirt.yaml
View File

@@ -20,13 +20,6 @@ exec:
- /usr/bin/virsh connect
{{- end }}
{{- define "libvirtExporterProbeTemplate" }}
httpGet:
path: /
port: metrics
scheme: HTTP
{{- end }}
{{- define "libvirt.daemonset" }}
{{- $daemonset := index . 0 }}
{{- $configMapName := index . 1 }}
@@ -310,31 +303,8 @@ spec:
{{- end }}
{{- end }}
{{ if $mounts_libvirt.volumeMounts }}{{ toYaml $mounts_libvirt.volumeMounts | indent 12 }}{{ end }}
{{- if .Values.pod.sidecars.libvirt_exporter.enabled }}
- name: libvirt-exporter
{{ tuple $envAll "libvirt_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.libvirt_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{- with .Values.pod.sidecars.libvirt_exporter }}
{{- if and (hasKey . "args") (gt (len .args) 0) }}
args:
{{- range .args }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
ports:
- name: metrics
protocol: TCP
containerPort: {{ tuple "libvirt_exporter" "direct" "metrics" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt_exporter" "type" "readiness" "probeTemplate" (include "libvirtExporterProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "libvirt" "container" "libvirt_exporter" "type" "liveness" "probeTemplate" (include "libvirtExporterProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
volumeMounts:
- name: run
mountPath: /run
{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
mountPropagation: Bidirectional
{{- end }}
{{- with .Values.libvirt.extraContainers }}
{{- tpl (toYaml .) $envAll | nindent 8 }}
{{- end }}
volumes:
{{ dict "enabled" $ssl_enabled "secretName" $envAll.Values.secrets.tls.client "name" "ssl-client" "path" "/etc/pki/libvirt" "certs" (tuple "clientcert.pem" "clientkey.pem" ) | include "helm-toolkit.snippets.tls_volume" | indent 8 }}

38
libvirt/values.yaml
View File

@@ -27,7 +27,6 @@ labels:
images:
tags:
libvirt: quay.io/airshipit/libvirt:2025.1-ubuntu_noble
libvirt_exporter: vexxhost/libvirtd-exporter:latest
ceph_config_helper: 'quay.io/airshipit/ceph-config-helper:ubuntu_jammy_20.2.0-1-20260116'
dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_jammy
image_repo_sync: quay.io/airshipit/docker:27.5.0
@@ -74,10 +73,6 @@ endpoints:
port:
registry:
default: null
libvirt_exporter:
port:
metrics:
default: 9474
network_policy:
libvirt:
@@ -273,19 +268,6 @@ pod:
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 5
libvirt_exporter:
liveness:
enabled: true
params:
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 5
readiness:
enabled: true
params:
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 5
security_context:
libvirt:
pod:
@@ -298,8 +280,6 @@ pod:
libvirt:
privileged: true
readOnlyRootFilesystem: false
libvirt_exporter:
privileged: true
libvirt_init_modules:
readOnlyRootFilesystem: true
privileged: true
@@ -314,12 +294,6 @@ pod:
capabilities:
drop:
- ALL
sidecars:
libvirt_exporter:
enabled: false
args:
- "--libvirt.nova"
affinity:
anti:
type:
@@ -368,13 +342,6 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
libvirt_exporter:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "500m"
dependencies:
dynamic:
@@ -422,6 +389,10 @@ dependencies:
- endpoint: internal
service: local_image_registry
libvirt:
extraContainers: []
manifests:
configmap_bin: true
configmap_etc: true
@@ -430,7 +401,6 @@ manifests:
network_policy: false
role_cert_manager: false
secret_registry: true
podmonitor: false
secrets:
oci_image_registry:

7
releasenotes/notes/libvirt-85375c3ae369bc39.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
libvirt:
- |
Add .Values.libvirt.extraContainers hook to make it possible to
add additional containers to libvirt daemonset, e.g. for monitoring
purposes. Also move exporter container to values_overrides.
...

39
values_overrides/libvirt/inovex_exporter.yaml
View File

@@ -1,14 +1,33 @@
---
# NOTE: Use the inovex exporter image by default since 2026.1 release.
images:
tags:
libvirt_exporter: ghcr.io/inovex/prometheus-libvirt-exporter:2.3.0
pod:
sidecars:
libvirt_exporter:
enabled: true
libvirt:
extraContainers:
- name: libvirt-exporter
image: ghcr.io/inovex/prometheus-libvirt-exporter:2.3.0
imagePullPolicy: IfNotPresent
args:
- --libvirt.uri=/run/libvirt/libvirt-sock-ro
manifests:
podmonitor: true
ports:
- name: metrics
protocol: TCP
containerPort: 9177
livenessProbe:
httpGet:
path: /metrics
port: 9177
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /metrics
port: 9177
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 5
securityContext:
privileged: true
volumeMounts:
- name: run
mountPath: /run
mountPropagation: Bidirectional
...

33
values_overrides/libvirt/vexxhost_exporter.yaml Normal file
View File

@@ -0,0 +1,33 @@
---
libvirt:
extraContainers:
- name: libvirt-exporter
image: vexxhost/libvirtd-exporter:latest
imagePullPolicy: IfNotPresent
args:
- "--libvirt.nova"
ports:
- name: metrics
protocol: TCP
containerPort: 9474
livenessProbe:
httpGet:
path: /metrics
port: 9474
initialDelaySeconds: 30
periodSeconds: 60
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /metrics
port: 9474
initialDelaySeconds: 15
periodSeconds: 60
timeoutSeconds: 5
securityContext:
privileged: true
volumeMounts:
- name: run
mountPath: /run
mountPropagation: Bidirectional
...

4
zuul.d/base.yaml
View File

@@ -148,7 +148,9 @@
- ./tools/deployment/component/heat/heat.sh
- export GLANCE_BACKEND=local; ./tools/deployment/component/glance/glance.sh
- ./tools/deployment/component/compute-kit/openvswitch.sh
- ./tools/deployment/component/compute-kit/libvirt.sh
- >-
export OSH_EXTRA_HELM_ARGS="--values ../openstack-helm/values_overrides/libvirt/inovex_exporter.yaml";
./tools/deployment/component/compute-kit/libvirt.sh
- ./tools/deployment/component/compute-kit/compute-kit.sh
- export OSH_TEST_TIMEOUT=1200;./tools/deployment/common/run-helm-tests.sh neutron
- ./tools/deployment/common/run-helm-tests.sh nova