Merge "feat(ironic): drop host mounts and hostIPC"

2025-11-25 01:19:39 +00:00
parent 3dc5a3e143 89fe228b9a
commit 8d73d94b69
3 changed files with 9 additions and 16 deletions
--- a/ironic/templates/statefulset-conductor.yaml
+++ b/ironic/templates/statefulset-conductor.yaml
@@ -202,12 +202,6 @@ spec:
              readOnly: true
            - name: host-var-lib-ironic
              mountPath: /var/lib/ironic
-            - name: host-run
-              mountPath: /var/run
-            - name: host-dev
-              mountPath: /dev
-            - name: host-sys
-              mountPath: /sys
            - name: pod-data
              mountPath: /var/lib/openstack-helm
 {{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }}
@@ -277,15 +271,6 @@ spec:
        - name: host-var-lib-ironic
          hostPath:
            path: /var/lib/ironic
-        - name: host-run
-          hostPath:
-            path: /var/run
-        - name: host-dev
-          hostPath:
-            path: /dev
-        - name: host-sys
-          hostPath:
-            path: /sys
        - name: pod-data
          emptyDir: {}
 {{ if $mounts_ironic_conductor.volumes }}{{ toYaml $mounts_ironic_conductor.volumes | indent 8 }}{{ end }}
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@@ -799,7 +799,7 @@ pod:
  useHostNetwork:
    conductor: true
  useHostIPC:
-    conductor: true
+    conductor: false

 network_policy:
  ironic:
--- a/releasenotes/notes/ironic-022571f573f6c430.yaml
+++ b/releasenotes/notes/ironic-022571f573f6c430.yaml
@@ -0,0 +1,8 @@
+---
+ironic:
+  - |
+    Drop additional access that Ironic conductor no longer needs with the
+    removal of the iSCSI deploy interface. This change went into effect
+    with 2023.2. Remove host mount for /dev, /sys, and /var/run.
+    Disable hostIPC by default.
+...