diff --git a/ironic/templates/statefulset-conductor.yaml b/ironic/templates/statefulset-conductor.yaml index 4c923a1fb9..fc01c37872 100644 --- a/ironic/templates/statefulset-conductor.yaml +++ b/ironic/templates/statefulset-conductor.yaml @@ -202,12 +202,6 @@ spec: readOnly: true - name: host-var-lib-ironic mountPath: /var/lib/ironic - - name: host-run - mountPath: /var/run - - name: host-dev - mountPath: /dev - - name: host-sys - mountPath: /sys - name: pod-data mountPath: /var/lib/openstack-helm {{ if $mounts_ironic_conductor.volumeMounts }}{{ toYaml $mounts_ironic_conductor.volumeMounts | indent 12 }}{{ end }} @@ -277,15 +271,6 @@ spec: - name: host-var-lib-ironic hostPath: path: /var/lib/ironic - - name: host-run - hostPath: - path: /var/run - - name: host-dev - hostPath: - path: /dev - - name: host-sys - hostPath: - path: /sys - name: pod-data emptyDir: {} {{ if $mounts_ironic_conductor.volumes }}{{ toYaml $mounts_ironic_conductor.volumes | indent 8 }}{{ end }} diff --git a/ironic/values.yaml b/ironic/values.yaml index 41641caf21..a85650a309 100644 --- a/ironic/values.yaml +++ b/ironic/values.yaml @@ -799,7 +799,7 @@ pod: useHostNetwork: conductor: true useHostIPC: - conductor: true + conductor: false network_policy: ironic: diff --git a/releasenotes/notes/ironic-022571f573f6c430.yaml b/releasenotes/notes/ironic-022571f573f6c430.yaml new file mode 100644 index 0000000000..0529fc4977 --- /dev/null +++ b/releasenotes/notes/ironic-022571f573f6c430.yaml @@ -0,0 +1,8 @@ +--- +ironic: + - | + Drop additional access that Ironic conductor no longer needs with the + removal of the iSCSI deploy interface. This change went into effect + with 2023.2. Remove host mount for /dev, /sys, and /var/run. + Disable hostIPC by default. +...