diff --git a/nova/templates/cron-job-archive-deleted-rows.yaml b/nova/templates/cron-job-archive-deleted-rows.yaml index 9051fabf2c..55e61f4eb8 100644 --- a/nova/templates/cron-job-archive-deleted-rows.yaml +++ b/nova/templates/cron-job-archive-deleted-rows.yaml @@ -17,6 +17,10 @@ limitations under the License. {{- $serviceAccountName := "nova-archive-deleted-rows-cron" }} {{ tuple $envAll "archive_deleted_rows" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $etcSources := .Values.pod.etcSources.nova_archive_deleted_rows }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} --- apiVersion: batch/v1 kind: CronJob @@ -96,11 +100,12 @@ spec: - name: archive-deleted-rows-conf secret: secretName: nova-etc +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 18 }} +{{ end }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- end }} diff --git a/nova/templates/cron-job-service-cleaner.yaml b/nova/templates/cron-job-service-cleaner.yaml index 99d0339a64..01b3393a9e 100644 --- a/nova/templates/cron-job-service-cleaner.yaml +++ b/nova/templates/cron-job-service-cleaner.yaml @@ -17,6 +17,10 @@ limitations under the License. {{- $serviceAccountName := "nova-service-cleaner" }} {{ tuple $envAll "service_cleaner" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $etcSources := .Values.pod.etcSources.nova_service_cleaner }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} --- apiVersion: batch/v1 kind: CronJob @@ -91,10 +95,11 @@ spec: configMap: name: nova-bin defaultMode: 0555 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 18 }} +{{ end }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }} {{- end }} diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 5d266d07a3..4cc2cc5f86 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -71,6 +71,10 @@ exec: {{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }} {{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_compute }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} --- apiVersion: apps/v1 @@ -521,11 +525,12 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} {{- if .Values.network.ssh.enabled }} - name: nova-ssh secret: diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml index 52a3ff6b73..8d20239b9d 100644 --- a/nova/templates/deployment-api-metadata.yaml +++ b/nova/templates/deployment-api-metadata.yaml @@ -31,6 +31,10 @@ httpGet: {{- $mounts_nova_api_metadata := .Values.pod.mounts.nova_api_metadata.nova_api_metadata }} {{- $mounts_nova_api_metadata_init := .Values.pod.mounts.nova_api_metadata.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_api_metadata }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-api-metadata" }} {{ tuple $envAll "api_metadata" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -221,11 +225,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: pod-shared emptyDir: {} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml index 7c273172d4..6ce6b09125 100644 --- a/nova/templates/deployment-api-osapi.yaml +++ b/nova/templates/deployment-api-osapi.yaml @@ -31,6 +31,10 @@ httpGet: {{- $mounts_nova_api_osapi := .Values.pod.mounts.nova_api_osapi.nova_api_osapi }} {{- $mounts_nova_api_osapi_init := .Values.pod.mounts.nova_api_osapi.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_api_osapi }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-api-osapi" }} {{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -169,11 +173,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml index 5ce7d8e1e7..22a5777b52 100644 --- a/nova/templates/deployment-conductor.yaml +++ b/nova/templates/deployment-conductor.yaml @@ -44,6 +44,10 @@ exec: {{- $mounts_nova_conductor := .Values.pod.mounts.nova_conductor.nova_conductor }} {{- $mounts_nova_conductor_init := .Values.pod.mounts.nova_conductor.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_conductor }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-conductor" }} {{ tuple $envAll "conductor" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -147,11 +151,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml index 51864e0142..4de2e9ae75 100644 --- a/nova/templates/deployment-novncproxy.yaml +++ b/nova/templates/deployment-novncproxy.yaml @@ -27,6 +27,10 @@ tcpSocket: {{- $mounts_nova_novncproxy := .Values.pod.mounts.nova_novncproxy.nova_novncproxy }} {{- $mounts_nova_novncproxy_init := .Values.pod.mounts.nova_novncproxy.init_novncproxy }} +{{- $etcSources := .Values.pod.etcSources.nova_novncproxy }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $vencrypt_enabled := (contains "vencrypt" .Values.conf.nova.vnc.auth_schemes) }} @@ -174,11 +178,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: pod-usr-share-novnc emptyDir: {} - name: pod-shared diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml index ea60b75c62..ddce194a3d 100644 --- a/nova/templates/deployment-scheduler.yaml +++ b/nova/templates/deployment-scheduler.yaml @@ -44,6 +44,10 @@ exec: {{- $mounts_nova_scheduler := .Values.pod.mounts.nova_scheduler.nova_scheduler }} {{- $mounts_nova_scheduler_init := .Values.pod.mounts.nova_scheduler.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_scheduler }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-scheduler" }} {{ tuple $envAll "scheduler" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -147,11 +151,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} {{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} diff --git a/nova/templates/deployment-serialproxy.yaml b/nova/templates/deployment-serialproxy.yaml index 22adb9076b..d600b993d5 100644 --- a/nova/templates/deployment-serialproxy.yaml +++ b/nova/templates/deployment-serialproxy.yaml @@ -27,6 +27,10 @@ tcpSocket: {{- $mounts_nova_serialproxy := .Values.pod.mounts.nova_serialproxy.nova_serialproxy }} {{- $mounts_nova_serialproxy_init := .Values.pod.mounts.nova_serialproxy.init_serialproxy }} +{{- $etcSources := .Values.pod.etcSources.nova_serialproxy }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-serialproxy" }} {{ tuple $envAll "serialproxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -152,11 +156,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: pod-usr-share-serial emptyDir: {} - name: pod-shared diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml index 975148443f..5bb4dd2317 100644 --- a/nova/templates/deployment-spiceproxy.yaml +++ b/nova/templates/deployment-spiceproxy.yaml @@ -27,6 +27,10 @@ tcpSocket: {{- $mounts_nova_spiceproxy := .Values.pod.mounts.nova_spiceproxy.nova_spiceproxy }} {{- $mounts_nova_spiceproxy_init := .Values.pod.mounts.nova_spiceproxy.init_spiceproxy }} +{{- $etcSources := .Values.pod.etcSources.nova_spiceproxy }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-spiceproxy" }} {{ tuple $envAll "spiceproxy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -160,11 +164,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: pod-usr-share-spice-html5 emptyDir: {} - name: pod-shared diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml index a2abeacab7..d5d9f28bca 100644 --- a/nova/templates/job-cell-setup.yaml +++ b/nova/templates/job-cell-setup.yaml @@ -17,6 +17,10 @@ limitations under the License. {{- $serviceAccountName := "nova-cell-setup" }} {{ tuple $envAll "cell_setup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $etcSources := .Values.pod.etcSources.nova_cell_setup }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} --- apiVersion: batch/v1 kind: Job @@ -127,11 +131,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: nova-bin configMap: name: nova-bin diff --git a/nova/templates/statefulset-compute-ironic.yaml b/nova/templates/statefulset-compute-ironic.yaml index 4c22627f96..d2df22d7e8 100644 --- a/nova/templates/statefulset-compute-ironic.yaml +++ b/nova/templates/statefulset-compute-ironic.yaml @@ -17,6 +17,10 @@ limitations under the License. {{- $mounts_nova_compute_ironic := .Values.pod.mounts.nova_compute_ironic.nova_compute_ironic }} {{- $mounts_nova_compute_ironic_init := .Values.pod.mounts.nova_compute_ironic.init_container }} +{{- $etcSources := .Values.pod.etcSources.nova_compute_ironic }} +{{- if eq .Values.manifests.secret_ks_etc true }} +{{- $etcSources = append $etcSources (dict "secret" (dict "name" "nova-ks-etc")) }} +{{- end }} {{- $serviceAccountName := "nova-compute-ironic" }} {{ tuple $envAll "compute_ironic" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} @@ -109,11 +113,12 @@ spec: secret: secretName: nova-etc defaultMode: 0444 +{{- if $etcSources }} - name: nova-etc-snippets projected: sources: - - secret: - name: nova-ks-etc +{{ toYaml $etcSources | indent 14 }} +{{ end }} - name: varlibironic hostPath: path: /var/lib/ironic diff --git a/nova/values.yaml b/nova/values.yaml index e8b9028d26..d25ce3219e 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -2386,6 +2386,25 @@ pod: - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule + # -- This allows users to add Kubernetes Projected Volumes to be mounted at /etc/nova/nova.conf.d/ + ## This is a list of projected volume source objects for each deployment/statefulset/job + ## https://kubernetes.io/docs/concepts/storage/projected-volumes/ + etcSources: + nova_compute: [] + nova_compute_ironic: [] + nova_api_metadata: [] + nova_api_osapi: [] + nova_conductor: [] + nova_scheduler: [] + nova_bootstrap: [] + nova_tests: [] + nova_novncproxy: [] + nova_serialproxy: [] + nova_spiceproxy: [] + nova_db_sync: [] + nova_archive_deleted_rows: [] + nova_service_cleaner: [] + nova_cell_setup: [] mounts: nova_compute: init_container: null diff --git a/releasenotes/notes/nova-fc00bda9bb69988e.yaml b/releasenotes/notes/nova-fc00bda9bb69988e.yaml new file mode 100644 index 0000000000..fc3a7b2bdf --- /dev/null +++ b/releasenotes/notes/nova-fc00bda9bb69988e.yaml @@ -0,0 +1,7 @@ +--- +nova: + - | + Allow users to add additional sources to the Projected Volume that is mounted + at /etc/nova/nova.conf.d/ so they may more easily override configs or provide + additional configs for the various services in the chart. +...