Add tolerations to openstack services

Adds patches from openstack-helm and openstack-helm-infra that
enables openstack services, jobs, and friends (libvirt, memcached
mariadb, openvswitch, rabbitmq, ingress) to support taint toleration

Also adds tolerations for nova-api-proxy, stx-ks-user and
nova-ephemeral-pool

Taint toleration `node-role.kubernetes.io/master:NoSchedule` is also
enabled by default as seen in `manifest.yaml`

deleted:
  - file: 0014-Add-tolerations-to-rabbitmq-chart.patch
    reason: deprecated by 0017 (also was not working for rabbit jobs)
  - file: 0015-Add-tolerations-to-mariadb-chart.patch
    reason: deprecated by 0017 (also was not working for maria jobs)

Test Plan:

PASS: After controller node taint application is applied
PASS: If controller has no taint application is applied
FAIL (expected): After user override removing toleration apply fails
PASS: Other taint is added to controller and after user overrides apply
succceeds

Notes:
 - Tested in AIO-SX (Both Virt. and Physical Machine)
 - Tested with taint node-role.kubernetes.io/master:NoSchedule
 - Tested with taint openstack-compute-node:NoSchedule
 - Apply fails -> pods pending untolarated taints

Story: 2009232
Task: 43345

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I6bd0d28cdc31f07d18b3cdfda3b0282a4d3117a4
This commit is contained in:
Lucas Cavalcante 2021-10-08 15:23:19 -03:00
parent 7120e3fb53
commit de4ac1007a
13 changed files with 2888 additions and 72 deletions

View File

@ -24,9 +24,8 @@ Patch09: 0009-Enable-override-of-mariadb-server-probe-parameters.patch
Patch11: 0011-Add-mariadb-database-config-override-to-support-ipv6.patch
Patch12: 0012-enable-Values.conf.database.config_override-for-mari.patch
Patch13: 0013-Allow-set-public-endpoint-url-for-all-openstack-types.patch
Patch14: 0014-Add-tolerations-to-rabbitmq-chart.patch
Patch15: 0015-Add-tolerations-to-mariadb-chart.patch
Patch16: 0016-Disabling-helm3_hooks.patch
Patch17: 0017-Enable-taint-toleration-for-Openstack-services.patch
BuildRequires: helm
BuildRequires: chartmuseum
@ -45,9 +44,8 @@ Openstack Helm Infra charts
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%build
# Host a server for the charts

View File

@ -1,26 +0,0 @@
From c8f3a96fad3344cfdb058c7c0fee77431f77a001 Mon Sep 17 00:00:00 2001
From: Mihnea Saracin <Mihnea.Saracin@windriver.com>
Date: Wed, 22 Jul 2020 15:53:25 +0300
Subject: [PATCH] Add tolerations to rabbitmq chart
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
---
rabbitmq/templates/statefulset.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
index 9e40a103..cf5d1811 100644
--- a/rabbitmq/templates/statefulset.yaml
+++ b/rabbitmq/templates/statefulset.yaml
@@ -85,6 +85,8 @@ spec:
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value | quote }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
initContainers:
{{ tuple $envAll "rabbitmq" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: rabbitmq-password
--
2.17.1

View File

@ -1,40 +0,0 @@
From 7394d591310bf5342f3b66e4ee0a6a3cbd38c558 Mon Sep 17 00:00:00 2001
From: Mihnea Saracin <Mihnea.Saracin@windriver.com>
Date: Tue, 11 Aug 2020 10:52:15 +0300
Subject: [PATCH] Add tolerations to mariadb chart
Signed-off-by: Mihnea Saracin <Mihnea.Saracin@windriver.com>
---
mariadb/templates/deployment-ingress.yaml | 2 ++
mariadb/templates/statefulset.yaml | 2 ++
2 files changed, 4 insertions(+)
diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml
index 72bea94a..9fb02c8d 100644
--- a/mariadb/templates/deployment-ingress.yaml
+++ b/mariadb/templates/deployment-ingress.yaml
@@ -147,6 +147,8 @@ spec:
nodeSelector:
{{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }}
terminationGracePeriodSeconds: 60
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
initContainers:
{{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml
index 7ccc219b..120427ae 100644
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@@ -108,6 +108,8 @@ spec:
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
initContainers:
{{ tuple $envAll "mariadb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if .Values.volume.chown_on_start }}
--
2.17.1

View File

@ -0,0 +1,706 @@
From 2538a3cb70606bf86851201e58fd341a55d9f5f5 Mon Sep 17 00:00:00 2001
From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Date: Wed, 6 Oct 2021 18:52:35 -0300
Subject: [PATCH] Enable taint toleration for Openstack services
This adds taint toleration support for openstack jobs
Also adds tolerations for:
- rabbitmq
- ingress
- mariadb
- memcached
- libvirt
- openvswitch
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I1c731c94e58895bd8bfc26d4300aac40a9111f12
---
.../templates/manifests/_job-bootstrap.tpl | 4 ++
.../manifests/_job-db-drop-mysql.tpl | 4 ++
.../manifests/_job-db-init-mysql.tpl | 4 ++
.../templates/manifests/_job-db-sync.tpl | 4 ++
.../templates/manifests/_job-ks-endpoints.tpl | 4 ++
.../templates/manifests/_job-ks-service.tpl | 4 ++
.../templates/manifests/_job-ks-user.yaml.tpl | 4 ++
.../manifests/_job-rabbit-init.yaml.tpl | 4 ++
.../manifests/_job-s3-bucket.yaml.tpl | 4 ++
.../templates/manifests/_job-s3-user.yaml.tpl | 4 ++
.../manifests/_job_image_repo_sync.tpl | 4 ++
ingress/templates/deployment-error.yaml | 6 +++
ingress/templates/deployment-ingress.yaml | 3 ++
ingress/templates/job-image-repo-sync.yaml | 3 ++
ingress/values.yaml | 7 +++
libvirt/templates/daemonset-libvirt.yaml | 3 ++
libvirt/templates/job-image-repo-sync.yaml | 3 ++
libvirt/values.yaml | 7 +++
.../templates/cron-job-backup-mariadb.yaml | 3 ++
mariadb/templates/deployment-error.yaml | 3 ++
mariadb/templates/deployment-ingress.yaml | 3 ++
mariadb/templates/job-image-repo-sync.yaml | 3 ++
mariadb/templates/job-ks-user.yaml | 3 ++
mariadb/templates/pod-test.yaml | 3 ++
mariadb/templates/statefulset.yaml | 3 ++
mariadb/values.yaml | 7 +++
memcached/templates/deployment.yaml | 3 ++
memcached/templates/job-image-repo-sync.yaml | 3 ++
memcached/values.yaml | 7 +++
openvswitch/templates/daemonset-ovs-db.yaml | 3 ++
.../templates/daemonset-ovs-vswitchd.yaml | 3 ++
.../templates/job-image-repo-sync.yaml | 3 ++
openvswitch/values.yaml | 7 +++
rabbitmq/templates/job-cluster-wait.yaml | 3 ++
rabbitmq/templates/job-image-repo-sync.yaml | 3 ++
rabbitmq/templates/pod-test.yaml | 3 ++
rabbitmq/templates/statefulset.yaml | 3 ++
rabbitmq/values.yaml | 7 +++
41 files changed, 245 insertions(+)
create mode 100644 releasenotes/notes/helm-toolkit.yaml.orig
create mode 100644 releasenotes/notes/libvirt.yaml.orig
create mode 100644 releasenotes/notes/mariadb.yaml.orig
diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 65020e5d..b385199a 100644
--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -23,6 +23,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $podVolMounts := index . "podVolMounts" | default false -}}
{{- $podVols := index . "podVols" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
@@ -72,6 +73,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
index 6edbdb3a..934a2435 100644
--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
@@ -28,6 +28,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}}
{{- $dbToDrop := index . "dbToDrop" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}}
@@ -73,6 +74,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "db_drop" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index bfed1968..c164ad0a 100644
--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -28,6 +28,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}}
{{- $dbToInit := index . "dbToInit" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}}
@@ -73,6 +74,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 71ff924b..659238a4 100644
--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -23,6 +23,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}}
{{- $podVolMounts := index . "podVolMounts" | default false -}}
@@ -70,6 +71,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
index e06aeb65..a06d0906 100644
--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
@@ -24,6 +24,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $secretBin := index . "secretBin" -}}
{{- $tlsSecret := index . "tlsSecret" | default "" -}}
@@ -71,6 +72,9 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: {{ $restartPolicy }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:
diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl
index 93e64e1d..f5f195ca 100644
--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl
@@ -24,6 +24,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $secretBin := index . "secretBin" -}}
{{- $tlsSecret := index . "tlsSecret" | default "" -}}
@@ -73,6 +74,9 @@ spec:
restartPolicy: {{ $restartPolicy }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "ks_service" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
index 39007de8..f6bbc148 100644
--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
@@ -45,6 +45,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
{{- $secretBin := index . "secretBin" -}}
@@ -96,6 +97,9 @@ spec:
restartPolicy: {{ $restartPolicy }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
index aae71ac5..59e0da0f 100644
--- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
@@ -18,6 +18,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $serviceUser := index . "serviceUser" | default $serviceName -}}
{{- $secretBin := index . "secretBin" -}}
@@ -63,6 +64,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "rabbit_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
index 42bb8548..240c29ca 100644
--- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
@@ -23,6 +23,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}}
{{- $secretBin := index . "secretBin" -}}
@@ -68,6 +69,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "s3_bucket" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
index 36fe3582..440e9590 100644
--- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
@@ -23,6 +23,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
{{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}}
{{- $secretBin := index . "secretBin" -}}
@@ -66,6 +67,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "s3_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ceph-keyring-placement
diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
index c1609195..6bcd8694 100644
--- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
+++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
@@ -23,6 +23,7 @@ limitations under the License.
{{- $jobAnnotations := index . "jobAnnotations" -}}
{{- $jobLabels := index . "jobLabels" -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
+{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}}
{{- $podVolMounts := index . "podVolMounts" | default false -}}
{{- $podVols := index . "podVols" | default false -}}
{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}}
@@ -65,6 +66,9 @@ spec:
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
+{{- if $tolerationsEnabled }}
+{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{- end}}
initContainers:
{{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml
index 417e63d4..0d417f98 100644
--- a/ingress/templates/deployment-error.yaml
+++ b/ingress/templates/deployment-error.yaml
@@ -47,8 +47,14 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.ingress.enabled }}
+{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value | quote }}
+{{ if $envAll.Values.pod.tolerations.ingress.enabled }}
+{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
initContainers:
{{ tuple $envAll "error_pages" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml
index c6aaf46a..780af3a3 100644
--- a/ingress/templates/deployment-ingress.yaml
+++ b/ingress/templates/deployment-ingress.yaml
@@ -206,6 +206,9 @@ spec:
affinity:
{{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{- end }}
+{{ if $envAll.Values.pod.tolerations.ingress.enabled }}
+{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value | quote }}
{{- if .Values.network.host_namespace }}
diff --git a/ingress/templates/job-image-repo-sync.yaml b/ingress/templates/job-image-repo-sync.yaml
index c4841467..2132f9a3 100644
--- a/ingress/templates/job-image-repo-sync.yaml
+++ b/ingress/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ingress" -}}
+{{- if .Values.pod.tolerations.ingress.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/ingress/values.yaml b/ingress/values.yaml
index b70ec2a8..c326c15a 100644
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@@ -81,6 +81,13 @@ pod:
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ ingress:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
dns_policy: "ClusterFirstWithHostNet"
replicas:
ingress: 1
diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml
index 2c0ccda8..4853d0c2 100644
--- a/libvirt/templates/daemonset-libvirt.yaml
+++ b/libvirt/templates/daemonset-libvirt.yaml
@@ -69,6 +69,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.agent.libvirt.node_selector_key }}: {{ .Values.labels.agent.libvirt.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.libvirt.enabled }}
+{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
hostNetwork: true
hostPID: true
hostIPC: true
diff --git a/libvirt/templates/job-image-repo-sync.yaml b/libvirt/templates/job-image-repo-sync.yaml
index d359d1aa..91d52820 100644
--- a/libvirt/templates/job-image-repo-sync.yaml
+++ b/libvirt/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "libvirt" -}}
+{{- if .Values.pod.tolerations.libvirt.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/libvirt/values.yaml b/libvirt/values.yaml
index b6cab8db..f23299e9 100644
--- a/libvirt/values.yaml
+++ b/libvirt/values.yaml
@@ -137,6 +137,13 @@ pod:
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ libvirt:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
dns_policy: "ClusterFirstWithHostNet"
mounts:
libvirt:
diff --git a/mariadb/templates/cron-job-backup-mariadb.yaml b/mariadb/templates/cron-job-backup-mariadb.yaml
index 660c6557..c004b5f5 100644
--- a/mariadb/templates/cron-job-backup-mariadb.yaml
+++ b/mariadb/templates/cron-job-backup-mariadb.yaml
@@ -52,6 +52,9 @@ spec:
{{ dict "envAll" $envAll "application" "mariadb_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
+{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
diff --git a/mariadb/templates/deployment-error.yaml b/mariadb/templates/deployment-error.yaml
index ea085ae4..4f3b68bd 100644
--- a/mariadb/templates/deployment-error.yaml
+++ b/mariadb/templates/deployment-error.yaml
@@ -47,6 +47,9 @@ spec:
{{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
+{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }}
diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml
index add8501c..a9fc9896 100644
--- a/mariadb/templates/deployment-ingress.yaml
+++ b/mariadb/templates/deployment-ingress.yaml
@@ -234,6 +234,9 @@ spec:
{{ dict "envAll" $envAll "application" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
+{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }}
terminationGracePeriodSeconds: 60
diff --git a/mariadb/templates/job-image-repo-sync.yaml b/mariadb/templates/job-image-repo-sync.yaml
index 3c2b5d21..2121a397 100644
--- a/mariadb/templates/job-image-repo-sync.yaml
+++ b/mariadb/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "mariadb" -}}
+{{- if .Values.pod.tolerations.mariadb.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/mariadb/templates/job-ks-user.yaml b/mariadb/templates/job-ks-user.yaml
index 99b384d6..fddf8858 100644
--- a/mariadb/templates/job-ks-user.yaml
+++ b/mariadb/templates/job-ks-user.yaml
@@ -16,5 +16,8 @@ limitations under the License.
{{- $backoffLimit := .Values.jobs.ks_user.backoffLimit }}
{{- $activeDeadlineSeconds := .Values.jobs.ks_user.activeDeadlineSeconds }}
{{- $ksUserJob := dict "envAll" . "serviceName" "mariadb" "configMapBin" "mariadb-bin" "backoffLimit" $backoffLimit "activeDeadlineSeconds" $activeDeadlineSeconds -}}
+{{- if .Values.pod.tolerations.mariadb.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml
index 940430a9..98bac8c8 100644
--- a/mariadb/templates/pod-test.yaml
+++ b/mariadb/templates/pod-test.yaml
@@ -33,6 +33,9 @@ spec:
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "tests" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
+{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
restartPolicy: Never
diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml
index d2d1c2e3..0a3fb15d 100644
--- a/mariadb/templates/statefulset.yaml
+++ b/mariadb/templates/statefulset.yaml
@@ -106,6 +106,9 @@ spec:
{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
affinity:
{{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.mariadb.enabled }}
+{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
initContainers:
diff --git a/mariadb/values.yaml b/mariadb/values.yaml
index b86bf925..c355d42a 100644
--- a/mariadb/values.yaml
+++ b/mariadb/values.yaml
@@ -135,6 +135,13 @@ pod:
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ mariadb:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
replicas:
server: 3
ingress: 2
diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml
index 1b4e2027..221bfdbe 100644
--- a/memcached/templates/deployment.yaml
+++ b/memcached/templates/deployment.yaml
@@ -50,6 +50,9 @@ spec:
{{ tuple $envAll "memcached" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value | quote }}
+{{ if $envAll.Values.pod.tolerations.memcached.enabled }}
+{{ tuple $envAll "memcached" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.memcached.timeout | default "30" }}
initContainers:
{{ tuple $envAll "memcached" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
diff --git a/memcached/templates/job-image-repo-sync.yaml b/memcached/templates/job-image-repo-sync.yaml
index e2438d7e..ae519ff0 100644
--- a/memcached/templates/job-image-repo-sync.yaml
+++ b/memcached/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "memcached" -}}
+{{- if .Values.pod.tolerations.memcached.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/memcached/values.yaml b/memcached/values.yaml
index 7ad6d29e..9cf3d3a2 100644
--- a/memcached/values.yaml
+++ b/memcached/values.yaml
@@ -169,6 +169,13 @@ pod:
default: preferredDuringSchedulingIgnoredDuringExecution
weight:
default: 10
+ tolerations:
+ memcached:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
lifecycle:
upgrades:
deployments:
diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml
index 8e8af636..17c343b4 100644
--- a/openvswitch/templates/daemonset-ovs-db.yaml
+++ b/openvswitch/templates/daemonset-ovs-db.yaml
@@ -59,6 +59,9 @@ spec:
{{ dict "envAll" $envAll "application" "openvswitch_db_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }}
+{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
dnsPolicy: {{ .Values.pod.dns_policy }}
hostNetwork: true
initContainers:
diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
index d86d466a..97507b49 100644
--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml
+++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml
@@ -72,6 +72,9 @@ spec:
{{ dict "envAll" $envAll "application" "openvswitch_vswitchd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }}
+{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
dnsPolicy: {{ .Values.pod.dns_policy }}
hostNetwork: true
initContainers:
diff --git a/openvswitch/templates/job-image-repo-sync.yaml b/openvswitch/templates/job-image-repo-sync.yaml
index 4d1058ed..765061c3 100644
--- a/openvswitch/templates/job-image-repo-sync.yaml
+++ b/openvswitch/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "openvswitch" -}}
+{{- if .Values.pod.tolerations.openvswitch.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml
index de6169a1..c953a899 100644
--- a/openvswitch/values.yaml
+++ b/openvswitch/values.yaml
@@ -37,6 +37,13 @@ labels:
node_selector_value: enabled
pod:
+ tolerations:
+ openvswitch:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
probes:
ovs_db:
ovs_db:
diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml
index b309e6e5..131cf456 100644
--- a/rabbitmq/templates/job-cluster-wait.yaml
+++ b/rabbitmq/templates/job-cluster-wait.yaml
@@ -50,6 +50,9 @@ spec:
{{ dict "envAll" $envAll "application" "cluster_wait" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }}
+{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.test.node_selector_value | quote }}
initContainers:
diff --git a/rabbitmq/templates/job-image-repo-sync.yaml b/rabbitmq/templates/job-image-repo-sync.yaml
index 4875ed44..8fd379f9 100644
--- a/rabbitmq/templates/job-image-repo-sync.yaml
+++ b/rabbitmq/templates/job-image-repo-sync.yaml
@@ -14,5 +14,8 @@ limitations under the License.
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "rabbitmq" -}}
+{{- if .Values.pod.tolerations.rabbitmq.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml
index 2ee00d5d..a1d9639f 100644
--- a/rabbitmq/templates/pod-test.yaml
+++ b/rabbitmq/templates/pod-test.yaml
@@ -42,6 +42,9 @@ metadata:
spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
serviceAccountName: {{ $serviceAccountName }}
+{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }}
+{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+{{ end }}
nodeSelector:
{{ $envAll.Values.labels.test.node_selector_key }}: {{ $envAll.Values.labels.test.node_selector_value | quote }}
restartPolicy: Never
diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml
index 578ea357..eebc8379 100644
--- a/rabbitmq/templates/statefulset.yaml
+++ b/rabbitmq/templates/statefulset.yaml
@@ -103,6 +103,9 @@ spec:
serviceAccountName: {{ $rcControllerName | quote }}
affinity:
{{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }}
+{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
nodeSelector:
{{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value | quote }}
initContainers:
diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml
index c593966f..4e1f7328 100644
--- a/rabbitmq/values.yaml
+++ b/rabbitmq/values.yaml
@@ -112,6 +112,13 @@ pod:
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ rabbitmq:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
replicas:
server: 2
prometheus_rabbitmq_exporter: 1
--
2.17.1

View File

@ -28,6 +28,7 @@ Patch06: 0006-Wrong-usage-of-rbd_store_chunk_size.patch
Patch07: 0007-Add-stx_admin-account.patch
Patch08: 0008-Disabling-helm3_hook.patch
Patch09: 0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch
Patch10: 0010-Enable-taint-toleration-for-Openstack-services.patch
BuildRequires: helm
BuildRequires: openstack-helm-infra
@ -48,6 +49,7 @@ Openstack Helm charts
%patch07 -p1
%patch08 -p1
%patch09 -p1
%patch10 -p1
%build
# Stage helm-toolkit in the local repo

View File

@ -119,7 +119,7 @@ new file mode 100644
index 0000000..3963926
--- /dev/null
+++ b/nova/templates/job-storage-init.yaml
@@ -0,0 +1,153 @@
@@ -0,0 +1,156 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
@ -182,6 +182,9 @@ index 0000000..3963926
+ restartPolicy: OnFailure
+ nodeSelector:
+ {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.nova.enabled }}
+{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{ if or .Values.conf.ceph.enabled }}

View File

@ -21,7 +21,7 @@ new file mode 100644
index 00000000..91f990f3
--- /dev/null
+++ b/keystone/templates/job-ks-user.yaml
@@ -0,0 +1,21 @@
@@ -0,0 +1,24 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
@ -41,6 +41,9 @@ index 00000000..91f990f3
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
+{{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
+{{- end }}
diff --git a/keystone/templates/secret-keystone.yaml b/keystone/templates/secret-keystone.yaml

File diff suppressed because it is too large Load Diff

View File

@ -38,6 +38,9 @@ spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
{{ if $envAll.Values.pod.tolerations.nova.enabled }}
{{ tuple $envAll "nova_api_proxy" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
nodeSelector:
{{ .Values.labels.api_proxy.node_selector_key }}: {{ .Values.labels.api_proxy.node_selector_value }}
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api_proxy.timeout | default "30" }}

View File

@ -8,6 +8,9 @@
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "nova-api-proxy" -}}
{{- if .Values.pod.tolerations.nova_api_proxy.enabled -}}
{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}

View File

@ -11,5 +11,8 @@
{{- if .Values.manifests.certificates -}}
{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.compute.api_proxy.internal -}}
{{- end -}}
{{- if .Values.pod.tolerations.nova.enabled -}}
{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}

View File

@ -240,6 +240,19 @@ pod:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
tolerations:
nova_api_proxy:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
nova:
enabled: false
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
mounts:
nova_api_proxy:
init_container: null

View File

@ -88,6 +88,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
ingress:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
conf:
ingress:
worker-processes: '4'
@ -185,6 +192,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
mariadb:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
conf:
ingress_conf:
worker-processes: '4'
@ -269,6 +283,14 @@ data:
prometheus_memcached_exporter:
node_selector_key: openstack-control-plane
node_selector_value: enabled
pod:
tolerations:
memcached:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
monitoring:
prometheus:
enabled: false
@ -335,6 +357,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
rabbitmq:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
probes:
readiness:
periodSeconds: 30
@ -428,6 +457,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
keystone:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
security_context:
keystone:
pod:
@ -758,6 +794,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
glance:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
endpoints:
oslo_messaging:
statefulset:
@ -877,6 +920,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
cinder:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
endpoints:
oslo_messaging:
statefulset:
@ -933,6 +983,14 @@ data:
cgroup: "k8s-infra"
libvirt:
listen_addr: "::"
pod:
tolerations:
libvirt:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
images:
tags:
image_repo_sync: null
@ -977,6 +1035,14 @@ data:
image_repo_sync: null
openvswitch_db_server: docker.io/starlingx/stx-ovs:master-centos-stable-latest
openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest
pod:
tolerations:
openvswitch:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
source:
type: tar
location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.5.tgz
@ -1111,6 +1177,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
nova:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
user:
nova:
uid: 0
@ -1306,6 +1379,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
placement:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
user:
placement:
uid: 42424
@ -1394,6 +1474,19 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
nova_api_proxy:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
nova:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
conf:
nova_api_proxy:
DEFAULT:
@ -1517,6 +1610,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
neutron:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
# Probes fail cause a long delay and eventual failure of the armada
# application apply. Need to determine the fix to re-enable these.
probes:
@ -1929,6 +2029,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
heat:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
source:
type: tar
location: http://172.17.0.1/helm_charts/starlingx/heat-0.2.7.tgz
@ -2798,6 +2905,13 @@ data:
anti:
type:
default: requiredDuringSchedulingIgnoredDuringExecution
tolerations:
fm:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
labels:
api:
node_selector_key: openstack-control-plane
@ -2869,6 +2983,13 @@ data:
enabled: 'true'
port: 31000
pod:
tolerations:
horizon:
enabled: true
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
mounts:
horizon:
horizon: