diff --git a/openstack-helm-infra/centos/openstack-helm-infra.spec b/openstack-helm-infra/centos/openstack-helm-infra.spec index 1553eeb7..e8ae89ab 100644 --- a/openstack-helm-infra/centos/openstack-helm-infra.spec +++ b/openstack-helm-infra/centos/openstack-helm-infra.spec @@ -24,9 +24,8 @@ Patch09: 0009-Enable-override-of-mariadb-server-probe-parameters.patch Patch11: 0011-Add-mariadb-database-config-override-to-support-ipv6.patch Patch12: 0012-enable-Values.conf.database.config_override-for-mari.patch Patch13: 0013-Allow-set-public-endpoint-url-for-all-openstack-types.patch -Patch14: 0014-Add-tolerations-to-rabbitmq-chart.patch -Patch15: 0015-Add-tolerations-to-mariadb-chart.patch Patch16: 0016-Disabling-helm3_hooks.patch +Patch17: 0017-Enable-taint-toleration-for-Openstack-services.patch BuildRequires: helm BuildRequires: chartmuseum @@ -45,9 +44,8 @@ Openstack Helm Infra charts %patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 -%patch15 -p1 %patch16 -p1 +%patch17 -p1 %build # Host a server for the charts diff --git a/openstack-helm-infra/files/0014-Add-tolerations-to-rabbitmq-chart.patch b/openstack-helm-infra/files/0014-Add-tolerations-to-rabbitmq-chart.patch deleted file mode 100644 index 3a7fdc55..00000000 --- a/openstack-helm-infra/files/0014-Add-tolerations-to-rabbitmq-chart.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c8f3a96fad3344cfdb058c7c0fee77431f77a001 Mon Sep 17 00:00:00 2001 -From: Mihnea Saracin -Date: Wed, 22 Jul 2020 15:53:25 +0300 -Subject: [PATCH] Add tolerations to rabbitmq chart - -Signed-off-by: Mihnea Saracin ---- - rabbitmq/templates/statefulset.yaml | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml -index 9e40a103..cf5d1811 100644 ---- a/rabbitmq/templates/statefulset.yaml -+++ b/rabbitmq/templates/statefulset.yaml -@@ -85,6 +85,8 @@ spec: - {{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value | quote }} -+ tolerations: -+{{ toYaml .Values.tolerations | indent 8 }} - initContainers: - {{ tuple $envAll "rabbitmq" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: rabbitmq-password --- -2.17.1 - diff --git a/openstack-helm-infra/files/0015-Add-tolerations-to-mariadb-chart.patch b/openstack-helm-infra/files/0015-Add-tolerations-to-mariadb-chart.patch deleted file mode 100644 index 1ae38564..00000000 --- a/openstack-helm-infra/files/0015-Add-tolerations-to-mariadb-chart.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7394d591310bf5342f3b66e4ee0a6a3cbd38c558 Mon Sep 17 00:00:00 2001 -From: Mihnea Saracin -Date: Tue, 11 Aug 2020 10:52:15 +0300 -Subject: [PATCH] Add tolerations to mariadb chart - -Signed-off-by: Mihnea Saracin ---- - mariadb/templates/deployment-ingress.yaml | 2 ++ - mariadb/templates/statefulset.yaml | 2 ++ - 2 files changed, 4 insertions(+) - -diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml -index 72bea94a..9fb02c8d 100644 ---- a/mariadb/templates/deployment-ingress.yaml -+++ b/mariadb/templates/deployment-ingress.yaml -@@ -147,6 +147,8 @@ spec: - nodeSelector: - {{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }} - terminationGracePeriodSeconds: 60 -+ tolerations: -+{{ toYaml .Values.tolerations | indent 8 }} - initContainers: - {{ tuple $envAll "ingress" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: -diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml -index 7ccc219b..120427ae 100644 ---- a/mariadb/templates/statefulset.yaml -+++ b/mariadb/templates/statefulset.yaml -@@ -108,6 +108,8 @@ spec: - {{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} - nodeSelector: - {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} -+ tolerations: -+{{ toYaml .Values.tolerations | indent 8 }} - initContainers: - {{ tuple $envAll "mariadb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - {{- if .Values.volume.chown_on_start }} --- -2.17.1 - diff --git a/openstack-helm-infra/files/0017-Enable-taint-toleration-for-Openstack-services.patch b/openstack-helm-infra/files/0017-Enable-taint-toleration-for-Openstack-services.patch new file mode 100644 index 00000000..40c46c5b --- /dev/null +++ b/openstack-helm-infra/files/0017-Enable-taint-toleration-for-Openstack-services.patch @@ -0,0 +1,706 @@ +From 2538a3cb70606bf86851201e58fd341a55d9f5f5 Mon Sep 17 00:00:00 2001 +From: Lucas Cavalcante +Date: Wed, 6 Oct 2021 18:52:35 -0300 +Subject: [PATCH] Enable taint toleration for Openstack services + +This adds taint toleration support for openstack jobs + +Also adds tolerations for: + - rabbitmq + - ingress + - mariadb + - memcached + - libvirt + - openvswitch + +Signed-off-by: Lucas Cavalcante +Change-Id: I1c731c94e58895bd8bfc26d4300aac40a9111f12 +--- + .../templates/manifests/_job-bootstrap.tpl | 4 ++ + .../manifests/_job-db-drop-mysql.tpl | 4 ++ + .../manifests/_job-db-init-mysql.tpl | 4 ++ + .../templates/manifests/_job-db-sync.tpl | 4 ++ + .../templates/manifests/_job-ks-endpoints.tpl | 4 ++ + .../templates/manifests/_job-ks-service.tpl | 4 ++ + .../templates/manifests/_job-ks-user.yaml.tpl | 4 ++ + .../manifests/_job-rabbit-init.yaml.tpl | 4 ++ + .../manifests/_job-s3-bucket.yaml.tpl | 4 ++ + .../templates/manifests/_job-s3-user.yaml.tpl | 4 ++ + .../manifests/_job_image_repo_sync.tpl | 4 ++ + ingress/templates/deployment-error.yaml | 6 +++ + ingress/templates/deployment-ingress.yaml | 3 ++ + ingress/templates/job-image-repo-sync.yaml | 3 ++ + ingress/values.yaml | 7 +++ + libvirt/templates/daemonset-libvirt.yaml | 3 ++ + libvirt/templates/job-image-repo-sync.yaml | 3 ++ + libvirt/values.yaml | 7 +++ + .../templates/cron-job-backup-mariadb.yaml | 3 ++ + mariadb/templates/deployment-error.yaml | 3 ++ + mariadb/templates/deployment-ingress.yaml | 3 ++ + mariadb/templates/job-image-repo-sync.yaml | 3 ++ + mariadb/templates/job-ks-user.yaml | 3 ++ + mariadb/templates/pod-test.yaml | 3 ++ + mariadb/templates/statefulset.yaml | 3 ++ + mariadb/values.yaml | 7 +++ + memcached/templates/deployment.yaml | 3 ++ + memcached/templates/job-image-repo-sync.yaml | 3 ++ + memcached/values.yaml | 7 +++ + openvswitch/templates/daemonset-ovs-db.yaml | 3 ++ + .../templates/daemonset-ovs-vswitchd.yaml | 3 ++ + .../templates/job-image-repo-sync.yaml | 3 ++ + openvswitch/values.yaml | 7 +++ + rabbitmq/templates/job-cluster-wait.yaml | 3 ++ + rabbitmq/templates/job-image-repo-sync.yaml | 3 ++ + rabbitmq/templates/pod-test.yaml | 3 ++ + rabbitmq/templates/statefulset.yaml | 3 ++ + rabbitmq/values.yaml | 7 +++ + 41 files changed, 245 insertions(+) + create mode 100644 releasenotes/notes/helm-toolkit.yaml.orig + create mode 100644 releasenotes/notes/libvirt.yaml.orig + create mode 100644 releasenotes/notes/mariadb.yaml.orig + +diff --git a/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/helm-toolkit/templates/manifests/_job-bootstrap.tpl +index 65020e5d..b385199a 100644 +--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl ++++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl +@@ -23,6 +23,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $podVolMounts := index . "podVolMounts" | default false -}} + {{- $podVols := index . "podVols" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +@@ -72,6 +73,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +index 6edbdb3a..934a2435 100644 +--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl ++++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl +@@ -28,6 +28,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} + {{- $dbToDrop := index . "dbToDrop" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +@@ -73,6 +74,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "db_drop" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +index bfed1968..c164ad0a 100644 +--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl ++++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl +@@ -28,6 +28,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} + {{- $dbToInit := index . "dbToInit" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} +@@ -73,6 +74,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "db_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-db-sync.tpl b/helm-toolkit/templates/manifests/_job-db-sync.tpl +index 71ff924b..659238a4 100644 +--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl ++++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl +@@ -23,6 +23,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} + {{- $podVolMounts := index . "podVolMounts" | default false -}} +@@ -70,6 +71,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "db_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +index e06aeb65..a06d0906 100644 +--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl ++++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl +@@ -24,6 +24,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $secretBin := index . "secretBin" -}} + {{- $tlsSecret := index . "tlsSecret" | default "" -}} +@@ -71,6 +72,9 @@ spec: + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: {{ $restartPolicy }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} + initContainers: +diff --git a/helm-toolkit/templates/manifests/_job-ks-service.tpl b/helm-toolkit/templates/manifests/_job-ks-service.tpl +index 93e64e1d..f5f195ca 100644 +--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl ++++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl +@@ -24,6 +24,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $secretBin := index . "secretBin" -}} + {{- $tlsSecret := index . "tlsSecret" | default "" -}} +@@ -73,6 +74,9 @@ spec: + restartPolicy: {{ $restartPolicy }} + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "ks_service" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +index 39007de8..f6bbc148 100644 +--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl ++++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl +@@ -45,6 +45,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $serviceUser := index . "serviceUser" | default $serviceName -}} + {{- $secretBin := index . "secretBin" -}} +@@ -96,6 +97,9 @@ spec: + restartPolicy: {{ $restartPolicy }} + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +index aae71ac5..59e0da0f 100644 +--- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl ++++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl +@@ -18,6 +18,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $serviceUser := index . "serviceUser" | default $serviceName -}} + {{- $secretBin := index . "secretBin" -}} +@@ -63,6 +64,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "rabbit_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +index 42bb8548..240c29ca 100644 +--- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl ++++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl +@@ -23,6 +23,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}} + {{- $secretBin := index . "secretBin" -}} +@@ -68,6 +69,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "s3_bucket" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +index 36fe3582..440e9590 100644 +--- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl ++++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl +@@ -23,6 +23,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} + {{- $configMapCeph := index . "configMapCeph" | default (printf "ceph-etc" ) -}} + {{- $secretBin := index . "secretBin" -}} +@@ -66,6 +67,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "s3_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: ceph-keyring-placement +diff --git a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +index c1609195..6bcd8694 100644 +--- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl ++++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl +@@ -23,6 +23,7 @@ limitations under the License. + {{- $jobAnnotations := index . "jobAnnotations" -}} + {{- $jobLabels := index . "jobLabels" -}} + {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} ++{{- $tolerationsEnabled := index . "tolerationsEnabled" | default false -}} + {{- $podVolMounts := index . "podVolMounts" | default false -}} + {{- $podVols := index . "podVols" | default false -}} + {{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +@@ -65,6 +66,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{- if $tolerationsEnabled }} ++{{ tuple $envAll $serviceName | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{- end}} + initContainers: + {{ tuple $envAll "image_repo_sync" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/ingress/templates/deployment-error.yaml b/ingress/templates/deployment-error.yaml +index 417e63d4..0d417f98 100644 +--- a/ingress/templates/deployment-error.yaml ++++ b/ingress/templates/deployment-error.yaml +@@ -47,8 +47,14 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: + {{ tuple $envAll "ingress" "error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.ingress.enabled }} ++{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value | quote }} ++{{ if $envAll.Values.pod.tolerations.ingress.enabled }} ++{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} + initContainers: + {{ tuple $envAll "error_pages" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/ingress/templates/deployment-ingress.yaml b/ingress/templates/deployment-ingress.yaml +index c6aaf46a..780af3a3 100644 +--- a/ingress/templates/deployment-ingress.yaml ++++ b/ingress/templates/deployment-ingress.yaml +@@ -206,6 +206,9 @@ spec: + affinity: + {{ tuple $envAll "ingress" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + {{- end }} ++{{ if $envAll.Values.pod.tolerations.ingress.enabled }} ++{{ tuple $envAll "ingress" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value | quote }} + {{- if .Values.network.host_namespace }} +diff --git a/ingress/templates/job-image-repo-sync.yaml b/ingress/templates/job-image-repo-sync.yaml +index c4841467..2132f9a3 100644 +--- a/ingress/templates/job-image-repo-sync.yaml ++++ b/ingress/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "ingress" -}} ++{{- if .Values.pod.tolerations.ingress.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/ingress/values.yaml b/ingress/values.yaml +index b70ec2a8..c326c15a 100644 +--- a/ingress/values.yaml ++++ b/ingress/values.yaml +@@ -81,6 +81,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ ingress: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + dns_policy: "ClusterFirstWithHostNet" + replicas: + ingress: 1 +diff --git a/libvirt/templates/daemonset-libvirt.yaml b/libvirt/templates/daemonset-libvirt.yaml +index 2c0ccda8..4853d0c2 100644 +--- a/libvirt/templates/daemonset-libvirt.yaml ++++ b/libvirt/templates/daemonset-libvirt.yaml +@@ -69,6 +69,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.agent.libvirt.node_selector_key }}: {{ .Values.labels.agent.libvirt.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.libvirt.enabled }} ++{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + hostNetwork: true + hostPID: true + hostIPC: true +diff --git a/libvirt/templates/job-image-repo-sync.yaml b/libvirt/templates/job-image-repo-sync.yaml +index d359d1aa..91d52820 100644 +--- a/libvirt/templates/job-image-repo-sync.yaml ++++ b/libvirt/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "libvirt" -}} ++{{- if .Values.pod.tolerations.libvirt.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/libvirt/values.yaml b/libvirt/values.yaml +index b6cab8db..f23299e9 100644 +--- a/libvirt/values.yaml ++++ b/libvirt/values.yaml +@@ -137,6 +137,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ libvirt: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + dns_policy: "ClusterFirstWithHostNet" + mounts: + libvirt: +diff --git a/mariadb/templates/cron-job-backup-mariadb.yaml b/mariadb/templates/cron-job-backup-mariadb.yaml +index 660c6557..c004b5f5 100644 +--- a/mariadb/templates/cron-job-backup-mariadb.yaml ++++ b/mariadb/templates/cron-job-backup-mariadb.yaml +@@ -52,6 +52,9 @@ spec: + {{ dict "envAll" $envAll "application" "mariadb_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }} + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.mariadb.enabled }} ++{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/mariadb/templates/deployment-error.yaml b/mariadb/templates/deployment-error.yaml +index ea085ae4..4f3b68bd 100644 +--- a/mariadb/templates/deployment-error.yaml ++++ b/mariadb/templates/deployment-error.yaml +@@ -47,6 +47,9 @@ spec: + {{ dict "envAll" $envAll "application" "error_pages" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "mariadb" "ingress-error-pages" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.mariadb.enabled }} ++{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.error_server.node_selector_key }}: {{ .Values.labels.error_server.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.error_pages.timeout | default "60" }} +diff --git a/mariadb/templates/deployment-ingress.yaml b/mariadb/templates/deployment-ingress.yaml +index add8501c..a9fc9896 100644 +--- a/mariadb/templates/deployment-ingress.yaml ++++ b/mariadb/templates/deployment-ingress.yaml +@@ -234,6 +234,9 @@ spec: + {{ dict "envAll" $envAll "application" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "mariadb" "ingress" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.mariadb.enabled }} ++{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.ingress.node_selector_key }}: {{ .Values.labels.ingress.node_selector_value }} + terminationGracePeriodSeconds: 60 +diff --git a/mariadb/templates/job-image-repo-sync.yaml b/mariadb/templates/job-image-repo-sync.yaml +index 3c2b5d21..2121a397 100644 +--- a/mariadb/templates/job-image-repo-sync.yaml ++++ b/mariadb/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "mariadb" -}} ++{{- if .Values.pod.tolerations.mariadb.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/mariadb/templates/job-ks-user.yaml b/mariadb/templates/job-ks-user.yaml +index 99b384d6..fddf8858 100644 +--- a/mariadb/templates/job-ks-user.yaml ++++ b/mariadb/templates/job-ks-user.yaml +@@ -16,5 +16,8 @@ limitations under the License. + {{- $backoffLimit := .Values.jobs.ks_user.backoffLimit }} + {{- $activeDeadlineSeconds := .Values.jobs.ks_user.activeDeadlineSeconds }} + {{- $ksUserJob := dict "envAll" . "serviceName" "mariadb" "configMapBin" "mariadb-bin" "backoffLimit" $backoffLimit "activeDeadlineSeconds" $activeDeadlineSeconds -}} ++{{- if .Values.pod.tolerations.mariadb.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/mariadb/templates/pod-test.yaml b/mariadb/templates/pod-test.yaml +index 940430a9..98bac8c8 100644 +--- a/mariadb/templates/pod-test.yaml ++++ b/mariadb/templates/pod-test.yaml +@@ -33,6 +33,9 @@ spec: + shareProcessNamespace: true + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "tests" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} ++{{ if $envAll.Values.pod.tolerations.mariadb.enabled }} ++{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + restartPolicy: Never +diff --git a/mariadb/templates/statefulset.yaml b/mariadb/templates/statefulset.yaml +index d2d1c2e3..0a3fb15d 100644 +--- a/mariadb/templates/statefulset.yaml ++++ b/mariadb/templates/statefulset.yaml +@@ -106,6 +106,9 @@ spec: + {{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "mariadb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.mariadb.enabled }} ++{{ tuple $envAll "mariadb" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + initContainers: +diff --git a/mariadb/values.yaml b/mariadb/values.yaml +index b86bf925..c355d42a 100644 +--- a/mariadb/values.yaml ++++ b/mariadb/values.yaml +@@ -135,6 +135,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ mariadb: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + replicas: + server: 3 + ingress: 2 +diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml +index 1b4e2027..221bfdbe 100644 +--- a/memcached/templates/deployment.yaml ++++ b/memcached/templates/deployment.yaml +@@ -50,6 +50,9 @@ spec: + {{ tuple $envAll "memcached" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value | quote }} ++{{ if $envAll.Values.pod.tolerations.memcached.enabled }} ++{{ tuple $envAll "memcached" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.memcached.timeout | default "30" }} + initContainers: + {{ tuple $envAll "memcached" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/memcached/templates/job-image-repo-sync.yaml b/memcached/templates/job-image-repo-sync.yaml +index e2438d7e..ae519ff0 100644 +--- a/memcached/templates/job-image-repo-sync.yaml ++++ b/memcached/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "memcached" -}} ++{{- if .Values.pod.tolerations.memcached.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/memcached/values.yaml b/memcached/values.yaml +index 7ad6d29e..9cf3d3a2 100644 +--- a/memcached/values.yaml ++++ b/memcached/values.yaml +@@ -169,6 +169,13 @@ pod: + default: preferredDuringSchedulingIgnoredDuringExecution + weight: + default: 10 ++ tolerations: ++ memcached: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + lifecycle: + upgrades: + deployments: +diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml +index 8e8af636..17c343b4 100644 +--- a/openvswitch/templates/daemonset-ovs-db.yaml ++++ b/openvswitch/templates/daemonset-ovs-db.yaml +@@ -59,6 +59,9 @@ spec: + {{ dict "envAll" $envAll "application" "openvswitch_db_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }} ++{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + dnsPolicy: {{ .Values.pod.dns_policy }} + hostNetwork: true + initContainers: +diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset-ovs-vswitchd.yaml +index d86d466a..97507b49 100644 +--- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml ++++ b/openvswitch/templates/daemonset-ovs-vswitchd.yaml +@@ -72,6 +72,9 @@ spec: + {{ dict "envAll" $envAll "application" "openvswitch_vswitchd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }} ++{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + dnsPolicy: {{ .Values.pod.dns_policy }} + hostNetwork: true + initContainers: +diff --git a/openvswitch/templates/job-image-repo-sync.yaml b/openvswitch/templates/job-image-repo-sync.yaml +index 4d1058ed..765061c3 100644 +--- a/openvswitch/templates/job-image-repo-sync.yaml ++++ b/openvswitch/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "openvswitch" -}} ++{{- if .Values.pod.tolerations.openvswitch.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml +index de6169a1..c953a899 100644 +--- a/openvswitch/values.yaml ++++ b/openvswitch/values.yaml +@@ -37,6 +37,13 @@ labels: + node_selector_value: enabled + + pod: ++ tolerations: ++ openvswitch: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + probes: + ovs_db: + ovs_db: +diff --git a/rabbitmq/templates/job-cluster-wait.yaml b/rabbitmq/templates/job-cluster-wait.yaml +index b309e6e5..131cf456 100644 +--- a/rabbitmq/templates/job-cluster-wait.yaml ++++ b/rabbitmq/templates/job-cluster-wait.yaml +@@ -50,6 +50,9 @@ spec: + {{ dict "envAll" $envAll "application" "cluster_wait" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }} ++{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.test.node_selector_value | quote }} + initContainers: +diff --git a/rabbitmq/templates/job-image-repo-sync.yaml b/rabbitmq/templates/job-image-repo-sync.yaml +index 4875ed44..8fd379f9 100644 +--- a/rabbitmq/templates/job-image-repo-sync.yaml ++++ b/rabbitmq/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "rabbitmq" -}} ++{{- if .Values.pod.tolerations.rabbitmq.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/rabbitmq/templates/pod-test.yaml b/rabbitmq/templates/pod-test.yaml +index 2ee00d5d..a1d9639f 100644 +--- a/rabbitmq/templates/pod-test.yaml ++++ b/rabbitmq/templates/pod-test.yaml +@@ -42,6 +42,9 @@ metadata: + spec: + {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }} ++{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + nodeSelector: + {{ $envAll.Values.labels.test.node_selector_key }}: {{ $envAll.Values.labels.test.node_selector_value | quote }} + restartPolicy: Never +diff --git a/rabbitmq/templates/statefulset.yaml b/rabbitmq/templates/statefulset.yaml +index 578ea357..eebc8379 100644 +--- a/rabbitmq/templates/statefulset.yaml ++++ b/rabbitmq/templates/statefulset.yaml +@@ -103,6 +103,9 @@ spec: + serviceAccountName: {{ $rcControllerName | quote }} + affinity: + {{ tuple $envAll "rabbitmq" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.rabbitmq.enabled }} ++{{ tuple $envAll "rabbitmq" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ $envAll.Values.labels.server.node_selector_key }}: {{ $envAll.Values.labels.server.node_selector_value | quote }} + initContainers: +diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml +index c593966f..4e1f7328 100644 +--- a/rabbitmq/values.yaml ++++ b/rabbitmq/values.yaml +@@ -112,6 +112,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ rabbitmq: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + replicas: + server: 2 + prometheus_rabbitmq_exporter: 1 +-- +2.17.1 + diff --git a/openstack-helm/centos/openstack-helm.spec b/openstack-helm/centos/openstack-helm.spec index 12e22948..1b586b08 100644 --- a/openstack-helm/centos/openstack-helm.spec +++ b/openstack-helm/centos/openstack-helm.spec @@ -28,6 +28,7 @@ Patch06: 0006-Wrong-usage-of-rbd_store_chunk_size.patch Patch07: 0007-Add-stx_admin-account.patch Patch08: 0008-Disabling-helm3_hook.patch Patch09: 0009-Add-flavor-extra-spec-hw-pci_irq_affinity_mask.patch +Patch10: 0010-Enable-taint-toleration-for-Openstack-services.patch BuildRequires: helm BuildRequires: openstack-helm-infra @@ -48,6 +49,7 @@ Openstack Helm charts %patch07 -p1 %patch08 -p1 %patch09 -p1 +%patch10 -p1 %build # Stage helm-toolkit in the local repo diff --git a/openstack-helm/files/0003-Nova-chart-Support-ephemeral-pool-creation.patch b/openstack-helm/files/0003-Nova-chart-Support-ephemeral-pool-creation.patch index afd6c51f..21a824c2 100644 --- a/openstack-helm/files/0003-Nova-chart-Support-ephemeral-pool-creation.patch +++ b/openstack-helm/files/0003-Nova-chart-Support-ephemeral-pool-creation.patch @@ -119,7 +119,7 @@ new file mode 100644 index 0000000..3963926 --- /dev/null +++ b/nova/templates/job-storage-init.yaml -@@ -0,0 +1,153 @@ +@@ -0,0 +1,156 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -182,6 +182,9 @@ index 0000000..3963926 + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: +{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{ if or .Values.conf.ceph.enabled }} diff --git a/openstack-helm/files/0007-Add-stx_admin-account.patch b/openstack-helm/files/0007-Add-stx_admin-account.patch index 4b2fa2e9..640a9a39 100644 --- a/openstack-helm/files/0007-Add-stx_admin-account.patch +++ b/openstack-helm/files/0007-Add-stx_admin-account.patch @@ -21,7 +21,7 @@ new file mode 100644 index 00000000..91f990f3 --- /dev/null +++ b/keystone/templates/job-ks-user.yaml -@@ -0,0 +1,21 @@ +@@ -0,0 +1,24 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. @@ -41,6 +41,9 @@ index 00000000..91f990f3 +{{- if .Values.manifests.certificates -}} +{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}} +{{- end -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/keystone/templates/secret-keystone.yaml b/keystone/templates/secret-keystone.yaml diff --git a/openstack-helm/files/0010-Enable-taint-toleration-for-Openstack-services.patch b/openstack-helm/files/0010-Enable-taint-toleration-for-Openstack-services.patch new file mode 100644 index 00000000..42cf38b5 --- /dev/null +++ b/openstack-helm/files/0010-Enable-taint-toleration-for-Openstack-services.patch @@ -0,0 +1,2027 @@ +From afa951333e70f1771683d4c51edba1a9c4eeed8a Mon Sep 17 00:00:00 2001 +From: Lucas Cavalcante +Date: Wed, 6 Oct 2021 14:49:17 -0300 +Subject: [PATCH] Enable taint toleration for Openstack services + +This changes use the helm-toolkit template for toleration +in openstack services + +Signed-off-by: Lucas Cavalcante +Story: 2009276 +Task: 43531 +Change-Id: I8f63c285cb53090cd7eb0b663bb94fc892dc1a3f +Depends-On: I1c731c94e58895bd8bfc26d4300aac40a9111f12 +--- + cinder/templates/cron-job-cinder-volume-usage-audit.yaml | 3 +++ + cinder/templates/deployment-api.yaml | 3 +++ + cinder/templates/deployment-backup.yaml | 3 +++ + cinder/templates/deployment-scheduler.yaml | 3 +++ + cinder/templates/deployment-volume.yaml | 3 +++ + cinder/templates/job-backup-storage-init.yaml | 3 +++ + cinder/templates/job-bootstrap.yaml | 3 +++ + cinder/templates/job-clean.yaml | 3 +++ + cinder/templates/job-create-internal-tenant.yaml | 3 +++ + cinder/templates/job-db-drop.yaml | 3 +++ + cinder/templates/job-db-init.yaml | 3 +++ + cinder/templates/job-db-sync.yaml | 3 +++ + cinder/templates/job-image-repo-sync.yaml | 3 +++ + cinder/templates/job-ks-endpoints.yaml | 3 +++ + cinder/templates/job-ks-service.yaml | 3 +++ + cinder/templates/job-ks-user.yaml | 3 +++ + cinder/templates/job-rabbit-init.yaml | 3 +++ + cinder/templates/job-storage-init.yaml | 3 +++ + cinder/templates/pod-rally-test.yaml | 3 +++ + cinder/values.yaml | 7 +++++++ + glance/templates/deployment-api.yaml | 3 +++ + glance/templates/deployment-registry.yaml | 3 +++ + glance/templates/job-bootstrap.yaml | 3 +++ + glance/templates/job-clean.yaml | 3 +++ + glance/templates/job-db-drop.yaml | 3 +++ + glance/templates/job-db-init.yaml | 3 +++ + glance/templates/job-db-sync.yaml | 3 +++ + glance/templates/job-image-repo-sync.yaml | 3 +++ + glance/templates/job-ks-endpoints.yaml | 3 +++ + glance/templates/job-ks-service.yaml | 3 +++ + glance/templates/job-ks-user.yaml | 3 +++ + glance/templates/job-metadefs-load.yaml | 3 +++ + glance/templates/job-rabbit-init.yaml | 3 +++ + glance/templates/job-storage-init.yaml | 3 +++ + glance/templates/pod-rally-test.yaml | 3 +++ + glance/values.yaml | 7 +++++++ + heat/templates/cron-job-engine-cleaner.yaml | 3 +++ + heat/templates/cron-job-purge-deleted.yaml | 3 +++ + heat/templates/deployment-api.yaml | 3 +++ + heat/templates/deployment-cfn.yaml | 3 +++ + heat/templates/deployment-cloudwatch.yaml | 3 +++ + heat/templates/deployment-engine.yaml | 3 +++ + heat/templates/job-bootstrap.yaml | 3 +++ + heat/templates/job-db-drop.yaml | 3 +++ + heat/templates/job-db-init.yaml | 3 +++ + heat/templates/job-db-sync.yaml | 3 +++ + heat/templates/job-image-repo-sync.yaml | 3 +++ + heat/templates/job-ks-endpoints.yaml | 3 +++ + heat/templates/job-ks-service.yaml | 3 +++ + heat/templates/job-ks-user-domain.yaml | 3 +++ + heat/templates/job-ks-user-trustee.yaml | 3 +++ + heat/templates/job-ks-user.yaml | 3 +++ + heat/templates/job-rabbit-init.yaml | 3 +++ + heat/templates/job-trusts.yaml | 3 +++ + heat/templates/pod-rally-test.yaml | 3 +++ + heat/values.yaml | 7 +++++++ + horizon/templates/deployment.yaml | 3 +++ + horizon/templates/job-db-drop.yaml | 3 +++ + horizon/templates/job-db-init.yaml | 3 +++ + horizon/templates/job-db-sync.yaml | 3 +++ + horizon/templates/job-image-repo-sync.yaml | 3 +++ + horizon/templates/pod-helm-tests.yaml | 3 +++ + horizon/values.yaml | 7 +++++++ + keystone/templates/cron-job-credential-rotate.yaml | 3 +++ + keystone/templates/cron-job-fernet-rotate.yaml | 3 +++ + keystone/templates/deployment-api.yaml | 3 +++ + keystone/templates/job-bootstrap.yaml | 3 +++ + keystone/templates/job-credential-cleanup.yaml | 3 +++ + keystone/templates/job-credential-setup.yaml | 3 +++ + keystone/templates/job-db-drop.yaml | 3 +++ + keystone/templates/job-db-init.yaml | 3 +++ + keystone/templates/job-db-sync.yaml | 3 +++ + keystone/templates/job-domain-manage.yaml | 3 +++ + keystone/templates/job-fernet-setup.yaml | 3 +++ + keystone/templates/job-image-repo-sync.yaml | 3 +++ + keystone/templates/job-rabbit-init.yaml | 3 +++ + keystone/values.yaml | 7 +++++++ + neutron/templates/daemonset-bagpipe-bgp.yaml | 3 +++ + neutron/templates/daemonset-dhcp-agent.yaml | 3 +++ + neutron/templates/daemonset-l2gw-agent.yaml | 3 +++ + neutron/templates/daemonset-l3-agent.yaml | 3 +++ + neutron/templates/daemonset-lb-agent.yaml | 3 +++ + neutron/templates/daemonset-metadata-agent.yaml | 3 +++ + neutron/templates/daemonset-netns-cleanup-cron.yaml | 3 +++ + neutron/templates/daemonset-ovs-agent.yaml | 3 +++ + neutron/templates/daemonset-sriov-agent.yaml | 3 +++ + neutron/templates/deployment-ironic-agent.yaml | 3 +++ + neutron/templates/deployment-server.yaml | 3 +++ + neutron/templates/job-bootstrap.yaml | 3 +++ + neutron/templates/job-db-drop.yaml | 3 +++ + neutron/templates/job-db-init.yaml | 3 +++ + neutron/templates/job-db-sync.yaml | 3 +++ + neutron/templates/job-image-repo-sync.yaml | 3 +++ + neutron/templates/job-ks-endpoints.yaml | 3 +++ + neutron/templates/job-ks-service.yaml | 3 +++ + neutron/templates/job-ks-user.yaml | 3 +++ + neutron/templates/job-rabbit-init.yaml | 3 +++ + neutron/templates/pod-rally-test.yaml | 3 +++ + neutron/values.yaml | 7 +++++++ + nova/templates/cron-job-archive-deleted-rows.yaml | 3 +++ + nova/templates/cron-job-cell-setup.yaml | 3 +++ + nova/templates/cron-job-service-cleaner.yaml | 3 +++ + nova/templates/daemonset-compute.yaml | 3 +++ + nova/templates/deployment-api-metadata.yaml | 3 +++ + nova/templates/deployment-api-osapi.yaml | 3 +++ + nova/templates/deployment-conductor.yaml | 3 +++ + nova/templates/deployment-consoleauth.yaml | 3 +++ + nova/templates/deployment-novncproxy.yaml | 3 +++ + nova/templates/deployment-placement.yaml | 3 +++ + nova/templates/deployment-scheduler.yaml | 3 +++ + nova/templates/deployment-spiceproxy.yaml | 3 +++ + nova/templates/job-bootstrap.yaml | 3 +++ + nova/templates/job-cell-setup.yaml | 3 +++ + nova/templates/job-db-drop.yaml | 3 +++ + nova/templates/job-db-init.yaml | 3 +++ + nova/templates/job-db-sync.yaml | 3 +++ + nova/templates/job-image-repo-sync.yaml | 3 +++ + nova/templates/job-ks-endpoints.yaml | 3 +++ + nova/templates/job-ks-placement-endpoints.yaml | 3 +++ + nova/templates/job-ks-placement-service.yaml | 3 +++ + nova/templates/job-ks-placement-user.yaml | 3 +++ + nova/templates/job-ks-service.yaml | 3 +++ + nova/templates/job-ks-user.yaml | 3 +++ + nova/templates/job-rabbit-init.yaml | 3 +++ + nova/templates/pod-rally-test.yaml | 3 +++ + nova/values.yaml | 7 +++++++ + placement/templates/deployment.yaml | 3 +++ + placement/templates/job-db-drop.yaml | 3 +++ + placement/templates/job-db-init.yaml | 3 +++ + placement/templates/job-db-migrate.yaml | 3 +++ + placement/templates/job-db-sync.yaml | 3 +++ + placement/templates/job-image-repo-sync.yaml | 3 +++ + placement/templates/job-ks-endpoints.yaml | 3 +++ + placement/templates/job-ks-service.yaml | 3 +++ + placement/templates/job-ks-user.yaml | 3 +++ + placement/values.yaml | 7 +++++++ + 138 files changed, 440 insertions(+) + +diff --git a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml +index 3d13af36..4b152081 100644 +--- a/cinder/templates/cron-job-cinder-volume-usage-audit.yaml ++++ b/cinder/templates/cron-job-cinder-volume-usage-audit.yaml +@@ -52,6 +52,9 @@ spec: + {{ dict "envAll" $envAll "application" "volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }} + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/cinder/templates/deployment-api.yaml b/cinder/templates/deployment-api.yaml +index 2f684ec0..7925c60f 100644 +--- a/cinder/templates/deployment-api.yaml ++++ b/cinder/templates/deployment-api.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "cinder_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} +diff --git a/cinder/templates/deployment-backup.yaml b/cinder/templates/deployment-backup.yaml +index 91683e29..55c7289c 100755 +--- a/cinder/templates/deployment-backup.yaml ++++ b/cinder/templates/deployment-backup.yaml +@@ -51,6 +51,9 @@ spec: + {{ dict "envAll" $envAll "application" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }} + {{- if .Values.pod.useHostNetwork.backup }} +diff --git a/cinder/templates/deployment-scheduler.yaml b/cinder/templates/deployment-scheduler.yaml +index a4a43dbc..59c35971 100644 +--- a/cinder/templates/deployment-scheduler.yaml ++++ b/cinder/templates/deployment-scheduler.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "cinder_scheduler" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "cinder" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }} + initContainers: +diff --git a/cinder/templates/deployment-volume.yaml b/cinder/templates/deployment-volume.yaml +index bc1b6500..537b712e 100755 +--- a/cinder/templates/deployment-volume.yaml ++++ b/cinder/templates/deployment-volume.yaml +@@ -51,6 +51,9 @@ spec: + {{ dict "envAll" $envAll "application" "cinder_volume" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.volume.node_selector_key }}: {{ .Values.labels.volume.node_selector_value }} + {{- if .Values.pod.useHostNetwork.volume }} +diff --git a/cinder/templates/job-backup-storage-init.yaml b/cinder/templates/job-backup-storage-init.yaml +index f37fb68b..8168b90f 100644 +--- a/cinder/templates/job-backup-storage-init.yaml ++++ b/cinder/templates/job-backup-storage-init.yaml +@@ -65,6 +65,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "storage_init" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/cinder/templates/job-bootstrap.yaml b/cinder/templates/job-bootstrap.yaml +index 7f9cfdab..8af3b7e6 100644 +--- a/cinder/templates/job-bootstrap.yaml ++++ b/cinder/templates/job-bootstrap.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.volume.api.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} + {{- end }} +diff --git a/cinder/templates/job-clean.yaml b/cinder/templates/job-clean.yaml +index 738e145b..57a42437 100755 +--- a/cinder/templates/job-clean.yaml ++++ b/cinder/templates/job-clean.yaml +@@ -64,6 +64,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "clean" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/cinder/templates/job-create-internal-tenant.yaml b/cinder/templates/job-create-internal-tenant.yaml +index 497e2c7e..b298e369 100644 +--- a/cinder/templates/job-create-internal-tenant.yaml ++++ b/cinder/templates/job-create-internal-tenant.yaml +@@ -46,6 +46,9 @@ spec: + {{ dict "envAll" $envAll "application" "create_internal_tenant" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} + initContainers: +diff --git a/cinder/templates/job-db-drop.yaml b/cinder/templates/job-db-drop.yaml +index 052d3bce..1115af50 100644 +--- a/cinder/templates/job-db-drop.yaml ++++ b/cinder/templates/job-db-drop.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/cinder/templates/job-db-init.yaml b/cinder/templates/job-db-init.yaml +index 8e47f551..c7e450ad 100644 +--- a/cinder/templates/job-db-init.yaml ++++ b/cinder/templates/job-db-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml +index 1b815bc7..1bab87b0 100644 +--- a/cinder/templates/job-db-sync.yaml ++++ b/cinder/templates/job-db-sync.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/cinder/templates/job-image-repo-sync.yaml b/cinder/templates/job-image-repo-sync.yaml +index e56c6f3b..2d1f1f71 100644 +--- a/cinder/templates/job-image-repo-sync.yaml ++++ b/cinder/templates/job-image-repo-sync.yaml +@@ -21,5 +21,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/cinder/templates/job-ks-endpoints.yaml b/cinder/templates/job-ks-endpoints.yaml +index ae7238a6..6b0493d9 100644 +--- a/cinder/templates/job-ks-endpoints.yaml ++++ b/cinder/templates/job-ks-endpoints.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/cinder/templates/job-ks-service.yaml b/cinder/templates/job-ks-service.yaml +index 827b39f8..3cd59f35 100644 +--- a/cinder/templates/job-ks-service.yaml ++++ b/cinder/templates/job-ks-service.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-3" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml +index 5f530b99..4cd671d8 100644 +--- a/cinder/templates/job-ks-user.yaml ++++ b/cinder/templates/job-ks-user.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/cinder/templates/job-rabbit-init.yaml b/cinder/templates/job-rabbit-init.yaml +index 8cf33c9a..43d23922 100644 +--- a/cinder/templates/job-rabbit-init.yaml ++++ b/cinder/templates/job-rabbit-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.cinder.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/cinder/templates/job-storage-init.yaml b/cinder/templates/job-storage-init.yaml +index 6a7adc3c..badfe5fc 100755 +--- a/cinder/templates/job-storage-init.yaml ++++ b/cinder/templates/job-storage-init.yaml +@@ -63,6 +63,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "cinder" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/cinder/templates/pod-rally-test.yaml b/cinder/templates/pod-rally-test.yaml +index 3725e035..34316c65 100644 +--- a/cinder/templates/pod-rally-test.yaml ++++ b/cinder/templates/pod-rally-test.yaml +@@ -33,6 +33,9 @@ metadata: + {{ dict "envAll" $envAll "podName" "cinder-test" "containerNames" (list "init" "cinder-test" "cinder-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} + spec: + restartPolicy: Never ++{{ if $envAll.Values.pod.tolerations.cinder.enabled }} ++{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + serviceAccountName: {{ $serviceAccountName }} +diff --git a/cinder/values.yaml b/cinder/values.yaml +index 9882d30c..f781714c 100644 +--- a/cinder/values.yaml ++++ b/cinder/values.yaml +@@ -173,6 +173,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ cinder: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + useHostNetwork: + volume: false + backup: false +diff --git a/glance/templates/deployment-api.yaml b/glance/templates/deployment-api.yaml +index 78e16715..aee6edaa 100644 +--- a/glance/templates/deployment-api.yaml ++++ b/glance/templates/deployment-api.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "600" }} +diff --git a/glance/templates/deployment-registry.yaml b/glance/templates/deployment-registry.yaml +index f771e013..2cbeac14 100644 +--- a/glance/templates/deployment-registry.yaml ++++ b/glance/templates/deployment-registry.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "glance" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.registry.node_selector_key }}: {{ .Values.labels.registry.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.registry.timeout | default "600" }} +diff --git a/glance/templates/job-bootstrap.yaml b/glance/templates/job-bootstrap.yaml +index d51cbd3e..461c52af 100644 +--- a/glance/templates/job-bootstrap.yaml ++++ b/glance/templates/job-bootstrap.yaml +@@ -36,5 +36,8 @@ volumes: + {{- if .Values.helm3_hook }} + {{- $_ := set $bootstrapJob "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} + {{- end }} +diff --git a/glance/templates/job-clean.yaml b/glance/templates/job-clean.yaml +index b4241f41..26977c08 100644 +--- a/glance/templates/job-clean.yaml ++++ b/glance/templates/job-clean.yaml +@@ -64,6 +64,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "clean" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/glance/templates/job-db-drop.yaml b/glance/templates/job-db-drop.yaml +index 67ed9399..66f3a189 100644 +--- a/glance/templates/job-db-drop.yaml ++++ b/glance/templates/job-db-drop.yaml +@@ -19,5 +19,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/glance/templates/job-db-init.yaml b/glance/templates/job-db-init.yaml +index d9b46ca7..6f797814 100644 +--- a/glance/templates/job-db-init.yaml ++++ b/glance/templates/job-db-init.yaml +@@ -27,5 +27,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml +index e62b42cf..1434edd1 100644 +--- a/glance/templates/job-db-sync.yaml ++++ b/glance/templates/job-db-sync.yaml +@@ -26,5 +26,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/glance/templates/job-image-repo-sync.yaml b/glance/templates/job-image-repo-sync.yaml +index fa3f7782..dc9d3226 100644 +--- a/glance/templates/job-image-repo-sync.yaml ++++ b/glance/templates/job-image-repo-sync.yaml +@@ -21,5 +21,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/glance/templates/job-ks-endpoints.yaml b/glance/templates/job-ks-endpoints.yaml +index 3fdf635f..992ee37f 100644 +--- a/glance/templates/job-ks-endpoints.yaml ++++ b/glance/templates/job-ks-endpoints.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/glance/templates/job-ks-service.yaml b/glance/templates/job-ks-service.yaml +index e5d3b1d7..21bb1302 100644 +--- a/glance/templates/job-ks-service.yaml ++++ b/glance/templates/job-ks-service.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-3" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/glance/templates/job-ks-user.yaml b/glance/templates/job-ks-user.yaml +index dddc2ed9..226be718 100644 +--- a/glance/templates/job-ks-user.yaml ++++ b/glance/templates/job-ks-user.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/glance/templates/job-metadefs-load.yaml b/glance/templates/job-metadefs-load.yaml +index 5c162a5f..1c2efaaa 100644 +--- a/glance/templates/job-metadefs-load.yaml ++++ b/glance/templates/job-metadefs-load.yaml +@@ -41,6 +41,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "metadefs_load" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/glance/templates/job-rabbit-init.yaml b/glance/templates/job-rabbit-init.yaml +index 9c9387dd..6bd14d6e 100644 +--- a/glance/templates/job-rabbit-init.yaml ++++ b/glance/templates/job-rabbit-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.glance.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/glance/templates/job-storage-init.yaml b/glance/templates/job-storage-init.yaml +index 562c097b..d8aee237 100644 +--- a/glance/templates/job-storage-init.yaml ++++ b/glance/templates/job-storage-init.yaml +@@ -69,6 +69,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "storage_init" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/glance/templates/pod-rally-test.yaml b/glance/templates/pod-rally-test.yaml +index f0624270..938c040d 100644 +--- a/glance/templates/pod-rally-test.yaml ++++ b/glance/templates/pod-rally-test.yaml +@@ -31,6 +31,9 @@ metadata: + "helm.sh/hook": test-success + {{ dict "envAll" $envAll "podName" "glance-test" "containerNames" (list "init" "glance-test" "glance-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }} + spec: ++{{ if $envAll.Values.pod.tolerations.glance.enabled }} ++{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} +diff --git a/glance/values.yaml b/glance/values.yaml +index ea3dd8e5..828c0847 100644 +--- a/glance/values.yaml ++++ b/glance/values.yaml +@@ -907,6 +907,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ glance: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + glance_api: + init_container: null +diff --git a/heat/templates/cron-job-engine-cleaner.yaml b/heat/templates/cron-job-engine-cleaner.yaml +index 1e7e6f31..329193cb 100644 +--- a/heat/templates/cron-job-engine-cleaner.yaml ++++ b/heat/templates/cron-job-engine-cleaner.yaml +@@ -55,6 +55,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "engine_cleaner" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/heat/templates/cron-job-purge-deleted.yaml b/heat/templates/cron-job-purge-deleted.yaml +index dd275d75..987b572c 100644 +--- a/heat/templates/cron-job-purge-deleted.yaml ++++ b/heat/templates/cron-job-purge-deleted.yaml +@@ -49,6 +49,9 @@ spec: + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/heat/templates/deployment-api.yaml b/heat/templates/deployment-api.yaml +index a17ddaef..d3cebb0a 100644 +--- a/heat/templates/deployment-api.yaml ++++ b/heat/templates/deployment-api.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "heat" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} +diff --git a/heat/templates/deployment-cfn.yaml b/heat/templates/deployment-cfn.yaml +index 9fab9e64..dc05f6f5 100644 +--- a/heat/templates/deployment-cfn.yaml ++++ b/heat/templates/deployment-cfn.yaml +@@ -49,6 +49,9 @@ spec: + {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "heat" "cfn" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.cfn.node_selector_key }}: {{ .Values.labels.cfn.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.cfn.timeout | default "30" }} +diff --git a/heat/templates/deployment-cloudwatch.yaml b/heat/templates/deployment-cloudwatch.yaml +index 092feac1..2fc5a491 100644 +--- a/heat/templates/deployment-cloudwatch.yaml ++++ b/heat/templates/deployment-cloudwatch.yaml +@@ -48,6 +48,9 @@ spec: + {{ dict "envAll" $envAll "application" "heat" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + affinity: + {{ tuple $envAll "heat" "cloudwatch" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.cloudwatch.node_selector_key }}: {{ .Values.labels.cloudwatch.node_selector_value }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.cloudwatch.timeout | default "30" }} +diff --git a/heat/templates/deployment-engine.yaml b/heat/templates/deployment-engine.yaml +index 4ae0197b..da9c905f 100644 +--- a/heat/templates/deployment-engine.yaml ++++ b/heat/templates/deployment-engine.yaml +@@ -59,6 +59,9 @@ spec: + {{- tuple $envAll "heat" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.engine.node_selector_key }}: {{ .Values.labels.engine.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.engine.timeout | default "30" }} + initContainers: + {{ tuple $envAll "engine" $mounts_heat_engine_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/heat/templates/job-bootstrap.yaml b/heat/templates/job-bootstrap.yaml +index 5dfe56fa..ee321545 100644 +--- a/heat/templates/job-bootstrap.yaml ++++ b/heat/templates/job-bootstrap.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "5" + {{- if .Values.helm3_hook }} + {{- $_ := set $bootstrapJob "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} + {{- end }} +diff --git a/heat/templates/job-db-drop.yaml b/heat/templates/job-db-drop.yaml +index d74fa7bf..7caa9619 100644 +--- a/heat/templates/job-db-drop.yaml ++++ b/heat/templates/job-db-drop.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/heat/templates/job-db-init.yaml b/heat/templates/job-db-init.yaml +index b3b44fe8..442a2fa4 100644 +--- a/heat/templates/job-db-init.yaml ++++ b/heat/templates/job-db-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml +index 56707926..a25faf84 100644 +--- a/heat/templates/job-db-sync.yaml ++++ b/heat/templates/job-db-sync.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/heat/templates/job-image-repo-sync.yaml b/heat/templates/job-image-repo-sync.yaml +index a9da3252..83a84bbd 100644 +--- a/heat/templates/job-image-repo-sync.yaml ++++ b/heat/templates/job-image-repo-sync.yaml +@@ -21,5 +21,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/heat/templates/job-ks-endpoints.yaml b/heat/templates/job-ks-endpoints.yaml +index 93888061..9c7daeee 100644 +--- a/heat/templates/job-ks-endpoints.yaml ++++ b/heat/templates/job-ks-endpoints.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/heat/templates/job-ks-service.yaml b/heat/templates/job-ks-service.yaml +index 5947c0e7..6505cefe 100644 +--- a/heat/templates/job-ks-service.yaml ++++ b/heat/templates/job-ks-service.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-3" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/heat/templates/job-ks-user-domain.yaml b/heat/templates/job-ks-user-domain.yaml +index a7096087..89b73dd9 100644 +--- a/heat/templates/job-ks-user-domain.yaml ++++ b/heat/templates/job-ks-user-domain.yaml +@@ -46,6 +46,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "ks_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/heat/templates/job-ks-user-trustee.yaml b/heat/templates/job-ks-user-trustee.yaml +index 21f1b578..934c6021 100644 +--- a/heat/templates/job-ks-user-trustee.yaml ++++ b/heat/templates/job-ks-user-trustee.yaml +@@ -24,5 +24,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.heat_trust" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml +index bf23eebb..db39a556 100644 +--- a/heat/templates/job-ks-user.yaml ++++ b/heat/templates/job-ks-user.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/heat/templates/job-rabbit-init.yaml b/heat/templates/job-rabbit-init.yaml +index 8da178b5..bd6b228c 100644 +--- a/heat/templates/job-rabbit-init.yaml ++++ b/heat/templates/job-rabbit-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.heat.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/heat/templates/job-trusts.yaml b/heat/templates/job-trusts.yaml +index afa6bdec..e713d278 100644 +--- a/heat/templates/job-trusts.yaml ++++ b/heat/templates/job-trusts.yaml +@@ -48,6 +48,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "trusts" $mounts_heat_trusts_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/heat/templates/pod-rally-test.yaml b/heat/templates/pod-rally-test.yaml +index 9aa6373e..3b7d95da 100644 +--- a/heat/templates/pod-rally-test.yaml ++++ b/heat/templates/pod-rally-test.yaml +@@ -33,6 +33,9 @@ metadata: + spec: + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.heat.enabled }} ++{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} + initContainers: +diff --git a/heat/values.yaml b/heat/values.yaml +index 58f786b6..36017d63 100644 +--- a/heat/values.yaml ++++ b/heat/values.yaml +@@ -1082,6 +1082,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ heat: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + heat_api: + init_container: null +diff --git a/horizon/templates/deployment.yaml b/horizon/templates/deployment.yaml +index 1922423f..b7c24836 100644 +--- a/horizon/templates/deployment.yaml ++++ b/horizon/templates/deployment.yaml +@@ -51,6 +51,9 @@ spec: + {{ tuple $envAll "horizon" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.dashboard.node_selector_key }}: {{ .Values.labels.dashboard.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.horizon.enabled }} ++{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.horizon.timeout | default "30" }} + initContainers: + {{ tuple $envAll "dashboard" $mounts_horizon_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/horizon/templates/job-db-drop.yaml b/horizon/templates/job-db-drop.yaml +index 25458452..6f761d7c 100644 +--- a/horizon/templates/job-db-drop.yaml ++++ b/horizon/templates/job-db-drop.yaml +@@ -18,5 +18,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.horizon.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/horizon/templates/job-db-init.yaml b/horizon/templates/job-db-init.yaml +index f92c1838..095a1f3d 100644 +--- a/horizon/templates/job-db-init.yaml ++++ b/horizon/templates/job-db-init.yaml +@@ -18,5 +18,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.horizon.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/horizon/templates/job-db-sync.yaml b/horizon/templates/job-db-sync.yaml +index 648a5b21..fe5a213b 100644 +--- a/horizon/templates/job-db-sync.yaml ++++ b/horizon/templates/job-db-sync.yaml +@@ -42,6 +42,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.horizon.enabled }} ++{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "db_sync" $mounts_horizon_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/horizon/templates/job-image-repo-sync.yaml b/horizon/templates/job-image-repo-sync.yaml +index 37b14a8c..e98bbb24 100644 +--- a/horizon/templates/job-image-repo-sync.yaml ++++ b/horizon/templates/job-image-repo-sync.yaml +@@ -14,5 +14,8 @@ limitations under the License. + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "horizon" -}} ++{{- if .Values.pod.tolerations.horizon.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/horizon/templates/pod-helm-tests.yaml b/horizon/templates/pod-helm-tests.yaml +index 76f5b353..dbcb9a3c 100644 +--- a/horizon/templates/pod-helm-tests.yaml ++++ b/horizon/templates/pod-helm-tests.yaml +@@ -35,6 +35,9 @@ spec: + {{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.horizon.enabled }} ++{{ tuple $envAll "horizon" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} + initContainers: +diff --git a/horizon/values.yaml b/horizon/values.yaml +index 9b138c0c..f2bc5b9f 100644 +--- a/horizon/values.yaml ++++ b/horizon/values.yaml +@@ -1116,6 +1116,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ horizon: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + horizon_db_init: + init_container: null +diff --git a/keystone/templates/cron-job-credential-rotate.yaml b/keystone/templates/cron-job-credential-rotate.yaml +index fd26b230..8e9f82fc 100644 +--- a/keystone/templates/cron-job-credential-rotate.yaml ++++ b/keystone/templates/cron-job-credential-rotate.yaml +@@ -74,6 +74,9 @@ spec: + initContainers: + {{ tuple $envAll "credential_rotate" $mounts_keystone_credential_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + containers: +diff --git a/keystone/templates/cron-job-fernet-rotate.yaml b/keystone/templates/cron-job-fernet-rotate.yaml +index 8f4f4f9a..96dcc74d 100644 +--- a/keystone/templates/cron-job-fernet-rotate.yaml ++++ b/keystone/templates/cron-job-fernet-rotate.yaml +@@ -76,6 +76,9 @@ spec: + initContainers: + {{ tuple $envAll "fernet_rotate" $mounts_keystone_fernet_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + containers: +diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml +index b9f5701f..fefbc47f 100644 +--- a/keystone/templates/deployment-api.yaml ++++ b/keystone/templates/deployment-api.yaml +@@ -58,6 +58,9 @@ spec: + {{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: + {{ tuple $envAll "api" $mounts_keystone_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/keystone/templates/job-bootstrap.yaml b/keystone/templates/job-bootstrap.yaml +index e9089274..04833279 100644 +--- a/keystone/templates/job-bootstrap.yaml ++++ b/keystone/templates/job-bootstrap.yaml +@@ -22,5 +22,8 @@ helm.sh/hook-weight: "5" + {{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal -}} + {{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} + {{- end }} +diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml +index 854c5b67..fcd7f11f 100644 +--- a/keystone/templates/job-credential-cleanup.yaml ++++ b/keystone/templates/job-credential-cleanup.yaml +@@ -46,6 +46,9 @@ spec: + spec: + serviceAccountName: {{ $serviceName }} + restartPolicy: Never ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} + initContainers: +diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml +index 1d30eb14..5e6edc6f 100644 +--- a/keystone/templates/job-credential-setup.yaml ++++ b/keystone/templates/job-credential-setup.yaml +@@ -78,6 +78,9 @@ spec: + initContainers: + {{ tuple $envAll "credential_setup" $mounts_keystone_credential_setup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + containers: +diff --git a/keystone/templates/job-db-drop.yaml b/keystone/templates/job-db-drop.yaml +index 512b8eb2..df270ff6 100644 +--- a/keystone/templates/job-db-drop.yaml ++++ b/keystone/templates/job-db-drop.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml +index 53e9573d..757b705e 100644 +--- a/keystone/templates/job-db-init.yaml ++++ b/keystone/templates/job-db-init.yaml +@@ -24,5 +24,8 @@ helm.sh/hook-weight: "-5" + {{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml +index c3e73157..a4ff67d8 100644 +--- a/keystone/templates/job-db-sync.yaml ++++ b/keystone/templates/job-db-sync.yaml +@@ -79,5 +79,8 @@ volumes: + {{- end }} + {{- $podEnvVars := tuple . | include "keystone.templates._job_db_sync.env_vars" | toString | fromYaml }} + {{- $dbSyncJob := dict "envAll" . "serviceName" "keystone" "podVolMounts" $local.podVolMounts "podVols" $local.podVols "podEnvVars" $podEnvVars.env "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml +index 5a1c8e2b..8acd192e 100644 +--- a/keystone/templates/job-domain-manage.yaml ++++ b/keystone/templates/job-domain-manage.yaml +@@ -44,6 +44,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + {{ dict "envAll" $envAll "application" "domain_manage" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + initContainers: +diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml +index 786772d0..1505ffad 100644 +--- a/keystone/templates/job-fernet-setup.yaml ++++ b/keystone/templates/job-fernet-setup.yaml +@@ -78,6 +78,9 @@ spec: + initContainers: + {{ tuple $envAll "fernet_setup" $mounts_keystone_fernet_setup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + restartPolicy: OnFailure ++{{ if $envAll.Values.pod.tolerations.keystone.enabled }} ++{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} + containers: +diff --git a/keystone/templates/job-image-repo-sync.yaml b/keystone/templates/job-image-repo-sync.yaml +index fd301c35..c8cfc5d0 100644 +--- a/keystone/templates/job-image-repo-sync.yaml ++++ b/keystone/templates/job-image-repo-sync.yaml +@@ -17,5 +17,8 @@ helm.sh/hook: post-install,post-upgrade + + {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} + {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/keystone/templates/job-rabbit-init.yaml b/keystone/templates/job-rabbit-init.yaml +index 2bb258e7..02390adf 100644 +--- a/keystone/templates/job-rabbit-init.yaml ++++ b/keystone/templates/job-rabbit-init.yaml +@@ -22,5 +22,8 @@ helm.sh/hook-weight: "-4" + {{- if and .Values.manifests.certificates .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}} + {{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.keystone.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/keystone/values.yaml b/keystone/values.yaml +index 8031bcea..de450e3a 100644 +--- a/keystone/values.yaml ++++ b/keystone/values.yaml +@@ -219,6 +219,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ keystone: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + keystone_db_init: + init_container: null +diff --git a/neutron/templates/daemonset-bagpipe-bgp.yaml b/neutron/templates/daemonset-bagpipe-bgp.yaml +index abf823f8..df128929 100644 +--- a/neutron/templates/daemonset-bagpipe-bgp.yaml ++++ b/neutron/templates/daemonset-bagpipe-bgp.yaml +@@ -57,6 +57,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_bagpipe_bgp" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.bagpipe_bgp.node_selector_key }}: {{ .Values.labels.bagpipe_bgp.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml +index e7f863f8..bc924e7e 100644 +--- a/neutron/templates/daemonset-dhcp-agent.yaml ++++ b/neutron/templates/daemonset-dhcp-agent.yaml +@@ -79,6 +79,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_dhcp_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml +index d2149b73..2bb2fdcd 100644 +--- a/neutron/templates/daemonset-l2gw-agent.yaml ++++ b/neutron/templates/daemonset-l2gw-agent.yaml +@@ -80,6 +80,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_l2gw_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.agent.l2gw.node_selector_key }}: {{ .Values.labels.agent.l2gw.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml +index b59402a1..d70a6351 100644 +--- a/neutron/templates/daemonset-l3-agent.yaml ++++ b/neutron/templates/daemonset-l3-agent.yaml +@@ -80,6 +80,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_l3_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml +index 9c5f298a..7cb86372 100644 +--- a/neutron/templates/daemonset-lb-agent.yaml ++++ b/neutron/templates/daemonset-lb-agent.yaml +@@ -55,6 +55,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_lb_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.lb.node_selector_key }}: {{ .Values.labels.lb.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml +index af035e8b..edfa0a10 100644 +--- a/neutron/templates/daemonset-metadata-agent.yaml ++++ b/neutron/templates/daemonset-metadata-agent.yaml +@@ -76,6 +76,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-netns-cleanup-cron.yaml b/neutron/templates/daemonset-netns-cleanup-cron.yaml +index 8b91c94c..78acf039 100644 +--- a/neutron/templates/daemonset-netns-cleanup-cron.yaml ++++ b/neutron/templates/daemonset-netns-cleanup-cron.yaml +@@ -48,6 +48,9 @@ spec: + spec: + {{ dict "envAll" $envAll "application" "neutron_netns_cleanup_cron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + nodeSelector: + {{ .Values.labels.netns_cleanup_cron.node_selector_key }}: {{ .Values.labels.netns_cleanup_cron.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet +diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml +index 80403c38..59e33f0f 100644 +--- a/neutron/templates/daemonset-ovs-agent.yaml ++++ b/neutron/templates/daemonset-ovs-agent.yaml +@@ -72,6 +72,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} +diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml +index 8f32221a..4bf00216 100644 +--- a/neutron/templates/daemonset-sriov-agent.yaml ++++ b/neutron/templates/daemonset-sriov-agent.yaml +@@ -64,6 +64,9 @@ spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} +diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml +index 7e9e3283..431225f0 100644 +--- a/neutron/templates/deployment-ironic-agent.yaml ++++ b/neutron/templates/deployment-ironic-agent.yaml +@@ -53,6 +53,9 @@ spec: + {{ tuple $envAll "neutron" "ironic_agent" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.ironic_agent.node_selector_key }}: {{ .Values.labels.ironic_agent.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 8 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.ironic_agent.timeout | default "30" }} + initContainers: + {{ tuple $envAll "pod_dependency" $mounts_neutron_ironic_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml +index e44aa53d..94c4e1a2 100644 +--- a/neutron/templates/deployment-server.yaml ++++ b/neutron/templates/deployment-server.yaml +@@ -81,6 +81,9 @@ spec: + {{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }} + initContainers: + {{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/neutron/templates/job-bootstrap.yaml b/neutron/templates/job-bootstrap.yaml +index 504400eb..3a3faba0 100644 +--- a/neutron/templates/job-bootstrap.yaml ++++ b/neutron/templates/job-bootstrap.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "5" + {{- if .Values.helm3_hook }} + {{- $_ := set $bootstrapJob "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }} + {{- end }} +diff --git a/neutron/templates/job-db-drop.yaml b/neutron/templates/job-db-drop.yaml +index 9f322bd9..67d4174d 100644 +--- a/neutron/templates/job-db-drop.yaml ++++ b/neutron/templates/job-db-drop.yaml +@@ -18,5 +18,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/neutron/templates/job-db-init.yaml b/neutron/templates/job-db-init.yaml +index 6056aab4..184ec97d 100644 +--- a/neutron/templates/job-db-init.yaml ++++ b/neutron/templates/job-db-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml +index 60f7abb9..1d224079 100644 +--- a/neutron/templates/job-db-sync.yaml ++++ b/neutron/templates/job-db-sync.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/neutron/templates/job-image-repo-sync.yaml b/neutron/templates/job-image-repo-sync.yaml +index ac1c61f7..890c57ed 100644 +--- a/neutron/templates/job-image-repo-sync.yaml ++++ b/neutron/templates/job-image-repo-sync.yaml +@@ -21,5 +21,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := set $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/neutron/templates/job-ks-endpoints.yaml b/neutron/templates/job-ks-endpoints.yaml +index 8e755c4d..39b9387f 100644 +--- a/neutron/templates/job-ks-endpoints.yaml ++++ b/neutron/templates/job-ks-endpoints.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksEndpointsJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $ksEndpointsJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksEndpointsJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/neutron/templates/job-ks-service.yaml b/neutron/templates/job-ks-service.yaml +index b2e5b661..84fb56d4 100644 +--- a/neutron/templates/job-ks-service.yaml ++++ b/neutron/templates/job-ks-service.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-3" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/neutron/templates/job-ks-user.yaml b/neutron/templates/job-ks-user.yaml +index 2c025c5b..80a19bc9 100644 +--- a/neutron/templates/job-ks-user.yaml ++++ b/neutron/templates/job-ks-user.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/neutron/templates/job-rabbit-init.yaml b/neutron/templates/job-rabbit-init.yaml +index 56785569..0d08170d 100644 +--- a/neutron/templates/job-rabbit-init.yaml ++++ b/neutron/templates/job-rabbit-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.neutron.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/neutron/templates/pod-rally-test.yaml b/neutron/templates/pod-rally-test.yaml +index 0fb96ece..cd6899c2 100644 +--- a/neutron/templates/pod-rally-test.yaml ++++ b/neutron/templates/pod-rally-test.yaml +@@ -34,6 +34,9 @@ metadata: + spec: + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.neutron.enabled }} ++{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} + initContainers: +diff --git a/neutron/values.yaml b/neutron/values.yaml +index c72a55b5..b767c7ae 100644 +--- a/neutron/values.yaml ++++ b/neutron/values.yaml +@@ -555,6 +555,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ neutron: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + neutron_server: + init_container: null +diff --git a/nova/templates/cron-job-archive-deleted-rows.yaml b/nova/templates/cron-job-archive-deleted-rows.yaml +index 7baa3307..29a6e705 100644 +--- a/nova/templates/cron-job-archive-deleted-rows.yaml ++++ b/nova/templates/cron-job-archive-deleted-rows.yaml +@@ -47,6 +47,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + initContainers: + {{ tuple $envAll "archive-deleted-rows" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: +diff --git a/nova/templates/cron-job-cell-setup.yaml b/nova/templates/cron-job-cell-setup.yaml +index 18b661a7..f2d2801e 100644 +--- a/nova/templates/cron-job-cell-setup.yaml ++++ b/nova/templates/cron-job-cell-setup.yaml +@@ -47,6 +47,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + initContainers: + {{ tuple $envAll "cell_setup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: +diff --git a/nova/templates/cron-job-service-cleaner.yaml b/nova/templates/cron-job-service-cleaner.yaml +index bbe3fabd..9f745ace 100644 +--- a/nova/templates/cron-job-service-cleaner.yaml ++++ b/nova/templates/cron-job-service-cleaner.yaml +@@ -47,6 +47,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }} ++{{ end }} + initContainers: + {{ tuple $envAll "service_cleaner" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }} + containers: +diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml +index 4c690d61..927f5ad1 100644 +--- a/nova/templates/daemonset-compute.yaml ++++ b/nova/templates/daemonset-compute.yaml +@@ -78,6 +78,9 @@ spec: + {{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + nodeSelector: + {{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + hostNetwork: true + hostPID: true + hostIPC: true +diff --git a/nova/templates/deployment-api-metadata.yaml b/nova/templates/deployment-api-metadata.yaml +index c663a233..44d3a492 100644 +--- a/nova/templates/deployment-api-metadata.yaml ++++ b/nova/templates/deployment-api-metadata.yaml +@@ -61,6 +61,9 @@ spec: + {{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api_metadata.node_selector_key }}: {{ .Values.labels.api_metadata.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.metadata.timeout | default "30" }} + initContainers: + {{ tuple $envAll "api_metadata" $mounts_nova_api_metadata_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/nova/templates/deployment-api-osapi.yaml b/nova/templates/deployment-api-osapi.yaml +index 41c1faf5..29c80ba9 100644 +--- a/nova/templates/deployment-api-osapi.yaml ++++ b/nova/templates/deployment-api-osapi.yaml +@@ -61,6 +61,9 @@ spec: + {{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.osapi.node_selector_key }}: {{ .Values.labels.osapi.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.osapi.timeout | default "30" }} + initContainers: + {{ tuple $envAll "api" $mounts_nova_api_osapi_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/nova/templates/deployment-conductor.yaml b/nova/templates/deployment-conductor.yaml +index 5335a4ce..ba301abe 100644 +--- a/nova/templates/deployment-conductor.yaml ++++ b/nova/templates/deployment-conductor.yaml +@@ -74,6 +74,9 @@ spec: + {{ tuple $envAll "nova" "conductor" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.conductor.node_selector_key }}: {{ .Values.labels.conductor.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "conductor" $mounts_nova_conductor_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/nova/templates/deployment-consoleauth.yaml b/nova/templates/deployment-consoleauth.yaml +index c4a781f2..1af01430 100644 +--- a/nova/templates/deployment-consoleauth.yaml ++++ b/nova/templates/deployment-consoleauth.yaml +@@ -74,6 +74,9 @@ spec: + {{ tuple $envAll "nova" "consoleauth" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.consoleauth.node_selector_key }}: {{ .Values.labels.consoleauth.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "consoleauth" $mounts_nova_consoleauth_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/nova/templates/deployment-novncproxy.yaml b/nova/templates/deployment-novncproxy.yaml +index 68db32ac..517005d9 100644 +--- a/nova/templates/deployment-novncproxy.yaml ++++ b/nova/templates/deployment-novncproxy.yaml +@@ -61,6 +61,9 @@ spec: + {{ tuple $envAll "nova" "novnc-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.novncproxy.node_selector_key }}: {{ .Values.labels.novncproxy.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + {{- if .Values.pod.useHostNetwork.novncproxy }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet +diff --git a/nova/templates/deployment-placement.yaml b/nova/templates/deployment-placement.yaml +index 1391cd9a..8d5e508b 100644 +--- a/nova/templates/deployment-placement.yaml ++++ b/nova/templates/deployment-placement.yaml +@@ -61,6 +61,9 @@ spec: + {{ tuple $envAll "nova" "placement" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.placement.node_selector_key }}: {{ .Values.labels.placement.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.placement.timeout | default "30" }} + initContainers: + {{ tuple $envAll "api" $mounts_nova_placement_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/nova/templates/deployment-scheduler.yaml b/nova/templates/deployment-scheduler.yaml +index b8a465ea..52e46958 100644 +--- a/nova/templates/deployment-scheduler.yaml ++++ b/nova/templates/deployment-scheduler.yaml +@@ -74,6 +74,9 @@ spec: + {{ tuple $envAll "nova" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "scheduler" $mounts_nova_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/nova/templates/deployment-spiceproxy.yaml b/nova/templates/deployment-spiceproxy.yaml +index 98046a01..e430d257 100644 +--- a/nova/templates/deployment-spiceproxy.yaml ++++ b/nova/templates/deployment-spiceproxy.yaml +@@ -60,6 +60,9 @@ spec: + {{ tuple $envAll "nova" "spice-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.spiceproxy.node_selector_key }}: {{ .Values.labels.spiceproxy.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + initContainers: +diff --git a/nova/templates/job-bootstrap.yaml b/nova/templates/job-bootstrap.yaml +index c105f567..80d53d08 100644 +--- a/nova/templates/job-bootstrap.yaml ++++ b/nova/templates/job-bootstrap.yaml +@@ -43,6 +43,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ toYaml $nodeSelector | indent 8 }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{- if $envAll.Values.bootstrap.wait_for_computes.enabled }} +diff --git a/nova/templates/job-cell-setup.yaml b/nova/templates/job-cell-setup.yaml +index cdcdf251..44ef618e 100644 +--- a/nova/templates/job-cell-setup.yaml ++++ b/nova/templates/job-cell-setup.yaml +@@ -38,6 +38,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll "cell_setup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: nova-cell-setup-init +diff --git a/nova/templates/job-db-drop.yaml b/nova/templates/job-db-drop.yaml +index 9a6b1a0f..b0471ef2 100644 +--- a/nova/templates/job-db-drop.yaml ++++ b/nova/templates/job-db-drop.yaml +@@ -22,5 +22,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/nova/templates/job-db-init.yaml b/nova/templates/job-db-init.yaml +index b1ca8705..72b0a808 100644 +--- a/nova/templates/job-db-init.yaml ++++ b/nova/templates/job-db-init.yaml +@@ -30,5 +30,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml +index 3cd8cac7..061e18f1 100644 +--- a/nova/templates/job-db-sync.yaml ++++ b/nova/templates/job-db-sync.yaml +@@ -46,5 +46,8 @@ env: + {{- if .Values.helm3_hook }} + {{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/nova/templates/job-image-repo-sync.yaml b/nova/templates/job-image-repo-sync.yaml +index fe488dd2..e2ee66df 100644 +--- a/nova/templates/job-image-repo-sync.yaml ++++ b/nova/templates/job-image-repo-sync.yaml +@@ -21,5 +21,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := set $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/nova/templates/job-ks-endpoints.yaml b/nova/templates/job-ks-endpoints.yaml +index 5057ebc1..52ec50e4 100644 +--- a/nova/templates/job-ks-endpoints.yaml ++++ b/nova/templates/job-ks-endpoints.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/nova/templates/job-ks-placement-endpoints.yaml b/nova/templates/job-ks-placement-endpoints.yaml +index 2147f3cf..b5a10aed 100644 +--- a/nova/templates/job-ks-placement-endpoints.yaml ++++ b/nova/templates/job-ks-placement-endpoints.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/nova/templates/job-ks-placement-service.yaml b/nova/templates/job-ks-placement-service.yaml +index c2c8865c..d5846517 100644 +--- a/nova/templates/job-ks-placement-service.yaml ++++ b/nova/templates/job-ks-placement-service.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/nova/templates/job-ks-placement-user.yaml b/nova/templates/job-ks-placement-user.yaml +index 035c2f02..f6de6f6b 100644 +--- a/nova/templates/job-ks-placement-user.yaml ++++ b/nova/templates/job-ks-placement-user.yaml +@@ -17,5 +17,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.placement.placement.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/nova/templates/job-ks-service.yaml b/nova/templates/job-ks-service.yaml +index d9eb3b5b..9d1eebe5 100644 +--- a/nova/templates/job-ks-service.yaml ++++ b/nova/templates/job-ks-service.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-3" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/nova/templates/job-ks-user.yaml b/nova/templates/job-ks-user.yaml +index e5613cc9..65e5055a 100644 +--- a/nova/templates/job-ks-user.yaml ++++ b/nova/templates/job-ks-user.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/nova/templates/job-rabbit-init.yaml b/nova/templates/job-rabbit-init.yaml +index ffbb2707..b5133d30 100644 +--- a/nova/templates/job-rabbit-init.yaml ++++ b/nova/templates/job-rabbit-init.yaml +@@ -25,5 +25,8 @@ helm.sh/hook-weight: "-4" + {{- if .Values.helm3_hook }} + {{- $_ := set $rmqUserJob "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.nova.enabled -}} ++{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }} + {{- end }} +diff --git a/nova/templates/pod-rally-test.yaml b/nova/templates/pod-rally-test.yaml +index eabe8b6c..019596f1 100644 +--- a/nova/templates/pod-rally-test.yaml ++++ b/nova/templates/pod-rally-test.yaml +@@ -34,6 +34,9 @@ metadata: + spec: + nodeSelector: + {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.nova.enabled }} ++{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }} ++{{ end }} + restartPolicy: Never + serviceAccountName: {{ $serviceAccountName }} + initContainers: +diff --git a/nova/values.yaml b/nova/values.yaml +index cdb14575..4e6ce0ac 100644 +--- a/nova/values.yaml ++++ b/nova/values.yaml +@@ -2259,6 +2259,13 @@ pod: + default: kubernetes.io/hostname + weight: + default: 10 ++ tolerations: ++ nova: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + nova_compute: + init_container: null +diff --git a/placement/templates/deployment.yaml b/placement/templates/deployment.yaml +index f10b135d..9dcde008 100644 +--- a/placement/templates/deployment.yaml ++++ b/placement/templates/deployment.yaml +@@ -53,6 +53,9 @@ spec: + {{ tuple $envAll "placement" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.placement.enabled }} ++{{ tuple $envAll "placement" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }} + initContainers: + {{ tuple $envAll "api" $mounts_placement_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +diff --git a/placement/templates/job-db-drop.yaml b/placement/templates/job-db-drop.yaml +index af8cd247..f6e26e73 100644 +--- a/placement/templates/job-db-drop.yaml ++++ b/placement/templates/job-db-drop.yaml +@@ -20,5 +20,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $dbDropJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }} + {{- end }} +diff --git a/placement/templates/job-db-init.yaml b/placement/templates/job-db-init.yaml +index 31e1aec7..6edd4175 100644 +--- a/placement/templates/job-db-init.yaml ++++ b/placement/templates/job-db-init.yaml +@@ -30,5 +30,8 @@ helm.sh/hook-weight: "-5" + {{- if .Values.helm3_hook }} + {{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}} + {{- end }} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $dbInitJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }} + {{- end }} +diff --git a/placement/templates/job-db-migrate.yaml b/placement/templates/job-db-migrate.yaml +index b63ff0b7..ef733778 100644 +--- a/placement/templates/job-db-migrate.yaml ++++ b/placement/templates/job-db-migrate.yaml +@@ -39,6 +39,9 @@ spec: + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} ++{{ if $envAll.Values.pod.tolerations.placement.enabled }} ++{{ tuple $envAll "placement" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} ++{{ end }} + initContainers: + {{ tuple $envAll $service list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: +diff --git a/placement/templates/job-db-sync.yaml b/placement/templates/job-db-sync.yaml +index be791da4..e1c59360 100644 +--- a/placement/templates/job-db-sync.yaml ++++ b/placement/templates/job-db-sync.yaml +@@ -19,5 +19,8 @@ limitations under the License. + {{- if .Values.manifests.certificates -}} + {{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}} + {{- end -}} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} + {{- end }} +diff --git a/placement/templates/job-image-repo-sync.yaml b/placement/templates/job-image-repo-sync.yaml +index dd892276..2cda817e 100644 +--- a/placement/templates/job-image-repo-sync.yaml ++++ b/placement/templates/job-image-repo-sync.yaml +@@ -23,5 +23,8 @@ helm.sh/hook: post-install,post-upgrade + {{- if .Values.helm3_hook }} + {{- $_ := set $imageRepoSyncJob "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) }} + {{- end }} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} + {{- end }} +diff --git a/placement/templates/job-ks-endpoints.yaml b/placement/templates/job-ks-endpoints.yaml +index abd7994c..111ba33a 100644 +--- a/placement/templates/job-ks-endpoints.yaml ++++ b/placement/templates/job-ks-endpoints.yaml +@@ -27,5 +27,8 @@ helm.sh/hook-weight: "1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) -}} + {{- end }} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} + {{- end }} +diff --git a/placement/templates/job-ks-service.yaml b/placement/templates/job-ks-service.yaml +index f972aba4..10e45bd6 100644 +--- a/placement/templates/job-ks-service.yaml ++++ b/placement/templates/job-ks-service.yaml +@@ -27,5 +27,8 @@ helm.sh/hook-weight: "-2" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksServiceJob "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) -}} + {{- end }} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }} + {{- end }} +diff --git a/placement/templates/job-ks-user.yaml b/placement/templates/job-ks-user.yaml +index 66709133..2c1a0023 100644 +--- a/placement/templates/job-ks-user.yaml ++++ b/placement/templates/job-ks-user.yaml +@@ -27,5 +27,8 @@ helm.sh/hook-weight: "-1" + {{- if .Values.helm3_hook }} + {{- $_ := set $ksUserJob "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}} + {{- end }} ++{{- if .Values.pod.tolerations.placement.enabled -}} ++{{- $_ := set $ksUserJob "tolerationsEnabled" true -}} ++{{- end -}} + {{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} + {{- end }} +diff --git a/placement/values.yaml b/placement/values.yaml +index 57d9eb48..d3bd052d 100644 +--- a/placement/values.yaml ++++ b/placement/values.yaml +@@ -333,6 +333,13 @@ pod: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname ++ tolerations: ++ placement: ++ enabled: false ++ tolerations: ++ - key: node-role.kubernetes.io/master ++ operator: Exists ++ effect: NoSchedule + mounts: + placement: + init_container: null +-- +2.17.1 + diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml index 022f3946..f93e2318 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/deployment.yaml @@ -38,6 +38,9 @@ spec: serviceAccountName: {{ $serviceAccountName }} affinity: {{ tuple $envAll "nova" "api-proxy" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} +{{ if $envAll.Values.pod.tolerations.nova.enabled }} +{{ tuple $envAll "nova_api_proxy" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} nodeSelector: {{ .Values.labels.api_proxy.node_selector_key }}: {{ .Values.labels.api_proxy.node_selector_value }} terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api_proxy.timeout | default "30" }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml index c41c530f..77ff4005 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/image_repo_sync.yaml @@ -8,6 +8,9 @@ {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "nova-api-proxy" -}} +{{- if .Values.pod.tolerations.nova_api_proxy.enabled -}} +{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}} +{{- end -}} {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} {{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml index 28cc4272..c592499e 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/templates/job-ks-endpoints.yaml @@ -11,5 +11,8 @@ {{- if .Values.manifests.certificates -}} {{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.compute.api_proxy.internal -}} {{- end -}} +{{- if .Values.pod.tolerations.nova.enabled -}} +{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}} +{{- end -}} {{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }} {{- end }} diff --git a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml index 551eb520..9dac2b1c 100644 --- a/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml +++ b/stx-openstack-helm/stx-openstack-helm/helm-charts/nova-api-proxy/values.yaml @@ -240,6 +240,19 @@ pod: default: preferredDuringSchedulingIgnoredDuringExecution topologyKey: default: kubernetes.io/hostname + tolerations: + nova_api_proxy: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + nova: + enabled: false + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule mounts: nova_api_proxy: init_container: null diff --git a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml index 7a670ef2..738a3c19 100644 --- a/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml +++ b/stx-openstack-helm/stx-openstack-helm/manifests/manifest.yaml @@ -88,6 +88,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + ingress: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule conf: ingress: worker-processes: '4' @@ -185,6 +192,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + mariadb: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule conf: ingress_conf: worker-processes: '4' @@ -269,6 +283,14 @@ data: prometheus_memcached_exporter: node_selector_key: openstack-control-plane node_selector_value: enabled + pod: + tolerations: + memcached: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule monitoring: prometheus: enabled: false @@ -335,6 +357,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + rabbitmq: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule probes: readiness: periodSeconds: 30 @@ -428,6 +457,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + keystone: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule security_context: keystone: pod: @@ -758,6 +794,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + glance: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule endpoints: oslo_messaging: statefulset: @@ -877,6 +920,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + cinder: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule endpoints: oslo_messaging: statefulset: @@ -933,6 +983,14 @@ data: cgroup: "k8s-infra" libvirt: listen_addr: "::" + pod: + tolerations: + libvirt: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule images: tags: image_repo_sync: null @@ -977,6 +1035,14 @@ data: image_repo_sync: null openvswitch_db_server: docker.io/starlingx/stx-ovs:master-centos-stable-latest openvswitch_vswitchd: docker.io/starlingx/stx-ovs:master-centos-stable-latest + pod: + tolerations: + openvswitch: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule source: type: tar location: http://172.17.0.1/helm_charts/starlingx/openvswitch-0.1.5.tgz @@ -1111,6 +1177,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + nova: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule user: nova: uid: 0 @@ -1306,6 +1379,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + placement: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule user: placement: uid: 42424 @@ -1394,6 +1474,19 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + nova_api_proxy: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + nova: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule conf: nova_api_proxy: DEFAULT: @@ -1517,6 +1610,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + neutron: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule # Probes fail cause a long delay and eventual failure of the armada # application apply. Need to determine the fix to re-enable these. probes: @@ -1929,6 +2029,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + heat: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule source: type: tar location: http://172.17.0.1/helm_charts/starlingx/heat-0.2.7.tgz @@ -2798,6 +2905,13 @@ data: anti: type: default: requiredDuringSchedulingIgnoredDuringExecution + tolerations: + fm: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule labels: api: node_selector_key: openstack-control-plane @@ -2869,6 +2983,13 @@ data: enabled: 'true' port: 31000 pod: + tolerations: + horizon: + enabled: true + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule mounts: horizon: horizon: