openstack/openstack-helm-infra
Code Issues Proposed changes

[libvirt] Allow to initialize virtualization modules

Browse Source 
Add init-modules libvirt container which allows to initialize
libvirt modules during start. The script is provided via
.Values.init_modules.script data structure

Change-Id: I9d5c48448b23b6b6cc18d273c9187a0a79db4af9
This commit is contained in:
Vasyl Saienko 2024-09-16 14:16:43 +00:00
parent ea3c04a7d9
commit 865287258a
5 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libvirt/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm libvirt description: OpenStack-Helm libvirt
name: libvirt name: libvirt
version: 0.1.34 version: 0.1.35
home: https://libvirt.org home: https://libvirt.org
sources: sources:
- https://libvirt.org/git/?p=libvirt.git;a=summary - https://libvirt.org/git/?p=libvirt.git;a=summary

1
libvirt/templates/configmap-bin.yaml
View File

@ -36,4 +36,5 @@ data:
ceph-admin-keyring.sh: | ceph-admin-keyring.sh: |
{{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ceph-admin-keyring.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.init_modules.script "key" "libvirt-init-modules.sh") | indent 2 }}
{{- end }} {{- end }}

28
libvirt/templates/daemonset-libvirt.yaml
View File

@ -79,6 +79,27 @@ spec:
initContainers: initContainers:
{{ tuple $envAll "pod_dependency" $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll "pod_dependency" $mounts_libvirt_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }} {{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }}
{{- if .Values.conf.init_modules.enabled }}
- name: libvirt-init-modules
{{ tuple $envAll "libvirt" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "libvirt" "container" "libvirt_init_modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
terminationMessagePath: /var/log/termination-log
command:
- /tmp/libvirt-init-modules.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: etc-modprobe-d
mountPath: /etc/modprobe.d_host
- name: host-rootfs
mountPath: /mnt/host-rootfs
mountPropagation: HostToContainer
readOnly: true
- name: libvirt-bin
mountPath: /tmp/libvirt-init-modules.sh
subPath: libvirt-init-modules.sh
readOnly: true
{{- end }}
{{- if eq .Values.conf.qemu.vnc_tls "1" }} {{- if eq .Values.conf.qemu.vnc_tls "1" }}
- name: cert-init-vnc - name: cert-init-vnc
{{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -353,6 +374,13 @@ spec:
- name: etc-libvirt-qemu - name: etc-libvirt-qemu
hostPath: hostPath:
path: /etc/libvirt/qemu path: /etc/libvirt/qemu
- name: etc-modprobe-d
hostPath:
path: /etc/modprobe.d
- name: host-rootfs
hostPath:
path: /
type: Directory
{{ dict "envAll" $envAll "component" "libvirt" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }} {{ dict "envAll" $envAll "component" "libvirt" "requireSys" true | include "helm-toolkit.snippets.kubernetes_apparmor_volumes" | indent 8 }}
{{ if $mounts_libvirt.volumes }}{{ toYaml $mounts_libvirt.volumes | indent 8 }}{{ end }} {{ if $mounts_libvirt.volumes }}{{ toYaml $mounts_libvirt.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

34
libvirt/values.yaml
View File

@ -137,6 +137,34 @@ conf:
- rdma - rdma
- misc - misc
- pids - pids
init_modules:
enabled: false
script: |
#!/bin/bash
set -ex
export HOME=/tmp
KVM_QEMU_CONF_HOST="/etc/modprobe.d_host/qemu-system-x86.conf"
if [[ ! -f "${KVM_QEMU_CONF_HOST}" ]]; then
if grep vmx /proc/cpuinfo; then
cat << EOF > ${KVM_QEMU_CONF_HOST}
options kvm_intel nested=1
options kvm_intel enable_apicv=1
options kvm_intel ept=1
EOF
modprobe -r kvm_intel || true
modprobe kvm_intel nested=1
elif grep svm /proc/cpuinfo; then
cat << EOF > ${KVM_QEMU_CONF_HOST}
options kvm_amd nested=1
EOF
modprobe -r kvm_amd || true
modprobe kvm_amd nested=1
else
echo "Nested virtualization is not supported"
fi
fi
vencrypt: vencrypt:
# Issuer to use for the vencrypt certs. # Issuer to use for the vencrypt certs.
issuer: issuer:
@ -220,6 +248,12 @@ pod:
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
libvirt_exporter: libvirt_exporter:
privileged: true privileged: true
libvirt_init_modules:
readOnlyRootFilesystem: true
privileged: true
capabilities:
drop:
- ALL
sidecars: sidecars:
libvirt_exporter: false libvirt_exporter: false

1
releasenotes/notes/libvirt.yaml
View File

@ -35,4 +35,5 @@ libvirt:
- 0.1.32 Enable a flag to parse Libvirt Nova metadata in libvirt exporter - 0.1.32 Enable a flag to parse Libvirt Nova metadata in libvirt exporter
- 0.1.33 Handle cgroupv2 correctly - 0.1.33 Handle cgroupv2 correctly
- 0.1.34 Remove hugepages creation test - 0.1.34 Remove hugepages creation test
- 0.1.35 Allow to initialize virtualization modules
... ...