openstack/openstack-helm-infra
Code Issues Proposed changes

Restore ServiceAccount to openvswitch pod

Browse Source 
This change includes back the the helm-toolkit snippet:
kubernetes_pod_rbac_serviceaccount to the openvswitch Daemonset
definition, since it is responsible for creating the POD's
ServiceAccount which contains imagePullSecrets that enable the POD to
retrieve images from private registries.

Originally openvswitch chart had two daemonset definitions: for the
db and for the server, but recently both were merged into a single
daemonset [1] and the template inclusion was dropped during this merge

[1] 73e2b3322d

Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Change-Id: I8e8e165956db2714563733a78baf156ab20b696a
This commit is contained in:
Thales Elero Cervi 2023-07-13 18:25:24 -03:00
parent 2542db1647
commit b65ac7e129
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openvswitch/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm OpenVSwitch
name: openvswitch
version: 0.1.15
version: 0.1.16
home: http://openvswitch.org
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
sources:

4
openvswitch/templates/daemonset.yaml
View File

@ -56,6 +56,9 @@ exec:
{{- if .Values.manifests.daemonset }}
{{- $envAll := . }}
{{- $serviceAccountName := "openvswitch-server" }}
{{ tuple $envAll "vswitchd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: DaemonSet
@ -80,6 +83,7 @@ spec:
{{ dict "envAll" $envAll "podName" "openvswitch" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
spec:
shareProcessNamespace: true
serviceAccountName: {{ $serviceAccountName }}
{{ dict "envAll" $envAll "application" "ovs" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}

1
releasenotes/notes/openvswitch.yaml
View File

@ -16,4 +16,5 @@ openvswitch:
- 0.1.13 Upgrade openvswitch image to latest-ubuntu_focal to fix qos issue
- 0.1.14 Add buffer before accesses pid file
- 0.1.15 Add buffer before accesses ovs controller pid socket
- 0.1.16 Restore ServiceAccount to openvswitch pod
...