054c5fde24
We are gonna use libvirt unix socket in nova. We are trying to realize live migration in libvirt while guarantee secure. To realize this, replaced 127.0.0.1 with 0.0.0.0 for listen address and plus enabled tls instead bare tcp. And in the nova, used libvirt unix socket to connect instead of tcp 127.0.0.1 connection. fyi, https://review.opendev.org/752108/ and https://review.opendev.org/752125/ Change-Id: Idb7d3a0d90be84d96b541c41fb90abdd33b7de94
207 lines
4.8 KiB
YAML
207 lines
4.8 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Default values for libvirt.
|
|
# This is a YAML-formatted file.
|
|
# Declare name/value pairs to be passed into your templates.
|
|
# name: value
|
|
|
|
---
|
|
release_group: null
|
|
|
|
labels:
|
|
agent:
|
|
libvirt:
|
|
node_selector_key: openstack-compute-node
|
|
node_selector_value: enabled
|
|
|
|
images:
|
|
tags:
|
|
libvirt: docker.io/openstackhelm/libvirt:latest-ubuntu_bionic
|
|
ceph_config_helper: 'docker.io/openstackhelm/ceph-config-helper:ubuntu_bionic-20200217'
|
|
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
|
|
image_repo_sync: docker.io/docker:17.07.0
|
|
pull_policy: "IfNotPresent"
|
|
local_registry:
|
|
active: false
|
|
exclude:
|
|
- dep_check
|
|
- image_repo_sync
|
|
|
|
network:
|
|
# provide what type of network wiring will be used
|
|
# possible options: openvswitch, linuxbridge, sriov
|
|
backend:
|
|
- openvswitch
|
|
|
|
endpoints:
|
|
cluster_domain_suffix: cluster.local
|
|
local_image_registry:
|
|
name: docker-registry
|
|
namespace: docker-registry
|
|
hosts:
|
|
default: localhost
|
|
internal: docker-registry
|
|
node: localhost
|
|
host_fqdn_override:
|
|
default: null
|
|
port:
|
|
registry:
|
|
node: 5000
|
|
|
|
network_policy:
|
|
libvirt:
|
|
ingress:
|
|
- {}
|
|
egress:
|
|
- {}
|
|
|
|
ceph_client:
|
|
configmap: ceph-etc
|
|
user_secret_name: pvc-ceph-client-key
|
|
|
|
conf:
|
|
ceph:
|
|
enabled: true
|
|
admin_keyring: null
|
|
cinder:
|
|
user: "cinder"
|
|
keyring: null
|
|
secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337
|
|
# Cinder Ceph backend that is not configured by the k8s cluter
|
|
external_ceph:
|
|
enabled: false
|
|
user: null
|
|
secret_uuid: null
|
|
user_secret_name: null
|
|
libvirt:
|
|
listen_tcp: "1"
|
|
listen_tls: "0"
|
|
auth_tcp: "none"
|
|
ca_file: "/etc/pki/CA/cacert.pem"
|
|
cert_file: "/etc/pki/libvirt/servercert.pem"
|
|
key_file: "/etc/pki/libvirt/private/serverkey.pem"
|
|
auth_unix_rw: "none"
|
|
listen_addr: 127.0.0.1
|
|
log_level: "3"
|
|
log_outputs: "1:file:/var/log/libvirt/libvirtd.log"
|
|
qemu:
|
|
stdio_handler: "file"
|
|
user: "nova"
|
|
group: "kvm"
|
|
kubernetes:
|
|
cgroup: "kubepods"
|
|
|
|
pod:
|
|
security_context:
|
|
libvirt:
|
|
pod:
|
|
runAsUser: 0
|
|
container:
|
|
ceph_admin_keyring_placement:
|
|
readOnlyRootFilesystem: false
|
|
ceph_keyring_placement:
|
|
readOnlyRootFilesystem: false
|
|
libvirt:
|
|
privileged: true
|
|
readOnlyRootFilesystem: false
|
|
affinity:
|
|
anti:
|
|
type:
|
|
default: preferredDuringSchedulingIgnoredDuringExecution
|
|
topologyKey:
|
|
default: kubernetes.io/hostname
|
|
weight:
|
|
default: 10
|
|
dns_policy: "ClusterFirstWithHostNet"
|
|
mounts:
|
|
libvirt:
|
|
init_container: null
|
|
libvirt:
|
|
lifecycle:
|
|
upgrades:
|
|
daemonsets:
|
|
pod_replacement_strategy: RollingUpdate
|
|
libvirt:
|
|
enabled: true
|
|
min_ready_seconds: 0
|
|
max_unavailable: 1
|
|
resources:
|
|
enabled: false
|
|
libvirt:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
jobs:
|
|
image_repo_sync:
|
|
requests:
|
|
memory: "128Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "1024Mi"
|
|
cpu: "2000m"
|
|
|
|
dependencies:
|
|
dynamic:
|
|
common:
|
|
local_image_registry:
|
|
jobs:
|
|
- libvirt-image-repo-sync
|
|
services:
|
|
- endpoint: node
|
|
service: local_image_registry
|
|
targeted:
|
|
openvswitch:
|
|
libvirt:
|
|
pod:
|
|
- requireSameNode: true
|
|
labels:
|
|
application: neutron
|
|
component: neutron-ovs-agent
|
|
linuxbridge:
|
|
libvirt:
|
|
pod:
|
|
- requireSameNode: true
|
|
labels:
|
|
application: neutron
|
|
component: neutron-lb-agent
|
|
sriov:
|
|
libvirt:
|
|
pod:
|
|
- requireSameNode: true
|
|
labels:
|
|
application: neutron
|
|
component: neutron-sriov-agent
|
|
static:
|
|
libvirt:
|
|
services: null
|
|
image_repo_sync:
|
|
services:
|
|
- endpoint: internal
|
|
service: local_image_registry
|
|
|
|
manifests:
|
|
configmap_bin: true
|
|
configmap_etc: true
|
|
daemonset_libvirt: true
|
|
job_image_repo_sync: true
|
|
network_policy: false
|
|
|
|
secrets:
|
|
tls:
|
|
server: libvirt-tls-server
|
|
client: libvirt-tls-client
|
|
...
|