Nova: Update volume mount params
This commit update the volume mounts in pods to ensure: * Config files and scripts are mounted readonly * volume mounts added for bootstrap job Co-Authored-By: Larry Rensing <lr699s@att.com> Change-Id: I1e89419858c0f72b705ad9b7968ec01bfaab5740
This commit is contained in:
Pete Birley
parent
1a48b79db4
commit
1ba6ec05b6
@ -63,15 +63,23 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: nova-etc
|
||||||
|
mountPath: /etc/nova/api-paste.ini
|
||||||
|
subPath: api-paste.ini
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/resolv.conf
|
mountPath: /etc/resolv.conf
|
||||||
subPath: resolv.conf
|
subPath: resolv.conf
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/ceph/ceph.conf
|
mountPath: /etc/ceph/ceph.conf
|
||||||
subPath: ceph.conf
|
subPath: ceph.conf
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/ceph/ceph.client.keyring
|
mountPath: /etc/ceph/ceph.client.keyring
|
||||||
subPath: ceph.client.keyring
|
subPath: ceph.client.keyring
|
||||||
|
readOnly: true
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: libmodules
|
name: libmodules
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
|||||||
@ -60,15 +60,23 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/libvirt/libvirtd.conf
|
mountPath: /etc/libvirt/libvirtd.conf
|
||||||
subPath: libvirtd.conf
|
subPath: libvirtd.conf
|
||||||
|
readOnly: true
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/libvirt.sh
|
mountPath: /tmp/libvirt.sh
|
||||||
subPath: libvirt.sh
|
subPath: libvirt.sh
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: nova-etc
|
||||||
|
mountPath: /etc/nova/api-paste.ini
|
||||||
|
subPath: api-paste.ini
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/resolv.conf
|
mountPath: /etc/resolv.conf
|
||||||
subPath: resolv.conf
|
subPath: resolv.conf
|
||||||
|
readOnly: true
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: libmodules
|
name: libmodules
|
||||||
readOnly: true
|
readOnly: true
|
||||||
@ -84,9 +92,11 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/ceph/ceph.conf
|
mountPath: /etc/ceph/ceph.conf
|
||||||
subPath: ceph.conf
|
subPath: ceph.conf
|
||||||
|
readOnly: true
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/ceph/ceph.client.keyring
|
mountPath: /etc/ceph/ceph.client.keyring
|
||||||
subPath: ceph.client.keyring
|
subPath: ceph.client.keyring
|
||||||
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{ if $mounts_nova_libvirt.volumeMounts }}{{ toYaml $mounts_nova_libvirt.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_libvirt.volumeMounts }}{{ toYaml $mounts_nova_libvirt.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
|
|||||||
@ -73,6 +73,11 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: nova-etc
|
||||||
|
mountPath: /etc/nova/api-paste.ini
|
||||||
|
subPath: api-paste.ini
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
|
|||||||
@ -72,6 +72,11 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: nova-etc
|
||||||
|
mountPath: /etc/nova/api-paste.ini
|
||||||
|
subPath: api-paste.ini
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
|
|||||||
@ -64,6 +64,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
|
|||||||
@ -65,6 +65,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
|
|||||||
@ -65,6 +65,7 @@ spec:
|
|||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
mountPath: /etc/nova/nova.conf
|
mountPath: /etc/nova/nova.conf
|
||||||
subPath: nova.conf
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
|
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: nova-etc
|
- name: nova-etc
|
||||||
|
|||||||
@ -15,6 +15,8 @@
|
|||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
|
||||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||||
|
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
|
||||||
|
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
|
||||||
apiVersion: batch/v1
|
apiVersion: batch/v1
|
||||||
kind: Job
|
kind: Job
|
||||||
metadata:
|
metadata:
|
||||||
@ -24,7 +26,7 @@ spec:
|
|||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
pod.beta.kubernetes.io/init-containers: '[
|
pod.beta.kubernetes.io/init-containers: '[
|
||||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
|
{{ tuple $envAll $dependencies $mounts_nova_bootstrap_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
|
||||||
]'
|
]'
|
||||||
spec:
|
spec:
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
@ -51,12 +53,15 @@ spec:
|
|||||||
{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }}
|
{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: novaconf
|
|
||||||
mountPath: /etc/nova/nova.conf
|
|
||||||
subPath: nova.conf
|
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/bootstrap.sh
|
mountPath: /tmp/bootstrap.sh
|
||||||
subPath: bootstrap.sh
|
subPath: bootstrap.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: novaconf
|
||||||
|
mountPath: /etc/nova/nova.conf
|
||||||
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
|
{{ if $mounts_nova_bootstrap.volumeMounts }}{{ toYaml $mounts_nova_bootstrap.volumeMounts | indent 12 }}{{ end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: novaconf
|
- name: novaconf
|
||||||
configMap:
|
configMap:
|
||||||
@ -64,3 +69,4 @@ spec:
|
|||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-bin
|
name: nova-bin
|
||||||
|
{{ if $mounts_nova_bootstrap.volumes }}{{ toYaml $mounts_nova_bootstrap.volumes | indent 8 }}{{ end }}
|
||||||
|
|||||||
@ -46,13 +46,19 @@ spec:
|
|||||||
- bash
|
- bash
|
||||||
- /tmp/db-sync.sh
|
- /tmp/db-sync.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: novaconf
|
|
||||||
mountPath: /etc/nova/nova.conf
|
|
||||||
subPath: nova.conf
|
|
||||||
- name: nova-bin
|
- name: nova-bin
|
||||||
mountPath: /tmp/db-sync.sh
|
mountPath: /tmp/db-sync.sh
|
||||||
subPath: db-sync.sh
|
subPath: db-sync.sh
|
||||||
|
readOnly: true
|
||||||
|
- name: etcnova
|
||||||
|
mountPath: /etc/nova
|
||||||
|
- name: novaconf
|
||||||
|
mountPath: /etc/nova/nova.conf
|
||||||
|
subPath: nova.conf
|
||||||
|
readOnly: true
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: etcnova
|
||||||
|
emptyDir: {}
|
||||||
- name: novaconf
|
- name: novaconf
|
||||||
configMap:
|
configMap:
|
||||||
name: nova-etc
|
name: nova-etc
|
||||||
|
|||||||
@ -214,6 +214,9 @@ mounts:
|
|||||||
nova_scheduler:
|
nova_scheduler:
|
||||||
init_container: null
|
init_container: null
|
||||||
nova_scheduler:
|
nova_scheduler:
|
||||||
|
nova_bootstrap:
|
||||||
|
init_container: null
|
||||||
|
nova_bootstrap:
|
||||||
|
|
||||||
conf:
|
conf:
|
||||||
paste:
|
paste:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user