openstack/openstack-helm
Code Issues Proposed changes

Nova: Update volume mount params

Browse Source 
This commit update the volume mounts in pods to ensure:
 * Config files and scripts are mounted readonly
 * volume mounts added for bootstrap job

Co-Authored-By: Larry Rensing <lr699s@att.com>

Change-Id: I1e89419858c0f72b705ad9b7968ec01bfaab5740
This commit is contained in:
Pete Birley 2017-04-12 01:18:20 -05:00
parent 1a48b79db4
commit 1ba6ec05b6
10 changed files with 53 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nova/templates/daemonset-compute.yaml
View File

@ -63,15 +63,23 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- name: nova-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: nova-etc
mountPath: /etc/ceph/ceph.client.keyring
subPath: ceph.client.keyring
readOnly: true
- mountPath: /lib/modules
name: libmodules
readOnly: true

10
nova/templates/daemonset-libvirt.yaml
View File

@ -60,15 +60,23 @@ spec:
- name: nova-etc
mountPath: /etc/libvirt/libvirtd.conf
subPath: libvirtd.conf
readOnly: true
- name: nova-bin
mountPath: /tmp/libvirt.sh
subPath: libvirt.sh
readOnly: true
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
- name: nova-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
readOnly: true
- mountPath: /lib/modules
name: libmodules
readOnly: true
@ -84,9 +92,11 @@ spec:
- name: nova-etc
mountPath: /etc/ceph/ceph.conf
subPath: ceph.conf
readOnly: true
- name: nova-etc
mountPath: /etc/ceph/ceph.client.keyring
subPath: ceph.client.keyring
readOnly: true
{{- end }}
{{ if $mounts_nova_libvirt.volumeMounts }}{{ toYaml $mounts_nova_libvirt.volumeMounts | indent 12 }}{{ end }}
volumes:

5
nova/templates/deployment-api-metadata.yaml
View File

@ -73,6 +73,11 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: nova-etc

5
nova/templates/deployment-api-osapi.yaml
View File

@ -72,6 +72,11 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
- name: nova-etc
mountPath: /etc/nova/api-paste.ini
subPath: api-paste.ini
readOnly: true
{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: nova-etc

1
nova/templates/deployment-conductor.yaml
View File

@ -64,6 +64,7 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
{{ if $mounts_nova_conductor.volumeMounts }}{{ toYaml $mounts_nova_conductor.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: nova-etc

1
nova/templates/deployment-consoleauth.yaml
View File

@ -65,6 +65,7 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
{{ if $mounts_nova_consoleauth.volumeMounts }}{{ toYaml $mounts_nova_consoleauth.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: nova-etc

1
nova/templates/deployment-scheduler.yaml
View File

@ -65,6 +65,7 @@ spec:
- name: nova-etc
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
{{ if $mounts_nova_scheduler.volumeMounts }}{{ toYaml $mounts_nova_scheduler.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: nova-etc

14
nova/templates/job-bootstrap.yaml
View File

@ -15,6 +15,8 @@
{{- $envAll := . }}
{{- $ksAdminSecret := $envAll.Values.keystone.admin_secret | default "nova-env-keystone-admin" }}
{{- $dependencies := .Values.dependencies.bootstrap }}
{{- $mounts_nova_bootstrap := .Values.mounts.nova_bootstrap.nova_bootstrap }}
{{- $mounts_nova_bootstrap_init := .Values.mounts.nova_bootstrap.init_container }}
apiVersion: batch/v1
kind: Job
metadata:
@ -24,7 +26,7 @@ spec:
metadata:
annotations:
pod.beta.kubernetes.io/init-containers: '[
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
{{ tuple $envAll $dependencies $mounts_nova_bootstrap_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
]'
spec:
restartPolicy: OnFailure
@ -51,12 +53,15 @@ spec:
{{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
volumeMounts:
- name: novaconf
mountPath: /etc/nova/nova.conf
subPath: nova.conf
- name: nova-bin
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: novaconf
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
{{ if $mounts_nova_bootstrap.volumeMounts }}{{ toYaml $mounts_nova_bootstrap.volumeMounts | indent 12 }}{{ end }}
volumes:
- name: novaconf
configMap:
@ -64,3 +69,4 @@ spec:
- name: nova-bin
configMap:
name: nova-bin
{{ if $mounts_nova_bootstrap.volumes }}{{ toYaml $mounts_nova_bootstrap.volumes | indent 8 }}{{ end }}

12
nova/templates/job-db-sync.yaml
View File

@ -46,13 +46,19 @@ spec:
- bash
- /tmp/db-sync.sh
volumeMounts:
- name: novaconf
mountPath: /etc/nova/nova.conf
subPath: nova.conf
- name: nova-bin
mountPath: /tmp/db-sync.sh
subPath: db-sync.sh
readOnly: true
- name: etcnova
mountPath: /etc/nova
- name: novaconf
mountPath: /etc/nova/nova.conf
subPath: nova.conf
readOnly: true
volumes:
- name: etcnova
emptyDir: {}
- name: novaconf
configMap:
name: nova-etc

3
nova/values.yaml
View File

@ -214,6 +214,9 @@ mounts:
nova_scheduler:
init_container: null
nova_scheduler:
nova_bootstrap:
init_container: null
nova_bootstrap:
conf:
paste: