50b3d68905
The named and nginx processes both try to use all available CPUs. In addition, there is a bug in named that sometimes causes it to spin on a FUTEX, pegging the CPU. This change constrains those processes to a single CPU (overridable in values.yaml), and includes /etc/bind/bind.keys in named.conf to avoid the CPU spike. Change-Id: I4a278023f5c0dd5e7bdee46891591b278f2ddcad
189 lines
7.2 KiB
YAML
189 lines
7.2 KiB
YAML
{{/*
|
|
Copyright 2017 The Openstack-Helm Authors.
|
|
Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.manifests.rack_statefulset }}
|
|
{{- $envAll := . }}
|
|
{{- $serviceAccountName := "maas-rack" }}
|
|
{{- $mounts_maas_rack := .Values.pod.mounts.maas_rack }}
|
|
{{- $mounts_maas_rack_init := .Values.pod.mounts.maas_rack.init_container }}
|
|
|
|
{{ tuple $envAll "rack_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: maas-rack
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
labels:
|
|
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
|
serviceName: maas-rack
|
|
replicas: {{ .Values.pod.replicas.rack }}
|
|
podManagementPolicy: 'Parallel'
|
|
updateStrategy:
|
|
type: 'RollingUpdate'
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
{{ dict "envAll" $envAll "podName" "maas-rack" "containerNames" (list "init" "maas-rack") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
|
spec:
|
|
{{ dict "envAll" $envAll "application" "rack" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
affinity:
|
|
{{- tuple $envAll "maas" "rack" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
nodeSelector:
|
|
{{ .Values.labels.rack.node_selector_key }}: {{ .Values.labels.rack.node_selector_value }}
|
|
hostNetwork: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
initContainers:
|
|
{{ tuple $envAll "rack_controller" $mounts_maas_rack_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
containers:
|
|
- name: maas-rack
|
|
image: {{ .Values.images.tags.maas_rack }}
|
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
|
tty: true
|
|
{{ dict "envAll" $envAll "application" "rack" "container" "maas_rack" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
env:
|
|
- name: MAAS_ENDPOINT
|
|
{{- if empty .Values.conf.maas.url.maas_url }}
|
|
value: {{ tuple "maas_region" "public" "region_api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | quote }}
|
|
{{- else }}
|
|
value: {{ .Values.conf.maas.url.maas_url }}
|
|
{{- end }}
|
|
- name: MAAS_REGION_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.secrets.maas_region.name }}
|
|
key: REGION_SECRET
|
|
- name: MAAS_API_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ .Values.conf.maas.credentials.secret.name }}
|
|
key: 'token'
|
|
{{ tuple $envAll $envAll.Values.pod.resources.maas_rack | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
command:
|
|
- /tmp/start.sh
|
|
readinessProbe:
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 60
|
|
timeoutSeconds: 60
|
|
exec:
|
|
command:
|
|
- ls
|
|
- /tmp/maas-rack.done
|
|
volumeMounts:
|
|
- mountPath: /sys/fs/cgroup
|
|
name: host-sys-fs-cgroup
|
|
readOnly: true
|
|
- mountPath: /run
|
|
name: pod-run
|
|
- mountPath: /run/lock
|
|
name: pod-run-lock
|
|
- mountPath: /tmp
|
|
name: pod-tmp
|
|
- mountPath: /host_cloud-init
|
|
name: host-cloud-init
|
|
readOnly: true
|
|
{{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
|
|
- name: maas-bin
|
|
mountPath: /usr/sbin/ntpd
|
|
subPath: ntpd.sh
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: maas-bin
|
|
mountPath: /tmp/start.sh
|
|
subPath: start.sh
|
|
readOnly: true
|
|
- name: maas-bin
|
|
mountPath: /usr/local/bin/register-rack-controller.sh
|
|
subPath: register-rack-controller.sh
|
|
readOnly: true
|
|
- name: rackd-state
|
|
mountPath: /etc/maas
|
|
subPath: etc
|
|
readOnly: false
|
|
- name: rackd-state
|
|
mountPath: /var/lib/maas
|
|
subPath: home
|
|
readOnly: false
|
|
- name: maas-etc
|
|
mountPath: /etc/nsswitch.conf
|
|
subPath: nsswitch.conf
|
|
readOnly: true
|
|
{{- if .Values.manifests.secret_ssh_key }}
|
|
- name: priv-key
|
|
subPath: PRIVATE_KEY
|
|
mountPath: /var/lib/maas/id_rsa
|
|
{{- end }}
|
|
- name: maas-etc
|
|
mountPath: /var/lib/maas/http/nginx.conf
|
|
subPath: nginx.conf
|
|
readOnly: true
|
|
- name: maas-etc
|
|
mountPath: /etc/default/bind9
|
|
subPath: bind9
|
|
readOnly: true
|
|
{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
|
|
volumes:
|
|
- name: host-sys-fs-cgroup
|
|
hostPath:
|
|
path: /sys/fs/cgroup
|
|
- name: host-cloud-init
|
|
hostPath:
|
|
path: /run/cloud-init
|
|
- name: pod-run
|
|
emptyDir: {}
|
|
- name: pod-run-lock
|
|
emptyDir: {}
|
|
- name: pod-tmp
|
|
emptyDir: {}
|
|
{{- if .Values.manifests.secret_ssh_key }}
|
|
- name: priv-key
|
|
secret:
|
|
secretName: {{ .Release.Name}}-{{ .Values.secrets.ssh_key }}
|
|
defaultMode: 0400
|
|
{{- end }}
|
|
- name: maas-bin
|
|
configMap:
|
|
name: maas-bin
|
|
defaultMode: 0555
|
|
- name: maas-etc
|
|
configMap:
|
|
name: maas-etc
|
|
defaultMode: 0444
|
|
{{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: rackd-state
|
|
annotations:
|
|
{{ .Values.storage.rackd.pvc.class_path }}: {{ .Values.storage.rackd.pvc.class_name }}
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.storage.rackd.pvc.size }}
|
|
{{- end }}
|