Add option to mount host path for cgroups

Capability added to disable cgroups host path volume Change-Id: I007d9a79b812094126fadb36fd743133495d337f
2023-09-19 13:19:41 -04:00 · 2023-09-19 13:19:41 -04:00 · ba3657c0c1
parent 736c936394
commit ba3657c0c1
3 changed files with 13 additions and 0 deletions
--- a/charts/maas/templates/statefulset-rack.yaml
+++ b/charts/maas/templates/statefulset-rack.yaml
@ -94,9 +94,11 @@ spec:
            - /tmp/start.sh
 {{ dict "envAll" $envAll "component" "rack" "container" "maas-rack" "type" "readiness" "probeTemplate" (include "maasrackreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
          volumeMounts:
+{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }}
            - mountPath: /sys/fs/cgroup
              name: host-sys-fs-cgroup
              readOnly: true
+{{- end }}
            - mountPath: /run
              name: pod-run
            - mountPath: /run/lock
@ -155,9 +157,11 @@ spec:
              readOnly: true
 {{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
      volumes:
+{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }}
        - name: host-sys-fs-cgroup
          hostPath:
            path: /sys/fs/cgroup
+{{- end }}
        - name: host-cloud-init
          hostPath:
            path: /run/cloud-init
--- a/charts/maas/templates/statefulset-region.yaml
+++ b/charts/maas/templates/statefulset-region.yaml
@ -108,9 +108,11 @@ spec:
          command:
            - /tmp/start.sh
          volumeMounts:
+{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }}
            - mountPath: /sys/fs/cgroup
              name: host-sys-fs-cgroup
              readOnly: true
+{{- end }}
            - mountPath: /run
              name: pod-run
            - mountPath: /run/lock
@ -179,9 +181,11 @@ spec:
              readOnly: true
 {{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
      volumes:
+{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }}
        - name: host-sys-fs-cgroup
          hostPath:
            path: /sys/fs/cgroup
+{{- end }}
        - name: pod-run
          emptyDir: {}
        - name: pod-run-lock
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -234,6 +234,11 @@ conf:
    url:
      maas_url: null
    ingress_disable_gui: false
+    cgroups:
+      # When set to true, this won't mount the host path /sys/fs/cgroup. Used
+      # to enable use of cgroups v2. Also requires running container as privileged
+      disable_cgroups_region: false
+      disable_cgroups_rack: false
    ntp:
      # These options allow you to mock out the ntpd binary within the container
      # by overwriting it with a script that simply sleeps - this is useful in