From ba3657c0c1eca94e5f8f782c528e735ce9ff80dd Mon Sep 17 00:00:00 2001 From: "SPEARS, DUSTIN (ds443n)" Date: Tue, 19 Sep 2023 13:19:41 -0400 Subject: [PATCH] Add option to mount host path for cgroups Capability added to disable cgroups host path volume Change-Id: I007d9a79b812094126fadb36fd743133495d337f --- charts/maas/templates/statefulset-rack.yaml | 4 ++++ charts/maas/templates/statefulset-region.yaml | 4 ++++ charts/maas/values.yaml | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/charts/maas/templates/statefulset-rack.yaml b/charts/maas/templates/statefulset-rack.yaml index 49eca4e..1913b30 100644 --- a/charts/maas/templates/statefulset-rack.yaml +++ b/charts/maas/templates/statefulset-rack.yaml @@ -94,9 +94,11 @@ spec: - /tmp/start.sh {{ dict "envAll" $envAll "component" "rack" "container" "maas-rack" "type" "readiness" "probeTemplate" (include "maasrackreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} volumeMounts: +{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }} - mountPath: /sys/fs/cgroup name: host-sys-fs-cgroup readOnly: true +{{- end }} - mountPath: /run name: pod-run - mountPath: /run/lock @@ -155,9 +157,11 @@ spec: readOnly: true {{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }} volumes: +{{- if not .Values.conf.maas.cgroups.disable_cgroups_rack }} - name: host-sys-fs-cgroup hostPath: path: /sys/fs/cgroup +{{- end }} - name: host-cloud-init hostPath: path: /run/cloud-init diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml index b91c50d..092ef6d 100644 --- a/charts/maas/templates/statefulset-region.yaml +++ b/charts/maas/templates/statefulset-region.yaml @@ -108,9 +108,11 @@ spec: command: - /tmp/start.sh volumeMounts: +{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }} - mountPath: /sys/fs/cgroup name: host-sys-fs-cgroup readOnly: true +{{- end }} - mountPath: /run name: pod-run - mountPath: /run/lock @@ -179,9 +181,11 @@ spec: readOnly: true {{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }} volumes: +{{- if not .Values.conf.maas.cgroups.disable_cgroups_region }} - name: host-sys-fs-cgroup hostPath: path: /sys/fs/cgroup +{{- end }} - name: pod-run emptyDir: {} - name: pod-run-lock diff --git a/charts/maas/values.yaml b/charts/maas/values.yaml index f391d1c..23faed9 100644 --- a/charts/maas/values.yaml +++ b/charts/maas/values.yaml @@ -234,6 +234,11 @@ conf: url: maas_url: null ingress_disable_gui: false + cgroups: + # When set to true, this won't mount the host path /sys/fs/cgroup. Used + # to enable use of cgroups v2. Also requires running container as privileged + disable_cgroups_region: false + disable_cgroups_rack: false ntp: # These options allow you to mock out the ntpd binary within the container # by overwriting it with a script that simply sleeps - this is useful in