COMPUTED VALUES: ceph_client: configmap: ceph-etc user_secret_name: pvc-ceph-client-key conf: ceph: admin_keyring: null cinder: external_ceph: enabled: false secret_uuid: null user: null user_secret_name: null keyring: null secret_uuid: 457eb676-33da-42ec-9a8c-9293d545c337 user: cinder enabled: true dynamic_options: libvirt: listen_address: 127.0.0.1 listen_interface: null script: | #!/bin/bash set -ex LIBVIRT_CONF_PATH=/tmp/pod-shared/libvirtd.conf {{- if .Values.conf.dynamic_options.libvirt.listen_interface }} LISTEN_INTERFACE="{{ .Values.conf.dynamic_options.libvirt.listen_interface }}" LISTEN_IP_ADDRESS=$(ip address show $LISTEN_INTERFACE | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') {{- else if .Values.conf.dynamic_options.libvirt.listen_address }} LISTEN_IP_ADDRESS={{ .Values.conf.dynamic_options.libvirt.listen_address }} {{- end }} if [[ -z $LISTEN_IP_ADDRESS ]]; then echo "LISTEN_IP_ADDRESS is not set." exit 1 fi tee > ${LIBVIRT_CONF_PATH} << EOF {{ include "libvirt.utils.to_libvirt_conf" .Values.conf.libvirt }} EOF init_modules: enabled: false script: | #!/bin/bash set -ex export HOME=/tmp KVM_QEMU_CONF_HOST="/etc/modprobe.d_host/qemu-system-x86.conf" if [[ ! -f "${KVM_QEMU_CONF_HOST}" ]]; then if grep vmx /proc/cpuinfo; then cat << EOF > ${KVM_QEMU_CONF_HOST} options kvm_intel nested=1 options kvm_intel enable_apicv=1 options kvm_intel ept=1 EOF modprobe -r kvm_intel || true modprobe kvm_intel nested=1 elif grep svm /proc/cpuinfo; then cat << EOF > ${KVM_QEMU_CONF_HOST} options kvm_amd nested=1 EOF modprobe -r kvm_amd || true modprobe kvm_amd nested=1 else echo "Nested virtualization is not supported" fi fi kubernetes: cgroup: kubepods.slice cgroup_controllers: - blkio - cpu - devices - freezer - hugetlb - memory - net_cls - perf_event - rdma - misc - pids libvirt: auth_tcp: none auth_unix_rw: none ca_file: /etc/pki/CA/cacert.pem cert_file: /etc/pki/libvirt/servercert.pem key_file: /etc/pki/libvirt/private/serverkey.pem listen_addr: 0.0.0.0 listen_tcp: "0" listen_tls: "1" log_level: "3" log_outputs: 1:file:/var/log/libvirt/libvirtd.log tls_priority: NORMAL:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2 qemu: default_tls_x509_cert_dir: /etc/pki/qemu default_tls_x509_verify: "1" group: kvm stdio_handler: file user: nova vnc_tls: "1" vnc_tls_x509_verify: "0" dependencies: dynamic: common: local_image_registry: jobs: - libvirt-image-repo-sync services: - endpoint: node service: local_image_registry targeted: linuxbridge: libvirt: pod: - labels: application: neutron component: neutron-lb-agent requireSameNode: true openvswitch: libvirt: pod: - labels: application: neutron component: neutron-ovs-agent requireSameNode: true ovn: libvirt: pod: - labels: application: ovn component: ovn-controller requireSameNode: true sriov: libvirt: pod: - labels: application: neutron component: neutron-sriov-agent requireSameNode: true static: image_repo_sync: services: - endpoint: internal service: local_image_registry libvirt: services: null endpoints: cluster_domain_suffix: cluster.local libvirt_exporter: port: metrics: default: 9177 local_image_registry: host_fqdn_override: default: null hosts: default: localhost internal: docker-registry node: localhost name: docker-registry namespace: docker-registry port: registry: node: 5000 oci_image_registry: auth: enabled: false libvirt: password: password username: libvirt host_fqdn_override: default: null hosts: default: localhost name: oci-image-registry namespace: oci-image-registry port: registry: default: null helm-toolkit: global: {} images: local_registry: active: false exclude: - dep_check - image_repo_sync pull_policy: IfNotPresent tags: ceph_config_helper: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:3d8ac580f9a3235c9fdd27cda89717a651e34c9b029ae884d8b3fdbcc7bde2a8 dep_check: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge image_repo_sync: docker.io/library/docker:17.07.0 kubectl: harbor.atmosphere.dev/docker.io/rancher/kubectl:v1.34.1 libvirt: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:3d8ac580f9a3235c9fdd27cda89717a651e34c9b029ae884d8b3fdbcc7bde2a8 libvirt_exporter: harbor.atmosphere.dev/ghcr.io/inovex/prometheus-libvirt-exporter:2.2.0 libvirt_tls_sidecar: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirt-tls-sidecar:v1.0.1@sha256:669f92c09a7d80667440d850bdce81ae67a57d3f473b21d2382d434512093d53 issuers: libvirt: kind: Issuer name: libvirt-api vencrypt: kind: Issuer name: libvirt-vnc labels: agent: libvirt: node_selector_key: openstack-compute-node node_selector_value: enabled manifests: configmap_bin: true configmap_etc: true daemonset_libvirt: true job_image_repo_sync: true network_policy: false podmonitor: false role_cert_manager: true secret_registry: true network: backend: - ovn network_policy: libvirt: egress: - {} ingress: - {} pod: affinity: anti: topologyKey: default: kubernetes.io/hostname type: default: preferredDuringSchedulingIgnoredDuringExecution weight: default: 10 dns_policy: ClusterFirstWithHostNet labels: include_app_kubernetes_io: false lifecycle: upgrades: daemonsets: libvirt: enabled: true max_unavailable: 1 min_ready_seconds: 0 pod_replacement_strategy: RollingUpdate mounts: libvirt: init_container: null libvirt: null probes: libvirt: libvirt: liveness: enabled: true params: initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 5 readiness: enabled: true params: initialDelaySeconds: 15 periodSeconds: 60 timeoutSeconds: 5 libvirt_exporter: liveness: enabled: true params: initialDelaySeconds: 30 periodSeconds: 60 timeoutSeconds: 5 readiness: enabled: true params: initialDelaySeconds: 15 periodSeconds: 60 timeoutSeconds: 5 resources: enabled: false jobs: image_repo_sync: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi libvirt: limits: cpu: 2000m memory: 1024Mi requests: cpu: 100m memory: 128Mi libvirt_exporter: limits: cpu: 500m memory: 256Mi requests: cpu: 100m memory: 128Mi security_context: libvirt: container: ceph_admin_keyring_placement: readOnlyRootFilesystem: false ceph_keyring_placement: readOnlyRootFilesystem: false init_dynamic_options: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 libvirt: privileged: true readOnlyRootFilesystem: false libvirt_exporter: privileged: true libvirt_init_modules: capabilities: drop: - ALL privileged: true readOnlyRootFilesystem: true pod: runAsUser: 0 sidecars: libvirt_exporter: args: - --libvirt.uri - /run/libvirt/libvirt-sock-ro enabled: true tolerations: libvirt: enabled: false tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists - effect: NoSchedule key: node-role.kubernetes.io/control-plane operator: Exists release_group: null secrets: oci_image_registry: libvirt: libvirt-oci-image-registry-key tls: client: libvirt-tls-client server: libvirt-tls-server