apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" meta.helm.sh/release-name: libvirt meta.helm.sh/release-namespace: openstack openstackhelm.openstack.org/release_uuid: "" creationTimestamp: "2026-04-22T21:12:57Z" generation: 1 labels: app.kubernetes.io/managed-by: Helm application: libvirt component: libvirt release_group: libvirt name: libvirt-libvirt-default namespace: openstack resourceVersion: "18323" uid: 757ba7d3-f34d-4589-bbb6-008b6c507fe9 spec: revisionHistoryLimit: 10 selector: matchLabels: application: libvirt component: libvirt release_group: libvirt template: metadata: annotations: configmap-bin-hash: 733aa04fa301ebba5cf32fb67151b7fbe0b71095ba636e68806d7e51bd920609 configmap-etc-hash: 007914fb1ae8c4225c65208fa55bb64263c3e415153f0ed63f25db3556ef0c75 openstackhelm.openstack.org/release_uuid: "" creationTimestamp: null labels: application: libvirt component: libvirt release_group: libvirt spec: containers: - env: - name: API_ISSUER_KIND value: Issuer - name: API_ISSUER_NAME value: libvirt-api - name: VNC_ISSUER_KIND value: Issuer - name: VNC_ISSUER_NAME value: libvirt-vnc - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirt-tls-sidecar:v1.0.1@sha256:669f92c09a7d80667440d850bdce81ae67a57d3f473b21d2382d434512093d53 imagePullPolicy: IfNotPresent name: tls-sidecar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/pki/qemu name: etc-pki-qemu - mountPath: /etc/pki/CA name: etc-pki-ca - mountPath: /etc/pki/libvirt name: etc-pki-libvirt - mountPath: /etc/pki/libvirt-vnc name: etc-pki-libvirt-vnc - mountPath: /run/libvirt name: run-libvirt - command: - /tmp/libvirt.sh env: - name: CEPH_CINDER_USER value: cinder - name: LIBVIRT_CEPH_CINDER_SECRET_UUID value: 457eb676-33da-42ec-9a8c-9293d545c337 image: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:a51a6328f267e2f3b54e05442c9bf16200c4f53e7b26cee5858964fa1606d75b imagePullPolicy: IfNotPresent lifecycle: postStart: exec: command: - /tmp/wait-for-libvirt.sh preStop: exec: command: - bash - -c - kill $(cat /var/run/libvirtd.pid) livenessProbe: exec: command: - bash - -c - /usr/bin/virsh connect failureThreshold: 3 initialDelaySeconds: 30 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 5 name: libvirt readinessProbe: exec: command: - bash - -c - /usr/bin/virsh connect failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: privileged: true readOnlyRootFilesystem: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/pki/qemu name: etc-pki-qemu - mountPath: /etc/pki/CA name: etc-pki-ca - mountPath: /etc/pki/libvirt name: etc-pki-libvirt - mountPath: /etc/pki/libvirt-vnc name: etc-pki-libvirt-vnc - mountPath: /tmp name: pod-tmp - mountPath: /tmp/libvirt.sh name: libvirt-bin readOnly: true subPath: libvirt.sh - mountPath: /tmp/wait-for-libvirt.sh name: libvirt-bin readOnly: true subPath: wait-for-libvirt.sh - mountPath: /etc/libvirt/libvirtd.conf name: pod-shared readOnly: true subPath: libvirtd.conf - mountPath: /etc/libvirt/qemu.conf name: libvirt-etc readOnly: true subPath: qemu.conf - mountPath: /etc/libvirt/qemu name: etc-libvirt-qemu - mountPath: /lib/modules name: libmodules readOnly: true - mountPath: /var/lib/libvirt mountPropagation: Bidirectional name: var-lib-libvirt - mountPath: /var/lib/nova mountPropagation: Bidirectional name: var-lib-nova - mountPath: /run name: run - mountPath: /dev name: dev - mountPath: /sys/fs/cgroup name: cgroup - mountPath: /var/log/libvirt name: logs - mountPath: /etc/machine-id name: machine-id readOnly: true - mountPath: /etc/ceph mountPropagation: Bidirectional name: etcceph - mountPath: /tmp/client-keyring name: ceph-keyring readOnly: true subPath: key - args: - --libvirt.uri - /run/libvirt/libvirt-sock-ro image: harbor.atmosphere.dev/ghcr.io/inovex/prometheus-libvirt-exporter:2.2.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: / port: metrics scheme: HTTP initialDelaySeconds: 30 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 5 name: libvirt-exporter ports: - containerPort: 9177 name: metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: / port: metrics scheme: HTTP initialDelaySeconds: 15 periodSeconds: 60 successThreshold: 1 timeoutSeconds: 5 resources: {} securityContext: privileged: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /run mountPropagation: Bidirectional name: run dnsPolicy: ClusterFirstWithHostNet hostIPC: true hostNetwork: true hostPID: true initContainers: - command: - kubernetes-entrypoint env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: INTERFACE_NAME value: eth0 - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ - name: DEPENDENCY_SERVICE - name: DEPENDENCY_DAEMONSET - name: DEPENDENCY_CONTAINER - name: DEPENDENCY_POD_JSON value: '[{"labels":{"application":"ovn","component":"ovn-controller"},"requireSameNode":true}]' - name: DEPENDENCY_CUSTOM_RESOURCE image: harbor.atmosphere.dev/ghcr.io/vexxhost/kubernetes-entrypoint:edge@sha256:8921b64b87af184a1421dd856b2703bcf3cff9f50863cd0d18371cf964a87bd3 imagePullPolicy: IfNotPresent name: init resources: {} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsUser: 65534 terminationMessagePath: /dev/termination-log terminationMessagePolicy: File - command: - /tmp/init-dynamic-options.sh image: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:a51a6328f267e2f3b54e05442c9bf16200c4f53e7b26cee5858964fa1606d75b imagePullPolicy: IfNotPresent name: init-dynamic-options resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65534 terminationMessagePath: /var/log/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: pod-tmp - mountPath: /tmp/pod-shared name: pod-shared - mountPath: /tmp/init-dynamic-options.sh name: libvirt-bin readOnly: true subPath: init-dynamic-options.sh - command: - /tmp/ceph-admin-keyring.sh image: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:a51a6328f267e2f3b54e05442c9bf16200c4f53e7b26cee5858964fa1606d75b imagePullPolicy: IfNotPresent name: ceph-admin-keyring-placement resources: {} securityContext: readOnlyRootFilesystem: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: pod-tmp - mountPath: /etc/ceph name: etcceph - mountPath: /tmp/ceph-admin-keyring.sh name: libvirt-bin readOnly: true subPath: ceph-admin-keyring.sh - mountPath: /tmp/client-keyring name: ceph-keyring readOnly: true subPath: key - command: - /tmp/ceph-keyring.sh env: - name: CEPH_CINDER_USER value: cinder - name: LIBVIRT_CEPH_CINDER_SECRET_UUID value: 457eb676-33da-42ec-9a8c-9293d545c337 image: harbor.atmosphere.dev/ghcr.io/vexxhost/libvirtd:main@sha256:a51a6328f267e2f3b54e05442c9bf16200c4f53e7b26cee5858964fa1606d75b imagePullPolicy: IfNotPresent name: ceph-keyring-placement resources: {} securityContext: readOnlyRootFilesystem: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /tmp name: pod-tmp - mountPath: /etc/ceph name: etcceph - mountPath: /tmp/ceph-keyring.sh name: libvirt-bin readOnly: true subPath: ceph-keyring.sh - mountPath: /etc/ceph/ceph.conf.template name: ceph-etc readOnly: true subPath: ceph.conf nodeSelector: openstack-compute-node: enabled restartPolicy: Always schedulerName: default-scheduler securityContext: runAsUser: 0 serviceAccount: libvirt serviceAccountName: libvirt terminationGracePeriodSeconds: 30 volumes: - hostPath: path: /etc/pki/qemu type: "" name: etc-pki-qemu - emptyDir: {} name: etc-pki-ca - emptyDir: {} name: etc-pki-libvirt - hostPath: path: /etc/pki/libvirt-vnc type: "" name: etc-pki-libvirt-vnc - emptyDir: {} name: pod-tmp - configMap: defaultMode: 365 name: libvirt-libvirt-default-bin name: libvirt-bin - name: libvirt-etc secret: defaultMode: 292 secretName: libvirt-libvirt-default-etc - hostPath: path: /var/lib/openstack-helm/compute/libvirt type: "" name: etcceph - configMap: defaultMode: 292 name: ceph-etc name: ceph-etc - name: ceph-keyring secret: defaultMode: 420 secretName: pvc-ceph-client-key - hostPath: path: /lib/modules type: "" name: libmodules - hostPath: path: /var/lib/libvirt type: "" name: var-lib-libvirt - hostPath: path: /var/lib/nova type: "" name: var-lib-nova - hostPath: path: /run type: "" name: run - hostPath: path: /run/libvirt type: "" name: run-libvirt - hostPath: path: /dev type: "" name: dev - hostPath: path: /var/log/libvirt type: "" name: logs - hostPath: path: /sys/fs/cgroup type: "" name: cgroup - hostPath: path: /etc/machine-id type: "" name: machine-id - hostPath: path: /etc/libvirt/qemu type: "" name: etc-libvirt-qemu - hostPath: path: /etc/modprobe.d type: "" name: etc-modprobe-d - hostPath: path: / type: Directory name: host-rootfs - emptyDir: {} name: pod-shared updateStrategy: rollingUpdate: maxSurge: 0 maxUnavailable: 1 type: RollingUpdate status: currentNumberScheduled: 1 desiredNumberScheduled: 1 numberAvailable: 1 numberMisscheduled: 0 numberReady: 1 observedGeneration: 1 updatedNumberScheduled: 1