Merge "Sync helm-toolkit for Staffeln" into stable/2024.1
diff --git a/charts/patches/0001-fix-Use-more-standard-configs-for-staffeln-DBdropjob.patch b/charts/patches/0001-fix-Use-more-standard-configs-for-staffeln-DBdropjob.patch
deleted file mode 100644
index 1a491cf..0000000
--- a/charts/patches/0001-fix-Use-more-standard-configs-for-staffeln-DBdropjob.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From f74a254e87acaafb9493630cb8521fda145c6c5c Mon Sep 17 00:00:00 2001
-From: ricolin <rlin@vexxhost.com>
-Date: Wed, 8 Jan 2025 21:29:08 +0800
-Subject: [PATCH] fix: Use more standard configs for staffeln DB drop job
-
----
- charts/staffeln/templates/job-db-drop.yaml | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/charts/staffeln/templates/job-db-drop.yaml b/charts/staffeln/templates/job-db-drop.yaml
-index dffa5aba..519e0b31 100644
---- a/charts/staffeln/templates/job-db-drop.yaml
-+++ b/charts/staffeln/templates/job-db-drop.yaml
-@@ -13,11 +13,9 @@ limitations under the License.
- */}}
-
- {{- if .Values.manifests.job_db_drop }}
--{{- $serviceName := "staffeln" -}}
--{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "DEFAULT" "configDbKey" "sql_connection" -}}
--{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}}
-+{{- $dbDropJob := dict "envAll" . "serviceName" "staffeln" -}}
- {{- if .Values.manifests.certificates -}}
--{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
-+{{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
- {{- end -}}
- {{- if .Values.pod.tolerations.staffeln.enabled -}}
- {{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
---
-2.25.1
-
diff --git a/charts/staffeln/charts/helm-toolkit/Chart.yaml b/charts/staffeln/charts/helm-toolkit/Chart.yaml
index e6aec81..d4c0ea2 100644
--- a/charts/staffeln/charts/helm-toolkit/Chart.yaml
+++ b/charts/staffeln/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.54
+version: 0.2.69
diff --git a/charts/staffeln/charts/helm-toolkit/requirements.lock b/charts/staffeln/charts/helm-toolkit/requirements.lock
new file mode 100644
index 0000000..e28bc5d
--- /dev/null
+++ b/charts/staffeln/charts/helm-toolkit/requirements.lock
@@ -0,0 +1,3 @@
+dependencies: []
+digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
+generated: "0001-01-01T00:00:00Z"
diff --git a/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl b/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
index 12b84de..d7390d8 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_endpoint_uri_lookup.tpl
@@ -50,7 +50,7 @@
{{- $endpointScheme := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" }}
{{- $userMap := index $context.Values.endpoints ( $type | replace "-" "_" ) "auth" $userclass }}
{{- $endpointUser := index $userMap "username" }}
-{{- $endpointPass := index $userMap "password" }}
+{{- $endpointPass := index $userMap "password" | urlquery }}
{{- $endpointHost := tuple $type $endpoint $context | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
{{- $endpointPort := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $endpointPath := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.keystone_endpoint_path_lookup" }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl b/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
index b7cf287..b9ac9d9 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/endpoints/_authenticated_transport_endpoint_uri_lookup.tpl
@@ -100,7 +100,7 @@
{{- $ssMap := index $context.Values.endpoints ( $type | replace "-" "_" ) "statefulset" | default false}}
{{- $hostFqdnOverride := index $context.Values.endpoints ( $type | replace "-" "_" ) "host_fqdn_override" }}
{{- $endpointUser := index $userMap "username" }}
-{{- $endpointPass := index $userMap "password" }}
+{{- $endpointPass := index $userMap "password" | urlquery }}
{{- $endpointHostSuffix := tuple $type $endpoint $context | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
{{- $endpointPort := tuple $type $endpoint $port $context | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $local := dict "endpointCredsAndHosts" list -}}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_ingress.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_ingress.tpl
index 4c476b2..cacb4b8 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_ingress.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_ingress.tpl
@@ -59,7 +59,7 @@
default: 9311
public: 80
usage: |
- {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}}
+ {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}}
return: |
---
apiVersion: networking.k8s.io/v1
@@ -67,16 +67,16 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
rules:
- host: barbican
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -86,7 +86,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -96,7 +96,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -108,10 +108,10 @@
metadata:
name: barbican-namespace-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public
hosts:
@@ -121,7 +121,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -133,10 +133,10 @@
metadata:
name: barbican-cluster-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx-cluster"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx-cluster"
tls:
- secretName: barbican-tls-public
hosts:
@@ -146,7 +146,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -194,7 +194,7 @@
default: 9311
public: 80
usage: |
- {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" ) -}}
+ {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "pathType" "Prefix" ) -}}
return: |
---
apiVersion: networking.k8s.io/v1
@@ -202,10 +202,10 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public
hosts:
@@ -217,7 +217,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -227,7 +227,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -237,7 +237,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -294,7 +294,7 @@
name: ca-issuer
kind: Issuer
usage: |
- {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" ) -}}
+ {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}}
return: |
---
apiVersion: networking.k8s.io/v1
@@ -302,12 +302,12 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
cert-manager.io/issuer: ca-issuer
certmanager.k8s.io/issuer: ca-issuer
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public-certmanager
hosts:
@@ -319,7 +319,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -329,7 +329,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -339,7 +339,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -396,7 +396,7 @@
name: ca-issuer
kind: ClusterIssuer
usage: |
- {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer") -}}
+ {{- include "helm-toolkit.manifests.ingress" ( dict "envAll" . "backendServiceType" "key-manager" "backendPort" "b-api" "endpoint" "public" "certIssuer" "ca-issuer" "pathType" "Prefix" ) -}}
return: |
---
apiVersion: networking.k8s.io/v1
@@ -404,12 +404,12 @@
metadata:
name: barbican
annotations:
- kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: ca-issuer
certmanager.k8s.io/cluster-issuer: ca-issuer
nginx.ingress.kubernetes.io/backend-protocol: https
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
+ ingressClassName: "nginx"
tls:
- secretName: barbican-tls-public-certmanager
hosts:
@@ -421,7 +421,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -431,7 +431,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -441,7 +441,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: barbican-api
@@ -479,7 +479,7 @@
grafana:
public: grafana-tls-public
usage: |
- {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" -}}
+ {{- $ingressOpts := dict "envAll" . "backendService" "grafana" "backendServiceType" "grafana" "backendPort" "dashboard" "pathType" "Prefix" -}}
{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
return: |
---
@@ -488,16 +488,16 @@
metadata:
name: grafana
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
rules:
- host: grafana
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -507,7 +507,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -517,7 +517,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -529,10 +529,10 @@
metadata:
name: grafana-namespace-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx"
tls:
- secretName: grafana-tls-public
hosts:
@@ -543,7 +543,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -553,7 +553,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -565,10 +565,10 @@
metadata:
name: grafana-cluster-fqdn
annotations:
- kubernetes.io/ingress.class: "nginx-cluster"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
+ ingressClassName: "nginx-cluster"
tls:
- secretName: grafana-tls-public
hosts:
@@ -579,7 +579,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -589,7 +589,7 @@
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: Prefix
backend:
service:
name: grafana-dashboard
@@ -602,11 +602,12 @@
{{- $vHost := index . "vHost" -}}
{{- $backendName := index . "backendName" -}}
{{- $backendPort := index . "backendPort" -}}
+{{- $pathType := index . "pathType" -}}
- host: {{ $vHost }}
http:
paths:
- path: /
- pathType: ImplementationSpecific
+ pathType: {{ $pathType }}
backend:
service:
name: {{ $backendName }}
@@ -624,6 +625,7 @@
{{- $backendServiceType := index . "backendServiceType" -}}
{{- $backendPort := index . "backendPort" -}}
{{- $endpoint := index . "endpoint" | default "public" -}}
+{{- $pathType := index . "pathType" | default "Prefix" -}}
{{- $certIssuer := index . "certIssuer" | default "" -}}
{{- $ingressName := tuple $backendServiceType $endpoint $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
{{- $backendName := tuple $backendServiceType "internal" $envAll | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
@@ -639,7 +641,6 @@
metadata:
name: {{ $ingressName }}
annotations:
- kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }}
{{- if $certIssuer }}
cert-manager.io/{{ $certIssuerType }}: {{ $certIssuer }}
certmanager.k8s.io/{{ $certIssuerType }}: {{ $certIssuer }}
@@ -650,6 +651,7 @@
{{- end }}
{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }}
spec:
+ ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" "namespace" | quote }}
{{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "hosts" }}
{{- if $certIssuer }}
{{- $secretName := index $envAll.Values.secrets "tls" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
@@ -681,7 +683,7 @@
{{- end }}
rules:
{{- range $key1, $vHost := tuple $hostName (printf "%s.%s" $hostName $envAll.Release.Namespace) (printf "%s.%s.svc.%s" $hostName $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) }}
-{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
+{{- $hostRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }}
{{ $hostRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
{{- end }}
{{- if not ( hasSuffix ( printf ".%s.svc.%s" $envAll.Release.Namespace $envAll.Values.endpoints.cluster_domain_suffix) $hostNameFull) }}
@@ -695,9 +697,9 @@
metadata:
name: {{ printf "%s-%s-%s" $ingressName $ingressController "fqdn" }}
annotations:
- kubernetes.io/ingress.class: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }}
{{ toYaml (index $envAll.Values.network $backendService "ingress" "annotations") | indent 4 }}
spec:
+ ingressClassName: {{ index $envAll.Values.network $backendService "ingress" "classes" $ingressController | quote }}
{{- $host := index $envAll.Values.endpoints ( $backendServiceType | replace "-" "_" ) "host_fqdn_override" }}
{{- if hasKey $host $endpoint }}
{{- $endpointHost := index $host $endpoint }}
@@ -719,7 +721,7 @@
{{- end }}
rules:
{{- range $vHost := $vHosts }}
-{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort }}
+{{- $hostNameFullRules := dict "vHost" $vHost "backendName" $backendName "backendPort" $backendPort "pathType" $pathType }}
{{ $hostNameFullRules | include "helm-toolkit.manifests.ingress._host_rules" | indent 4 }}
{{- end }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
index 5d98c8b..6b77004 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -51,6 +51,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
index 62ed119..2b7ff2c 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
@@ -54,6 +54,7 @@
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
index 745e8da..b8a1dce 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -52,6 +52,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
index 24d2496..4696c88 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -49,6 +49,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
index 3a7df7f..d69c9e6 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
@@ -52,6 +52,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl
index a109e3c..9604c63 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-service.tpl
@@ -52,6 +52,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
index 905eb71..58dcdc5 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
@@ -74,6 +74,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
index 6982064..2cfadaf 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
@@ -42,6 +42,7 @@
{{ toYaml $jobLabels | indent 4 }}
{{- end }}
annotations:
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
index 29cb993..b5fdc09 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
@@ -49,6 +49,7 @@
{{- end }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
index 50d9af5..77d1a71 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
@@ -47,6 +47,7 @@
annotations:
"helm.sh/hook-delete-policy": before-hook-creation
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 -}}
{{- if $jobAnnotations }}
{{ toYaml $jobAnnotations | indent 4 }}
{{- end }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
index 4854bb1..7ad505b 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
@@ -17,6 +17,11 @@
Creates a manifest for a authenticating a registry with a secret
examples:
- values: |
+ annotations:
+ secret:
+ oci_image_registry:
+ {{ $serviceName }}:
+ custom.tld/key: "value"
secrets:
oci_image_registry:
{{ $serviceName }}: {{ $keyName }}
@@ -36,30 +41,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
- type: kubernetes.io/dockerconfigjson
- data:
- dockerconfigjson: {{ $dockerAuth }}
-
- - values: |
- secrets:
- oci_image_registry:
- {{ $serviceName }}: {{ $keyName }}
- endpoints:
- oci_image_registry:
- name: oci-image-registry
- auth:
- enabled: true
- {{ $serviceName }}:
- name: {{ $userName }}
- password: {{ $password }}
- usage: |
- {{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
- return: |
- ---
- apiVersion: v1
- kind: Secret
- metadata:
- name: {{ $secretName }}
+ annotations:
+ custom.tld/key: "value"
type: kubernetes.io/dockerconfigjson
data:
dockerconfigjson: {{ $dockerAuth }}
@@ -87,6 +70,8 @@
kind: Secret
metadata:
name: {{ $secretName }}
+ annotations:
+{{ tuple "oci_image_registry" $registryUser $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ $dockerAuth }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
index 24a7045..c800340 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
@@ -17,6 +17,11 @@
Creates a manifest for a services public tls secret
examples:
- values: |
+ annotations:
+ secret:
+ tls:
+ key_manager_api_public:
+ custom.tld/key: "value"
secrets:
tls:
key_manager:
@@ -41,6 +46,8 @@
kind: Secret
metadata:
name: barbican-tls-public
+ annotations:
+ custom.tld/key: "value"
type: kubernetes.io/tls
data:
tls.key: Rk9PLUtFWQo=
@@ -88,11 +95,15 @@
{{- if kindIs "map" $endpointHost }}
{{- if hasKey $endpointHost "tls" }}
{{- if and $endpointHost.tls.key $endpointHost.tls.crt }}
+
+{{- $customAnnotationKey := printf "%s_%s_%s" ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
+ annotations:
+{{ tuple "tls" $customAnnotationKey $envAll | include "helm-toolkit.snippets.custom_secret_annotations" | indent 4 }}
type: kubernetes.io/tls
data:
tls.key: {{ $endpointHost.tls.key | b64enc }}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl b/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
index 03884fa..c6a7521 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-drop.py.tpl
@@ -33,6 +33,7 @@
PARSER_OPTS = {"strict": False}
import logging
from sqlalchemy import create_engine
+from sqlalchemy import text
# Create logger, console handler and formatter
logger = logging.getLogger('OpenStack-Helm DB Drop')
@@ -124,7 +125,12 @@
# Delete DB
try:
- root_engine.execute("DROP DATABASE IF EXISTS {0}".format(database))
+ with root_engine.connect() as connection:
+ connection.execute(text("DROP DATABASE IF EXISTS {0}".format(database)))
+ try:
+ connection.commit()
+ except AttributeError:
+ pass
logger.info("Deleted database {0}".format(database))
except:
logger.critical("Could not drop database {0}".format(database))
@@ -132,7 +138,12 @@
# Delete DB User
try:
- root_engine.execute("DROP USER IF EXISTS {0}".format(user))
+ with root_engine.connect() as connection:
+ connection.execute(text("DROP USER IF EXISTS {0}".format(user)))
+ try:
+ connection.commit()
+ except AttributeError:
+ pass
logger.info("Deleted user {0}".format(user))
except:
logger.critical("Could not delete user {0}".format(user))
diff --git a/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 6027b95..1917f78 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -33,6 +33,7 @@
PARSER_OPTS = {"strict": False}
import logging
from sqlalchemy import create_engine
+from sqlalchemy import text
# Create logger, console handler and formatter
logger = logging.getLogger('OpenStack-Helm DB Init')
@@ -124,7 +125,12 @@
# Create DB
try:
- root_engine.execute("CREATE DATABASE IF NOT EXISTS {0}".format(database))
+ with root_engine.connect() as connection:
+ connection.execute(text("CREATE DATABASE IF NOT EXISTS {0}".format(database)))
+ try:
+ connection.commit()
+ except AttributeError:
+ pass
logger.info("Created database {0}".format(database))
except:
logger.critical("Could not create database {0}".format(database))
@@ -132,11 +138,16 @@
# Create DB User
try:
- root_engine.execute(
- "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
- user, password, mysql_x509))
- root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
+ with root_engine.connect() as connection:
+ connection.execute(
+ text("CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509)))
+ connection.execute(
+ text("GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user)))
+ try:
+ connection.commit()
+ except AttributeError:
+ pass
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/staffeln/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/staffeln/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 3963bd4..695cb2e 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -49,6 +49,13 @@
# A random number between min and max delay is generated
# to set the delay.
#
+# RGW backup throttle limits variables:
+# export THROTTLE_BACKUPS_ENABLED Boolean variableto control backup functionality
+# export THROTTLE_LIMIT Number of simultaneous RGW upload sessions
+# export THROTTLE_LOCK_EXPIRE_AFTER Time in seconds to expire flag file is orphaned
+# export THROTTLE_RETRY_AFTER Time in seconds to wait before retry
+# export THROTTLE_CONTAINER_NAME Name of RGW container to place flag falies into
+#
# The database-specific functions that need to be implemented are:
# dump_databases_to_directory <directory> <err_logfile> [scope]
# where:
@@ -84,8 +91,10 @@
# specified by the "LOCAL_DAYS_TO_KEEP" variable.
# 4) Removing remote backup tarballs (from the remote gateway) which are older
# than the number of days specified by the "REMOTE_DAYS_TO_KEEP" variable.
+# 5) Controlling remote storage gateway load from client side and throttling it
+# by using a dedicated RGW container to store flag files defining upload session
+# in progress
#
-
# Note: not using set -e in this script because more elaborate error handling
# is needed.
@@ -95,7 +104,7 @@
log ERROR "${DB_NAME}_backup" "${DB_NAMESPACE} namespace: ${MSG}"
rm -f $ERR_LOG_FILE
rm -rf $TMP_DIR
- exit $ERRCODE
+ exit 0
}
log_verify_backup_exit() {
@@ -104,7 +113,7 @@
log ERROR "${DB_NAME}_verify_backup" "${DB_NAMESPACE} namespace: ${MSG}"
rm -f $ERR_LOG_FILE
# rm -rf $TMP_DIR
- exit $ERRCODE
+ exit 0
}
@@ -218,6 +227,113 @@
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
+ #---------------------------------------------------------------------------
+ # Remote backup throttling
+ export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g')
+ if $THROTTLE_BACKUPS_ENABLED; then
+ # Remove Quotes from the constants which were added due to reading
+ # from secret.
+ export THROTTLE_LIMIT=$(echo $THROTTLE_LIMIT | sed 's/"//g')
+ export THROTTLE_LOCK_EXPIRE_AFTER=$(echo $THROTTLE_LOCK_EXPIRE_AFTER | sed 's/"//g')
+ export THROTTLE_RETRY_AFTER=$(echo $THROTTLE_RETRY_AFTER | sed 's/"//g')
+ export THROTTLE_CONTAINER_NAME=$(echo $THROTTLE_CONTAINER_NAME | sed 's/"//g')
+
+ # load balance delay
+ RESULT=$(openstack container list 2>&1)
+
+ if [[ $? -eq 0 ]]; then
+ echo $RESULT | grep $THROTTLE_CONTAINER_NAME
+ if [[ $? -ne 0 ]]; then
+ # Find the swift URL from the keystone endpoint list
+ SWIFT_URL=$(openstack catalog show object-store -c endpoints | grep public | awk '{print $4}')
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to get object-store enpoints from keystone catalog."
+ return 2
+ fi
+
+ # Get a token from keystone
+ TOKEN=$(openstack token issue -f value -c id)
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to get keystone token."
+ return 2
+ fi
+
+ # Create the container
+ RES_FILE=$(mktemp -p /tmp)
+ curl -g -i -X PUT ${SWIFT_URL}/${THROTTLE_CONTAINER_NAME} \
+ -H "X-Auth-Token: ${TOKEN}" \
+ -H "X-Storage-Policy: ${STORAGE_POLICY}" 2>&1 > $RES_FILE
+
+ if [[ $? -ne 0 || $(grep "HTTP" $RES_FILE | awk '{print $2}') -ge 400 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to create container ${THROTTLE_CONTAINER_NAME}"
+ cat $RES_FILE
+ rm -f $RES_FILE
+ return 2
+ fi
+ rm -f $RES_FILE
+
+ swift stat $THROTTLE_CONTAINER_NAME
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to retrieve container ${THROTTLE_CONTAINER_NAME} details after creation."
+ return 2
+ fi
+ fi
+ else
+ echo $RESULT | grep -E "HTTP 401|HTTP 403"
+ if [[ $? -eq 0 ]]; then
+ log ERROR "${DB_NAME}_backup" "Access denied by keystone: ${RESULT}"
+ return 1
+ else
+ echo $RESULT | grep -E "ConnectionError|Failed to discover available identity versions|Service Unavailable|HTTP 50"
+ if [[ $? -eq 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Could not reach the RGW: ${RESULT}"
+ # In this case, keystone or the site/node may be temporarily down.
+ # Return slightly different error code so the calling code can retry
+ return 2
+ else
+ log ERROR "${DB_NAME}_backup" "Could not get container list: ${RESULT}"
+ return 1
+ fi
+ fi
+ fi
+
+ NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l)
+ log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now."
+ while [[ ${NUMBER_OF_SESSIONS} -ge ${THROTTLE_LIMIT} ]]
+ do
+ log INFO "${DB_NAME}_backup" "Current number of active uploads is ${NUMBER_OF_SESSIONS}>=${THROTTLE_LIMIT}!"
+ log INFO "${DB_NAME}_backup" "Retrying in ${THROTTLE_RETRY_AFTER} seconds...."
+ sleep ${THROTTLE_RETRY_AFTER}
+ NUMBER_OF_SESSIONS=$(openstack object list $THROTTLE_CONTAINER_NAME -f value | wc -l)
+ log INFO "${DB_NAME}_backup" "There are ${NUMBER_OF_SESSIONS} remote sessions right now."
+ done
+
+ # Create a lock file in THROTTLE_CONTAINER
+ THROTTLE_FILEPATH=$(mktemp -d)
+ THROTTLE_FILE=${CONTAINER_NAME}.lock
+ date +%s > $THROTTLE_FILEPATH/$THROTTLE_FILE
+
+ # Create an object to store the file
+ openstack object create --name $THROTTLE_FILE $THROTTLE_CONTAINER_NAME $THROTTLE_FILEPATH/$THROTTLE_FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Cannot create throttle container object ${THROTTLE_FILE}!"
+ return 2
+ fi
+
+ swift post $THROTTLE_CONTAINER_NAME $THROTTLE_FILE -H "X-Delete-After:${THROTTLE_LOCK_EXPIRE_AFTER}"
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Cannot set throttle container object ${THROTTLE_FILE} expiration header!"
+ return 2
+ fi
+ openstack object show $THROTTLE_CONTAINER_NAME $THROTTLE_FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Unable to retrieve throttle container object $THROTTLE_FILE after creation."
+ return 2
+ fi
+ fi
+
+ #---------------------------------------------------------------------------
+
# Create an object to store the file
openstack object create --name $FILE $CONTAINER_NAME $FILEPATH/$FILE
if [[ $? -ne 0 ]]; then
@@ -243,7 +359,25 @@
log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
return 2
fi
- rm -rf ${REMOTE_FILE}
+ rm -f ${REMOTE_FILE}
+
+ #---------------------------------------------------------------------------
+ # Remote backup throttling
+ export THROTTLE_BACKUPS_ENABLED=$(echo $THROTTLE_BACKUPS_ENABLED | sed 's/"//g')
+ if $THROTTLE_BACKUPS_ENABLED; then
+ # Remove flag file
+ # Delete an object to remove the flag file
+ openstack object delete $THROTTLE_CONTAINER_NAME $THROTTLE_FILE
+ if [[ $? -ne 0 ]]; then
+ log WARN "${DB_NAME}_backup" "Cannot delete throttle container object ${THROTTLE_FILE}"
+ return 0
+ else
+ log INFO "${DB_NAME}_backup" "The throttle container object ${THROTTLE_FILE} has been successfully removed."
+ fi
+ rm -f ${THROTTLE_FILEPATH}/${THROTTLE_FILE}
+ fi
+
+ #---------------------------------------------------------------------------
log INFO "${DB_NAME}_backup" "Created file $FILE in container $CONTAINER_NAME successfully."
return 0
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl
new file mode 100644
index 0000000..fc42614
--- /dev/null
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_job_annotations.tpl
@@ -0,0 +1,76 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+ Adds custom annotations to the job spec of a component.
+examples:
+ - values: |
+ annotations:
+ job:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ keystone_domain_manage:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "keystone_domain_manage" . | include "helm-toolkit.snippets.custom_job_annotations" }}
+ return: |
+ another.tld/foo: bar
+ - values: |
+ annotations:
+ job:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ keystone_domain_manage:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ - values: |
+ annotations:
+ job:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ keystone_domain_manage:
+ another.tld/foo: "bar"
+ keystone_bootstrap:
+ usage: |
+ {{ tuple "keystone_bootstrap" . | include "helm-toolkit.snippets.custom_job_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+*/}}
+
+{{- define "helm-toolkit.snippets.custom_job_annotations" -}}
+{{- $envAll := index . 1 -}}
+{{- $component := index . 0 | replace "-" "_" -}}
+{{- if (hasKey $envAll.Values "annotations") -}}
+{{- if (hasKey $envAll.Values.annotations "job") -}}
+{{- $annotationsMap := $envAll.Values.annotations.job -}}
+{{- $defaultAnnotations := dict -}}
+{{- if (hasKey $annotationsMap "default" ) -}}
+{{- $defaultAnnotations = $annotationsMap.default -}}
+{{- end -}}
+{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}}
+{{- if (not (empty $annotations)) -}}
+{{- toYaml $annotations -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl
new file mode 100644
index 0000000..ecff6e9
--- /dev/null
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_pod_annotations.tpl
@@ -0,0 +1,76 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+ Adds custom annotations to the pod spec of a component.
+examples:
+ - values: |
+ annotations:
+ pod:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ nova_compute:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "nova_compute" . | include "helm-toolkit.snippets.custom_pod_annotations" }}
+ return: |
+ another.tld/foo: bar
+ - values: |
+ annotations:
+ pod:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ nova_compute:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ - values: |
+ annotations:
+ pod:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ nova_compute:
+ another.tld/foo: "bar"
+ nova_api:
+ usage: |
+ {{ tuple "nova_api" . | include "helm-toolkit.snippets.custom_pod_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+*/}}
+
+{{- define "helm-toolkit.snippets.custom_pod_annotations" -}}
+{{- $component := index . 0 -}}
+{{- $envAll := index . 1 -}}
+{{- if (hasKey $envAll.Values "annotations") -}}
+{{- if (hasKey $envAll.Values.annotations "pod") -}}
+{{- $annotationsMap := $envAll.Values.annotations.pod -}}
+{{- $defaultAnnotations := dict -}}
+{{- if (hasKey $annotationsMap "default" ) -}}
+{{- $defaultAnnotations = $annotationsMap.default -}}
+{{- end -}}
+{{- $annotations := index $annotationsMap $component | default $defaultAnnotations -}}
+{{- if (not (empty $annotations)) -}}
+{{- toYaml $annotations -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl
new file mode 100644
index 0000000..19c4380
--- /dev/null
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_custom_secret_annotations.tpl
@@ -0,0 +1,81 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+ Adds custom annotations to the secret spec of a component.
+examples:
+ - values: |
+ annotations:
+ secret:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ identity:
+ admin:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "identity" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }}
+ return: |
+ another.tld/foo: bar
+ - values: |
+ annotations:
+ secret:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ identity:
+ admin:
+ another.tld/foo: "bar"
+ usage: |
+ {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ - values: |
+ annotations:
+ secret:
+ default:
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+ identity:
+ admin:
+ another.tld/foo: "bar"
+ oslo_db:
+ admin:
+ usage: |
+ {{ tuple "oslo_db" "admin" . | include "helm-toolkit.snippets.custom_secret_annotations" }}
+ return: |
+ custom.tld/key: "value"
+ custom.tld/key2: "value2"
+*/}}
+
+{{- define "helm-toolkit.snippets.custom_secret_annotations" -}}
+{{- $secretType := index . 0 -}}
+{{- $userClass := index . 1 | replace "-" "_" -}}
+{{- $envAll := index . 2 -}}
+{{- if (hasKey $envAll.Values "annotations") -}}
+{{- if (hasKey $envAll.Values.annotations "secret") -}}
+{{- $annotationsMap := index $envAll.Values.annotations.secret $secretType | default dict -}}
+{{- $defaultAnnotations := dict -}}
+{{- if (hasKey $envAll.Values.annotations.secret "default" ) -}}
+{{- $defaultAnnotations = $envAll.Values.annotations.secret.default -}}
+{{- end -}}
+{{- $annotations := index $annotationsMap $userClass | default $defaultAnnotations -}}
+{{- if (not (empty $annotations)) -}}
+{{- toYaml $annotations -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_image.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_image.tpl
index 029c93d..678b844 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/snippets/_image.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_image.tpl
@@ -19,7 +19,7 @@
images:
tags:
test_image: docker.io/port/test:version-foo
- image_foo: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ image_foo: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
pull_policy: IfNotPresent
local_registry:
active: true
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
index bed712e..ad628da 100644
--- a/charts/staffeln/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_kubernetes_entrypoint_init_container.tpl
@@ -19,7 +19,7 @@
values: |
images:
tags:
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
pull_policy: IfNotPresent
local_registry:
active: true
@@ -76,7 +76,7 @@
{{ tuple . "calico_node" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" }}
return: |
- name: init
- image: "quay.io/airshipit/kubernetes-entrypoint:v1.0.0"
+ image: "quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal"
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
diff --git a/charts/staffeln/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl b/charts/staffeln/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl
new file mode 100644
index 0000000..08521e0
--- /dev/null
+++ b/charts/staffeln/charts/helm-toolkit/templates/snippets/_rgw_s3_bucket_user_env_vars_rook.tpl
@@ -0,0 +1,28 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "helm-toolkit.snippets.rgw_s3_bucket_user_env_vars_rook" }}
+{{- range $s3Bucket := .Values.storage.s3.buckets }}
+- name: {{ printf "%s_S3_ACCESS_KEY" ($s3Bucket.client | replace "-" "_" | upper) }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $s3Bucket.name }}
+ key: AWS_ACCESS_KEY_ID
+- name: {{ printf "%s_S3_SECRET_KEY" ($s3Bucket.client | replace "-" "_" | upper) }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $s3Bucket.name }}
+ key: AWS_SECRET_ACCESS_KEY
+{{- end }}
+{{- end }}