Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / cinder / templates / deployment-api.yaml
blob: 117e50382f4cd11887541ea6657f25803408827d [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_api }}
16{{- $envAll := . }}
17
18{{- $mounts_cinder_api := .Values.pod.mounts.cinder_api.cinder_api }}
19{{- $mounts_cinder_api_init := .Values.pod.mounts.cinder_api.init_container }}
20
21{{- $serviceAccountName := "cinder-api" }}
22{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
23---
24apiVersion: apps/v1
25kind: Deployment
26metadata:
27 name: cinder-api
28 annotations:
29 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
30 labels:
31{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
32spec:
33 replicas: {{ .Values.pod.replicas.api }}
34 selector:
35 matchLabels:
36{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
37{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
38 template:
39 metadata:
40 labels:
41{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
42 annotations:
43{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
44 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
45 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin73060242024-08-22 00:27:56 +0800[diff] [blame]46{{ tuple "cinder_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]47{{ dict "envAll" $envAll "podName" "cinder-api" "containerNames" (list "cinder-api" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
48 spec:
Mohammed Naser26eb9e02025-02-05 16:40:34 -0500[diff] [blame]49{{ with .Values.pod.priorityClassName.cinder_api }}
50 priorityClassName: {{ . }}
51{{ end }}
52{{ with .Values.pod.runtimeClassName.cinder_api }}
53 runtimeClassName: {{ . }}
54{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]55 serviceAccountName: {{ $serviceAccountName }}
56{{ dict "envAll" $envAll "application" "cinder_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
57 affinity:
58{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
59{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
60{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
61{{ end }}
62 nodeSelector:
63 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
64 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
65 initContainers:
66{{ tuple $envAll "api" $mounts_cinder_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
67 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
68 - name: ceph-coordination-volume-perms
69{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
70{{ dict "envAll" $envAll "application" "cinder_api" "container" "ceph_coordination_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
71 command:
72 - chown
73 - -R
74 - "cinder:"
75 - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
76 volumeMounts:
77 - name: pod-tmp
78 mountPath: /tmp
79 - name: cinder-coordination
80 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
81 {{ end }}
82 containers:
83 - name: cinder-api
84{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
85{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
86{{ dict "envAll" $envAll "application" "cinder_api" "container" "cinder_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
87 command:
88 - /tmp/cinder-api.sh
89 - start
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]90 env:
91{{- if or .Values.manifests.certificates .Values.tls.identity }}
92 - name: REQUESTS_CA_BUNDLE
93 value: "/etc/cinder/certs/ca.crt"
94{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]95 lifecycle:
96 preStop:
97 exec:
98 command:
99 - /tmp/cinder-api.sh
100 - stop
101 ports:
102 - name: c-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]103 containerPort: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]104 readinessProbe:
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]105 httpGet:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]106 scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]107 path: /
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]108 port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Rico Lin73060242024-08-22 00:27:56 +0800[diff] [blame]109 initialDelaySeconds: 30
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]110 livenessProbe:
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]111 httpGet:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]112 scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]113 path: /
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]114 port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Oleksandr Kozachenko7ac2d722023-10-03 15:19:33 +0200[diff] [blame]115 initialDelaySeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]116 failureThreshold: 3
117 periodSeconds: 10
118 successThreshold: 1
119 timeoutSeconds: 1
120 volumeMounts:
121 - name: pod-tmp
122 mountPath: /tmp
123 - name: wsgi-cinder
124 mountPath: /var/www/cgi-bin/cinder
125 - name: cinder-bin
126 mountPath: /tmp/cinder-api.sh
127 subPath: cinder-api.sh
128 readOnly: true
129 - name: cinder-etc
Oleksandr Kozachenko7ac2d722023-10-03 15:19:33 +0200[diff] [blame]130 mountPath: /etc/cinder/cinder-api-uwsgi.ini
131 subPath: cinder-api-uwsgi.ini
132 readOnly: true
133 - name: cinder-etc
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]134 mountPath: /etc/cinder/cinder.conf
135 subPath: cinder.conf
136 readOnly: true
137 {{- if .Values.conf.cinder.DEFAULT.log_config_append }}
138 - name: cinder-etc
139 mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
140 subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
141 readOnly: true
142 {{- end }}
143 - name: cinder-etc
144 mountPath: /etc/cinder/api-paste.ini
145 subPath: api-paste.ini
146 readOnly: true
147 - name: cinder-etc
148 mountPath: /etc/cinder/policy.yaml
149 subPath: policy.yaml
150 readOnly: true
151 - name: cinder-etc
152 mountPath: /etc/cinder/api_audit_map.conf
153 subPath: api_audit_map.conf
154 readOnly: true
155 - name: cinder-etc
156 mountPath: {{ .Values.conf.cinder.DEFAULT.resource_query_filters_file }}
157 subPath: resource_filters.json
158 readOnly: true
159{{- if .Values.conf.security }}
160 - name: cinder-etc
161 mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf
162 subPath: security.conf
163 readOnly: true
164{{- end }}
165 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
166 - name: cinder-coordination
167 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
168 {{- end }}
169 {{- if .Values.manifests.certificates }}
170 - name: cinder-etc
171 mountPath: {{ .Values.conf.software.apache2.site_dir }}/cinder-api.conf
172 subPath: wsgi-cinder.conf
173 readOnly: true
174 - name: cinder-etc
175 mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
176 subPath: mpm_event.conf
177 readOnly: true
178 {{- end }}
179{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]180{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]181{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
182{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
183 volumes:
184 - name: pod-tmp
185 emptyDir: {}
186 - name: wsgi-cinder
187 emptyDir: {}
188 - name: cinder-bin
189 configMap:
190 name: cinder-bin
191 defaultMode: 0555
192 - name: cinder-etc
193 secret:
194 secretName: cinder-etc
195 defaultMode: 0444
196 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
197 # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
198 # pods for the coordination backend to be fully functional.
199 - name: cinder-coordination
200 emptyDir: {}
201 {{- end }}
202{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]203{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]204{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
205{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
206{{- end }}