Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / cinder / templates / deployment-backup.yaml
blob: c3abd3b29d777e37c25aa7834a123e2f3a5d569c [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_backup }}
16{{- $envAll := . }}
17
18{{- $internal_ceph_backend := .Values.ceph_client.internal_ceph_backend }}
19
20{{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }}
21{{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }}
22
23{{- $serviceAccountName := "cinder-backup" }}
24{{ tuple $envAll "backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25---
26apiVersion: apps/v1
27kind: Deployment
28metadata:
29 name: cinder-backup
30 annotations:
31 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
32 labels:
33{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
34spec:
35 replicas: {{ .Values.pod.replicas.backup }}
36 selector:
37 matchLabels:
38{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
39{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
40 template:
41 metadata:
42 labels:
43{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
44 annotations:
45{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
46 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
47 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Lin73060242024-08-22 00:27:56 +0800[diff] [blame]48{{ tuple "cinder_backup" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]49{{ dict "envAll" $envAll "podName" "cinder-backup" "containerNames" (list "cinder-backup" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
50 spec:
Mohammed Naser26eb9e02025-02-05 16:40:34 -0500[diff] [blame]51{{ with .Values.pod.priorityClassName.cinder_backup }}
52 priorityClassName: {{ . }}
53{{ end }}
54{{ with .Values.pod.runtimeClassName.cinder_backup }}
55 runtimeClassName: {{ . }}
56{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]57 serviceAccountName: {{ $serviceAccountName }}
58{{ dict "envAll" $envAll "application" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
59 affinity:
60{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
61{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
62{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
63{{ end }}
64 nodeSelector:
65 {{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
66{{- if .Values.pod.useHostNetwork.backup }}
67 hostNetwork: true
68 dnsPolicy: ClusterFirstWithHostNet
69{{- end }}
70{{- if .Values.conf.enable_iscsi }}
71 hostIPC: true
72{{- end }}
73 initContainers:
74{{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
75 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
76 - name: ceph-backup-keyring-placement
77{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
78{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_backup_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
79 command:
80 - /tmp/ceph-keyring.sh
81 env:
82 - name: RBD_USER
83 value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
84 volumeMounts:
85 - name: pod-tmp
86 mountPath: /tmp
87 - name: etcceph
88 mountPath: /etc/ceph
89 - name: cinder-bin
90 mountPath: /tmp/ceph-keyring.sh
91 subPath: ceph-keyring.sh
92 readOnly: true
93 - name: ceph-backup-keyring
94 mountPath: /tmp/client-keyring
95 subPath: key
96 readOnly: true
97 {{ end }}
98 {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
99 {{- $backend := index $envAll.Values.conf.backends $name }}
100 {{- if eq $internal_ceph_backend $name }}
Mohammed Naser6a7426e2023-02-23 18:30:25 +0000[diff] [blame]101 - name: ceph-keyring-placement-{{ $name | lower }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]102{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
103{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
104 command:
105 - /tmp/ceph-keyring.sh
106 env:
107 - name: RBD_USER
108 value: {{ $backend.rbd_user | quote }}
109{{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
110 - name: EXTERNAL_RBD_USER
111 value: {{ $envAll.Values.ceph_client.external_ceph.rbd_user | quote }}
112{{- end }}
113 volumeMounts:
114 - name: pod-tmp
115 mountPath: /tmp
116 - name: etcceph
117 mountPath: /etc/ceph
118 - name: cinder-bin
119 mountPath: /tmp/ceph-keyring.sh
120 subPath: ceph-keyring.sh
121 readOnly: true
122 - name: ceph-keyring
123 mountPath: /tmp/client-keyring
124 subPath: key
125 readOnly: true
126 {{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
127 - name: external-ceph-keyring
128 mountPath: /tmp/external-ceph-client-keyring
129 subPath: key
130 readOnly: true
131 {{- end }}
132 {{- end }}
133 {{- end }}
134 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
135 - name: ceph-backup-volume-perms
136{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
137{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_backup_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
138 command:
139 - chown
140 - -R
141 - "cinder:"
142 - {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
143 volumeMounts:
144 - name: pod-tmp
145 mountPath: /tmp
146 - name: cinder-backup
147 mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
148 {{ end }}
149 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
150 - name: ceph-coordination-volume-perms
151{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
152{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_coordination_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
153 command:
154 - chown
155 - -R
156 - "cinder:"
157 - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
158 volumeMounts:
159 - name: pod-tmp
160 mountPath: /tmp
161 - name: cinder-coordination
162 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
163 {{ end }}
164 containers:
165 - name: cinder-backup
166{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
167{{ tuple $envAll $envAll.Values.pod.resources.backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
168{{ dict "envAll" $envAll "application" "cinder_backup" "container" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
169 command:
170 - /tmp/cinder-backup.sh
171 terminationMessagePath: /var/log/termination-log
172 volumeMounts:
173 - name: pod-tmp
174 mountPath: /tmp
175 - name: cinder-tmp
176 mountPath: /var/lib/cinder/tmp
177 - name: cinder-bin
178 mountPath: /tmp/cinder-backup.sh
179 subPath: cinder-backup.sh
180 readOnly: true
181 - name: cinder-etc
182 mountPath: /etc/cinder/cinder.conf
183 subPath: cinder.conf
184 readOnly: true
185 {{- if .Values.conf.cinder.DEFAULT.log_config_append }}
186 - name: cinder-etc
187 mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
188 subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
189 readOnly: true
190 {{- end }}
191 {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (eq "true" (include "cinder.utils.has_ceph_backend" $envAll)) }}
192 - name: etcceph
193 mountPath: /etc/ceph
194 {{- if not .Values.backup.external_ceph_rbd.enabled }}
195 - name: ceph-etc
196 mountPath: /etc/ceph/ceph.conf
197 subPath: ceph.conf
198 readOnly: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]199 {{- else if .Values.backup.external_ceph_rbd.configmap }}
200 - name: external-backup-ceph-etc
201 mountPath: /etc/ceph/ceph.conf
202 subPath: ceph.conf
203 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]204 {{- else }}
205 - name: cinder-etc
206 mountPath: /etc/ceph/ceph.conf
207 subPath: external-backup-ceph.conf
208 readOnly: true
209 {{- end }}
210 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
211 - name: ceph-backup-keyring
212 mountPath: /tmp/client-keyring
213 subPath: key
214 readOnly: true
215 {{- else }}
216 - name: ceph-keyring
217 mountPath: /tmp/client-keyring
218 subPath: key
219 readOnly: true
220 {{- end }}
221 {{- if .Values.ceph_client.enable_external_ceph_backend }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]222 {{- if .Values.ceph_client.external_ceph.configmap }}
223 - name: external-ceph-etc
224 mountPath: /etc/ceph/external-ceph.conf
225 subPath: external-ceph.conf
226 readOnly: true
227 {{- else }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]228 - name: cinder-etc
229 mountPath: /etc/ceph/external-ceph.conf
230 subPath: external-ceph.conf
231 readOnly: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]232 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]233 {{- if .Values.ceph_client.external_ceph.rbd_user }}
234 - name: external-ceph-keyring
235 mountPath: /tmp/external-ceph-client-keyring
236 subPath: key
237 readOnly: true
238 {{- end }}
239 {{- end }}
240 {{- end }}
241 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
242 - name: cinder-backup
243 mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
244 {{- end }}
245 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
246 - name: cinder-coordination
247 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
248 {{- end }}
249 - name: cinder-etc
250 # NOTE (Portdirect): We mount here to override Kollas
251 # custom sudoers file when using Kolla images, this
252 # location will also work fine for other images.
253 mountPath: /etc/sudoers.d/kolla_cinder_sudoers
254 subPath: cinder_sudoers
255 readOnly: true
256 - name: cinder-etc
257 mountPath: /etc/sudoers.d/kolla_cinder_volume_sudoers
258 subPath: cinder_sudoers
259 readOnly: true
260 - name: cinder-etc
261 mountPath: /etc/cinder/rootwrap.conf
262 subPath: rootwrap.conf
263 readOnly: true
264 - name: cinder-etc
265 mountPath: /etc/cinder/rootwrap.d/volume.filters
266 subPath: volume.filters
267 readOnly: true
268 {{- if .Values.conf.enable_iscsi }}
269 - name: host-rootfs
270 mountPath: /mnt/host-rootfs
271 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
272 mountPropagation: HostToContainer
273 {{- end }}
274 - name: host-dev
275 mountPath: /dev
276 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
277 mountPropagation: HostToContainer
278 {{- end }}
279 - name: runlock
280 mountPath: /run/lock
281 - name: etciscsi
282 mountPath: /etc/iscsi
283 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
284 mountPropagation: HostToContainer
285 {{- end }}
286 - name: usrlocalsbin
287 mountPath: /usr/local/sbin
288 - name: cinder-bin
289 mountPath: /usr/local/sbin/iscsiadm
290 subPath: iscsiadm
291 {{- end }}
292{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
293{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
294{{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
295 volumes:
296 - name: pod-tmp
297 emptyDir: {}
298 - name: cinder-tmp
299 emptyDir: {}
300 - name: cinder-etc
301 secret:
302 secretName: cinder-etc
303 defaultMode: 0444
304 - name: cinder-bin
305 configMap:
306 name: cinder-bin
307 defaultMode: 0555
308 {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (eq "true" (include "cinder.utils.has_ceph_backend" $envAll)) }}
309 - name: etcceph
310 emptyDir: {}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]311 {{- if and .Values.backup.external_ceph_rbd.enabled .Values.backup.external_ceph_rbd.configmap }}
312 - name: external-backup-ceph-etc
313 configMap:
314 name: {{ .Values.backup.external_ceph_rbd.configmap }}
315 defaultMode: 0444
316 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]317 - name: ceph-etc
318 configMap:
319 name: {{ .Values.ceph_client.configmap }}
320 defaultMode: 0444
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]321 {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.configmap }}
322 - name: external-ceph-etc
323 configMap:
324 name: {{ .Values.ceph_client.external_ceph.configmap }}
325 defaultMode: 0444
326 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]327 {{ end }}
328 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
329 - name: ceph-backup-keyring
330 secret:
331 secretName: {{ .Values.secrets.rbd.backup | quote }}
332 {{ end }}
333 {{- if eq "true" (include "cinder.utils.has_ceph_backend" $envAll) }}
334 - name: ceph-keyring
335 secret:
336 secretName: {{ .Values.secrets.rbd.volume | quote }}
337 {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
338 - name: external-ceph-keyring
339 secret:
340 secretName: {{ .Values.secrets.rbd.volume_external | quote }}
341 {{ end }}
342 {{ end }}
343 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
344 - name: cinder-backup
345 persistentVolumeClaim:
346 claimName: cinder-backup
347 {{- end }}
348 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
349 # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
350 # pods for the coordination backend to be fully functional.
351 - name: cinder-coordination
352 emptyDir: {}
353 {{- end }}
354 {{- if .Values.conf.enable_iscsi }}
355 - name: host-rootfs
356 hostPath:
357 path: /
358 - name: host-dev
359 hostPath:
360 path: /dev
361 - name: runlock
362 hostPath:
363 path: /run/lock
364 - name: etciscsi
365 hostPath:
366 path: /etc/iscsi
367 - name: usrlocalsbin
368 emptyDir: {}
369 {{- end }}
370{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
371{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
372{{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
373{{- end }}