Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / glance / templates / deployment-api.yaml
blob: 9f14d1b25a2d74a79dc86ba6138478d3e6ba0a30 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]15{{- define "readinessProbeTemplate" }}
16{{- if .Values.manifests.certificates }}
17exec:
18 command:
19 - python
20 - -c
21 - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
22{{- else }}
23httpGet:
24 scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
25 path: /
26 port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
27{{- end }}
28{{- end }}
29
30{{- define "livenessProbeTemplate" }}
31{{- if .Values.manifests.certificates }}
32exec:
33 command:
34 - python
35 - -c
36 - "import requests; requests.get('http://127.0.0.1:{{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
37{{- else }}
38httpGet:
39 scheme: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
40 path: /
41 port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
42{{- end }}
43{{- end }}
44
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]45{{- if .Values.manifests.deployment_api }}
46{{- $envAll := . }}
47
48{{- $mounts_glance_api := .Values.pod.mounts.glance_api.glance_api }}
49{{- $mounts_glance_api_init := .Values.pod.mounts.glance_api.init_container }}
50
51{{- $serviceAccountName := "glance-api" }}
52{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
53---
54apiVersion: apps/v1
55kind: Deployment
56metadata:
57 name: glance-api
58 annotations:
59 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
60 labels:
61{{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
62spec:
63 replicas: {{ .Values.pod.replicas.api }}
64 selector:
65 matchLabels:
66{{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
67{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
68 template:
69 metadata:
70 labels:
71{{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
72 annotations:
73{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
74 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
75 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
76{{ dict "envAll" $envAll "podName" "glance-api" "containerNames" ( list "glance-perms" "glance-api" "init" "nginx" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
77 spec:
Dong Ma414c0902025-02-10 09:56:42 +0000[diff] [blame]78{{ with .Values.pod.priorityClassName.glance_api }}
79 priorityClassName: {{ . }}
80{{ end }}
81{{ with .Values.pod.runtimeClassName.glance_api }}
82 runtimeClassName: {{ . }}
83{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]84 serviceAccountName: {{ $serviceAccountName }}
85{{ dict "envAll" $envAll "application" "glance" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
86 affinity:
87{{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
88{{ if $envAll.Values.pod.tolerations.glance.enabled }}
89{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
90{{ end }}
91 nodeSelector:
92 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
93 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
94{{- if .Values.pod.useHostNetwork.api }}
95 hostNetwork: true
96 dnsPolicy: ClusterFirstWithHostNet
97{{- end }}
98{{- if eq .Values.storage "cinder" }}
99 hostIPC: true
100{{- end }}
101 initContainers:
102{{ tuple $envAll "api" $mounts_glance_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
103 - name: glance-perms
104{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
105{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
106{{ dict "envAll" $envAll "application" "glance" "container" "glance_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
107 command:
108 - chown
109 - -R
110 - "glance:"
111 - {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
112 volumeMounts:
113 - name: pod-tmp
114 mountPath: /tmp
115 - name: glance-images
116 mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
117 {{ if eq .Values.storage "rbd" }}
118 - name: ceph-keyring-placement
119{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
120{{ dict "envAll" $envAll "application" "glance" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
121 env:
122 - name: RBD_STORE_USER
123 value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
124 command:
125 - /tmp/ceph-keyring.sh
126 volumeMounts:
127 - name: pod-tmp
128 mountPath: /tmp
129 - name: etcceph
130 mountPath: /etc/ceph
131 - name: glance-bin
132 mountPath: /tmp/ceph-keyring.sh
133 subPath: ceph-keyring.sh
134 readOnly: true
135 - name: ceph-keyring
136 mountPath: /tmp/client-keyring
137 subPath: key
138 readOnly: true
139 {{ end }}
140 containers:
141 {{- if $envAll.Values.manifests.certificates }}
142 - name: nginx
143{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
144{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
145{{ dict "envAll" $envAll "application" "glance" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
146 ports:
147 - name: g-api
148 containerPort: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
149 env:
150 - name: PORT
151 value: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
152 - name: POD_IP
153 valueFrom:
154 fieldRef:
155 fieldPath: status.podIP
156 - name: SHORTNAME
157 value: {{ tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
158 readinessProbe:
159 tcpSocket:
160 port: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
161 command:
162 - /tmp/nginx.sh
163 - start
164 lifecycle:
165 preStop:
166 exec:
167 command:
168 - /tmp/nginx.sh
169 - stop
170 volumeMounts:
171 - name: glance-bin
172 mountPath: /tmp/nginx.sh
173 subPath: nginx.sh
174 readOnly: true
175 - name: glance-etc
176 mountPath: /etc/nginx/nginx.conf
177 subPath: nginx.conf
178 readOnly: true
179{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image.api.internal "path" "/etc/nginx/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
180 {{- end }}
181 - name: glance-api
182{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
183{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
184{{ dict "envAll" $envAll "application" "glance" "container" "glance_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]185{{ dict "envAll" $envAll "component" "api" "container" "glance-api" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
186{{ dict "envAll" $envAll "component" "api" "container" "glance-api" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]187 command:
188 - /tmp/glance-api.sh
189 - start
190{{- if or .Values.manifests.certificates .Values.tls.identity }}
191 env:
192 - name: REQUESTS_CA_BUNDLE
193 value: "/etc/glance/certs/ca.crt"
194{{- end }}
195 lifecycle:
196 preStop:
197 exec:
198 command:
199 - /tmp/glance-api.sh
200 - stop
okozachenko12035aa48492023-09-05 19:47:07 +1000[diff] [blame]201 {{- if not $envAll.Values.manifests.certificates }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]202 ports:
203 - name: g-api
204 containerPort: {{ tuple "image" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]205 {{- end }}
206 volumeMounts:
207 - name: pod-tmp
208 mountPath: /tmp
209 - name: glance-tmp
210 mountPath: /var/lib/glance/tmp
211 - name: etcglance
212 mountPath: /etc/glance
213 - name: glance-bin
214 mountPath: /tmp/glance-api.sh
215 subPath: glance-api.sh
216 readOnly: true
217 - name: glance-etc
218 mountPath: /etc/glance/glance-api.conf
219 subPath: glance-api.conf
220 readOnly: true
Oleksandr Kozachenko469612f2023-10-04 17:34:40 +0200[diff] [blame]221 - name: glance-etc
222 mountPath: /etc/glance/glance-api-uwsgi.ini
223 subPath: glance-api-uwsgi.ini
224 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]225 {{- if .Values.conf.glance.DEFAULT.log_config_append }}
226 - name: glance-etc
227 mountPath: {{ .Values.conf.glance.DEFAULT.log_config_append }}
228 subPath: {{ base .Values.conf.glance.DEFAULT.log_config_append }}
229 readOnly: true
230 {{- end }}
231 - name: glance-etc
232 mountPath: /etc/glance/glance-api-paste.ini
233 subPath: glance-api-paste.ini
234 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]235 - name: glance-etc
236 mountPath: /etc/glance/policy.yaml
237 subPath: policy.yaml
238 readOnly: true
239 - name: glance-etc
240 mountPath: /etc/glance/api_audit_map.conf
241 subPath: api_audit_map.conf
242 readOnly: true
243 - name: glance-etc
244 # NOTE (Portdirect): We mount here to override Kollas
245 # custom sudoers file when using Kolla images, this
246 # location will also work fine for other images.
247 mountPath: /etc/sudoers.d/kolla_glance_sudoers
248 subPath: glance_sudoers
249 readOnly: true
250 - name: glance-etc
251 mountPath: /etc/glance/rootwrap.conf
252 subPath: rootwrap.conf
253 readOnly: true
254 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
255 {{- if ( has "api" $value.pods ) }}
256 {{- $filePrefix := replace "_" "-" $key }}
257 {{- $rootwrapFile := printf "/etc/glance/rootwrap.d/%s.filters" $filePrefix }}
258 - name: glance-etc
259 mountPath: {{ $rootwrapFile }}
260 subPath: {{ base $rootwrapFile }}
261 readOnly: true
262 {{- end }}
263 {{- end }}
264 - name: glance-etc
265 mountPath: {{ .Values.conf.glance.glance_store.swift_store_config_file }}
266 subPath: swift-store.conf
267 readOnly: true
268 - name: glance-images
269 mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
270{{- if eq .Values.storage "cinder" }}
271 - name: host-rootfs
272 mountPath: /mnt/host-rootfs
273 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
274 mountPropagation: HostToContainer
275 {{- end }}
276 - name: host-dev
277 mountPath: /dev
278 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
279 mountPropagation: HostToContainer
280 {{- end }}
281 - name: runlock
282 mountPath: /run/lock
283 - name: etciscsi
284 mountPath: /etc/iscsi
285 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
286 mountPropagation: HostToContainer
287 {{- end }}
288 - name: usrlocalsbin
289 mountPath: /usr/local/sbin
290 - name: glance-bin
291 mountPath: /usr/local/sbin/iscsiadm
292 subPath: iscsiadm
293 - name: glance-bin
294 mountPath: /usr/local/sbin/multipath
295 subPath: multipath
296 - name: glance-bin
297 mountPath: /usr/local/sbin/multipathd
298 subPath: multipathd
299 - name: etcmultipath
300 mountPath: /etc/multipath
301 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
302 mountPropagation: Bidirectional
303 {{- end }}
304 - name: sys
305 mountPath: /sys
306 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
307 mountPropagation: HostToContainer
308 {{- end }}
309{{- end }}
310{{- if eq .Values.storage "rbd" }}
311 - name: etcceph
312 mountPath: /etc/ceph
313 - name: ceph-etc
314 mountPath: /etc/ceph/ceph.conf
315 subPath: ceph.conf
316 readOnly: true
317 - name: ceph-keyring
318 mountPath: /tmp/client-keyring
319 subPath: key
320 readOnly: true
321{{- end }}
322{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
323{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.internal "path" "/etc/glance/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
324{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
325{{ if $mounts_glance_api.volumeMounts }}{{ toYaml $mounts_glance_api.volumeMounts | indent 12 }}{{ end }}
326 volumes:
327 - name: pod-tmp
328 emptyDir: {}
329 - name: glance-tmp
330 emptyDir: {}
331 - name: etcglance
332 emptyDir: {}
333 - name: glance-bin
334 configMap:
335 name: glance-bin
336 defaultMode: 0555
337 - name: glance-etc
338 secret:
339 secretName: glance-etc
340 defaultMode: 0444
341{{- if eq .Values.storage "pvc" }}
342 - name: glance-images
343 persistentVolumeClaim:
344 claimName: glance-images
345{{ else }}
346 - name: glance-images
347 emptyDir: {}
348{{- end }}
349{{- if eq .Values.storage "rbd" }}
350 - name: etcceph
351 emptyDir: {}
352 - name: ceph-etc
353 configMap:
354 name: {{ .Values.ceph_client.configmap }}
355 defaultMode: 0444
356 - name: ceph-keyring
357 secret:
358 secretName: {{ .Values.secrets.rbd | quote }}
359{{- end }}
360{{- if eq .Values.storage "cinder" }}
361 - name: host-rootfs
362 hostPath:
363 path: /
364 - name: host-dev
365 hostPath:
366 path: /dev
367 - name: runlock
368 hostPath:
369 path: /run/lock
370 - name: etciscsi
371 hostPath:
372 path: /etc/iscsi
373 - name: usrlocalsbin
374 emptyDir: {}
375 - name: etcmultipath
376 hostPath:
377 path: /etc/multipath
378 - name: sys
379 hostPath:
380 path: /sys
381{{- end }}
382{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
383{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" $envAll.Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
384{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
385{{ if $mounts_glance_api.volumes }}{{ toYaml $mounts_glance_api.volumes | indent 8 }}{{ end }}
386{{- end }}