Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / glance / templates / job-storage-init.yaml
blob: d8aee237895832920acc5cfa88f8233b34df1edf [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.job_storage_init }}
16{{- $envAll := . }}
17
18{{- $serviceAccountName := "glance-storage-init" }}
19{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
20---
21apiVersion: rbac.authorization.k8s.io/v1
22kind: Role
23metadata:
24 name: {{ $serviceAccountName }}
25rules:
26 - apiGroups:
27 - ""
28 resources:
29 - secrets
30 verbs:
31 - get
32 - create
33 - update
34 - patch
35---
36apiVersion: rbac.authorization.k8s.io/v1
37kind: RoleBinding
38metadata:
39 name: {{ $serviceAccountName }}
40roleRef:
41 apiGroup: rbac.authorization.k8s.io
42 kind: Role
43 name: {{ $serviceAccountName }}
44subjects:
45 - kind: ServiceAccount
46 name: {{ $serviceAccountName }}
47 namespace: {{ $envAll.Release.Namespace }}
48---
49apiVersion: batch/v1
50kind: Job
51metadata:
52 name: glance-storage-init
53 labels:
54{{ tuple $envAll "glance" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
55 annotations:
56{{- if .Values.helm3_hook }}
57 helm.sh/hook: post-install,post-upgrade
58{{- end }}
59 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
60spec:
61 template:
62 metadata:
63 labels:
64{{ tuple $envAll "glance" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
65 annotations:
66{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
67{{ dict "envAll" $envAll "podName" "glance-storage-init" "containerNames" (list "init" "glance-storage-init" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
68 spec:
69 serviceAccountName: {{ $serviceAccountName }}
70{{ dict "envAll" $envAll "application" "storage_init" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
71 restartPolicy: OnFailure
72{{ if $envAll.Values.pod.tolerations.glance.enabled }}
73{{ tuple $envAll "glance" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
74{{ end }}
75 nodeSelector:
76 {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
77 initContainers:
78{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
79 {{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
80 - name: ceph-keyring-placement
81{{ tuple $envAll "glance_api" | include "helm-toolkit.snippets.image" | indent 10 }}
82{{ dict "envAll" $envAll "application" "storage_init" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
83 command:
84 - /tmp/ceph-admin-keyring.sh
85 volumeMounts:
86 - name: pod-tmp
87 mountPath: /tmp
88 - name: etcceph
89 mountPath: /etc/ceph
90 - name: glance-bin
91 mountPath: /tmp/ceph-admin-keyring.sh
92 subPath: ceph-admin-keyring.sh
93 readOnly: true
94 {{- if empty .Values.conf.ceph.admin_keyring }}
95 - name: ceph-keyring
96 mountPath: /tmp/client-keyring
97 subPath: key
98 readOnly: true
99 {{ end }}
100 {{ end }}
101 containers:
102 - name: glance-storage-init
103{{ tuple $envAll "glance_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
104{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
105{{ dict "envAll" $envAll "application" "storage_init" "container" "glance_storage_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
106 env:
107 - name: NAMESPACE
108 valueFrom:
109 fieldRef:
110 fieldPath: metadata.namespace
111 - name: STORAGE_BACKEND
112 value: {{ .Values.storage | quote }}
113 {{- if eq .Values.storage "rbd" }}
114 - name: RBD_POOL_NAME
115 value: {{ .Values.conf.glance.glance_store.rbd_store_pool | quote }}
116 - name: RBD_POOL_APP_NAME
117 value: {{ .Values.conf.software.rbd.rbd_store_pool_app_name | quote }}
118 - name: RBD_POOL_USER
119 value: {{ .Values.conf.glance.glance_store.rbd_store_user | quote }}
120 - name: RBD_POOL_REPLICATION
121 value: {{ .Values.conf.glance.glance_store.rbd_store_replication | quote }}
122 - name: RBD_POOL_CRUSH_RULE
123 value: {{ .Values.conf.glance.glance_store.rbd_store_crush_rule | quote }}
124 - name: RBD_POOL_CHUNK_SIZE
125 value: {{ .Values.conf.glance.glance_store.rbd_store_chunk_size | quote }}
126 - name: RBD_POOL_SECRET
127 value: {{ .Values.secrets.rbd | quote }}
128 {{ end }}
129 {{- if eq .Values.storage "radosgw" }}
130 - name: RADOSGW_USERNAME
131 value: {{ .Values.endpoints.ceph_object_store.auth.glance.username | quote }}
132 - name: RADOSGW_PASSWORD
133 value: {{ .Values.endpoints.ceph_object_store.auth.glance.password | quote }}
134 - name: RADOSGW_TMPURL_KEY
135 value: {{ .Values.endpoints.ceph_object_store.auth.glance.tmpurlkey | quote }}
136 {{ end }}
137 {{- if eq .Values.storage "swift" }}
138 - name: SWIFT_TMPURL_KEY
139 value: {{ .Values.endpoints.object_store.auth.glance.tmpurlkey | quote }}
140{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.glance "useCA" .Values.manifests.certificates }}
141{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
142{{- end }}
143 {{ end }}
144 command:
145 - /tmp/storage-init.sh
146 volumeMounts:
147 - name: pod-tmp
148 mountPath: /tmp
149 - name: glance-bin
150 mountPath: /tmp/storage-init.sh
151 subPath: storage-init.sh
152 readOnly: true
153 {{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
154 - name: etcceph
155 mountPath: /etc/ceph
156 - name: ceph-etc
157 mountPath: /etc/ceph/ceph.conf
158 subPath: ceph.conf
159 readOnly: true
160 {{- if empty .Values.conf.ceph.admin_keyring }}
161 - name: ceph-keyring
162 mountPath: /tmp/client-keyring
163 subPath: key
164 readOnly: true
165 {{ end }}
166 {{ end }}
167 {{- if eq .Values.storage "pvc" }}
168 - name: glance-images
169 mountPath: {{ .Values.conf.glance.glance_store.filesystem_store_datadir }}
170 {{ end }}
171{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
172 volumes:
173 - name: pod-tmp
174 emptyDir: {}
175 - name: glance-bin
176 configMap:
177 name: glance-bin
178 defaultMode: 0555
179 {{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
180 - name: etcceph
181 emptyDir: {}
182 - name: ceph-etc
183 configMap:
184 name: {{ .Values.ceph_client.configmap }}
185 defaultMode: 0444
186 {{- if empty .Values.conf.ceph.admin_keyring }}
187 - name: ceph-keyring
188 secret:
189 secretName: {{ .Values.ceph_client.user_secret_name }}
190 {{ end }}
191 {{ end }}
192 {{- if eq .Values.storage "pvc" }}
193 - name: glance-images
194 persistentVolumeClaim:
195 claimName: glance-images
196 {{ end }}
197{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.image.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
198{{- end }}