| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1 | {{/* |
| 2 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 3 | you may not use this file except in compliance with the License. |
| 4 | You may obtain a copy of the License at |
| 5 | |
| 6 | http://www.apache.org/licenses/LICENSE-2.0 |
| 7 | |
| 8 | Unless required by applicable law or agreed to in writing, software |
| 9 | distributed under the License is distributed on an "AS IS" BASIS, |
| 10 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 11 | See the License for the specific language governing permissions and |
| 12 | limitations under the License. |
| 13 | */}} |
| 14 | |
| 15 | {{- if .Values.manifests.job_credential_cleanup }} |
| 16 | {{- $envAll := index . -}} |
| 17 | |
| 18 | {{- $serviceName := "keystone" -}} |
| 19 | {{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} |
| 20 | {{- $configMapBin := "keystone-bin" -}} |
| 21 | {{- $configMapEtc := "keystone-etc" -}} |
| 22 | {{- $dbToClean := index . "dbToClean" | default ( dict "adminSecret" $envAll.Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" ) -}} |
| 23 | |
| 24 | {{ tuple $envAll "credential_cleanup" $serviceName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} |
| 25 | |
| 26 | --- |
| 27 | apiVersion: batch/v1 |
| 28 | kind: Job |
| 29 | metadata: |
| 30 | name: "keystone-credential-cleanup" |
| 31 | labels: |
| 32 | {{ tuple $envAll "keystone" "credential-cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} |
| 33 | annotations: |
| 34 | "helm.sh/hook": pre-delete |
| 35 | "helm.sh/hook-delete-policy": hook-succeeded, hook-failed |
| Oleksandr K. | 582fd5e | 2024-07-19 04:39:01 +0200 | [diff] [blame] | 36 | {{ tuple "keystone_credential_cleanup" $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 }} |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 37 | spec: |
| 38 | template: |
| 39 | metadata: |
| 40 | labels: |
| 41 | {{ tuple $envAll $serviceName "credential-cleanup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} |
| 42 | annotations: |
| 43 | {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} |
| 44 | configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} |
| 45 | configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} |
| 46 | {{ dict "envAll" $envAll "podName" "keystone-credential-cleanup" "containerNames" (list "keystone-credential-cleanup") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} |
| 47 | spec: |
| Dong Ma | 36b8922 | 2025-02-13 16:15:52 +0000 | [diff] [blame] | 48 | {{ with .Values.pod.priorityClassName.keystone_credential_cleanup }} |
| 49 | priorityClassName: {{ . }} |
| 50 | {{ end }} |
| 51 | {{ with .Values.pod.runtimeClassName.keystone_credential_cleanup }} |
| 52 | runtimeClassName: {{ . }} |
| 53 | {{ end }} |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 54 | serviceAccountName: {{ $serviceName }} |
| 55 | restartPolicy: Never |
| Oleksandr Kozachenko | a10d785 | 2023-02-02 22:01:16 +0100 | [diff] [blame] | 56 | {{ if $envAll.Values.pod.tolerations.keystone.enabled }} |
| 57 | {{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} |
| 58 | {{ end }} |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 59 | nodeSelector: |
| 60 | {{ toYaml $nodeSelector | indent 8 }} |
| 61 | initContainers: |
| 62 | {{ tuple $envAll "credential_cleanup" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} |
| 63 | containers: |
| 64 | {{ $dbToCleanType := default "oslo" $dbToClean.inputType }} |
| 65 | - name: {{ printf "%s-%s" $serviceName "credential-cleanup" | quote }} |
| 66 | image: {{ $envAll.Values.images.tags.keystone_credential_cleanup }} |
| 67 | imagePullPolicy: {{ $envAll.Values.images.pull_policy }} |
| 68 | {{ tuple $envAll $envAll.Values.pod.resources.jobs.db_drop | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} |
| 69 | env: |
| 70 | - name: ROOT_DB_CONNECTION |
| 71 | valueFrom: |
| 72 | secretKeyRef: |
| 73 | name: {{ $dbToClean.adminSecret | quote }} |
| 74 | key: DB_CONNECTION |
| 75 | {{- if eq $dbToCleanType "oslo" }} |
| 76 | - name: OPENSTACK_CONFIG_FILE |
| 77 | value: {{ $dbToClean.configFile | quote }} |
| 78 | - name: OPENSTACK_CONFIG_DB_SECTION |
| 79 | value: {{ $dbToClean.configDbSection | quote }} |
| 80 | - name: OPENSTACK_CONFIG_DB_KEY |
| 81 | value: {{ $dbToClean.configDbKey | quote }} |
| 82 | {{- end }} |
| 83 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }} |
| 84 | - name: MARIADB_X509 |
| 85 | value: "REQUIRE X509" |
| 86 | {{- end }} |
| 87 | command: |
| 88 | - python |
| 89 | - /tmp/cred-clean.py |
| 90 | volumeMounts: |
| 91 | - name: pod-tmp |
| 92 | mountPath: /tmp |
| 93 | - name: cred-clean-sh |
| 94 | mountPath: /tmp/cred-clean.py |
| 95 | subPath: cred-clean.py |
| 96 | readOnly: true |
| 97 | {{- if eq $dbToCleanType "oslo" }} |
| 98 | - name: etc-service |
| 99 | mountPath: {{ dir $dbToClean.configFile | quote }} |
| 100 | - name: cred-clean-conf |
| 101 | mountPath: {{ $dbToClean.configFile | quote }} |
| 102 | subPath: {{ base $dbToClean.configFile | quote }} |
| 103 | readOnly: true |
| 104 | - name: cred-clean-conf |
| 105 | mountPath: {{ $dbToClean.logConfigFile | quote }} |
| 106 | subPath: {{ base $dbToClean.logConfigFile | quote }} |
| 107 | readOnly: true |
| 108 | {{- end }} |
| 109 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }} |
| 110 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} |
| 111 | {{- end }} |
| 112 | volumes: |
| 113 | - name: pod-tmp |
| 114 | emptyDir: {} |
| 115 | - name: cred-clean-sh |
| 116 | configMap: |
| 117 | name: "keystone-bin" |
| 118 | defaultMode: 0555 |
| 119 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }} |
| 120 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} |
| 121 | {{- end }} |
| 122 | {{- $local := dict "configMapBinFirst" true -}} |
| 123 | {{- $dbToCleanType := default "oslo" $dbToClean.inputType }} |
| 124 | {{- if and (eq $dbToCleanType "oslo") $local.configMapBinFirst }} |
| 125 | {{- $_ := set $local "configMapBinFirst" false }} |
| 126 | - name: etc-service |
| 127 | emptyDir: {} |
| 128 | - name: cred-clean-conf |
| 129 | secret: |
| 130 | secretName: "keystone-etc" |
| 131 | defaultMode: 0444 |
| 132 | {{- end -}} |
| 133 | {{- end -}} |