| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1 | {{/* |
| 2 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 3 | you may not use this file except in compliance with the License. |
| 4 | You may obtain a copy of the License at |
| 5 | |
| 6 | http://www.apache.org/licenses/LICENSE-2.0 |
| 7 | |
| 8 | Unless required by applicable law or agreed to in writing, software |
| 9 | distributed under the License is distributed on an "AS IS" BASIS, |
| 10 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 11 | See the License for the specific language governing permissions and |
| 12 | limitations under the License. |
| 13 | */}} |
| 14 | |
| 15 | {{- define "metadata.annotations.job.db_sync" }} |
| 16 | {{- if .Values.helm3_hook -}} |
| 17 | helm.sh/hook: post-install,post-upgrade |
| 18 | helm.sh/hook-weight: "-4" |
| 19 | {{- end -}} |
| 20 | {{- end }} |
| 21 | |
| 22 | {{- define "keystone.templates._job_db_sync.env_vars" -}} |
| 23 | {{- $envAll := index . 0 -}} |
| 24 | env: |
| 25 | - name: OS_BOOTSTRAP_ADMIN_URL |
| 26 | value: {{ tuple "identity" "admin" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} |
| 27 | - name: OS_BOOTSTRAP_INTERNAL_URL |
| 28 | value: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} |
| 29 | - name: OS_BOOTSTRAP_PUBLIC_URL |
| 30 | value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} |
| 31 | - name: OPENSTACK_CONFIG_FILE |
| 32 | value: "/etc/keystone/keystone.conf" |
| 33 | - name: OPENSTACK_CONFIG_DB_SECTION |
| 34 | value: "database" |
| 35 | - name: OPENSTACK_CONFIG_DB_KEY |
| 36 | value: "connection" |
| 37 | {{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} |
| 38 | {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 2}} |
| 39 | {{- end }} |
| 40 | {{- end }} |
| 41 | |
| 42 | {{- define "keystone.templates._job_db_sync.pod_vol_mounts" -}} |
| 43 | {{- $envAll := index . 0 -}} |
| 44 | volumeMounts: |
| 45 | - name: db-sync-sh |
| 46 | mountPath: /tmp/endpoint-update.py |
| 47 | subPath: endpoint-update.py |
| 48 | readOnly: true |
| 49 | - name: keystone-fernet-keys |
| 50 | mountPath: {{ $envAll.Values.conf.keystone.fernet_tokens.key_repository }} |
| 51 | readOnly: true |
| 52 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }} |
| 53 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }} |
| 54 | {{- end }} |
| 55 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }} |
| 56 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 2 }} |
| 57 | {{- end }} |
| 58 | {{- end }} |
| 59 | |
| 60 | {{- define "keystone.templates._job_db_sync.pod_vols" -}} |
| 61 | {{- $envAll := index . 0 -}} |
| 62 | volumes: |
| 63 | - name: keystone-fernet-keys |
| 64 | secret: |
| 65 | secretName: keystone-fernet-keys |
| 66 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal }} |
| 67 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }} |
| 68 | {{- end }} |
| 69 | {{- if and $envAll.Values.manifests.certificates $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal }} |
| 70 | {{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 2 }} |
| 71 | {{- end }} |
| 72 | {{- end }} |
| 73 | |
| 74 | {{- if .Values.manifests.job_db_sync }} |
| 75 | {{- $local := dict "podVolMounts" false "podVols" false -}} |
| 76 | {{- if eq .Values.conf.keystone.token.provider "fernet" }} |
| 77 | {{- $_ := set $local "podVolMounts" ( index ( tuple . | include "keystone.templates._job_db_sync.pod_vol_mounts" | toString | fromYaml ) "volumeMounts" ) }} |
| 78 | {{- $_ := set $local "podVols" ( index ( tuple . | include "keystone.templates._job_db_sync.pod_vols" | toString | fromYaml ) "volumes" ) }} |
| 79 | {{- end }} |
| 80 | {{- $podEnvVars := tuple . | include "keystone.templates._job_db_sync.env_vars" | toString | fromYaml }} |
| 81 | {{- $dbSyncJob := dict "envAll" . "serviceName" "keystone" "podVolMounts" $local.podVolMounts "podVols" $local.podVols "podEnvVars" $podEnvVars.env "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) -}} |
| Oleksandr Kozachenko | a10d785 | 2023-02-02 22:01:16 +0100 | [diff] [blame] | 82 | {{- if .Values.pod.tolerations.keystone.enabled -}} |
| 83 | {{- $_ := set $dbSyncJob "tolerationsEnabled" true -}} |
| 84 | {{- end -}} |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 85 | {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} |
| 86 | {{- end }} |