Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / keystone / templates / job-domain-manage.yaml
blob: 41bc9b117797e88a880be4b176d0889fc4712e83 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.job_domain_manage }}
16{{- $envAll := . }}
17
18{{- $mounts_keystone_domain_manage := .Values.pod.mounts.keystone_domain_manage.keystone_domain_manage }}
19{{- $mounts_keystone_domain_manage_init := .Values.pod.mounts.keystone_domain_manage.init_container }}
20
21{{- $serviceAccountName := "keystone-domain-manage" }}
22{{ tuple $envAll "domain_manage" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
23---
24apiVersion: batch/v1
25kind: Job
26metadata:
27 name: keystone-domain-manage
28 labels:
29{{ tuple $envAll "keystone" "domain-manage" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
30 annotations:
31 "helm.sh/hook": post-install,post-upgrade
32 "helm.sh/hook-delete-policy": before-hook-creation
Oleksandr K.582fd5e2024-07-19 04:39:01 +0200[diff] [blame]33{{ tuple $serviceAccountName $envAll | include "helm-toolkit.snippets.custom_job_annotations" | indent 4 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]34spec:
35 template:
36 metadata:
37 labels:
38{{ tuple $envAll "keystone" "domain-manage" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
39 annotations:
40{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
41 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
42 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
43{{ dict "envAll" $envAll "podName" "keystone-domain-manage" "containerNames" (list "keystone-domain-manage" "keystone-domain-manage-init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
44 spec:
Dong Ma36b89222025-02-13 16:15:52 +0000[diff] [blame]45{{ with .Values.pod.priorityClassName.keystone_domain_manage }}
46 priorityClassName: {{ . }}
47{{ end }}
48{{ with .Values.pod.runtimeClassName.keystone_domain_manage }}
49 runtimeClassName: {{ . }}
50{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]51 serviceAccountName: {{ $serviceAccountName }}
52{{ dict "envAll" $envAll "application" "domain_manage" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
53 restartPolicy: OnFailure
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]54{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
55{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
56{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]57 nodeSelector:
58 {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
59 initContainers:
60{{ tuple $envAll "domain_manage" $mounts_keystone_domain_manage_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]61 containers:
62 - name: keystone-domain-manage
63{{ tuple $envAll "keystone_domain_manage" | include "helm-toolkit.snippets.image" | indent 10 }}
64{{ tuple $envAll $envAll.Values.pod.resources.jobs.domain_manage | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
65{{ dict "envAll" $envAll "application" "domain_manage" "container" "keystone_domain_manage" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
66 env:
67{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal) }}
68{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
69{{- end }}
70 command:
71 - /tmp/domain-manage.sh
72 volumeMounts:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]73 - name: keystone-bin
74 mountPath: /tmp/domain-manage.sh
75 subPath: domain-manage.sh
76 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]77{{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
78{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
79{{- end }}
80{{ if $mounts_keystone_domain_manage.volumeMounts }}{{ toYaml $mounts_keystone_domain_manage.volumeMounts | indent 12 }}{{ end }}
81 volumes:
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]82 - name: keystone-bin
83 configMap:
84 name: keystone-bin
85 defaultMode: 0555
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]86{{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal }}
87{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.identity.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
88{{- end }}
89{{ if $mounts_keystone_domain_manage.volumes }}{{ toYaml $mounts_keystone_domain_manage.volumes | indent 9 }}{{ end }}
90{{- end }}