Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / neutron / templates / deployment-rpc_server.yaml
blob: f5f724039fad84ce8f18f0166c8c09d7a868d90f [file] [log] [blame]
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_rpc_server }}
16{{- $envAll := . }}
17
18{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "server" -}}
19{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
20
21{{- $mounts_neutron_rpc_server := .Values.pod.mounts.neutron_rpc_server.neutron_rpc_server }}
22{{- $mounts_neutron_rpc_server_init := .Values.pod.mounts.neutron_rpc_server.init_container }}
23
24{{- $serviceAccountName := "neutron-rpc-server" }}
25{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
26---
27apiVersion: apps/v1
28kind: Deployment
29metadata:
30 name: neutron-rpc-server
31 annotations:
32 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
33 labels:
34{{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
35spec:
36 replicas: {{ .Values.pod.replicas.rpc_server }}
37 selector:
38 matchLabels:
39{{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
40{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
41 template:
42 metadata:
43 labels:
44{{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
45 annotations:
46{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
47 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
48 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
49{{ dict "envAll" $envAll "podName" "neutron-rpc-server" "containerNames" (list "neutron-rpc-server" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
50 spec:
51{{ dict "envAll" $envAll "application" "neutron_rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
Dong Mae5bd5a32025-02-11 11:03:48 +0000[diff] [blame]52{{ with .Values.pod.priorityClassName.neutron_rpc_server }}
53 priorityClassName: {{ . }}
54{{ end }}
55{{ with .Values.pod.runtimeClassName.neutron_rpc_server }}
56 runtimeClassName: {{ . }}
57{{ end }}
Rico Lin0e153482024-05-03 03:29:14 +0800[diff] [blame]58 serviceAccountName: {{ $serviceAccountName }}
59 affinity:
60{{ tuple $envAll "neutron" "rpc_server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
61 nodeSelector:
62 {{ .Values.labels.rpc_server.node_selector_key }}: {{ .Values.labels.rpc_server.node_selector_value }}
63{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
64{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
65{{ end }}
66 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.rpc_server.timeout | default "30" }}
67 initContainers:
68{{ tuple $envAll "pod_dependency" $mounts_neutron_rpc_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
69 {{- if ( has "ovn" .Values.network.backend ) }}
70 - name: ovn-neutron-init
71{{ tuple $envAll "neutron_rpc_server" | include "helm-toolkit.snippets.image" | indent 10 }}
72 command:
73 - /tmp/neutron-ovn-init.sh
74 volumeMounts:
75 - name: pod-shared
76 mountPath: /tmp/pod-shared
77 - name: neutron-bin
78 mountPath: /tmp/neutron-ovn-init.sh
79 subPath: neutron-ovn-init.sh
80 readOnly: true
81 {{- end }}
82 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
83 - name: tungstenfabric-neutron-init
84 image: {{ .Values.images.tags.tf_neutron_init }}
85 imagePullPolicy: {{ .Values.images.pull_policy }}
86{{ tuple $envAll $envAll.Values.pod.resources.rpc_server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
87 securityContext:
88 runAsUser: {{ .Values.pod.security_context.neutron_rpc_server.pod.runAsUser }}
89 env:
90 - name: OPENSTACK_VERSION
91 value: "{{ .Values.conf.openstack_version }}"
92 volumeMounts:
93 - name: neutron-plugin-shared
94 mountPath: /opt/plugin
95 {{- end }}
96 containers:
97 - name: neutron-rpc-server
98{{ tuple $envAll "neutron_rpc_server" | include "helm-toolkit.snippets.image" | indent 10 }}
99{{ tuple $envAll $envAll.Values.pod.resources.rpc_server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
100{{ dict "envAll" $envAll "application" "neutron_rpc_server" "container" "neutron_rpc_server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
101 command:
102 - /tmp/neutron-rpc-server.sh
103 - start
104{{- if or .Values.manifests.certificates .Values.tls.identity }}
105 env:
106 - name: REQUESTS_CA_BUNDLE
107 value: "/etc/neutron/certs/ca.crt"
108{{- end }}
109 lifecycle:
110 preStop:
111 exec:
112 command:
113 - /tmp/neutron-rpc-server.sh
114 - stop
115 ports:
116 - name: q-api
117 containerPort: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
118 volumeMounts:
119 - name: pod-tmp
120 mountPath: /tmp
121 - name: pod-shared
122 mountPath: /tmp/pod-shared
123 - name: pod-var-neutron
124 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
125 - name: neutron-bin
126 mountPath: /tmp/neutron-rpc-server.sh
127 subPath: neutron-rpc-server.sh
128 readOnly: true
129 - name: neutron-etc
130 mountPath: /etc/neutron/neutron.conf
131 subPath: neutron.conf
132 readOnly: true
133 - name: neutron-etc
134 mountPath: /etc/neutron/neutron-api-uwsgi.ini
135 subPath: neutron-api-uwsgi.ini
136 readOnly: true
137 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
138 - name: neutron-etc
139 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
140 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
141 readOnly: true
142 {{- end }}
143 - name: neutron-etc
144 mountPath: /etc/neutron/api_audit_map.conf
145 subPath: api_audit_map.conf
146 readOnly: true
147 {{- if( has "tungstenfabric" .Values.network.backend ) }}
148 - name: neutron-etc
149 mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
150 subPath: tf_plugin.ini
151 readOnly: true
152 - name: neutron-etc
153 mountPath: /etc/contrail/vnc_api_lib.ini
154 subPath: vnc_api_lib.ini
155 readOnly: true
156 - name: neutron-plugin-shared
157 mountPath: /opt/plugin
158 - name: neutron-bin
159 mountPath: /usr/local/lib/python2.7/site-packages/tf-plugin.pth
160 subPath: tf-plugin.pth
161 readOnly: true
162 - name: neutron-bin
163 mountPath: /var/lib/openstack/lib/python2.7/site-packages/tf-plugin.pth
164 subPath: tf-plugin.pth
165 readOnly: true
166 - name: neutron-bin
167 mountPath: /var/lib/openstack/lib/python3.6/site-packages/tf-plugin.pth
168 subPath: tf-plugin.pth
169 readOnly: true
170 {{- else }}
171 - name: neutron-etc
172 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
173 subPath: ml2_conf.ini
174 readOnly: true
175 {{- end }}
176 {{ if ( has "sriov" .Values.network.backend ) }}
177 - name: neutron-etc
178 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
179 subPath: sriov_agent.ini
180 readOnly: true
181 {{ end }}
182 {{- if .Values.conf.plugins.taas.taas.enabled }}
183 - name: neutron-etc
184 mountPath: /etc/neutron/taas_plugin.ini
185 subPath: taas_plugin.ini
186 readOnly: true
187 {{ end }}
188 {{- if .Values.conf.plugins.l2gateway }}
189 - name: neutron-etc
190 mountPath: /etc/neutron/l2gw_plugin.ini
191 subPath: l2gw_plugin.ini
192 readOnly: true
193 {{ end }}
194 - name: neutron-etc
195 mountPath: /etc/neutron/api-paste.ini
196 subPath: api-paste.ini
197 readOnly: true
198 - name: neutron-etc
199 mountPath: /etc/neutron/policy.yaml
200 subPath: policy.yaml
201 readOnly: true
202{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
203{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
204{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
205{{ if $mounts_neutron_rpc_server.volumeMounts }}{{ toYaml $mounts_neutron_rpc_server.volumeMounts | indent 12 }}{{ end }}
206 volumes:
207 - name: pod-tmp
208 emptyDir: {}
209 - name: pod-shared
210 emptyDir: {}
211 {{- if .Values.manifests.certificates }}
212 - name: wsgi-neutron
213 emptyDir: {}
214 {{- end }}
215 - name: pod-var-neutron
216 emptyDir: {}
217 - name: neutron-bin
218 configMap:
219 name: neutron-bin
220 defaultMode: 0555
221 - name: neutron-etc
222 secret:
223 secretName: neutron-etc
224 defaultMode: 0444
225 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
226 - name: neutron-plugin-shared
227 emptyDir: {}
228 {{- end }}
229{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
230{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
231{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
232{{ if $mounts_neutron_rpc_server.volumes }}{{ toYaml $mounts_neutron_rpc_server.volumes | indent 8 }}{{ end }}
233{{- end }}