Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / nova / templates / deployment-api-metadata.yaml
blob: c4c64f9262ada836990582c02c4e7d2b890a95a2 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "novaApiMetadataLivenessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]16httpGet:
17 scheme: {{ tuple "compute_metadata" "service" "metadata" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
18 path: /
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]19 port: {{ .Values.network.metadata.port }}
20{{- end }}
21
22{{- define "novaApiMetadataReadinessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]23httpGet:
24 scheme: {{ tuple "compute_metadata" "service" "metadata" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
25 path: /
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]26 port: {{ .Values.network.metadata.port }}
27{{- end }}
28
29{{- if .Values.manifests.deployment_api_metadata }}
30{{- $envAll := . }}
31
32{{- $mounts_nova_api_metadata := .Values.pod.mounts.nova_api_metadata.nova_api_metadata }}
33{{- $mounts_nova_api_metadata_init := .Values.pod.mounts.nova_api_metadata.init_container }}
34
35{{- $serviceAccountName := "nova-api-metadata" }}
36{{ tuple $envAll "api_metadata" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
37---
38apiVersion: apps/v1
39kind: Deployment
40metadata:
41 name: nova-api-metadata
42 annotations:
43 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
44 labels:
45{{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
46spec:
47 replicas: {{ .Values.pod.replicas.api_metadata }}
48 selector:
49 matchLabels:
50{{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
51{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
52 template:
53 metadata:
54 labels:
55{{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
56 annotations:
57{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
58 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
59 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]60{{ tuple "nova_api_metadata" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]61{{ dict "envAll" $envAll "podName" "nova-api-metadata" "containerNames" (list "nova-api-metadata-init" "nova-api" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
62 spec:
Dong Mabb1ef1f2025-02-11 16:47:00 +0000[diff] [blame]63{{ with .Values.pod.priorityClassName.nova_api_metadata }}
64 priorityClassName: {{ . }}
65{{ end }}
66{{ with .Values.pod.runtimeClassName.nova_api_metadata }}
67 runtimeClassName: {{ . }}
68{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]69 serviceAccountName: {{ $serviceAccountName }}
70{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
71 affinity:
72{{ tuple $envAll "nova" "metadata" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
73 nodeSelector:
74 {{ .Values.labels.api_metadata.node_selector_key }}: {{ .Values.labels.api_metadata.node_selector_value }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]75{{ if $envAll.Values.pod.tolerations.nova.enabled }}
76{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
77{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]78 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.metadata.timeout | default "30" }}
79 initContainers:
80{{ tuple $envAll "api_metadata" $mounts_nova_api_metadata_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
81 - name: nova-api-metadata-init
82{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
83{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
84{{ dict "envAll" $envAll "application" "nova" "container" "nova_api_metadata_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
85 command:
86 - /tmp/nova-api-metadata-init.sh
87 volumeMounts:
88 - name: pod-tmp
89 mountPath: /tmp
90 - name: nova-bin
91 mountPath: /tmp/nova-api-metadata-init.sh
92 subPath: nova-api-metadata-init.sh
93 readOnly: true
94 - name: nova-etc
95 mountPath: /etc/nova/nova.conf
96 subPath: nova.conf
97 readOnly: true
98 - name: pod-shared
99 mountPath: /tmp/pod-shared
100 containers:
101 - name: nova-api
102{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
103{{ tuple $envAll $envAll.Values.pod.resources.api_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
104{{ dict "envAll" $envAll "application" "nova" "container" "nova_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]105{{- if or .Values.manifests.certificates .Values.tls.identity }}
106 env:
107 - name: REQUESTS_CA_BUNDLE
108 value: "/etc/nova/certs/ca.crt"
109{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]110 command:
111 - /tmp/nova-api-metadata.sh
112 - start
113 lifecycle:
114 preStop:
115 exec:
116 command:
117 - /tmp/nova-api-metadata.sh
118 - stop
119 ports:
120 - containerPort: {{ .Values.network.metadata.port }}
121{{ dict "envAll" $envAll "component" "api-metadata" "container" "default" "type" "liveness" "probeTemplate" (include "novaApiMetadataLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
122{{ dict "envAll" $envAll "component" "api-metadata" "container" "default" "type" "readiness" "probeTemplate" (include "novaApiMetadataReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
123 volumeMounts:
124 - name: pod-tmp
125 mountPath: /tmp
126 - name: nova-bin
127 mountPath: /tmp/nova-api-metadata.sh
128 subPath: nova-api-metadata.sh
129 readOnly: true
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]130 - name: nova-etc
131 mountPath: /etc/nova/nova-metadata-uwsgi.ini
132 subPath: nova-metadata-uwsgi.ini
133 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]134 - name: nova-bin
135 mountPath: /sbin/iptables
136 subPath: fake-iptables.sh
137 readOnly: true
138 - name: nova-bin
139 mountPath: /sbin/iptables-restore
140 subPath: fake-iptables.sh
141 readOnly: true
142 - name: nova-bin
143 mountPath: /sbin/iptables-save
144 subPath: fake-iptables.sh
145 readOnly: true
146 - name: nova-etc
147 mountPath: /etc/nova/nova.conf
148 subPath: nova.conf
149 readOnly: true
150 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
151 - name: nova-etc
152 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
153 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
154 readOnly: true
155 {{- end }}
156 - name: nova-etc
157 mountPath: /etc/nova/api-paste.ini
158 subPath: api-paste.ini
159 readOnly: true
160 - name: nova-etc
161 mountPath: /etc/nova/policy.yaml
162 subPath: policy.yaml
163 readOnly: true
164 - name: nova-etc
165 mountPath: /etc/nova/api_audit_map.conf
166 subPath: api_audit_map.conf
167 readOnly: true
168 - name: nova-etc
169 # NOTE (Portdirect): We mount here to override Kollas
170 # custom sudoers file when using Kolla images, this
171 # location will also work fine for other images.
172 mountPath: /etc/sudoers.d/kolla_nova_sudoers
173 subPath: nova_sudoers
174 readOnly: true
175 - name: nova-etc
176 mountPath: /etc/nova/rootwrap.conf
177 subPath: rootwrap.conf
178 readOnly: true
179 {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
180 {{- if ( has "metadata" $value.pods ) }}
181 {{- $filePrefix := replace "_" "-" $key }}
182 {{- $rootwrapFile := printf "/etc/nova/rootwrap.d/%s.filters" $filePrefix }}
183 - name: nova-etc
184 mountPath: {{ $rootwrapFile }}
185 subPath: {{ base $rootwrapFile }}
186 readOnly: true
187 {{- end }}
188 {{- end }}
189 - name: pod-shared
190 mountPath: /tmp/pod-shared
191 readOnly: true
192 {{- if .Values.manifests.certificates }}
193 - name: wsgi-nova
194 mountPath: /var/www/cgi-bin/nova
195 - name: nova-etc
196 mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-metadata.conf
197 subPath: wsgi-metadata.conf
198 readOnly: true
199 - name: nova-etc
200 mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
201 subPath: mpm_event.conf
202 readOnly: true
203 {{- end }}
204{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]205{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]206{{ if $mounts_nova_api_metadata.volumeMounts }}{{ toYaml $mounts_nova_api_metadata.volumeMounts | indent 12 }}{{ end }}
207 volumes:
208 - name: pod-tmp
209 emptyDir: {}
210 {{- if .Values.manifests.certificates }}
211 - name: wsgi-nova
212 emptyDir: {}
213 {{- end }}
214 - name: nova-bin
215 configMap:
216 name: nova-bin
217 defaultMode: 0555
218 - name: nova-etc
219 secret:
220 secretName: nova-etc
221 defaultMode: 0444
222 - name: pod-shared
223 emptyDir: {}
224{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]225{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]226{{ if $mounts_nova_api_metadata.volumes }}{{ toYaml $mounts_nova_api_metadata.volumes | indent 8 }}{{ end }}
227{{- end }}