Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / nova / templates / deployment-api-osapi.yaml
blob: 70a65f5954a86554ba03a799a59b2e4c5d032e54 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "novaApiOsapiLivenessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]16httpGet:
17 scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
18 path: /
19 port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]20{{- end }}
21
22{{- define "novaApiOsapiReadinessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]23httpGet:
24 scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
25 path: /
26 port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]27{{- end }}
28
29{{- if .Values.manifests.deployment_api_osapi }}
30{{- $envAll := . }}
31
32{{- $mounts_nova_api_osapi := .Values.pod.mounts.nova_api_osapi.nova_api_osapi }}
33{{- $mounts_nova_api_osapi_init := .Values.pod.mounts.nova_api_osapi.init_container }}
34
35{{- $serviceAccountName := "nova-api-osapi" }}
36{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
37---
38apiVersion: apps/v1
39kind: Deployment
40metadata:
41 name: nova-api-osapi
42 annotations:
43 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
44 labels:
45{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
46spec:
47 replicas: {{ .Values.pod.replicas.osapi }}
48 selector:
49 matchLabels:
50{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
51{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
52 template:
53 metadata:
54 labels:
55{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
56 annotations:
57{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
58 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
59 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]60{{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]61{{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
62 spec:
Dong Mabb1ef1f2025-02-11 16:47:00 +0000[diff] [blame]63{{ with .Values.pod.priorityClassName.nova_api_osapi }}
64 priorityClassName: {{ . }}
65{{ end }}
66{{ with .Values.pod.runtimeClassName.nova_api_osapi }}
67 runtimeClassName: {{ . }}
68{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]69 serviceAccountName: {{ $serviceAccountName }}
70{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
71 affinity:
72{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
73 nodeSelector:
74 {{ .Values.labels.osapi.node_selector_key }}: {{ .Values.labels.osapi.node_selector_value }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]75{{ if $envAll.Values.pod.tolerations.nova.enabled }}
76{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
77{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]78 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.osapi.timeout | default "30" }}
79 initContainers:
80{{ tuple $envAll "api" $mounts_nova_api_osapi_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
81 containers:
82 - name: nova-osapi
83{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
84{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
85{{ dict "envAll" $envAll "application" "nova" "container" "nova_osapi" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]86{{- if or .Values.manifests.certificates .Values.tls.identity }}
87 env:
88 - name: REQUESTS_CA_BUNDLE
89 value: "/etc/nova/certs/ca.crt"
90{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]91 command:
92 - /tmp/nova-api.sh
93 - start
94 lifecycle:
95 preStop:
96 exec:
97 command:
98 - /tmp/nova-api.sh
99 - stop
100 ports:
101 - name: n-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]102 containerPort: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]103{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "liveness" "probeTemplate" (include "novaApiOsapiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
104{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "readiness" "probeTemplate" (include "novaApiOsapiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
105 volumeMounts:
106 - name: pod-tmp
107 mountPath: /tmp
108 - name: pod-var-nova
109 mountPath: /var/lib/nova
110 - name: nova-bin
111 mountPath: /tmp/nova-api.sh
112 subPath: nova-api.sh
113 readOnly: true
114 - name: nova-etc
115 mountPath: /etc/nova/nova.conf
116 subPath: nova.conf
117 readOnly: true
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]118 - name: nova-etc
119 mountPath: /etc/nova/nova-api-uwsgi.ini
120 subPath: nova-api-uwsgi.ini
121 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]122 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
123 - name: nova-etc
124 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
125 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
126 readOnly: true
127 {{- end }}
128 - name: nova-etc
129 mountPath: /etc/nova/api-paste.ini
130 subPath: api-paste.ini
131 readOnly: true
132 - name: nova-etc
133 mountPath: /etc/nova/policy.yaml
134 subPath: policy.yaml
135 readOnly: true
136 - name: nova-etc
137 mountPath: /etc/nova/api_audit_map.conf
138 subPath: api_audit_map.conf
139 readOnly: true
140 {{- if .Values.manifests.certificates }}
141 - name: wsgi-nova
142 mountPath: /var/www/cgi-bin/nova
143 - name: nova-etc
144 mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-api.conf
145 subPath: wsgi-api.conf
146 readOnly: true
147 - name: nova-etc
148 mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
149 subPath: mpm_event.conf
150 readOnly: true
151 {{- end }}
152{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]153{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]154{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
155{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
156 volumes:
157 - name: pod-tmp
158 emptyDir: {}
159 {{- if .Values.manifests.certificates }}
160 - name: wsgi-nova
161 emptyDir: {}
162 {{- end }}
163 - name: pod-var-nova
164 emptyDir: {}
165 - name: nova-bin
166 configMap:
167 name: nova-bin
168 defaultMode: 0555
169 - name: nova-etc
170 secret:
171 secretName: nova-etc
172 defaultMode: 0444
173{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]174{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]175{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
176{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
177{{- end }}