Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / nova / templates / job-bootstrap.yaml
blob: 72cc319d6fd9e7cd501cf3886753057e6e1d30c7 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- $envAll := . }}
16{{- if and $envAll.Values.manifests.job_bootstrap $envAll.Values.bootstrap.enabled }}
17{{- $serviceName := "nova" -}}
18{{- $keystoneUser := $envAll.Values.bootstrap.ks_user -}}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]19{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]20{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
21{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
22{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]23{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
24{{- $serviceAccountName := printf "%s-%s" $serviceName "bootstrap" -}}
25{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
26---
27apiVersion: batch/v1
28kind: Job
29metadata:
30 name: {{ $serviceAccountName | quote }}
31 labels:
32{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
33spec:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]34 backoffLimit: {{ $backoffLimit }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]35 template:
36 metadata:
37 labels:
38{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
39 annotations:
40{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
41 spec:
42{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
Dong Ma36b89222025-02-13 16:15:52 +0000[diff] [blame]43{{ with .Values.pod.priorityClassName.bootstrap }}
44 priorityClassName: {{ . }}
45{{ end }}
46{{ with .Values.pod.runtimeClassName.bootstrap }}
47 runtimeClassName: {{ . }}
48{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]49 serviceAccountName: {{ $serviceAccountName }}
50 restartPolicy: OnFailure
51 nodeSelector:
52{{ toYaml $nodeSelector | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]53{{ if $envAll.Values.pod.tolerations.nova.enabled }}
54{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
55{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]56 initContainers:
57{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
58{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
59 - name: nova-wait-for-computes-init
60{{ tuple $envAll "nova_wait_for_computes_init" | include "helm-toolkit.snippets.image" | indent 10 }}
61{{ dict "envAll" $envAll "application" "bootstrap" "container" "nova_wait_for_computes_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
62 command:
63 - /bin/bash
64 - -c
65 - /tmp/wait-for-computes-init.sh
66 volumeMounts:
67 - name: pod-tmp
68 mountPath: /tmp
69 - name: bootstrap-sh
70 mountPath: /tmp/wait-for-computes-init.sh
71 subPath: wait-for-computes-init.sh
72 readOnly: true
73{{- end }}
74 containers:
75 - name: bootstrap
76 image: {{ $envAll.Values.images.tags.bootstrap }}
77 imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
78{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
79{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
80 env:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]81{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]82{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
83{{- end }}
84 - name: WAIT_PERCENTAGE
85 value: "{{ .Values.bootstrap.wait_for_computes.wait_percentage }}"
86 - name: REMAINING_WAIT
87 value: "{{ .Values.bootstrap.wait_for_computes.remaining_wait }}"
88 command:
89 - /bin/bash
90 - -c
91 - /tmp/bootstrap.sh
92 volumeMounts:
93 - name: pod-tmp
94 mountPath: /tmp
95 - name: bootstrap-sh
96 mountPath: /tmp/bootstrap.sh
97 subPath: bootstrap.sh
98 readOnly: true
99 - name: etc-service
100 mountPath: {{ dir $configFile | quote }}
101 - name: bootstrap-conf
102 mountPath: {{ $configFile | quote }}
103 subPath: {{ base $configFile | quote }}
104 readOnly: true
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]105 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 - name: bootstrap-conf
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]107 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append | quote }}
108 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append | quote }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]109 readOnly: true
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]110 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]111{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]112 volumes:
113 - name: pod-tmp
114 emptyDir: {}
115 - name: bootstrap-sh
116 configMap:
117 name: {{ $configMapBin | quote }}
118 defaultMode: 0555
119 - name: etc-service
120 emptyDir: {}
121 - name: bootstrap-conf
122 secret:
123 secretName: {{ $configMapEtc | quote }}
124 defaultMode: 0444
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]125{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]126---
127kind: ClusterRole
128apiVersion: rbac.authorization.k8s.io/v1
129metadata:
130 name: {{ $serviceAccountName }}
131rules:
132 - apiGroups:
133 - ''
134 resources:
135 - nodes
136 verbs:
137 - get
138 - list
139---
140apiVersion: rbac.authorization.k8s.io/v1
141kind: ClusterRoleBinding
142metadata:
143 name: {{ $serviceAccountName }}
144subjects:
145 - kind: ServiceAccount
146 name: {{ $serviceAccountName }}
147 namespace: {{ $envAll.Release.Namespace }}
148roleRef:
149 kind: ClusterRole
150 name: {{ $serviceAccountName }}
151 apiGroup: rbac.authorization.k8s.io
152{{- end }}