Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / nova / templates / job-nova-storage-init.yaml
blob: 9748a5f45d890691d5909fd9fa44163e25e8bb04 [file] [log] [blame]
Oleksandr K.24c88fd2024-12-08 22:28:50 -0800[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if and .Values.manifests.job_storage_init .Values.conf.ceph.enabled }}
16{{- $envAll := . }}
17
18{{- $serviceAccountName := "nova-storage-init" }}
19{{ tuple $envAll "storage_init" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
20---
21apiVersion: rbac.authorization.k8s.io/v1
22kind: Role
23metadata:
24 name: {{ $serviceAccountName }}
25rules:
26 - apiGroups:
27 - ""
28 resources:
29 - secrets
30 verbs:
31 - get
32 - create
33 - update
34 - patch
35---
36apiVersion: rbac.authorization.k8s.io/v1
37kind: RoleBinding
38metadata:
39 name: {{ $serviceAccountName }}
40roleRef:
41 apiGroup: rbac.authorization.k8s.io
42 kind: Role
43 name: {{ $serviceAccountName }}
44subjects:
45 - kind: ServiceAccount
46 name: {{ $serviceAccountName }}
47 namespace: {{ $envAll.Release.Namespace }}
48---
49apiVersion: batch/v1
50kind: Job
51metadata:
52{{- if .Values.helm3_hook }}
53 annotations:
54 helm.sh/hook: post-install,post-upgrade
55 helm.sh/hook-weight: "-6"
56{{- end }}
57 name: nova-storage-init
58 labels:
59{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
60spec:
61 template:
62 metadata:
63 labels:
64{{ tuple $envAll "nova" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
65 spec:
66 serviceAccountName: {{ $serviceAccountName }}
67{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
68 restartPolicy: OnFailure
69{{ if $envAll.Values.pod.tolerations.nova.enabled }}
70{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
71{{ end }}
72 nodeSelector:
73 {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
74 initContainers:
75{{ tuple $envAll "storage_init" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
76 {{- if $envAll.Values.conf.ceph.enabled }}
77 - name: ceph-keyring-placement
78{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
79 securityContext:
80 runAsUser: 0
81 command:
82 - /tmp/ceph-admin-keyring.sh
83 volumeMounts:
84 - name: pod-tmp
85 mountPath: /tmp
86 - name: etcceph
87 mountPath: /etc/ceph
88 - name: nova-bin
89 mountPath: /tmp/ceph-admin-keyring.sh
90 subPath: ceph-admin-keyring.sh
91 readOnly: true
92 {{- if empty .Values.conf.ceph.admin_keyring }}
93 - name: ceph-keyring
94 mountPath: /tmp/client-keyring
95 subPath: key
96 readOnly: true
97 {{ end }}
98 {{ end }}
99 containers:
100 - name: nova-storage-init
101{{ tuple $envAll "nova_storage_init" | include "helm-toolkit.snippets.image" | indent 10 }}
102{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
103 env:
104 - name: NAMESPACE
105 valueFrom:
106 fieldRef:
107 fieldPath: metadata.namespace
108 - name: STORAGE_BACKEND
109 value: {{ .Values.conf.nova.libvirt.images_type | quote }}
110 {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }}
111 - name: RBD_POOL_NAME
112 value: {{ .Values.conf.nova.libvirt.images_rbd_pool | quote }}
113 - name: RBD_POOL_APP_NAME
114 value: {{ .Values.rbd_pool.app_name | quote }}
115 - name: RBD_POOL_USER
116 value: {{ .Values.conf.nova.libvirt.rbd_user | quote }}
117 - name: RBD_POOL_CRUSH_RULE
118 value: {{ .Values.rbd_pool.crush_rule | quote }}
119 - name: RBD_POOL_REPLICATION
120 value: {{ .Values.rbd_pool.replication | quote }}
121 - name: RBD_POOL_CHUNK_SIZE
122 value: {{ .Values.rbd_pool.chunk_size | quote }}
123 {{ end }}
124 command:
125 - /tmp/storage-init.sh
126 volumeMounts:
127 - name: pod-tmp
128 mountPath: /tmp
129 - name: nova-bin
130 mountPath: /tmp/storage-init.sh
131 subPath: storage-init.sh
132 readOnly: true
133 {{- if eq .Values.conf.nova.libvirt.images_type "rbd" }}
134 - name: etcceph
135 mountPath: /etc/ceph
136 - name: ceph-etc
137 mountPath: /etc/ceph/ceph.conf
138 subPath: ceph.conf
139 readOnly: true
140 {{- if empty $envAll.Values.conf.ceph.admin_keyring }}
141 - name: ceph-keyring
142 mountPath: /tmp/client-keyring
143 subPath: key
144 readOnly: true
145 {{- end }}
146 {{- end }}
147 volumes:
148 - name: pod-tmp
149 emptyDir: {}
150 - name: nova-bin
151 configMap:
152 name: nova-bin
153 defaultMode: 0555
154 {{- if $envAll.Values.conf.ceph.enabled }}
155 - name: etcceph
156 emptyDir: {}
157 - name: ceph-etc
158 configMap:
159 name: {{ .Values.ceph_client.configmap }}
160 defaultMode: 0444
161 {{- if empty .Values.conf.ceph.admin_keyring }}
162 - name: ceph-keyring
163 secret:
164 secretName: {{ .Values.ceph_client.user_secret_name }}
165 {{- end }}
166 {{- end }}
167{{- end }}