Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2023.1 / . / charts / barbican / templates / deployment-api.yaml
blob: 8ae9ea426a6873bd04fd3f8179f44ab2f12c7772 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_api }}
16{{- $envAll := . }}
17
18{{- $mounts_barbican_api := .Values.pod.mounts.barbican_api.barbican_api }}
19{{- $mounts_barbican_api_init := .Values.pod.mounts.barbican_api.init_container }}
20
21{{- $serviceAccountName := "barbican-api" }}
22{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
23---
24apiVersion: apps/v1
25kind: Deployment
26metadata:
27 name: barbican-api
28 annotations:
29 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
30 labels:
31{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
32spec:
33 replicas: {{ .Values.pod.replicas.api }}
34 selector:
35 matchLabels:
36{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
37{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
38 template:
39 metadata:
40 labels:
41{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
42 annotations:
43{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
44 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
45 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Rico Linf19da962024-04-20 03:13:27 +0800[diff] [blame]46{{ tuple "barbican_api" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]47{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
48 spec:
49{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
50 serviceAccountName: {{ $serviceAccountName }}
51 affinity:
52{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
53 nodeSelector:
54 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
55{{ if $envAll.Values.pod.tolerations.barbican.enabled }}
56{{ tuple $envAll "barbican" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
57{{ end }}
58 initContainers:
59{{ tuple $envAll "api" $mounts_barbican_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
60 containers:
61 - name: barbican-api
62{{ tuple $envAll "barbican_api" | include "helm-toolkit.snippets.image" | indent 10 }}
63{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
64{{ dict "envAll" $envAll "application" "barbican" "container" "barbican_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
65 command:
66 - /tmp/barbican.sh
67 - start
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]68 env:
69{{- if or .Values.manifests.certificates .Values.tls.identity }}
70 - name: REQUESTS_CA_BUNDLE
71 value: "/etc/barbican/certs/ca.crt"
72{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]73 lifecycle:
74 preStop:
75 exec:
76 command:
77 - /tmp/barbican.sh
78 - stop
79 ports:
80 - name: b-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]81 containerPort: {{ tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]82 readinessProbe:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]83 httpGet:
84 scheme: HTTP
85 path: /
86 port: {{ tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]87 volumeMounts:
88 - name: pod-tmp
89 mountPath: /tmp
90 - name: etcbarbican
91 mountPath: /etc/barbican
92 - name: barbican-etc
Rico Lin36e65de2024-04-22 00:08:06 +0800[diff] [blame]93 mountPath: /etc/barbican/barbican-api-uwsgi.ini
94 subPath: barbican-api-uwsgi.ini
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]95 readOnly: true
96 - name: barbican-etc
97 mountPath: /etc/barbican/barbican.conf
98 subPath: barbican.conf
99 readOnly: true
100 {{- if .Values.conf.barbican.DEFAULT.log_config_append }}
101 - name: barbican-etc
102 mountPath: {{ .Values.conf.barbican.DEFAULT.log_config_append }}
103 subPath: {{ base .Values.conf.barbican.DEFAULT.log_config_append }}
104 readOnly: true
105 {{- end }}
106 - name: barbican-etc
107 mountPath: /etc/barbican/api_audit_map.conf
108 subPath: api_audit_map.conf
109 readOnly: true
110 - name: barbican-etc
111 mountPath: /etc/barbican/barbican-api-paste.ini
112 subPath: barbican-api-paste.ini
113 readOnly: true
114 - name: barbican-etc
115 mountPath: /etc/barbican/policy.yaml
116 subPath: policy.yaml
117 readOnly: true
118 - name: barbican-bin
119 mountPath: /tmp/barbican.sh
120 subPath: barbican.sh
121 readOnly: true
Rico Linf19da962024-04-20 03:13:27 +0800[diff] [blame]122{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
123{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
124{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]125
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]126{{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }}
127 volumes:
128 - name: pod-tmp
129 emptyDir: {}
130 - name: etcbarbican
131 emptyDir: {}
132 - name: barbican-etc
133 secret:
134 secretName: barbican-etc
135 defaultMode: 0444
136 - name: barbican-bin
137 configMap:
138 name: barbican-bin
139 defaultMode: 0555
Rico Linf19da962024-04-20 03:13:27 +0800[diff] [blame]140{{- dict "enabled" .Values.tls.oslo_db "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
141{{- dict "enabled" .Values.tls.identity "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
142{{- dict "enabled" $envAll.Values.tls.oslo_messaging "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]143
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]144{{ if $mounts_barbican_api.volumes }}{{ toYaml $mounts_barbican_api.volumes | indent 8 }}{{ end }}
145{{- end }}