Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/2024.1 / . / charts / cinder / templates / deployment-api.yaml
blob: 13087e72c937183b168e400f206ceb32be999cd5 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_api }}
16{{- $envAll := . }}
17
18{{- $mounts_cinder_api := .Values.pod.mounts.cinder_api.cinder_api }}
19{{- $mounts_cinder_api_init := .Values.pod.mounts.cinder_api.init_container }}
20
21{{- $serviceAccountName := "cinder-api" }}
22{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
23---
24apiVersion: apps/v1
25kind: Deployment
26metadata:
27 name: cinder-api
28 annotations:
29 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
30 labels:
31{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
32spec:
33 replicas: {{ .Values.pod.replicas.api }}
34 selector:
35 matchLabels:
36{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
37{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
38 template:
39 metadata:
40 labels:
41{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
42 annotations:
43{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
44 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
45 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
46{{ dict "envAll" $envAll "podName" "cinder-api" "containerNames" (list "cinder-api" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
47 spec:
Mohammed Naserefaf37b2025-02-05 16:40:34 -0500[diff] [blame]48{{ with .Values.pod.priorityClassName.cinder_api }}
49 priorityClassName: {{ . }}
50{{ end }}
51{{ with .Values.pod.runtimeClassName.cinder_api }}
52 runtimeClassName: {{ . }}
53{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]54 serviceAccountName: {{ $serviceAccountName }}
55{{ dict "envAll" $envAll "application" "cinder_api" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
56 affinity:
57{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
58{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
59{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
60{{ end }}
61 nodeSelector:
62 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
63 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
64 initContainers:
65{{ tuple $envAll "api" $mounts_cinder_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
66 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
67 - name: ceph-coordination-volume-perms
68{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
69{{ dict "envAll" $envAll "application" "cinder_api" "container" "ceph_coordination_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
70 command:
71 - chown
72 - -R
73 - "cinder:"
74 - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
75 volumeMounts:
76 - name: pod-tmp
77 mountPath: /tmp
78 - name: cinder-coordination
79 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
80 {{ end }}
81 containers:
82 - name: cinder-api
83{{ tuple $envAll "cinder_api" | include "helm-toolkit.snippets.image" | indent 10 }}
84{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
85{{ dict "envAll" $envAll "application" "cinder_api" "container" "cinder_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
86 command:
87 - /tmp/cinder-api.sh
88 - start
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]89 env:
90{{- if or .Values.manifests.certificates .Values.tls.identity }}
91 - name: REQUESTS_CA_BUNDLE
92 value: "/etc/cinder/certs/ca.crt"
93{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]94 lifecycle:
95 preStop:
96 exec:
97 command:
98 - /tmp/cinder-api.sh
99 - stop
100 ports:
101 - name: c-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]102 containerPort: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]103 readinessProbe:
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]104 httpGet:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]105 scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]106 path: /
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]107 port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]108 livenessProbe:
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]109 httpGet:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]110 scheme: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]111 path: /
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]112 port: {{ tuple "volume" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Oleksandr Kozachenko7ac2d722023-10-03 15:19:33 +0200[diff] [blame]113 initialDelaySeconds: 5
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]114 failureThreshold: 3
115 periodSeconds: 10
116 successThreshold: 1
117 timeoutSeconds: 1
118 volumeMounts:
119 - name: pod-tmp
120 mountPath: /tmp
121 - name: wsgi-cinder
122 mountPath: /var/www/cgi-bin/cinder
123 - name: cinder-bin
124 mountPath: /tmp/cinder-api.sh
125 subPath: cinder-api.sh
126 readOnly: true
127 - name: cinder-etc
Oleksandr Kozachenko7ac2d722023-10-03 15:19:33 +0200[diff] [blame]128 mountPath: /etc/cinder/cinder-api-uwsgi.ini
129 subPath: cinder-api-uwsgi.ini
130 readOnly: true
131 - name: cinder-etc
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]132 mountPath: /etc/cinder/cinder.conf
133 subPath: cinder.conf
134 readOnly: true
135 {{- if .Values.conf.cinder.DEFAULT.log_config_append }}
136 - name: cinder-etc
137 mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
138 subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
139 readOnly: true
140 {{- end }}
141 - name: cinder-etc
142 mountPath: /etc/cinder/api-paste.ini
143 subPath: api-paste.ini
144 readOnly: true
145 - name: cinder-etc
146 mountPath: /etc/cinder/policy.yaml
147 subPath: policy.yaml
148 readOnly: true
149 - name: cinder-etc
150 mountPath: /etc/cinder/api_audit_map.conf
151 subPath: api_audit_map.conf
152 readOnly: true
153 - name: cinder-etc
154 mountPath: {{ .Values.conf.cinder.DEFAULT.resource_query_filters_file }}
155 subPath: resource_filters.json
156 readOnly: true
157{{- if .Values.conf.security }}
158 - name: cinder-etc
159 mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf
160 subPath: security.conf
161 readOnly: true
162{{- end }}
163 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
164 - name: cinder-coordination
165 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
166 {{- end }}
167 {{- if .Values.manifests.certificates }}
168 - name: cinder-etc
169 mountPath: {{ .Values.conf.software.apache2.site_dir }}/cinder-api.conf
170 subPath: wsgi-cinder.conf
171 readOnly: true
172 - name: cinder-etc
173 mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
174 subPath: mpm_event.conf
175 readOnly: true
176 {{- end }}
177{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]178{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal "path" "/etc/cinder/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]179{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
180{{ if $mounts_cinder_api.volumeMounts }}{{ toYaml $mounts_cinder_api.volumeMounts | indent 12 }}{{ end }}
181 volumes:
182 - name: pod-tmp
183 emptyDir: {}
184 - name: wsgi-cinder
185 emptyDir: {}
186 - name: cinder-bin
187 configMap:
188 name: cinder-bin
189 defaultMode: 0555
190 - name: cinder-etc
191 secret:
192 secretName: cinder-etc
193 defaultMode: 0444
194 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
195 # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
196 # pods for the coordination backend to be fully functional.
197 - name: cinder-coordination
198 emptyDir: {}
199 {{- end }}
200{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]201{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.volume.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]202{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
203{{ if $mounts_cinder_api.volumes }}{{ toYaml $mounts_cinder_api.volumes | indent 8 }}{{ end }}
204{{- end }}