Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / barbican / templates / deployment-api.yaml
blob: f67c2215bcd503029f22e82cc265f69fb7a814ed [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_api }}
16{{- $envAll := . }}
17
18{{- $mounts_barbican_api := .Values.pod.mounts.barbican_api.barbican_api }}
19{{- $mounts_barbican_api_init := .Values.pod.mounts.barbican_api.init_container }}
20
21{{- $serviceAccountName := "barbican-api" }}
22{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
23---
24apiVersion: apps/v1
25kind: Deployment
26metadata:
27 name: barbican-api
28 annotations:
29 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
30 labels:
31{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
32spec:
33 replicas: {{ .Values.pod.replicas.api }}
34 selector:
35 matchLabels:
36{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
37{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
38 template:
39 metadata:
40 labels:
41{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
42 annotations:
43{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
44 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
45 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
46{{ dict "envAll" $envAll "podName" "barbican-api" "containerNames" (list "init" "barbican-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
47 spec:
48{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
49 serviceAccountName: {{ $serviceAccountName }}
50 affinity:
51{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
52 nodeSelector:
53 {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
54{{ if $envAll.Values.pod.tolerations.barbican.enabled }}
55{{ tuple $envAll "barbican" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
56{{ end }}
57 initContainers:
58{{ tuple $envAll "api" $mounts_barbican_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
59 containers:
60 - name: barbican-api
61{{ tuple $envAll "barbican_api" | include "helm-toolkit.snippets.image" | indent 10 }}
62{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
63{{ dict "envAll" $envAll "application" "barbican" "container" "barbican_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
64 command:
65 - /tmp/barbican.sh
66 - start
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]67 env:
68{{- if or .Values.manifests.certificates .Values.tls.identity }}
69 - name: REQUESTS_CA_BUNDLE
70 value: "/etc/barbican/certs/ca.crt"
71{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]72 lifecycle:
73 preStop:
74 exec:
75 command:
76 - /tmp/barbican.sh
77 - stop
78 ports:
79 - name: b-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]80 containerPort: {{ tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]81 readinessProbe:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]82 httpGet:
83 scheme: HTTP
84 path: /
85 port: {{ tuple "key_manager" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]86 volumeMounts:
87 - name: pod-tmp
88 mountPath: /tmp
89 - name: etcbarbican
90 mountPath: /etc/barbican
91 - name: barbican-etc
Mohammed Naserd8d1b3b2024-04-21 17:33:04 -0400[diff] [blame]92 mountPath: /etc/barbican/barbican-api-uwsgi.ini
93 subPath: barbican-api-uwsgi.ini
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]94 readOnly: true
95 - name: barbican-etc
96 mountPath: /etc/barbican/barbican.conf
97 subPath: barbican.conf
98 readOnly: true
99 {{- if .Values.conf.barbican.DEFAULT.log_config_append }}
100 - name: barbican-etc
101 mountPath: {{ .Values.conf.barbican.DEFAULT.log_config_append }}
102 subPath: {{ base .Values.conf.barbican.DEFAULT.log_config_append }}
103 readOnly: true
104 {{- end }}
105 - name: barbican-etc
106 mountPath: /etc/barbican/api_audit_map.conf
107 subPath: api_audit_map.conf
108 readOnly: true
109 - name: barbican-etc
110 mountPath: /etc/barbican/barbican-api-paste.ini
111 subPath: barbican-api-paste.ini
112 readOnly: true
113 - name: barbican-etc
114 mountPath: /etc/barbican/policy.yaml
115 subPath: policy.yaml
116 readOnly: true
117 - name: barbican-bin
118 mountPath: /tmp/barbican.sh
119 subPath: barbican.sh
120 readOnly: true
121{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]122{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal "path" "/etc/barbican/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
123{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
124
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]125{{ if $mounts_barbican_api.volumeMounts }}{{ toYaml $mounts_barbican_api.volumeMounts | indent 12 }}{{ end }}
126 volumes:
127 - name: pod-tmp
128 emptyDir: {}
129 - name: etcbarbican
130 emptyDir: {}
131 - name: barbican-etc
132 secret:
133 secretName: barbican-etc
134 defaultMode: 0444
135 - name: barbican-bin
136 configMap:
137 name: barbican-bin
138 defaultMode: 0555
139{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]140{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.key_manager.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
141{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
142
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]143{{ if $mounts_barbican_api.volumes }}{{ toYaml $mounts_barbican_api.volumes | indent 8 }}{{ end }}
144{{- end }}