Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / cinder / templates / deployment-backup.yaml
blob: 47fac408c811fb03ac833dd61da7e4b466e4e04e [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- if .Values.manifests.deployment_backup }}
16{{- $envAll := . }}
17
18{{- $internal_ceph_backend := .Values.ceph_client.internal_ceph_backend }}
19
20{{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }}
21{{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }}
22
23{{- $serviceAccountName := "cinder-backup" }}
24{{ tuple $envAll "backup" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
25---
26apiVersion: apps/v1
27kind: Deployment
28metadata:
29 name: cinder-backup
30 annotations:
31 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
32 labels:
33{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
34spec:
35 replicas: {{ .Values.pod.replicas.backup }}
36 selector:
37 matchLabels:
38{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
39{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
40 template:
41 metadata:
42 labels:
43{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
44 annotations:
45{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
46 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
47 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
48{{ dict "envAll" $envAll "podName" "cinder-backup" "containerNames" (list "cinder-backup" "ceph-coordination-volume-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
49 spec:
50 serviceAccountName: {{ $serviceAccountName }}
51{{ dict "envAll" $envAll "application" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
52 affinity:
53{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
54{{ if $envAll.Values.pod.tolerations.cinder.enabled }}
55{{ tuple $envAll "cinder" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
56{{ end }}
57 nodeSelector:
58 {{ .Values.labels.backup.node_selector_key }}: {{ .Values.labels.backup.node_selector_value }}
59{{- if .Values.pod.useHostNetwork.backup }}
60 hostNetwork: true
61 dnsPolicy: ClusterFirstWithHostNet
62{{- end }}
63{{- if .Values.conf.enable_iscsi }}
64 hostIPC: true
65{{- end }}
66 initContainers:
67{{ tuple $envAll "backup" $mounts_cinder_backup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
68 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
69 - name: ceph-backup-keyring-placement
70{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
71{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_backup_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
72 command:
73 - /tmp/ceph-keyring.sh
74 env:
75 - name: RBD_USER
76 value: {{ .Values.conf.cinder.DEFAULT.backup_ceph_user | quote }}
77 volumeMounts:
78 - name: pod-tmp
79 mountPath: /tmp
80 - name: etcceph
81 mountPath: /etc/ceph
82 - name: cinder-bin
83 mountPath: /tmp/ceph-keyring.sh
84 subPath: ceph-keyring.sh
85 readOnly: true
86 - name: ceph-backup-keyring
87 mountPath: /tmp/client-keyring
88 subPath: key
89 readOnly: true
90 {{ end }}
91 {{- range $name := rest (splitList "," (include "cinder.utils.ceph_backend_list" $envAll)) }}
92 {{- $backend := index $envAll.Values.conf.backends $name }}
93 {{- if eq $internal_ceph_backend $name }}
Mohammed Naser6a7426e2023-02-23 18:30:25 +0000[diff] [blame]94 - name: ceph-keyring-placement-{{ $name | lower }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]95{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
96{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_keyring_placement" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
97 command:
98 - /tmp/ceph-keyring.sh
99 env:
100 - name: RBD_USER
101 value: {{ $backend.rbd_user | quote }}
102{{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
103 - name: EXTERNAL_RBD_USER
104 value: {{ $envAll.Values.ceph_client.external_ceph.rbd_user | quote }}
105{{- end }}
106 volumeMounts:
107 - name: pod-tmp
108 mountPath: /tmp
109 - name: etcceph
110 mountPath: /etc/ceph
111 - name: cinder-bin
112 mountPath: /tmp/ceph-keyring.sh
113 subPath: ceph-keyring.sh
114 readOnly: true
115 - name: ceph-keyring
116 mountPath: /tmp/client-keyring
117 subPath: key
118 readOnly: true
119 {{- if and $envAll.Values.ceph_client.enable_external_ceph_backend $envAll.Values.ceph_client.external_ceph.rbd_user }}
120 - name: external-ceph-keyring
121 mountPath: /tmp/external-ceph-client-keyring
122 subPath: key
123 readOnly: true
124 {{- end }}
125 {{- end }}
126 {{- end }}
127 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
128 - name: ceph-backup-volume-perms
129{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
130{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_backup_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
131 command:
132 - chown
133 - -R
134 - "cinder:"
135 - {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
136 volumeMounts:
137 - name: pod-tmp
138 mountPath: /tmp
139 - name: cinder-backup
140 mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
141 {{ end }}
142 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
143 - name: ceph-coordination-volume-perms
144{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
145{{ dict "envAll" $envAll "application" "cinder_backup" "container" "ceph_coordination_volume_perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
146 command:
147 - chown
148 - -R
149 - "cinder:"
150 - {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
151 volumeMounts:
152 - name: pod-tmp
153 mountPath: /tmp
154 - name: cinder-coordination
155 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
156 {{ end }}
157 containers:
158 - name: cinder-backup
159{{ tuple $envAll "cinder_backup" | include "helm-toolkit.snippets.image" | indent 10 }}
160{{ tuple $envAll $envAll.Values.pod.resources.backup | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
161{{ dict "envAll" $envAll "application" "cinder_backup" "container" "cinder_backup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
162 command:
163 - /tmp/cinder-backup.sh
164 terminationMessagePath: /var/log/termination-log
165 volumeMounts:
166 - name: pod-tmp
167 mountPath: /tmp
168 - name: cinder-tmp
169 mountPath: /var/lib/cinder/tmp
170 - name: cinder-bin
171 mountPath: /tmp/cinder-backup.sh
172 subPath: cinder-backup.sh
173 readOnly: true
174 - name: cinder-etc
175 mountPath: /etc/cinder/cinder.conf
176 subPath: cinder.conf
177 readOnly: true
178 {{- if .Values.conf.cinder.DEFAULT.log_config_append }}
179 - name: cinder-etc
180 mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
181 subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
182 readOnly: true
183 {{- end }}
184 {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (eq "true" (include "cinder.utils.has_ceph_backend" $envAll)) }}
185 - name: etcceph
186 mountPath: /etc/ceph
187 {{- if not .Values.backup.external_ceph_rbd.enabled }}
188 - name: ceph-etc
189 mountPath: /etc/ceph/ceph.conf
190 subPath: ceph.conf
191 readOnly: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]192 {{- else if .Values.backup.external_ceph_rbd.configmap }}
193 - name: external-backup-ceph-etc
194 mountPath: /etc/ceph/ceph.conf
195 subPath: ceph.conf
196 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]197 {{- else }}
198 - name: cinder-etc
199 mountPath: /etc/ceph/ceph.conf
200 subPath: external-backup-ceph.conf
201 readOnly: true
202 {{- end }}
203 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
204 - name: ceph-backup-keyring
205 mountPath: /tmp/client-keyring
206 subPath: key
207 readOnly: true
208 {{- else }}
209 - name: ceph-keyring
210 mountPath: /tmp/client-keyring
211 subPath: key
212 readOnly: true
213 {{- end }}
214 {{- if .Values.ceph_client.enable_external_ceph_backend }}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]215 {{- if .Values.ceph_client.external_ceph.configmap }}
216 - name: external-ceph-etc
217 mountPath: /etc/ceph/external-ceph.conf
218 subPath: external-ceph.conf
219 readOnly: true
220 {{- else }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]221 - name: cinder-etc
222 mountPath: /etc/ceph/external-ceph.conf
223 subPath: external-ceph.conf
224 readOnly: true
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]225 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]226 {{- if .Values.ceph_client.external_ceph.rbd_user }}
227 - name: external-ceph-keyring
228 mountPath: /tmp/external-ceph-client-keyring
229 subPath: key
230 readOnly: true
231 {{- end }}
232 {{- end }}
233 {{- end }}
234 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
235 - name: cinder-backup
236 mountPath: {{ .Values.conf.cinder.DEFAULT.backup_posix_path }}
237 {{- end }}
238 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
239 - name: cinder-coordination
240 mountPath: {{ ( split "://" .Values.conf.cinder.coordination.backend_url )._1 }}
241 {{- end }}
242 - name: cinder-etc
243 # NOTE (Portdirect): We mount here to override Kollas
244 # custom sudoers file when using Kolla images, this
245 # location will also work fine for other images.
246 mountPath: /etc/sudoers.d/kolla_cinder_sudoers
247 subPath: cinder_sudoers
248 readOnly: true
249 - name: cinder-etc
250 mountPath: /etc/sudoers.d/kolla_cinder_volume_sudoers
251 subPath: cinder_sudoers
252 readOnly: true
253 - name: cinder-etc
254 mountPath: /etc/cinder/rootwrap.conf
255 subPath: rootwrap.conf
256 readOnly: true
257 - name: cinder-etc
258 mountPath: /etc/cinder/rootwrap.d/volume.filters
259 subPath: volume.filters
260 readOnly: true
261 {{- if .Values.conf.enable_iscsi }}
262 - name: host-rootfs
263 mountPath: /mnt/host-rootfs
264 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
265 mountPropagation: HostToContainer
266 {{- end }}
267 - name: host-dev
268 mountPath: /dev
269 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
270 mountPropagation: HostToContainer
271 {{- end }}
272 - name: runlock
273 mountPath: /run/lock
274 - name: etciscsi
275 mountPath: /etc/iscsi
276 {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
277 mountPropagation: HostToContainer
278 {{- end }}
279 - name: usrlocalsbin
280 mountPath: /usr/local/sbin
281 - name: cinder-bin
282 mountPath: /usr/local/sbin/iscsiadm
283 subPath: iscsiadm
284 {{- end }}
285{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
286{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
287{{ if $mounts_cinder_backup.volumeMounts }}{{ toYaml $mounts_cinder_backup.volumeMounts | indent 12 }}{{ end }}
288 volumes:
289 - name: pod-tmp
290 emptyDir: {}
291 - name: cinder-tmp
292 emptyDir: {}
293 - name: cinder-etc
294 secret:
295 secretName: cinder-etc
296 defaultMode: 0444
297 - name: cinder-bin
298 configMap:
299 name: cinder-bin
300 defaultMode: 0555
301 {{ if or (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) (eq "true" (include "cinder.utils.has_ceph_backend" $envAll)) }}
302 - name: etcceph
303 emptyDir: {}
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]304 {{- if and .Values.backup.external_ceph_rbd.enabled .Values.backup.external_ceph_rbd.configmap }}
305 - name: external-backup-ceph-etc
306 configMap:
307 name: {{ .Values.backup.external_ceph_rbd.configmap }}
308 defaultMode: 0444
309 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]310 - name: ceph-etc
311 configMap:
312 name: {{ .Values.ceph_client.configmap }}
313 defaultMode: 0444
Mohammed Naserbcdd25c2023-01-18 03:38:47 +0000[diff] [blame]314 {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.configmap }}
315 - name: external-ceph-etc
316 configMap:
317 name: {{ .Values.ceph_client.external_ceph.configmap }}
318 defaultMode: 0444
319 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]320 {{ end }}
321 {{- if (contains "cinder.backup.drivers.ceph" .Values.conf.cinder.DEFAULT.backup_driver) }}
322 - name: ceph-backup-keyring
323 secret:
324 secretName: {{ .Values.secrets.rbd.backup | quote }}
325 {{ end }}
326 {{- if eq "true" (include "cinder.utils.has_ceph_backend" $envAll) }}
327 - name: ceph-keyring
328 secret:
329 secretName: {{ .Values.secrets.rbd.volume | quote }}
330 {{- if and .Values.ceph_client.enable_external_ceph_backend .Values.ceph_client.external_ceph.rbd_user }}
331 - name: external-ceph-keyring
332 secret:
333 secretName: {{ .Values.secrets.rbd.volume_external | quote }}
334 {{ end }}
335 {{ end }}
336 {{- if (contains "cinder.backup.drivers.posix" .Values.conf.cinder.DEFAULT.backup_driver) }}
337 - name: cinder-backup
338 persistentVolumeClaim:
339 claimName: cinder-backup
340 {{- end }}
341 {{- if eq ( split "://" .Values.conf.cinder.coordination.backend_url )._0 "file" }}
342 # NOTE (portdirect): this will need to be set to a shared mount amongst all cinder
343 # pods for the coordination backend to be fully functional.
344 - name: cinder-coordination
345 emptyDir: {}
346 {{- end }}
347 {{- if .Values.conf.enable_iscsi }}
348 - name: host-rootfs
349 hostPath:
350 path: /
351 - name: host-dev
352 hostPath:
353 path: /dev
354 - name: runlock
355 hostPath:
356 path: /run/lock
357 - name: etciscsi
358 hostPath:
359 path: /etc/iscsi
360 - name: usrlocalsbin
361 emptyDir: {}
362 {{- end }}
363{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
364{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
365{{ if $mounts_cinder_backup.volumes }}{{ toYaml $mounts_cinder_backup.volumes | indent 8 }}{{ end }}
366{{- end }}