Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / neutron / templates / deployment-server.yaml
blob: 457401b4a05a5eff0aeebd299cd887a6b2e77f94 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "serverReadinessProbeTemplate" }}
16{{- if .Values.manifests.certificates }}
17exec:
18 command:
19 - python
20 - -c
21 - "import requests; requests.get('http://127.0.0.1:{{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
22initialDelaySeconds: 30
23{{- else }}
24httpGet:
25 scheme: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
26 path: /
27 port: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
28{{- end }}
29{{- end }}
30{{- define "serverLivenessProbeTemplate" }}
31{{- if .Values.manifests.certificates }}
32exec:
33 command:
34 - python
35 - -c
36 - "import requests; requests.get('http://127.0.0.1:{{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}')"
37initialDelaySeconds: 30
38{{- else }}
39httpGet:
40 scheme: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
41 path: /
42 port: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
43{{- end }}
44{{- end }}
45
46{{- if .Values.manifests.deployment_server }}
47{{- $envAll := . }}
48
49{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "server" -}}
50{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
51
52{{- $mounts_neutron_server := .Values.pod.mounts.neutron_server.neutron_server }}
53{{- $mounts_neutron_server_init := .Values.pod.mounts.neutron_server.init_container }}
54
55{{- $serviceAccountName := "neutron-server" }}
56{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
57---
58apiVersion: apps/v1
59kind: Deployment
60metadata:
61 name: neutron-server
62 annotations:
63 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
64 labels:
65{{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
66spec:
67 replicas: {{ .Values.pod.replicas.server }}
68 selector:
69 matchLabels:
70{{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
71{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
72 template:
73 metadata:
74 labels:
75{{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
76 annotations:
77{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
78 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
79 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
Oleksandr K.10a2db72025-01-07 23:11:24 -0800[diff] [blame]80{{ tuple "neutron_server" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]81{{ dict "envAll" $envAll "podName" "neutron-server" "containerNames" (list "neutron-server" "init" "nginx") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
82 spec:
83{{ dict "envAll" $envAll "application" "neutron_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
84 serviceAccountName: {{ $serviceAccountName }}
85 affinity:
86{{ tuple $envAll "neutron" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
87 nodeSelector:
88 {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
89{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
90{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
91{{ end }}
92 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
93 initContainers:
94{{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]95 {{- if ( has "ovn" .Values.network.backend ) }}
96 - name: ovn-neutron-init
97{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
98 command:
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]99 - /tmp/neutron-ovn-init.sh
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]100 volumeMounts:
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]101 - name: pod-shared
102 mountPath: /tmp/pod-shared
103 - name: neutron-bin
Mohammed Naser593ec012023-07-23 09:20:05 +0000[diff] [blame]104 mountPath: /tmp/neutron-ovn-init.sh
105 subPath: neutron-ovn-init.sh
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]106 readOnly: true
107 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]108 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
109 - name: tungstenfabric-neutron-init
110 image: {{ .Values.images.tags.tf_neutron_init }}
111 imagePullPolicy: {{ .Values.images.pull_policy }}
112{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
113 securityContext:
114 runAsUser: {{ .Values.pod.security_context.neutron_server.pod.runAsUser }}
115 env:
116 - name: OPENSTACK_VERSION
117 value: "{{ .Values.conf.openstack_version }}"
118 volumeMounts:
119 - name: neutron-plugin-shared
120 mountPath: /opt/plugin
121 {{- end }}
122 containers:
123 {{- if $envAll.Values.manifests.certificates }}
124 - name: nginx
125{{ tuple $envAll "nginx" | include "helm-toolkit.snippets.image" | indent 10 }}
126{{ tuple $envAll $envAll.Values.pod.resources.nginx | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
127{{ dict "envAll" $envAll "application" "neutron_server" "container" "nginx" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
128 ports:
129 - name: q-api
130 containerPort: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
131 env:
132 - name: PORT
133 value: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
134 - name: POD_IP
135 valueFrom:
136 fieldRef:
137 fieldPath: status.podIP
138 - name: SHORTNAME
139 value: {{ tuple "network" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" | quote }}
140 readinessProbe:
141 httpGet:
142 scheme: HTTPS
143 path: /
144 port: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
145 command:
146 - /tmp/nginx.sh
147 - start
148 lifecycle:
149 preStop:
150 exec:
151 command:
152 - /tmp/nginx.sh
153 - stop
154 volumeMounts:
155 - name: pod-tmp
156 mountPath: /tmp
157 - name: neutron-bin
158 mountPath: /tmp/nginx.sh
159 subPath: nginx.sh
160 readOnly: true
161 - name: neutron-etc
162 mountPath: /etc/nginx/nginx.conf
163 subPath: nginx.conf
164 readOnly: true
165{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.network.server.internal "path" "/etc/nginx/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
166 {{- end }}
167 - name: neutron-server
168{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
169{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
170{{ dict "envAll" $envAll "application" "neutron_server" "container" "neutron_server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
171{{ dict "envAll" $envAll "component" "server" "container" "server" "type" "readiness" "probeTemplate" (include "serverReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
172{{ dict "envAll" $envAll "component" "server" "container" "server" "type" "liveness" "probeTemplate" (include "serverLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
173 command:
174 - /tmp/neutron-server.sh
175 - start
176{{- if or .Values.manifests.certificates .Values.tls.identity }}
177 env:
178 - name: REQUESTS_CA_BUNDLE
179 value: "/etc/neutron/certs/ca.crt"
180{{- end }}
181 lifecycle:
182 preStop:
183 exec:
184 command:
185 - /tmp/neutron-server.sh
186 - stop
187 ports:
188 - name: q-api
189 containerPort: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
190 volumeMounts:
191 - name: pod-tmp
192 mountPath: /tmp
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]193 - name: pod-shared
194 mountPath: /tmp/pod-shared
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]195 - name: pod-var-neutron
196 mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
197 - name: neutron-bin
198 mountPath: /tmp/neutron-server.sh
199 subPath: neutron-server.sh
200 readOnly: true
201 - name: neutron-etc
202 mountPath: /etc/neutron/neutron.conf
203 subPath: neutron.conf
204 readOnly: true
Oleksandr K.10a2db72025-01-07 23:11:24 -0800[diff] [blame]205 - name: neutron-etc
206 mountPath: /etc/neutron/neutron-api-uwsgi.ini
207 subPath: neutron-api-uwsgi.ini
208 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]209 {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
210 - name: neutron-etc
211 mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
212 subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
213 readOnly: true
214 {{- end }}
215 - name: neutron-etc
216 mountPath: /etc/neutron/api_audit_map.conf
217 subPath: api_audit_map.conf
218 readOnly: true
219 {{- if( has "tungstenfabric" .Values.network.backend ) }}
220 - name: neutron-etc
221 mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
222 subPath: tf_plugin.ini
223 readOnly: true
224 - name: neutron-etc
225 mountPath: /etc/contrail/vnc_api_lib.ini
226 subPath: vnc_api_lib.ini
227 readOnly: true
228 - name: neutron-plugin-shared
229 mountPath: /opt/plugin
230 - name: neutron-bin
231 mountPath: /usr/local/lib/python2.7/site-packages/tf-plugin.pth
232 subPath: tf-plugin.pth
233 readOnly: true
234 - name: neutron-bin
235 mountPath: /var/lib/openstack/lib/python2.7/site-packages/tf-plugin.pth
236 subPath: tf-plugin.pth
237 readOnly: true
238 - name: neutron-bin
239 mountPath: /var/lib/openstack/lib/python3.6/site-packages/tf-plugin.pth
240 subPath: tf-plugin.pth
241 readOnly: true
242 {{- else }}
243 - name: neutron-etc
244 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
245 subPath: ml2_conf.ini
246 readOnly: true
247 {{- end }}
248 {{ if ( has "sriov" .Values.network.backend ) }}
249 - name: neutron-etc
250 mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini
251 subPath: sriov_agent.ini
252 readOnly: true
253 {{ end }}
254 {{- if .Values.conf.plugins.taas.taas.enabled }}
255 - name: neutron-etc
256 mountPath: /etc/neutron/taas_plugin.ini
257 subPath: taas_plugin.ini
258 readOnly: true
259 {{ end }}
260 {{- if .Values.conf.plugins.l2gateway }}
261 - name: neutron-etc
262 mountPath: /etc/neutron/l2gw_plugin.ini
263 subPath: l2gw_plugin.ini
264 readOnly: true
265 {{ end }}
266 - name: neutron-etc
267 mountPath: /etc/neutron/api-paste.ini
268 subPath: api-paste.ini
269 readOnly: true
270 - name: neutron-etc
271 mountPath: /etc/neutron/policy.yaml
272 subPath: policy.yaml
273 readOnly: true
274{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
275{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal "path" "/etc/neutron/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
276{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
277{{ if $mounts_neutron_server.volumeMounts }}{{ toYaml $mounts_neutron_server.volumeMounts | indent 12 }}{{ end }}
Mohammed Nasere40c3e82024-07-04 02:52:34 -0400[diff] [blame]278 {{- if .Values.pod.sidecars.neutron_policy_server }}
279 - name: neutron-policy-server
280{{ tuple $envAll "neutron_policy_server" | include "helm-toolkit.snippets.image" | indent 10 }}
281{{ tuple $envAll $envAll.Values.pod.resources.neutron_policy_server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
282{{ dict "envAll" $envAll "application" "neutron_server" "container" "neutron_policy_server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
283 command:
284 - /tmp/neutron-policy-server.sh
285 - start
286 ports:
287 - name: q-policy
288 containerPort: {{ tuple "network" "service" "policy_server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
289 readinessProbe:
290 httpGet:
291 path: /health
292 port: {{ tuple "network" "service" "policy_server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
293 volumeMounts:
294 - name: neutron-bin
295 mountPath: /tmp/neutron-policy-server.sh
296 subPath: neutron-policy-server.sh
297 readOnly: true
298 - name: neutron-etc
299 mountPath: /etc/neutron/neutron-policy-server-uwsgi.ini
300 subPath: neutron-policy-server-uwsgi.ini
301 readOnly: true
302 - name: neutron-etc
303 mountPath: /etc/neutron/neutron.conf
304 subPath: neutron.conf
305 readOnly: true
306 {{- if( has "tungstenfabric" .Values.network.backend ) }}
307 - name: neutron-etc
308 mountPath: /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
309 subPath: tf_plugin.ini
310 readOnly: true
311 - name: neutron-etc
312 mountPath: /etc/contrail/vnc_api_lib.ini
313 subPath: vnc_api_lib.ini
314 readOnly: true
315 - name: neutron-plugin-shared
316 mountPath: /opt/plugin
317 - name: neutron-bin
318 mountPath: /usr/local/lib/python2.7/site-packages/tf-plugin.pth
319 subPath: tf-plugin.pth
320 readOnly: true
321 - name: neutron-bin
322 mountPath: /var/lib/openstack/lib/python2.7/site-packages/tf-plugin.pth
323 subPath: tf-plugin.pth
324 readOnly: true
325 - name: neutron-bin
326 mountPath: /var/lib/openstack/lib/python3.6/site-packages/tf-plugin.pth
327 subPath: tf-plugin.pth
328 readOnly: true
329 {{- else }}
330 - name: neutron-etc
331 mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
332 subPath: ml2_conf.ini
333 readOnly: true
334 {{- end }}
335 {{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]336 volumes:
337 - name: pod-tmp
338 emptyDir: {}
Oleksandr Kozachenkoc0022be2023-05-23 20:36:21 +0200[diff] [blame]339 - name: pod-shared
340 emptyDir: {}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]341 {{- if .Values.manifests.certificates }}
342 - name: wsgi-neutron
343 emptyDir: {}
344 {{- end }}
345 - name: pod-var-neutron
346 emptyDir: {}
347 - name: neutron-bin
348 configMap:
349 name: neutron-bin
350 defaultMode: 0555
351 - name: neutron-etc
352 secret:
353 secretName: neutron-etc
354 defaultMode: 0444
355 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
356 - name: neutron-plugin-shared
357 emptyDir: {}
358 {{- end }}
359{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
360{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.network.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
361{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
362{{ if $mounts_neutron_server.volumes }}{{ toYaml $mounts_neutron_server.volumes | indent 8 }}{{ end }}
363{{- end }}