Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / nova / templates / deployment-api-osapi.yaml
blob: b203ba6cfa70247d39a453f5d618cb21c5a65ec7 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "novaApiOsapiLivenessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]16httpGet:
17 scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
18 path: /
19 port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]20{{- end }}
21
22{{- define "novaApiOsapiReadinessProbeTemplate" }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]23httpGet:
24 scheme: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_scheme_lookup" | upper }}
25 path: /
26 port: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]27{{- end }}
28
29{{- if .Values.manifests.deployment_api_osapi }}
30{{- $envAll := . }}
31
32{{- $mounts_nova_api_osapi := .Values.pod.mounts.nova_api_osapi.nova_api_osapi }}
33{{- $mounts_nova_api_osapi_init := .Values.pod.mounts.nova_api_osapi.init_container }}
34
35{{- $serviceAccountName := "nova-api-osapi" }}
36{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
37---
38apiVersion: apps/v1
39kind: Deployment
40metadata:
41 name: nova-api-osapi
42 annotations:
43 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
44 labels:
45{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
46spec:
47 replicas: {{ .Values.pod.replicas.osapi }}
48 selector:
49 matchLabels:
50{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
51{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
52 template:
53 metadata:
54 labels:
55{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
56 annotations:
57{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
58 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
59 configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
vexxhost-bot502c9412025-01-08 03:45:26 -0500[diff] [blame]60{{ tuple "nova_api_osapi" . | include "helm-toolkit.snippets.custom_pod_annotations" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]61{{ dict "envAll" $envAll "podName" "nova-api-osapi" "containerNames" (list "nova-osapi" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
62 spec:
63 serviceAccountName: {{ $serviceAccountName }}
64{{ dict "envAll" $envAll "application" "nova" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
65 affinity:
66{{ tuple $envAll "nova" "os-api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
67 nodeSelector:
68 {{ .Values.labels.osapi.node_selector_key }}: {{ .Values.labels.osapi.node_selector_value }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]69{{ if $envAll.Values.pod.tolerations.nova.enabled }}
70{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
71{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]72 terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.osapi.timeout | default "30" }}
73 initContainers:
74{{ tuple $envAll "api" $mounts_nova_api_osapi_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
75 containers:
76 - name: nova-osapi
77{{ tuple $envAll "nova_api" | include "helm-toolkit.snippets.image" | indent 10 }}
78{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
79{{ dict "envAll" $envAll "application" "nova" "container" "nova_osapi" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]80{{- if or .Values.manifests.certificates .Values.tls.identity }}
81 env:
82 - name: REQUESTS_CA_BUNDLE
83 value: "/etc/nova/certs/ca.crt"
84{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]85 command:
86 - /tmp/nova-api.sh
87 - start
88 lifecycle:
89 preStop:
90 exec:
91 command:
92 - /tmp/nova-api.sh
93 - stop
94 ports:
95 - name: n-api
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]96 containerPort: {{ tuple "compute" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]97{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "liveness" "probeTemplate" (include "novaApiOsapiLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
98{{ dict "envAll" $envAll "component" "api-osapi" "container" "default" "type" "readiness" "probeTemplate" (include "novaApiOsapiReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
99 volumeMounts:
100 - name: pod-tmp
101 mountPath: /tmp
102 - name: pod-var-nova
103 mountPath: /var/lib/nova
104 - name: nova-bin
105 mountPath: /tmp/nova-api.sh
106 subPath: nova-api.sh
107 readOnly: true
108 - name: nova-etc
109 mountPath: /etc/nova/nova.conf
110 subPath: nova.conf
111 readOnly: true
Mohammed Naser69247252023-09-26 22:23:46 -0400[diff] [blame]112 - name: nova-etc
113 mountPath: /etc/nova/nova-api-uwsgi.ini
114 subPath: nova-api-uwsgi.ini
115 readOnly: true
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]116 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
117 - name: nova-etc
118 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append }}
119 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append }}
120 readOnly: true
121 {{- end }}
122 - name: nova-etc
123 mountPath: /etc/nova/api-paste.ini
124 subPath: api-paste.ini
125 readOnly: true
126 - name: nova-etc
127 mountPath: /etc/nova/policy.yaml
128 subPath: policy.yaml
129 readOnly: true
130 - name: nova-etc
131 mountPath: /etc/nova/api_audit_map.conf
132 subPath: api_audit_map.conf
133 readOnly: true
134 {{- if .Values.manifests.certificates }}
135 - name: wsgi-nova
136 mountPath: /var/www/cgi-bin/nova
137 - name: nova-etc
138 mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-api.conf
139 subPath: wsgi-api.conf
140 readOnly: true
141 - name: nova-etc
142 mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
143 subPath: mpm_event.conf
144 readOnly: true
145 {{- end }}
146{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]147{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal "path" "/etc/nova/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]148{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
149{{ if $mounts_nova_api_osapi.volumeMounts }}{{ toYaml $mounts_nova_api_osapi.volumeMounts | indent 12 }}{{ end }}
150 volumes:
151 - name: pod-tmp
152 emptyDir: {}
153 {{- if .Values.manifests.certificates }}
154 - name: wsgi-nova
155 emptyDir: {}
156 {{- end }}
157 - name: pod-var-nova
158 emptyDir: {}
159 - name: nova-bin
160 configMap:
161 name: nova-bin
162 defaultMode: 0555
163 - name: nova-etc
164 secret:
165 secretName: nova-etc
166 defaultMode: 0444
167{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]168{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]169{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
170{{ if $mounts_nova_api_osapi.volumes}}{{ toYaml $mounts_nova_api_osapi.volumes | indent 8 }}{{ end }}
171{{- end }}