Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/stable/zed / . / charts / nova / templates / job-bootstrap.yaml
blob: de8812dd774ed7c5c6af7106b18e4c0eeade9631 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- $envAll := . }}
16{{- if and $envAll.Values.manifests.job_bootstrap $envAll.Values.bootstrap.enabled }}
17{{- $serviceName := "nova" -}}
18{{- $keystoneUser := $envAll.Values.bootstrap.ks_user -}}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]19{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]20{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
21{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
22{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]23{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
24{{- $serviceAccountName := printf "%s-%s" $serviceName "bootstrap" -}}
25{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
26---
27apiVersion: batch/v1
28kind: Job
29metadata:
30 name: {{ $serviceAccountName | quote }}
31 labels:
32{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
33spec:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]34 backoffLimit: {{ $backoffLimit }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]35 template:
36 metadata:
37 labels:
38{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
39 annotations:
40{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
41 spec:
42{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
43 serviceAccountName: {{ $serviceAccountName }}
44 restartPolicy: OnFailure
45 nodeSelector:
46{{ toYaml $nodeSelector | indent 8 }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]47{{ if $envAll.Values.pod.tolerations.nova.enabled }}
48{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
49{{ end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]50 initContainers:
51{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
52{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
53 - name: nova-wait-for-computes-init
54{{ tuple $envAll "nova_wait_for_computes_init" | include "helm-toolkit.snippets.image" | indent 10 }}
55{{ dict "envAll" $envAll "application" "bootstrap" "container" "nova_wait_for_computes_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
56 command:
57 - /bin/bash
58 - -c
59 - /tmp/wait-for-computes-init.sh
60 volumeMounts:
61 - name: pod-tmp
62 mountPath: /tmp
63 - name: bootstrap-sh
64 mountPath: /tmp/wait-for-computes-init.sh
65 subPath: wait-for-computes-init.sh
66 readOnly: true
67{{- end }}
68 containers:
69 - name: bootstrap
70 image: {{ $envAll.Values.images.tags.bootstrap }}
71 imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
72{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
73{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
74 env:
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]75{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]76{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
77{{- end }}
78 - name: WAIT_PERCENTAGE
79 value: "{{ .Values.bootstrap.wait_for_computes.wait_percentage }}"
80 - name: REMAINING_WAIT
81 value: "{{ .Values.bootstrap.wait_for_computes.remaining_wait }}"
82 command:
83 - /bin/bash
84 - -c
85 - /tmp/bootstrap.sh
86 volumeMounts:
87 - name: pod-tmp
88 mountPath: /tmp
89 - name: bootstrap-sh
90 mountPath: /tmp/bootstrap.sh
91 subPath: bootstrap.sh
92 readOnly: true
93 - name: etc-service
94 mountPath: {{ dir $configFile | quote }}
95 - name: bootstrap-conf
96 mountPath: {{ $configFile | quote }}
97 subPath: {{ base $configFile | quote }}
98 readOnly: true
vexxhost-bot502c9412025-01-08 03:45:26 -0500[diff] [blame]99 {{- if .Values.conf.nova.DEFAULT.log_config_append }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]100 - name: bootstrap-conf
vexxhost-bot502c9412025-01-08 03:45:26 -0500[diff] [blame]101 mountPath: {{ .Values.conf.nova.DEFAULT.log_config_append | quote }}
102 subPath: {{ base .Values.conf.nova.DEFAULT.log_config_append | quote }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]103 readOnly: true
vexxhost-bot502c9412025-01-08 03:45:26 -0500[diff] [blame]104 {{- end }}
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]105{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]106 volumes:
107 - name: pod-tmp
108 emptyDir: {}
109 - name: bootstrap-sh
110 configMap:
111 name: {{ $configMapBin | quote }}
112 defaultMode: 0555
113 - name: etc-service
114 emptyDir: {}
115 - name: bootstrap-conf
116 secret:
117 secretName: {{ $configMapEtc | quote }}
118 defaultMode: 0444
Oleksandr Kozachenkoa10d7852023-02-02 22:01:16 +0100[diff] [blame]119{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]120---
121kind: ClusterRole
122apiVersion: rbac.authorization.k8s.io/v1
123metadata:
124 name: {{ $serviceAccountName }}
125rules:
126 - apiGroups:
127 - ''
128 resources:
129 - nodes
130 verbs:
131 - get
132 - list
133---
134apiVersion: rbac.authorization.k8s.io/v1
135kind: ClusterRoleBinding
136metadata:
137 name: {{ $serviceAccountName }}
138subjects:
139 - kind: ServiceAccount
140 name: {{ $serviceAccountName }}
141 namespace: {{ $envAll.Release.Namespace }}
142roleRef:
143 kind: ClusterRole
144 name: {{ $serviceAccountName }}
145 apiGroup: rbac.authorization.k8s.io
146{{- end }}