A configuration management service with support for secrets.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

job-ks-user.yaml 2.8KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768
  1. # Licensed under the Apache License, Version 2.0 (the "License");
  2. # you may not use this file except in compliance with the License.
  3. # You may obtain a copy of the License at
  4. #
  5. # http://www.apache.org/licenses/LICENSE-2.0
  6. #
  7. # Unless required by applicable law or agreed to in writing, software
  8. # distributed under the License is distributed on an "AS IS" BASIS,
  9. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  10. # See the License for the specific language governing permissions and
  11. # limitations under the License.
  12. {{- if .Values.manifests.job_ks_user }}
  13. {{- $ksAdminSecret := .Values.secrets.identity.admin }}
  14. {{- $ksUserSecret := .Values.secrets.identity.user }}
  15. {{- $envAll := . }}
  16. {{- $dependencies := .Values.dependencies.ks_user }}
  17. {{- $serviceAccountName := "deckhand-ks-user" }}
  18. {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
  19. ---
  20. apiVersion: batch/v1
  21. kind: Job
  22. metadata:
  23. name: deckhand-ks-user
  24. spec:
  25. template:
  26. metadata:
  27. labels:
  28. {{ tuple $envAll "deckhand" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
  29. spec:
  30. serviceAccountName: {{ $serviceAccountName }}
  31. restartPolicy: OnFailure
  32. nodeSelector:
  33. {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
  34. initContainers:
  35. {{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
  36. containers:
  37. - name: deckhand-ks-user
  38. image: {{ .Values.images.tags.ks_user }}
  39. imagePullPolicy: {{ .Values.images.pull_policy }}
  40. {{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
  41. command:
  42. - /tmp/ks-user.sh
  43. volumeMounts:
  44. - name: ks-user-sh
  45. mountPath: /tmp/ks-user.sh
  46. subPath: ks-user.sh
  47. readOnly: true
  48. env:
  49. {{- with $env := dict "ksUserSecret" $ksAdminSecret }}
  50. {{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
  51. {{- end }}
  52. - name: SERVICE_OS_SERVICE_NAME
  53. value: {{ $envAll.Values.endpoints.deckhand.name | quote }}
  54. - name: SERVICE_OS_DOMAIN_NAME
  55. value: {{ $envAll.Values.endpoints.identity.auth.user.project_domain_name | quote }}
  56. {{- with $env := dict "ksUserSecret" $ksUserSecret }}
  57. {{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
  58. {{- end }}
  59. - name: SERVICE_OS_ROLE
  60. value: {{ $envAll.Values.endpoints.identity.auth.user.role | quote }}
  61. volumes:
  62. - name: ks-user-sh
  63. configMap:
  64. name: deckhand-bin
  65. defaultMode: 0555
  66. {{- end -}}