RBAC for OSH
This PS applys RBAC rules to OSH, based off the work done in https://review.openstack.org/#/c/526464/ Change-Id: I541b0ac1a3972566ef2b66571ae32744dab70c17
This commit is contained in:
portdirect
parent
8e82d07fc6
commit
fa2620d54b
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_barbican_api := .Values.pod.mounts.barbican_api.barbican_api }}
|
||||
{{- $mounts_barbican_api_init := .Values.pod.mounts.barbican_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -18,8 +18,12 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
|
||||
{{- $mounts_barbican_bootstrap := .Values.pod.mounts.barbican_bootstrap.barbican_bootstrap }}
|
||||
{{- $mounts_barbican_bootstrap_init := .Values.pod.mounts.barbican_bootstrap.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-bootstrap" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -31,6 +35,7 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
|
||||
@ -17,11 +17,16 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_drop }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "barbican-db-drop-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: barbican-db-drop-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "barbican-db-drop-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
@ -31,11 +36,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: barbican-db-drop
|
||||
image: {{ .Values.images.tags.db_drop }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: barbican-db-init
|
||||
image: {{ .Values.images.tags.db_init }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: barbican-db-sync
|
||||
image: {{ .Values.images.tags.barbican_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "key-manager" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "key-manager" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "barbican-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "barbican" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: barbican-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_ceilometer_api := .Values.pod.mounts.ceilometer_api.ceilometer_api }}
|
||||
{{- $mounts_ceilometer_api_init := .Values.pod.mounts.ceilometer_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceilometer" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_central }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.central }}
|
||||
|
||||
{{- $mounts_ceilometer_central := .Values.pod.mounts.ceilometer_central.ceilometer_central }}
|
||||
{{- $mounts_ceilometer_central_init := .Values.pod.mounts.ceilometer_central.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-central" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceilometer" "central" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_collector }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.collector }}
|
||||
|
||||
{{- $mounts_ceilometer_collector := .Values.pod.mounts.ceilometer_collector.ceilometer_collector }}
|
||||
{{- $mounts_ceilometer_collector_init := .Values.pod.mounts.ceilometer_collector.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-collector" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceilometer" "collector" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_compute }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.compute }}
|
||||
|
||||
{{- $mounts_ceilometer_compute := .Values.pod.mounts.ceilometer_compute.ceilometer_compute }}
|
||||
{{- $mounts_ceilometer_compute_init := .Values.pod.mounts.ceilometer_compute.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-compute" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceilometer" "compute" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
hostNetwork: true
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_notification }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.notification }}
|
||||
|
||||
{{- $mounts_ceilometer_notification := .Values.pod.mounts.ceilometer_notification.ceilometer_notification }}
|
||||
{{- $mounts_ceilometer_notification_init := .Values.pod.mounts.ceilometer_notification.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-notification" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceilometer" "notification" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init_mongodb }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init_mongodb }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-db-init-mongodb" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceilometer-db-init-mongodb
|
||||
image: {{ .Values.images.tags.db_init_mongodb | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceilometer-db-init
|
||||
image: {{ .Values.images.tags.db_init | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceilometer-db-sync
|
||||
image: {{ .Values.images.tags.ceilometer_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "metering" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "metering" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "ceilometer-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -25,11 +28,12 @@ metadata:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceilometer-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -18,6 +18,35 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- $dependencies := .Values.dependencies.mon }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mon"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: extensions/v1beta1
|
||||
@ -29,13 +58,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "mon" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.mon.node_selector_key }}: {{ .Values.labels.mon.node_selector_value }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.pod.dns_policy }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- $dependencies := .Values.dependencies.osd }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-osd"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: extensions/v1beta1
|
||||
@ -29,12 +32,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "osd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.osd.node_selector_key }}: {{ .Values.labels.osd.node_selector_value }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.pod.dns_policy }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -19,6 +19,9 @@ limitations under the License.
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- if .Values.ceph.enabled.mds }}
|
||||
{{- $dependencies := .Values.dependencies.mds }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mds"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1beta1
|
||||
@ -32,13 +35,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "mds" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceph" "mds" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.mds.node_selector_key }}: {{ .Values.labels.mds.node_selector_value }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -19,6 +19,9 @@ limitations under the License.
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- if .Values.ceph.enabled.mgr }}
|
||||
{{- $dependencies := .Values.dependencies.mgr }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mgr"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1beta1
|
||||
@ -31,15 +34,15 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.mgr.node_selector_key }}: {{ .Values.labels.mgr.node_selector_value }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.pod.dns_policy }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- $dependencies := .Values.dependencies.moncheck }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-mon-check"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1beta1
|
||||
@ -30,13 +33,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "moncheck" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceph" "moncheck" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.mon.node_selector_key }}: {{ .Values.labels.mon.node_selector_value }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -18,6 +18,106 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.rbd_provisioner }}
|
||||
{{- $dependencies := .Values.dependencies.rbd_provisioner }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-rbd-provisioner"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- persistentvolumes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- update
|
||||
- apiGroups:
|
||||
- storage.k8s.io
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- services
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- extensions
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
resourceNames:
|
||||
- rbd-provisioner
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: run-rbd-provisioner
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ $serviceAccountName }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: extensions/v1beta1
|
||||
@ -32,10 +132,11 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "rbd" "provisioner" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-rbd-provisioner
|
||||
image: {{ .Values.images.tags.ceph_rbd_provisioner }}
|
||||
|
||||
@ -19,6 +19,9 @@ limitations under the License.
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- if .Values.ceph.enabled.rgw }}
|
||||
{{- $dependencies := .Values.dependencies.rgw }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-rgw"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1beta1
|
||||
@ -31,13 +34,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "ceph" "rgw" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.rgw.node_selector_key }}: {{ .Values.labels.rgw.node_selector_value }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-init-dirs
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-bootstrap"}}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,11 +32,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.jobs.node_selector_key }}: {{ .Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-bootstrap
|
||||
image: {{ .Values.images.tags.ceph_bootstrap }}
|
||||
|
||||
@ -20,6 +20,37 @@ limitations under the License.
|
||||
{{- range $key1, $cephBootstrapKey := tuple "mds" "osd" "rgw" "mon" "mgr" }}
|
||||
{{- if not (and (not $envAll.Values.manifests.deployment_rgw) (eq $cephBootstrapKey "rgw")) }}
|
||||
{{- $jobName := print $cephBootstrapKey "-keyring-generator" }}
|
||||
|
||||
{{- $dependencies := $envAll.Values.dependencies.job_keyring_generator }}
|
||||
|
||||
{{- $serviceAccountName := print "ceph-" $jobName }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -31,9 +62,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" $jobName | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-{{ $jobName }}
|
||||
image: {{ $envAll.Values.images.tags.ceph_config_helper }}
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,11 +32,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "object-store" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,11 +32,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "object-store" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.rgw_keystone_user_and_endpoints }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,11 +32,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -17,11 +17,48 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_namespace_client_key_cleaner }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.client_secrets }}
|
||||
{{- $dependencies := .Values.dependencies.namespace_client_key_cleaner }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "ceph-namespace-client-key-cleaner-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: ceph-namespace-client-key-cleaner-{{ randAlphaNum 5 | lower }}
|
||||
name: ceph-namespace-client-key-cleaner-{{ $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
spec:
|
||||
@ -30,9 +67,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "client-key-cleaner" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-namespace-client-keys-cleaner
|
||||
image: {{ .Values.images.tags.ceph_config_helper }}
|
||||
|
||||
@ -17,6 +17,67 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_namespace_client_key }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.client_secrets }}
|
||||
{{- $dependencies := .Values.dependencies.namespace_client_key_generator }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-namespace-client-key-generator" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
|
||||
namespace: {{ .Values.storageclass.admin_secret_namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
|
||||
namespace: {{ .Values.storageclass.admin_secret_namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ printf "%s-%s" $serviceAccountName $randStringSuffix }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,9 +89,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "client-key-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-storage-keys-generator
|
||||
image: {{ .Values.images.tags.ceph_config_helper }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.deployment.ceph }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.rbd_pool }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-rbd-pool" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,12 +32,14 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "rbd-pool" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
affinity:
|
||||
{{ tuple $envAll "ceph" "mgr" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.mgr.node_selector_key }}: {{ .Values.labels.mgr.node_selector_value }}
|
||||
serviceAccount: default
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-rbd-pool
|
||||
image: {{ .Values.images.tags.ceph_daemon }}
|
||||
|
||||
@ -17,6 +17,36 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_storage_admin_keys }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.deployment.storage_secrets }}
|
||||
{{- $dependencies := .Values.dependencies.storage_keys_generator }}
|
||||
|
||||
{{- $serviceAccountName := "ceph-storage-keys-generator" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,9 +58,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "ceph" "storage-keys-generator" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: ceph-storage-keys-generator
|
||||
image: {{ .Values.images.tags.ceph_config_helper }}
|
||||
|
||||
@ -202,9 +202,16 @@ conf:
|
||||
mds:
|
||||
|
||||
dependencies:
|
||||
job_keyring_generator:
|
||||
jobs:
|
||||
namespace_client_key_cleaner:
|
||||
jobs:
|
||||
namespace_client_key_generator:
|
||||
jobs:
|
||||
storage_keys_generator:
|
||||
jobs:
|
||||
mon:
|
||||
jobs:
|
||||
service:
|
||||
osd:
|
||||
jobs:
|
||||
services:
|
||||
|
||||
@ -18,8 +18,13 @@ limitations under the License.
|
||||
{{- if .Capabilities.APIVersions.Has "batch/v2alpha1" }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.volume_usage_audit }}
|
||||
|
||||
{{- $mounts_cinder_volume_usage_audit := .Values.pod.mounts.cinder_volume_usage_audit.cinder_volume_usage_audit }}
|
||||
{{- $mounts_cinder_volume_usage_audit_init := .Values.pod.mounts.cinder_volume_usage_audit.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-volume-usage-audit" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v2alpha1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
@ -34,11 +39,12 @@ spec:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_cinder_volume_usage_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_cinder_volume_usage_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
|
||||
containers:
|
||||
- name: cinder-volume-usage-audit
|
||||
image: {{ .Values.images.tags.cinder_volume_usage_audit }}
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_cinder_api := .Values.pod.mounts.cinder_api.cinder_api }}
|
||||
{{- $mounts_cinder_api_init := .Values.pod.mounts.cinder_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "cinder" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_backup }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.backup }}
|
||||
|
||||
{{- $mounts_cinder_backup := .Values.pod.mounts.cinder_backup.cinder_backup }}
|
||||
{{- $mounts_cinder_backup_init := .Values.pod.mounts.cinder_backup.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-backup" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "cinder" "backup" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_scheduler }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.scheduler }}
|
||||
|
||||
{{- $mounts_cinder_scheduler := .Values.pod.mounts.cinder_scheduler.cinder_scheduler }}
|
||||
{{- $mounts_cinder_scheduler_init := .Values.pod.mounts.cinder_scheduler.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-scheduler" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "cinder" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_volume }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.volume }}
|
||||
|
||||
{{- $mounts_cinder_volume := .Values.pod.mounts.cinder_volume.cinder_volume }}
|
||||
{{- $mounts_cinder_volume_init := .Values.pod.mounts.cinder_volume.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-volume" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "cinder" "volume" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-bootstrap" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -29,11 +32,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: cinder-bootstrap
|
||||
image: {{ .Values.images.tags.bootstrap }}
|
||||
|
||||
@ -17,11 +17,16 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_drop }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "cinder-db-drop-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: cinder-db-drop-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "cinder-db-drop-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
@ -31,11 +36,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: cinder-db-drop
|
||||
image: {{ .Values.images.tags.db_drop | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: cinder-db-init
|
||||
image: {{ .Values.images.tags.db_init | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: cinder-db-sync
|
||||
image: {{ .Values.images.tags.cinder_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "volume" "volumev2" "volumev3" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "cinder-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "cinder" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: cinder-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -17,13 +17,17 @@ limitations under the License.
|
||||
{{- if .Values.manifests.pod_rally_test }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
|
||||
{{- $mounts_cinder_tests := .Values.pod.mounts.cinder_tests.cinder_tests }}
|
||||
{{- $mounts_cinder_tests_init := .Values.pod.mounts.cinder_tests.init_container }}
|
||||
|
||||
{{- $serviceAccountName := print $envAll.Release.Name "-test" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: "{{.Release.Name}}-test"
|
||||
name: {{ print $envAll.Release.Name "-test" }}
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $serviceAccountName := "congress-api-dep" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -30,10 +33,11 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "congress" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.datasource }}
|
||||
|
||||
{{- $serviceAccountName := "congress-datasource-dep" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -30,10 +33,11 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "congress" "datasource" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
|
||||
@ -18,6 +18,9 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.policy_engine }}
|
||||
|
||||
{{- $serviceAccountName := "congress-policy-engine-dep" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
@ -30,10 +33,11 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "congress" "policy_engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
containers:
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "congress-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: congress-db-init
|
||||
image: {{ .Values.images.tags.db_init }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "congress-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: congress-db-sync
|
||||
image: {{ .Values.images.tags.congress_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ds_create }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ds_create }}
|
||||
|
||||
{{- $serviceAccountName := "congress-ds-create" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "ds-create" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: congress-ds-create
|
||||
image: {{ .Values.images.tags.congress_ds_create }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "congress-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "policy" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "congress-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "policy" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "congress-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: congress-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -13,6 +13,10 @@
|
||||
# limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.etcd }}
|
||||
|
||||
{{- $serviceAccountName := "etcd" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -26,10 +30,13 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "etcd" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: etcd
|
||||
image: {{ .Values.images.tags.etcd }}
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
images:
|
||||
tags:
|
||||
etcd: 'gcr.io/google_containers/etcd-amd64:2.2.5'
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
pull_policy: IfNotPresent
|
||||
|
||||
labels:
|
||||
@ -30,6 +31,10 @@ network:
|
||||
host: etcd
|
||||
port: 2379
|
||||
|
||||
dependencies:
|
||||
etcd:
|
||||
jobs: null
|
||||
|
||||
pod:
|
||||
affinity:
|
||||
anti:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_glance_api := .Values.pod.mounts.glance_api.glance_api }}
|
||||
{{- $mounts_glance_api_init := .Values.pod.mounts.glance_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "glance-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "glance" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_registry }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.registry }}
|
||||
|
||||
{{- $mounts_glance_registry := .Values.pod.mounts.glance_registry.glance_registry }}
|
||||
{{- $mounts_glance_registry_init := .Values.pod.mounts.glance_registry.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "glance-registry" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "glance" "registry" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_bootstrap }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
|
||||
{{- $serviceAccountName := "glance-bootstrap" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: glance-bootstrap
|
||||
image: {{ .Values.images.tags.bootstrap }}
|
||||
|
||||
@ -17,20 +17,62 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $dependencies := .Values.dependencies.clean }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "glance-clean-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-clean-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "glance-clean-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "clean" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- if eq .Values.storage "rbd" }}
|
||||
- name: glance-secret-clean
|
||||
|
||||
@ -17,11 +17,16 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_drop }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "glance-db-drop-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: glance-db-drop-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "glance-db-drop-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
@ -31,11 +36,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: glance-db-drop
|
||||
image: {{ .Values.images.tags.db_drop }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "glance-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: glance-db-init
|
||||
image: {{ .Values.images.tags.db_init }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "glance-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: glance-db-sync
|
||||
image: {{ .Values.images.tags.glance_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "glance-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "image" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "glance-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "image" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "glance-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: glance-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -17,6 +17,40 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_storage_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.storage_init }}
|
||||
|
||||
{{- $serviceAccountName := "glance-storage-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +62,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "glance" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ if or (eq .Values.storage "rbd") (eq .Values.storage "radosgw") }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.glance_api }}
|
||||
|
||||
@ -292,6 +292,8 @@ volume:
|
||||
size: 2Gi
|
||||
|
||||
dependencies:
|
||||
clean:
|
||||
jobs: null
|
||||
storage_init:
|
||||
services:
|
||||
db_init:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.daemonset_metricd }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.metricd }}
|
||||
|
||||
{{- $mounts_gnocchi_metricd := .Values.pod.mounts.gnocchi_metricd.gnocchi_metricd }}
|
||||
{{- $mounts_gnocchi_metricd_init := .Values.pod.mounts.gnocchi_metricd.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-metricd" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
@ -34,6 +38,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.daemonset_statsd }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.statsd }}
|
||||
|
||||
{{- $mounts_gnocchi_statsd := .Values.pod.mounts.gnocchi_statsd.gnocchi_statsd }}
|
||||
{{- $mounts_gnocchi_statsd_init := .Values.pod.mounts.gnocchi_statsd.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-statsd" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: DaemonSet
|
||||
@ -33,6 +37,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_gnocchi_api := .Values.pod.mounts.gnocchi_api.gnocchi_api }}
|
||||
{{- $mounts_gnocchi_api_init := .Values.pod.mounts.gnocchi_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "gnocchi" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init_indexer }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init_postgresql }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-db-init-indexer" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "db-init-indexer" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: gnocchi-db-init-indexer
|
||||
image: {{ .Values.images.tags.db_init_indexer | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init_keystone }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init_keystone }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-db-init-keystone" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "db-init-keystone" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: keystone-db-init
|
||||
image: {{ .Values.images.tags.db_init_keystone | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -30,11 +33,12 @@ spec:
|
||||
metadata:
|
||||
annotations:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "metric" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "metric" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: gnocchi-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -17,6 +17,40 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_storage_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.storage_init }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-storage-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +62,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "storage-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -29,7 +29,7 @@ metadata:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_api }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.api }}
|
||||
|
||||
{{- $mounts_heat_api := .Values.pod.mounts.heat_api.heat_api }}
|
||||
{{- $mounts_heat_api_init := .Values.pod.mounts.heat_api.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-api" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "heat" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_cfn }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.cfn }}
|
||||
|
||||
{{- $mounts_heat_cfn := .Values.pod.mounts.heat_cfn.heat_cfn }}
|
||||
{{- $mounts_heat_cfn_init := .Values.pod.mounts.heat_cfn.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-cfn" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "heat" "cfn" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment_cloudwatch }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.cloudwatch }}
|
||||
|
||||
{{- $mounts_heat_cloudwatch := .Values.pod.mounts.heat_cloudwatch.heat_cloudwatch }}
|
||||
{{- $mounts_heat_cloudwatch_init := .Values.pod.mounts.heat_cloudwatch.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-cloudwatch" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "heat" "cloudwatch" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if or ( .Values.manifests.deployment_engine ) ( .Values.manifests.statefulset_engine ) }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.engine }}
|
||||
|
||||
{{- $mounts_heat_engine := .Values.pod.mounts.heat_engine.heat_engine }}
|
||||
{{- $mounts_heat_engine_init := .Values.pod.mounts.heat_engine.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-engine" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
metadata:
|
||||
@ -43,6 +47,7 @@ spec:
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
{{- end }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{- tuple $envAll "heat" "engine" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -18,8 +18,12 @@ limitations under the License.
|
||||
{{- $envAll := . }}
|
||||
{{- if .Values.bootstrap.enabled }}
|
||||
{{- $dependencies := .Values.dependencies.bootstrap }}
|
||||
|
||||
{{- $mounts_heat_bootstrap := .Values.pod.mounts.heat_bootstrap.heat_bootstrap }}
|
||||
{{- $mounts_heat_bootstrap_init := .Values.pod.mounts.heat_bootstrap.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-bootstrap" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -31,6 +35,7 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
|
||||
@ -17,11 +17,16 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_drop }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_drop }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "heat-db-drop-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: heat-db-drop-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "heat-db-drop-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
@ -31,11 +36,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: heat-db-drop
|
||||
image: {{ .Values.images.tags.db_drop | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "heat-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: heat-db-init
|
||||
image: {{ .Values.images.tags.db_init | quote }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_db_sync }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_sync }}
|
||||
|
||||
{{- $serviceAccountName := "heat-db-sync" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: heat-db-sync
|
||||
image: {{ .Values.images.tags.heat_db_sync }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_endpoints }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_endpoints }}
|
||||
|
||||
{{- $serviceAccountName := "heat-ks-endpoints" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "orchestration" "cloudformation" }}
|
||||
{{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }}
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_service }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_service }}
|
||||
|
||||
{{- $serviceAccountName := "heat-ks-service" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
{{- range $key1, $osServiceType := tuple "orchestration" "cloudformation" }}
|
||||
- name: {{ $osServiceType }}-ks-service-registration
|
||||
|
||||
@ -17,6 +17,9 @@ limitations under the License.
|
||||
{{- if .Values.manifests.job_ks_user }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.ks_user }}
|
||||
|
||||
{{- $serviceAccountName := "heat-ks-user" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -28,11 +31,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: heat-ks-user
|
||||
image: {{ .Values.images.tags.ks_user }}
|
||||
|
||||
@ -16,9 +16,12 @@ limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.trusts }}
|
||||
|
||||
{{- $mounts_heat_trusts := .Values.pod.mounts.heat_trusts.heat_trusts }}
|
||||
{{- $mounts_heat_trusts_init := .Values.pod.mounts.heat_trusts.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "heat-trusts" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
@ -30,6 +33,7 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "heat" "trusts" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
|
||||
@ -46,5 +46,6 @@ limitations under the License.
|
||||
value: "echo done"
|
||||
command:
|
||||
- kubernetes-entrypoint
|
||||
volumeMounts: {{ $mounts | default "[]"}}
|
||||
volumeMounts:
|
||||
{{ toYaml $mounts | indent 4 }}
|
||||
{{- end -}}
|
||||
|
||||
@ -0,0 +1,68 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- define "helm-toolkit.snippets.kubernetes_pod_rbac_roles" -}}
|
||||
{{- $envAll := index . 0 -}}
|
||||
{{- $deps := index . 1 -}}
|
||||
{{- $saName := index . 2 | replace "_" "-" }}
|
||||
{{- $saNamespace := index . 3 -}}
|
||||
{{- $releaseName := $envAll.Release.Name }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $releaseName }}-{{ $saName }}
|
||||
namespace: {{ $saNamespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $saName }}
|
||||
namespace: {{ $saNamespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $releaseName }}-{{ $saNamespace }}-{{ $saName }}
|
||||
namespace: {{ $saNamespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
- extensions
|
||||
- batch
|
||||
- apps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
resources:
|
||||
{{- range $k, $v := $deps -}}
|
||||
{{ if eq $v "daemonsets" }}
|
||||
- daemonsets
|
||||
{{- end -}}
|
||||
{{ if eq $v "jobs" }}
|
||||
- jobs
|
||||
{{- end -}}
|
||||
{{ if or (eq $v "daemonsets") (eq $v "jobs") }}
|
||||
- pods
|
||||
{{- end -}}
|
||||
{{ if eq $v "services" }}
|
||||
- services
|
||||
- endpoints
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -0,0 +1,50 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- define "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" -}}
|
||||
{{- $envAll := index . 0 -}}
|
||||
{{- $deps := index . 1 -}}
|
||||
{{- $saName := index . 2 -}}
|
||||
{{- $saNamespace := $envAll.Release.Namespace }}
|
||||
{{- $randomKey := randAlphaNum 32 }}
|
||||
{{- $allNamespace := dict $randomKey "" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ $saName }}
|
||||
namespace: {{ $saNamespace }}
|
||||
{{- range $k, $v := $deps -}}
|
||||
{{- if eq $k "services" }}
|
||||
{{- range $serv := $v }}
|
||||
{{- $endpointMap := index $envAll.Values.endpoints $serv.service }}
|
||||
{{- $endpointNS := $endpointMap.namespace | default $saNamespace }}
|
||||
{{- if not (contains "services" ((index $allNamespace $endpointNS) | default "")) }}
|
||||
{{- $_ := set $allNamespace $endpointNS (printf "%s%s" "services," ((index $allNamespace $endpointNS) | default "")) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- else if eq $k "jobs" }}
|
||||
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "jobs," ((index $allNamespace $saNamespace) | default "")) }}
|
||||
{{- else if eq $k "daemonset" }}
|
||||
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $_ := unset $allNamespace $randomKey }}
|
||||
{{- range $ns, $vv := $allNamespace }}
|
||||
{{- $resourceList := (splitList "," (trimSuffix "," $vv)) }}
|
||||
{{- tuple $envAll $resourceList $saName $ns | include "helm-toolkit.snippets.kubernetes_pod_rbac_roles" }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.deployment }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.dashboard }}
|
||||
|
||||
{{- $mounts_horizon := .Values.pod.mounts.horizon.horizon }}
|
||||
{{- $mounts_horizon_init := .Values.pod.mounts.horizon.init_container }}
|
||||
|
||||
{{- $serviceAccountName := "horizon" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: apps/v1beta1
|
||||
kind: Deployment
|
||||
@ -35,6 +39,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "horizon" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
nodeSelector:
|
||||
|
||||
@ -18,13 +18,19 @@ limitations under the License.
|
||||
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_drop }}
|
||||
|
||||
{{- $mounts_horizon_db_init := .Values.pod.mounts.horizon_db_init.horizon_db_init }}
|
||||
{{- $mounts_horizon_db_init_init := .Values.pod.mounts.horizon_db_init.init_container }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "horizon-db-drop-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: horizon-db-drop-{{ randAlphaNum 5 | lower }}
|
||||
name: {{ print "horizon-db-drop-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
@ -34,11 +40,12 @@ spec:
|
||||
labels:
|
||||
{{ tuple $envAll "horizon" "db-drop" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: horizon-db-drop
|
||||
image: {{ .Values.images.tags.db_drop }}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user