229db2f155
With this patch we allow for a more easy way of overriding some of the values that may be used in other distros while maintainting the default values if those values are not overriden. The following values are introduced to be overriden: conf: security: software: apache2: conf_dir: site_dir: mods_dir: binary: start_flags: a2enmod: a2dismod: On which: * conf_dir: directory where to drop the config files * site_dir: directory where to drop the enabled virtualhosts * mods_dir: directory where to drop any mod configuration * binary: the binary to use for launching apache * start_flags: any flags that will be passed to the apache binary call * a2enmod: mods to enable * a2dismod: mods to disable * security: security configuration for apache Notice that if there is no overrides given, it should not affect anything and the templates will not be changed as the default values are set to what they used to be as to not disrupt existing deployments. Change-Id: I7622325cf23e5afb26a5f5e887458fd58af2fab8
187 lines
7.3 KiB
YAML
187 lines
7.3 KiB
YAML
{{/*
|
|
Copyright 2017 The Openstack-Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if .Values.manifests.deployment_api }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $mounts_keystone_api := .Values.pod.mounts.keystone_api.keystone_api }}
|
|
{{- $mounts_keystone_api_init := .Values.pod.mounts.keystone_api.init_container }}
|
|
|
|
{{- $serviceAccountName := "keystone-api" }}
|
|
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: keystone-api
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
labels:
|
|
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.pod.replicas.api }}
|
|
selector:
|
|
matchLabels:
|
|
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
|
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
|
spec:
|
|
{{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
affinity:
|
|
{{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
|
nodeSelector:
|
|
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
|
|
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
|
|
initContainers:
|
|
{{ tuple $envAll "api" $mounts_keystone_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
containers:
|
|
- name: keystone-api
|
|
{{ tuple $envAll "keystone_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "keystone" "container" "keystone_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
command:
|
|
- /tmp/keystone-api.sh
|
|
- start
|
|
lifecycle:
|
|
preStop:
|
|
exec:
|
|
command:
|
|
- /tmp/keystone-api.sh
|
|
- stop
|
|
ports:
|
|
{{- $portInt := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
|
|
- name: ks-pub
|
|
containerPort: {{ $portInt }}
|
|
readinessProbe:
|
|
httpGet:
|
|
scheme: HTTP
|
|
path: /
|
|
port: {{ $portInt }}
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet:
|
|
scheme: HTTP
|
|
path: /
|
|
port: {{ $portInt }}
|
|
initialDelaySeconds: 50
|
|
periodSeconds: 20
|
|
timeoutSeconds: 5
|
|
volumeMounts:
|
|
- name: etckeystone
|
|
mountPath: /etc/keystone
|
|
- name: logs-apache
|
|
mountPath: /var/log/apache2
|
|
- name: run-apache
|
|
mountPath: /var/run/apache2
|
|
- name: wsgi-keystone
|
|
mountPath: /var/www/cgi-bin/keystone
|
|
- name: keystone-etc
|
|
mountPath: /etc/keystone/keystone.conf
|
|
subPath: keystone.conf
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: /etc/apache2/ports.conf
|
|
subPath: ports.conf
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: {{ .Values.conf.keystone.DEFAULT.log_config_append }}
|
|
subPath: {{ base .Values.conf.keystone.DEFAULT.log_config_append }}
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: /etc/keystone/keystone-paste.ini
|
|
subPath: keystone-paste.ini
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: /etc/keystone/policy.json
|
|
subPath: policy.json
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: /etc/keystone/sso_callback_template.html
|
|
subPath: sso_callback_template.html
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: {{ .Values.conf.software.apache2.conf_dir }}/wsgi-keystone.conf
|
|
subPath: wsgi-keystone.conf
|
|
readOnly: true
|
|
- name: keystone-etc
|
|
mountPath: {{ .Values.conf.software.apache2.mods_dir }}/mpm_event.conf
|
|
subPath: mpm_event.conf
|
|
readOnly: true
|
|
{{- if .Values.conf.security }}
|
|
- name: keystone-etc
|
|
mountPath: {{ .Values.conf.software.apache2.conf_dir }}/security.conf
|
|
subPath: security.conf
|
|
readOnly: true
|
|
{{- end }}
|
|
- name: keystone-bin
|
|
mountPath: /tmp/keystone-api.sh
|
|
subPath: keystone-api.sh
|
|
readOnly: true
|
|
{{- if .Values.endpoints.ldap.auth.client.tls.ca }}
|
|
- name: keystone-ldap-tls
|
|
mountPath: /etc/keystone/ldap/tls.ca
|
|
subPath: tls.ca
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
|
- name: keystone-fernet-keys
|
|
mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }}
|
|
{{- end }}
|
|
- name: keystone-credential-keys
|
|
mountPath: {{ .Values.conf.keystone.credential.key_repository }}
|
|
{{ if $mounts_keystone_api.volumeMounts }}{{ toYaml $mounts_keystone_api.volumeMounts | indent 10 }}{{ end }}
|
|
volumes:
|
|
- name: etckeystone
|
|
emptyDir: {}
|
|
- name: wsgi-keystone
|
|
emptyDir: {}
|
|
- name: logs-apache
|
|
emptyDir: {}
|
|
- name: run-apache
|
|
emptyDir: {}
|
|
- name: keystone-etc
|
|
secret:
|
|
secretName: keystone-etc
|
|
defaultMode: 0444
|
|
- name: keystone-bin
|
|
configMap:
|
|
name: keystone-bin
|
|
defaultMode: 0555
|
|
{{- if .Values.endpoints.ldap.auth.client.tls.ca }}
|
|
- name: keystone-ldap-tls
|
|
secret:
|
|
secretName: keystone-ldap-tls
|
|
{{- end }}
|
|
{{- if eq .Values.conf.keystone.token.provider "fernet" }}
|
|
- name: keystone-fernet-keys
|
|
secret:
|
|
secretName: keystone-fernet-keys
|
|
{{- end }}
|
|
- name: keystone-credential-keys
|
|
secret:
|
|
secretName: keystone-credential-keys
|
|
{{ if $mounts_keystone_api.volumes }}{{ toYaml $mounts_keystone_api.volumes | indent 6 }}{{ end }}
|
|
{{- end }}
|