openstack-helm/cinder/templates/cron-job-cinder-volume-usage-audit.yaml

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.cron_volume_usage_audit }}
{{- $envAll := . }}

{{- $mounts_cinder_volume_usage_audit := .Values.pod.mounts.cinder_volume_usage_audit.cinder_volume_usage_audit }}
{{- $mounts_cinder_volume_usage_audit_init := .Values.pod.mounts.cinder_volume_usage_audit.init_container }}

{{- $serviceAccountName := "cinder-volume-usage-audit" }}
{{ tuple $envAll "volume_usage_audit" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: cinder-volume-usage-audit
  labels:
{{ tuple $envAll "cinder" "volume-usage-audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
  schedule: {{ .Values.jobs.volume_usage_audit.cron | quote }}
  successfulJobsHistoryLimit: {{ .Values.jobs.volume_usage_audit.history.success }}
  failedJobsHistoryLimit: {{ .Values.jobs.volume_usage_audit.history.failed }}
  {{- if .Values.jobs.volume_usage_audit.starting_deadline }}
  startingDeadlineSeconds: {{ .Values.jobs.volume_usage_audit.starting_deadline }}
  {{- end }}
  concurrencyPolicy: Forbid
  jobTemplate:
    metadata:
      labels:
{{ tuple $envAll "cinder" "volume-usage-audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
    spec:
      template:
        metadata:
          labels:
{{ tuple $envAll "cinder" "volume-usage-audit" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
          annotations:
{{ dict "envAll" $envAll "podName" $serviceAccountName "containerNames" (list "cinder-volume-usage-audit" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 12 }}
        spec:
{{ dict "envAll" $envAll "application" "volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 10 }}
          serviceAccountName: {{ $serviceAccountName }}
          restartPolicy: OnFailure
          nodeSelector:
            {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
          initContainers:
{{ tuple $envAll "volume_usage_audit" $mounts_cinder_volume_usage_audit_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
          containers:
            - name: cinder-volume-usage-audit
{{ tuple $envAll "cinder_volume_usage_audit" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.volume_usage_audit | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{ dict "envAll" $envAll "application" "volume_usage_audit" "container" "cinder_volume_usage_audit" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 14 }}
              command:
                - /tmp/volume-usage-audit.sh
              volumeMounts:
                - name: pod-tmp
                  mountPath: /tmp
                - name: etccinder
                  mountPath: /etc/cinder
                - name: cinder-etc
                  mountPath: /etc/cinder/cinder.conf
                  subPath: cinder.conf
                  readOnly: true
                {{- if .Values.conf.cinder.DEFAULT.log_config_append }}
                - name: cinder-etc
                  mountPath: {{ .Values.conf.cinder.DEFAULT.log_config_append }}
                  subPath: {{ base .Values.conf.cinder.DEFAULT.log_config_append }}
                  readOnly: true
                {{- end }}
                - name: cinder-bin
                  mountPath: /tmp/volume-usage-audit.sh
                  subPath: volume-usage-audit.sh
                  readOnly: true
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 16 }}
{{ if $mounts_cinder_volume_usage_audit.volumeMounts }}{{ toYaml $mounts_cinder_volume_usage_audit.volumeMounts | indent 16 }}{{ end }}
          volumes:
            - name: pod-tmp
              emptyDir: {}
            - name: etccinder
              emptyDir: {}
            - name: cinder-etc
              secret:
                secretName: cinder-etc
                defaultMode: 0444
            - name: cinder-bin
              configMap:
                name: cinder-bin
                defaultMode: 0555
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{ if $mounts_cinder_volume_usage_audit.volumes }}{{ toYaml $mounts_cinder_volume_usage_audit.volumes | indent 12 }}{{ end }}
{{- end }}