From 77609e272201108faf1311f6879ad798744abb69 Mon Sep 17 00:00:00 2001
From: Thiago Brito <thiago.brito@windriver.com>
Date: Tue, 22 Mar 2022 15:34:30 -0300
Subject: [PATCH] Enable taint toleration for barbican
This changes use the helm-toolkit template for toleration
in openstack services
Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: I6ca1705cc095613aa9db3375e6f203769694b31f
---
barbican/Chart.yaml | 2 +-
barbican/templates/deployment-api.yaml | 3 +++
barbican/templates/job-bootstrap.yaml | 3 +++
barbican/templates/job-db-drop.yaml | 3 +++
barbican/templates/job-db-init.yaml | 3 +++
barbican/templates/job-db-sync.yaml | 3 +++
barbican/templates/job-image-repo-sync.yaml | 3 +++
barbican/templates/job-ks-endpoints.yaml | 3 +++
barbican/templates/job-ks-service.yaml | 3 +++
barbican/templates/job-ks-user.yaml | 3 +++
barbican/templates/job-rabbit-init.yaml | 3 +++
barbican/templates/pod-test.yaml | 3 +++
barbican/values.yaml | 7 +++++++
releasenotes/notes/barbican.yaml | 1 +
14 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/barbican/Chart.yaml b/barbican/Chart.yaml
index 82239687b5..7f9864f3ee 100644
--- a/barbican/Chart.yaml
+++ b/barbican/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Barbican
name: barbican
-version: 0.2.9
+version: 0.2.10
home: https://docs.openstack.org/barbican/latest/
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Barbican/OpenStack_Project_Barbican_vertical.png
sources:
diff --git a/barbican/templates/deployment-api.yaml b/barbican/templates/deployment-api.yaml
index 4a3a6ea042..9033971f87 100644
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@@ -51,6 +51,9 @@ spec:
{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.barbican.enabled }}
+{{ tuple $envAll "barbican" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
initContainers:
{{ tuple $envAll "api" $mounts_barbican_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
diff --git a/barbican/templates/job-bootstrap.yaml b/barbican/templates/job-bootstrap.yaml
index a98148ed87..ced8bc3e05 100644
--- a/barbican/templates/job-bootstrap.yaml
+++ b/barbican/templates/job-bootstrap.yaml
@@ -21,5 +21,8 @@ helm.sh/hook-weight: "5"
{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
{{- $bootstrapJob := dict "envAll" . "serviceName" "barbican" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.barbican.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
{{- end }}
diff --git a/barbican/templates/job-db-drop.yaml b/barbican/templates/job-db-drop.yaml
index 82fa3f4551..b6f0a6fa3d 100644
--- a/barbican/templates/job-db-drop.yaml
+++ b/barbican/templates/job-db-drop.yaml
@@ -19,5 +19,8 @@ limitations under the License.
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
{{- end }}
diff --git a/barbican/templates/job-db-init.yaml b/barbican/templates/job-db-init.yaml
index 7e9fab03f9..1d1f3a504c 100644
--- a/barbican/templates/job-db-init.yaml
+++ b/barbican/templates/job-db-init.yaml
@@ -26,5 +26,8 @@ helm.sh/hook-weight: "-5"
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
{{- end }}
diff --git a/barbican/templates/job-db-sync.yaml b/barbican/templates/job-db-sync.yaml
index 8ec6e85b6f..587be68ab0 100644
--- a/barbican/templates/job-db-sync.yaml
+++ b/barbican/templates/job-db-sync.yaml
@@ -28,5 +28,8 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.certificates -}}
{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
{{- end -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
{{- end }}
diff --git a/barbican/templates/job-image-repo-sync.yaml b/barbican/templates/job-image-repo-sync.yaml
index 0181de3a44..5faccb13b6 100644
--- a/barbican/templates/job-image-repo-sync.yaml
+++ b/barbican/templates/job-image-repo-sync.yaml
@@ -20,5 +20,8 @@ helm.sh/hook: post-install,post-upgrade
{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
{{- end }}
diff --git a/barbican/templates/job-ks-endpoints.yaml b/barbican/templates/job-ks-endpoints.yaml
index e8ec4c5a55..023f58e150 100644
--- a/barbican/templates/job-ks-endpoints.yaml
+++ b/barbican/templates/job-ks-endpoints.yaml
@@ -21,5 +21,8 @@ helm.sh/hook-weight: "-2"
{{- if .Values.manifests.job_ks_endpoints }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "barbican" "serviceTypes" ( tuple "key-manager" ) "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
{{- end }}
diff --git a/barbican/templates/job-ks-service.yaml b/barbican/templates/job-ks-service.yaml
index a86c1bcbe3..c0e068304d 100644
--- a/barbican/templates/job-ks-service.yaml
+++ b/barbican/templates/job-ks-service.yaml
@@ -21,5 +21,8 @@ helm.sh/hook-weight: "-3"
{{- if .Values.manifests.job_ks_service }}
{{- $ksServiceJob := dict "envAll" . "serviceName" "barbican" "serviceTypes" ( tuple "key-manager" ) "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
{{- end }}
diff --git a/barbican/templates/job-ks-user.yaml b/barbican/templates/job-ks-user.yaml
index ab5ac9a8db..e16e03381c 100644
--- a/barbican/templates/job-ks-user.yaml
+++ b/barbican/templates/job-ks-user.yaml
@@ -21,5 +21,8 @@ helm.sh/hook-weight: "-1"
{{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}
diff --git a/barbican/templates/job-rabbit-init.yaml b/barbican/templates/job-rabbit-init.yaml
index 702bcaeab5..75bb5fc120 100644
--- a/barbican/templates/job-rabbit-init.yaml
+++ b/barbican/templates/job-rabbit-init.yaml
@@ -21,5 +21,8 @@ helm.sh/hook-weight: "-4"
{{- if .Values.manifests.job_rabbit_init }}
{{- $rmqUserJob := dict "envAll" . "serviceName" "barbican" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.barbican.enabled -}}
+{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
+{{- end -}}
{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
{{- end }}
diff --git a/barbican/templates/pod-test.yaml b/barbican/templates/pod-test.yaml
index c44a95e508..f41435640d 100644
--- a/barbican/templates/pod-test.yaml
+++ b/barbican/templates/pod-test.yaml
@@ -37,6 +37,9 @@ spec:
{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
nodeSelector:
{{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.barbican.enabled }}
+{{ tuple $envAll "barbican" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 2 }}
+{{ end }}
restartPolicy: Never
initContainers:
{{ tuple $envAll "tests" $mounts_barbican_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
diff --git a/barbican/values.yaml b/barbican/values.yaml
index 8d567edab6..9e9f65a263 100644
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@@ -78,6 +78,13 @@ pod:
default: kubernetes.io/hostname
weight:
default: 10
+ tolerations:
+ barbican:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
mounts:
barbican_api:
init_container: null
diff --git a/releasenotes/notes/barbican.yaml b/releasenotes/notes/barbican.yaml
index 57744f92b1..cd7d94bc81 100644
--- a/releasenotes/notes/barbican.yaml
+++ b/releasenotes/notes/barbican.yaml
@@ -13,4 +13,5 @@ barbican:
- 0.2.7 Fix db connection key name
- 0.2.8 Update htk requirements repo
- 0.2.9 Removed default policy in favor in code policy
+ - 0.2.10 Enable taint toleration for Openstack services
...