{{/*
Copyright 2017 The Openstack-Helm Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.daemonset_compute }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.compute }}
{{- $mounts_nova_compute := .Values.pod.mounts.nova_compute.nova_compute }}
{{- $mounts_nova_compute_init := .Values.pod.mounts.nova_compute.init_container }}
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: nova-compute
spec:
{{ tuple $envAll "compute" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
  template:
    metadata:
      labels:
{{ tuple $envAll "nova" "compute" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
      nodeSelector:
        {{ .Values.labels.agent.compute.node_selector_key }}: {{ .Values.labels.agent.compute.node_selector_value }}
      hostNetwork: true
      hostPID: true
      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
{{ tuple $envAll $dependencies $mounts_nova_compute_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
        - name: nova-compute-init
          image: {{ .Values.images.tags.compute }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
          securityContext:
            runAsUser: 0
          env:
            - name: NOVA_USER_UID
              value: "{{ .Values.pod.user.nova.uid }}"
          command:
            - /tmp/nova-compute-init.sh
          volumeMounts:
            - name: nova-bin
              mountPath: /tmp/nova-compute-init.sh
              subPath: nova-compute-init.sh
              readOnly: true
            - name: varlibnova
              mountPath: /var/lib/nova
        {{- if .Values.ceph.enabled }}
        - name: ceph-keyring-placement
          image: {{ .Values.images.tags.compute }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
          securityContext:
            runAsUser: {{ .Values.pod.user.nova.uid }}
          env:
            - name: CEPH_CINDER_USER
              value: "{{ .Values.ceph.cinder_user }}"
            {{- if .Values.ceph.cinder_keyring }}
            - name: CEPH_CINDER_KEYRING
              value: "{{ .Values.ceph.cinder_keyring }}"
            {{ end }}
            - name: LIBVIRT_CEPH_SECRET_UUID
              value: "{{ .Values.ceph.secret_uuid }}"
          command:
            - /tmp/ceph-keyring.sh
          volumeMounts:
            - name: etcceph
              mountPath: /etc/ceph
            - name: nova-bin
              mountPath: /tmp/ceph-keyring.sh
              subPath: ceph-keyring.sh
            - name: ceph-keyring
              mountPath: /tmp/client-keyring
              subPath: key
              readOnly: true
        {{ end }}
        - name: nova-compute-vnc-init
          image: {{ .Values.images.tags.compute }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
            runAsUser: {{ .Values.pod.user.nova.uid }}
          command:
            - /tmp/nova-vnc-compute-init.sh
          volumeMounts:
            - name: nova-bin
              mountPath: /tmp/nova-vnc-compute-init.sh
              subPath: nova-vnc-compute-init.sh
              readOnly: true
            - name: pod-shared
              mountPath: /tmp/pod-shared
      containers:
        - name: nova-compute
          image: {{ .Values.images.tags.compute }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.compute | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
            runAsUser: {{ .Values.pod.user.nova.uid }}
            privileged: true
          {{- if .Values.ceph.enabled }}
          env:
            - name: CEPH_CINDER_USER
              value: "{{ .Values.ceph.cinder_user }}"
            {{- if .Values.ceph.cinder_keyring }}
            - name: CEPH_CINDER_KEYRING
              value: "{{ .Values.ceph.cinder_keyring }}"
            {{ end }}
            - name: LIBVIRT_CEPH_SECRET_UUID
              value: "{{ .Values.ceph.secret_uuid }}"
          {{ end }}
          command:
            - /tmp/nova-compute.sh
          volumeMounts:
            - name: nova-bin
              mountPath: /tmp/nova-compute.sh
              subPath: nova-compute.sh
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/nova.conf
              subPath: nova.conf
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/api-paste.ini
              subPath: api-paste.ini
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/policy.yaml
              subPath: policy.yaml
              readOnly: true
            - name: nova-etc
              # NOTE (Portdirect): We mount here to override Kollas
              # custom sudoers file when using Kolla images, this
              # location will also work fine for other images.
              mountPath: /etc/sudoers.d/kolla_nova_sudoers
              subPath: nova_sudoers
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/rootwrap.conf
              subPath: rootwrap.conf
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/rootwrap.d/api-metadata.filters
              subPath: api-metadata.filters
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/rootwrap.d/compute.filters
              subPath: compute.filters
              readOnly: true
            - name: nova-etc
              mountPath: /etc/nova/rootwrap.d/network.filters
              subPath: network.filters
              readOnly: true
            - name: nova-etc
              mountPath: /root/.ssh/config
              subPath: ssh-config
              readOnly: true
            {{- if .Values.ceph.enabled }}
            - name: etcceph
              mountPath: /etc/ceph
            - name: ceph-etc
              mountPath: /etc/ceph/ceph.conf
              subPath: ceph.conf
              readOnly: true
            - name: ceph-keyring
              mountPath: /tmp/client-keyring
              subPath: key
              readOnly: true
            {{ end }}
            - mountPath: /lib/modules
              name: libmodules
              readOnly: true
            - name: varlibnova
              mountPath: /var/lib/nova
            - name: varliblibvirt
              mountPath: /var/lib/libvirt
            - name: run
              mountPath: /run
            - name: cgroup
              mountPath: /sys/fs/cgroup
            - name: pod-shared
              mountPath: /tmp/pod-shared
            - name: machine-id
              mountPath: /etc/machine-id
              readOnly: true
{{ if $mounts_nova_compute.volumeMounts }}{{ toYaml $mounts_nova_compute.volumeMounts | indent 12 }}{{ end }}
        - name: nova-compute-ssh
          image: {{ .Values.images.tags.compute_ssh }}
          imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.ssh | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
          securityContext:
            privileged: true
          env:
            - name: KEY_TYPES
              value: {{ include "helm-toolkit.utils.joinListWithComma" .Values.ssh.key_types | quote }}
            - name: SSH_PORT
              value: {{ .Values.network.ssh.port | quote }}
          ports:
            - containerPort: {{ .Values.network.ssh.port }}
          command:
            - /tmp/ssh-start.sh
          volumeMounts:
            - name: varlibnova
              mountPath: /var/lib/nova
            - name: varliblibvirt
              mountPath: /var/lib/libvirt
            - name: nova-etc
              mountPath: /root/.ssh/id_rsa
              subPath: ssh-key-private
            - name: nova-etc
              mountPath: /root/.ssh/id_rsa.pub
              subPath: ssh-key-public
            - name: nova-etc
              mountPath: /root/.ssh/authorized_keys
              subPath: ssh-key-public
            - name: nova-bin
              mountPath: /tmp/ssh-start.sh
              subPath: ssh-start.sh
              readOnly: true
      volumes:
        - name: nova-bin
          configMap:
            name: nova-bin
            defaultMode: 0555
        - name: nova-etc
          configMap:
            name: nova-etc
            defaultMode: 0444
        {{- if .Values.ceph.enabled }}
        - name: etcceph
          emptyDir: {}
        - name: ceph-etc
          configMap:
            name: ceph-etc
            defaultMode: 0444
        - name: ceph-keyring
          secret:
            secretName: pvc-ceph-client-key
        {{ end }}
        - name: libmodules
          hostPath:
            path: /lib/modules
        - name: varlibnova
          hostPath:
            path: /var/lib/nova
        - name: varliblibvirt
          hostPath:
            path: /var/lib/libvirt
        - name: run
          hostPath:
            path: /run
        - name: cgroup
          hostPath:
            path: /sys/fs/cgroup
        - name: pod-shared
          emptyDir: {}
        - name: machine-id
          hostPath:
            path: /etc/machine-id
{{ if $mounts_nova_compute.volumes }}{{ toYaml $mounts_nova_compute.volumes | indent 8 }}{{ end }}
{{- end }}