openstack/openstack-helm
Code Issues Proposed changes
openstack-helm/nova/templates/job-bootstrap.yaml
Susanta Gautam bd825495a4 Added helm.sh/hook annotations for nova chart 
Chart upgrading was failing due to some immutable fields are needed to be upgraded before the jobs can be upgraded. For solving this issue, helm.sh/hook annotations with post-install and post-upgrade has been added. As for hook-weight annotations, we have added these to control the flow of the jobs with hook creation as the jobs are dependent. Like, db-init jobs need to run before db-sync and so on. Also, helm3_hook value is added in values.yaml file in case hooks needs to be disabled if needed.

Change-Id: I4d489f5ded94f19dd3fcf58dafde00b18ff5bcae
2021-08-17 21:10:38 +05:45

141 lines
5.7 KiB
YAML
Raw Blame History

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- if and $envAll.Values.manifests.job_bootstrap $envAll.Values.bootstrap.enabled }}
{{- $serviceName := "nova" -}}
{{- $keystoneUser := $envAll.Values.bootstrap.ks_user -}}
{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
{{- $logConfigFile := $envAll.Values.conf.nova.DEFAULT.log_config_append -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "bootstrap" -}}
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $serviceAccountName | quote }}
labels:
application: {{ $serviceAccountName | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:
{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
- name: nova-wait-for-computes-init
{{ tuple $envAll "nova_wait_for_computes_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "bootstrap" "container" "nova_wait_for_computes_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /bin/bash
- -c
- /tmp/wait-for-computes-init.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/wait-for-computes-init.sh
subPath: wait-for-computes-init.sh
readOnly: true
{{- end }}
containers:
- name: bootstrap
image: {{ $envAll.Values.images.tags.bootstrap }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: WAIT_PERCENTAGE
value: "{{ .Values.bootstrap.wait_for_computes.wait_percentage }}"
- name: REMAINING_WAIT
value: "{{ .Values.bootstrap.wait_for_computes.remaining_wait }}"
command:
- /bin/bash
- -c
- /tmp/bootstrap.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: etc-service
mountPath: {{ dir $configFile | quote }}
- name: bootstrap-conf
mountPath: {{ $configFile | quote }}
subPath: {{ base $configFile | quote }}
readOnly: true
- name: bootstrap-conf
mountPath: {{ $logConfigFile | quote }}
subPath: {{ base $logConfigFile | quote }}
readOnly: true
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: bootstrap-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
- name: etc-service
emptyDir: {}
- name: bootstrap-conf
secret:
secretName: {{ $configMapEtc | quote }}
defaultMode: 0444
{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $serviceAccountName }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
View Git Blame Copy Permalink