diff --git a/barbican/templates/job-db-sync.yaml b/barbican/templates/job-db-sync.yaml index 6ddf6e33e1..014406e1dc 100644 --- a/barbican/templates/job-db-sync.yaml +++ b/barbican/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "barbican-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: barbican-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "barbican" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: barbican-db-sync - image: {{ .Values.images.tags.barbican_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: etcbarbican - mountPath: /etc/barbican - - name: barbican-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: barbican-etc - mountPath: /etc/barbican/barbican.conf - subPath: barbican.conf - readOnly: true - volumes: - - name: etcbarbican - emptyDir: {} - - name: barbican-etc - configMap: - name: barbican-etc - defaultMode: 0444 - - name: barbican-bin - configMap: - name: barbican-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "barbican" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/ceilometer/templates/job-db-sync.yaml b/ceilometer/templates/job-db-sync.yaml index 094fd397be..d31a32928b 100644 --- a/ceilometer/templates/job-db-sync.yaml +++ b/ceilometer/templates/job-db-sync.yaml @@ -15,52 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "ceilometer-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ceilometer-db-sync -spec: - template: - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ceilometer-db-sync - image: {{ .Values.images.tags.ceilometer_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: ceilometer-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcceilometer - mountPath: /etc/ceilometer - - name: ceilometer-etc - mountPath: /etc/ceilometer/ceilometer.conf - subPath: ceilometer.conf - readOnly: true - volumes: - - name: etcceilometer - emptyDir: {} - - name: ceilometer-etc - configMap: - name: ceilometer-etc - defaultMode: 0444 - - name: ceilometer-bin - configMap: - name: ceilometer-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "ceilometer" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/cinder/templates/job-db-sync.yaml b/cinder/templates/job-db-sync.yaml index bb063cd581..7e20e82e4f 100644 --- a/cinder/templates/job-db-sync.yaml +++ b/cinder/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "cinder-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "cinder" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: cinder-db-sync - image: {{ .Values.images.tags.cinder_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: cinder-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etccinder - mountPath: /etc/cinder - - name: cinder-etc - mountPath: /etc/cinder/cinder.conf - subPath: cinder.conf - readOnly: true - volumes: - - name: etccinder - emptyDir: {} - - name: cinder-etc - configMap: - name: cinder-etc - defaultMode: 0444 - - name: cinder-bin - configMap: - name: cinder-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "cinder" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/congress/templates/job-db-sync.yaml b/congress/templates/job-db-sync.yaml index 4e0ad5e482..6d87e91513 100644 --- a/congress/templates/job-db-sync.yaml +++ b/congress/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "congress-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: congress-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "congress" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: congress-db-sync - image: {{ .Values.images.tags.congress_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: congress-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etccongress - mountPath: /etc/congress - - name: congress-etc - mountPath: /etc/congress/congress.conf - subPath: congress.conf - readOnly: true - volumes: - - name: etccongress - emptyDir: {} - - name: congress-etc - configMap: - name: congress-etc - defaultMode: 0444 - - name: congress-bin - configMap: - name: congress-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "congress" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/glance/templates/job-db-sync.yaml b/glance/templates/job-db-sync.yaml index 6bee009675..8c338aec45 100644 --- a/glance/templates/job-db-sync.yaml +++ b/glance/templates/job-db-sync.yaml @@ -15,55 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "glance-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: glance-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "glance" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: glance-db-sync - image: {{ .Values.images.tags.glance_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: glance-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcglance - mountPath: /etc/glance - - name: glance-etc - mountPath: /etc/glance/glance-api.conf - subPath: glance-api.conf - readOnly: true - volumes: - - name: etcglance - emptyDir: {} - - name: glance-etc - configMap: - name: glance-etc - defaultMode: 0444 - - name: glance-bin - configMap: - name: glance-bin - defaultMode: 0555 +{{- $serviceName := "glance" -}} +{{- $dbToSync := index . "dbToSync" | default ( dict "configFile" (printf "/etc/%s/%s.conf" $serviceName "glance-api" ) "image" ( index .Values.images.tags ( printf "%s_db_sync" $serviceName )) ) -}} +{{- $dbSyncJob := dict "envAll" . "serviceName" $serviceName "dbToSync" $dbToSync -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/heat/templates/job-db-sync.yaml b/heat/templates/job-db-sync.yaml index 3c00b571fd..08f3281f08 100644 --- a/heat/templates/job-db-sync.yaml +++ b/heat/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "heat-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "heat" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: heat-db-sync - image: {{ .Values.images.tags.heat_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: heat-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcheat - mountPath: /etc/heat - - name: heat-etc - mountPath: /etc/heat/heat.conf - subPath: heat.conf - readOnly: true - volumes: - - name: etcheat - emptyDir: {} - - name: heat-etc - configMap: - name: heat-etc - defaultMode: 0444 - - name: heat-bin - configMap: - name: heat-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "heat" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl new file mode 100644 index 0000000000..42e4bbf4a0 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-db-sync.yaml.tpl @@ -0,0 +1,94 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for db migration and management. +# It can be used in charts dict created similar to the following: +# {- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -} +# { $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" } + +{{- define "helm-toolkit.manifests.job_db_sync" -}} +{{- $envAll := index . "envAll" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}} +{{- $dependencies := $envAll.Values.dependencies.db_sync }} +{{- $configMapBin := index . "configMapBin" | default (printf "%s-%s" $serviceName "bin" ) -}} +{{- $configMapEtc := index . "configMapEtc" | default (printf "%s-%s" $serviceName "etc" ) -}} +{{- $podVolMounts := index . "podVolMounts" | default false -}} +{{- $podVols := index . "podVols" | default false -}} +{{- $podEnvVars := index . "podEnvVars" | default false -}} +{{- $dbToSync := index . "dbToSync" | default ( dict "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "image" ( index $envAll.Values.images.tags ( printf "%s_db_sync" $serviceName )) ) -}} + +{{- $serviceNamePretty := $serviceName | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceNamePretty "db-sync" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: {{ printf "%s-%s" $serviceNamePretty "db-sync" | quote }} + image: {{ $dbToSync.image | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{- if $podEnvVars }} + env: +{{ $podEnvVars | toYaml | indent 12 }} +{{- end }} + command: + - /tmp/db-sync.sh + volumeMounts: + - name: db-sync-sh + mountPath: /tmp/db-sync.sh + subPath: db-sync.sh + readOnly: true + - name: etc-service + mountPath: {{ dir $dbToSync.configFile | quote }} + - name: db-sync-conf + mountPath: {{ $dbToSync.configFile | quote }} + subPath: {{ base $dbToSync.configFile | quote }} + readOnly: true +{{- if $podVolMounts }} +{{ $podVolMounts | toYaml | indent 12 }} +{{- end }} + volumes: + - name: db-sync-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 + - name: etc-service + emptyDir: {} + - name: db-sync-conf + configMap: + name: {{ $configMapEtc | quote }} + defaultMode: 0444 +{{- if $podVols }} +{{ $podVols | toYaml | indent 8 }} +{{- end }} +{{- end }} diff --git a/ironic/templates/job-db-sync.yaml b/ironic/templates/job-db-sync.yaml index b509dfb03e..bcd91907f3 100644 --- a/ironic/templates/job-db-sync.yaml +++ b/ironic/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "ironic-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ironic-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "ironic" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ironic-db-sync - image: {{ .Values.images.tags.ironic_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: ironic-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcironic - mountPath: /etc/ironic - - name: ironic-etc - mountPath: /etc/ironic/ironic.conf - subPath: ironic.conf - readOnly: true - volumes: - - name: etcironic - emptyDir: {} - - name: ironic-etc - configMap: - name: ironic-etc - defaultMode: 0444 - - name: ironic-bin - configMap: - name: ironic-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "ironic" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml index 97cb5578e5..de32a79cc1 100644 --- a/keystone/templates/job-db-sync.yaml +++ b/keystone/templates/job-db-sync.yaml @@ -14,80 +14,27 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- define "keystone.templates._job_db_sync.env_vars" -}} +{{- $envAll := index . 0 -}} +env: + - name: OS_BOOTSTRAP_ADMIN_URL + value: {{ tuple "identity" "admin" "admin" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + - name: OS_BOOTSTRAP_INTERNAL_URL + value: {{ tuple "identity" "internal" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} + - name: OS_BOOTSTRAP_PUBLIC_URL + value: {{ tuple "identity" "public" "api" $envAll | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 2}} +{{- end }} +{{- end }} + {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $mounts_keystone_db_sync := .Values.pod.mounts.keystone_db_sync.keystone_db_sync }} -{{- $mounts_keystone_db_sync_init := .Values.pod.mounts.keystone_db_sync.init_container }} - -{{- $serviceAccountName := "keystone-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: keystone-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "keystone" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies $mounts_keystone_db_sync_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: keystone-db-sync - image: {{ .Values.images.tags.keystone_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - env: - - name: OS_BOOTSTRAP_ADMIN_URL - value: {{ tuple "identity" "admin" "admin" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} - - name: OS_BOOTSTRAP_INTERNAL_URL - value: {{ tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} - - name: OS_BOOTSTRAP_PUBLIC_URL - value: {{ tuple "identity" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }} -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: etckeystone - mountPath: /etc/keystone - - name: keystone-etc - mountPath: /etc/keystone/keystone.conf - subPath: keystone.conf - readOnly: true - - name: keystone-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true +{{- $local := dict "podVolMounts" false "podVols" false -}} {{- if eq .Values.conf.keystone.token.provider "fernet" }} - - name: keystone-fernet-keys - mountPath: {{ .Values.conf.keystone.fernet_tokens.key_repository }} +{{- $_ := set $local "podVolMounts" (list (dict "name" "keystone-fernet-keys" "mountPath" .Values.conf.keystone.fernet_tokens.key_repository "readOnly" true )) }} +{{- $_ := set $local "podVols" (list (dict "name" "keystone-fernet-keys" "secret" (dict "secretName" "keystone-fernet-keys"))) }} {{- end }} -{{ if $mounts_keystone_db_sync.volumeMounts }}{{ toYaml $mounts_keystone_db_sync.volumeMounts | indent 10 }}{{ end }} - volumes: - - name: etckeystone - emptyDir: {} - - name: keystone-etc - configMap: - name: keystone-etc - defaultMode: 0444 - - name: keystone-bin - configMap: - name: keystone-bin - defaultMode: 0555 -{{- if eq .Values.conf.keystone.token.provider "fernet" }} - - name: keystone-fernet-keys - secret: - secretName: keystone-fernet-keys -{{- end }} -{{ if $mounts_keystone_db_sync.volumes }}{{ toYaml $mounts_keystone_db_sync.volumes | indent 6 }}{{ end }} +{{- $podEnvVars := tuple . | include "keystone.templates._job_db_sync.env_vars" | toString | fromYaml }} +{{- $dbSyncJob := dict "envAll" . "serviceName" "keystone" "podVolMounts" $local.podVolMounts "podVols" $local.podVols "podEnvVars" $podEnvVars.env -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/magnum/templates/job-db-sync.yaml b/magnum/templates/job-db-sync.yaml index 3cb6dacb57..5ffe50deb7 100644 --- a/magnum/templates/job-db-sync.yaml +++ b/magnum/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "magnum-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: magnum-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "magnum" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: magnum-db-sync - image: {{ .Values.images.tags.magnum_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: magnum-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcmagnum - mountPath: /etc/magnum - - name: magnum-etc - mountPath: /etc/magnum/magnum.conf - subPath: magnum.conf - readOnly: true - volumes: - - name: etcmagnum - emptyDir: {} - - name: magnum-etc - configMap: - name: magnum-etc - defaultMode: 0444 - - name: magnum-bin - configMap: - name: magnum-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "magnum" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/mistral/templates/job-db-sync.yaml b/mistral/templates/job-db-sync.yaml index 002cd8e506..ac5c5071bb 100644 --- a/mistral/templates/job-db-sync.yaml +++ b/mistral/templates/job-db-sync.yaml @@ -16,55 +16,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "mistral-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: mistral-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "mistral" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: mistral-db-sync - image: {{ .Values.images.tags.mistral_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: pod-etc-mistral - mountPath: /etc/mistral - - name: mistral-etc - mountPath: /etc/mistral/mistral.conf - subPath: mistral.conf - readOnly: true - - name: mistral-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - volumes: - - name: pod-etc-mistral - emptyDir: {} - - name: mistral-etc - configMap: - name: mistral-etc - defaultMode: 0444 - - name: mistral-bin - configMap: - name: mistral-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "mistral" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml index 0b4ff26c8d..cb723998d0 100644 --- a/neutron/templates/job-db-sync.yaml +++ b/neutron/templates/job-db-sync.yaml @@ -15,68 +15,7 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "neutron-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: neutron-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "neutron" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: neutron-db-sync - image: {{ .Values.images.tags.neutron_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - {{- if .Values.pod.resources.enabled }} - resources: - limits: - cpu: {{ .Values.pod.resources.jobs.db_sync.limits.cpu | quote }} - memory: {{ .Values.pod.resources.jobs.db_sync.limits.memory | quote }} - requests: - cpu: {{ .Values.pod.resources.jobs.db_sync.requests.cpu | quote }} - memory: {{ .Values.pod.resources.jobs.db_sync.requests.memory | quote }} - {{- end }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: neutron-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcneutron - mountPath: /etc/neutron - - name: neutron-etc - mountPath: /etc/neutron/neutron.conf - subPath: neutron.conf - readOnly: true - - name: neutron-etc - mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini - subPath: ml2_conf.ini - readOnly: true - volumes: - - name: etcneutron - emptyDir: {} - - name: neutron-etc - configMap: - name: neutron-etc - defaultMode: 0444 - - name: neutron-bin - configMap: - name: neutron-bin - defaultMode: 0555 +{{- $podVolMounts := list (dict "name" "db-sync-conf" "mountPath" "/etc/neutron/plugins/ml2/ml2_conf.ini" "subPath" "ml2_conf.ini" "readOnly" true )}} +{{- $dbSyncJob := dict "envAll" . "serviceName" "neutron" "podVolMounts" $podVolMounts -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/nova/templates/job-db-sync.yaml b/nova/templates/job-db-sync.yaml index 7ec25a2f5b..706fdb9863 100644 --- a/nova/templates/job-db-sync.yaml +++ b/nova/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "nova-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: nova-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "nova" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: nova-db-sync - image: {{ .Values.images.tags.nova_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: nova-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcnova - mountPath: /etc/nova - - name: nova-etc - mountPath: /etc/nova/nova.conf - subPath: nova.conf - readOnly: true - volumes: - - name: etcnova - emptyDir: {} - - name: nova-etc - configMap: - name: nova-etc - defaultMode: 0444 - - name: nova-bin - configMap: - name: nova-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "nova" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }} diff --git a/senlin/templates/job-db-sync.yaml b/senlin/templates/job-db-sync.yaml index 6e8a9ba4db..6e830f8003 100644 --- a/senlin/templates/job-db-sync.yaml +++ b/senlin/templates/job-db-sync.yaml @@ -15,55 +15,6 @@ limitations under the License. */}} {{- if .Values.manifests.job_db_sync }} -{{- $envAll := . }} -{{- $dependencies := .Values.dependencies.db_sync }} - -{{- $serviceAccountName := "senlin-db-sync" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: senlin-db-sync -spec: - template: - metadata: - labels: -{{ tuple $envAll "senlin" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: senlin-db-sync - image: {{ .Values.images.tags.senlin_db_sync }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_sync | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/db-sync.sh - volumeMounts: - - name: senlin-bin - mountPath: /tmp/db-sync.sh - subPath: db-sync.sh - readOnly: true - - name: etcsenlin - mountPath: /etc/senlin - - name: senlin-etc - mountPath: /etc/senlin/senlin.conf - subPath: senlin.conf - readOnly: true - volumes: - - name: etcsenlin - emptyDir: {} - - name: senlin-etc - configMap: - name: senlin-etc - defaultMode: 0444 - - name: senlin-bin - configMap: - name: senlin-bin - defaultMode: 0555 +{{- $dbSyncJob := dict "envAll" . "serviceName" "senlin" -}} +{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }} {{- end }}