openstack
/
openstack-helm
Code Issues Proposed changes

Helm-Toolkit: move keystone user jobs to helm-toolkit 

This PS moves the keystone user jobs to be driven by
a helm-toolkit function providing greater consistency
to the charts in OSH, and reduced tech debt.

Change-Id: Ic5eb172b0443f61b8ecab8b3a607c764fb145c75
This commit is contained in:
portdirect 2018-02-06 18:45:04 -05:00
parent fb4fe70bf8
commit f296acf647
18 changed files with 240 additions and 742 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
barbican/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "barbican-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: barbican-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "barbican" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: barbican-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "barbican"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.barbican.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: barbican-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "barbican-bin" "serviceName" "barbican" "serviceUser" "barbican" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

49
ceilometer/templates/job-ks-user.yaml
View File

@ -15,51 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.job.node_selector_key .Values.labels.job.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "ceilometer-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: ceilometer-ks-user
spec:
template:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ceilometer-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceilometer"
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: ceilometer-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "ceilometer-bin" "serviceName" "ceilometer" "serviceUser" "ceilometer" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
ceph/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if and .Values.manifests.job_ks_user .Values.deployment.rgw_keystone_user_and_endpoints }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.jobs.node_selector_key .Values.labels.jobs.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "ceph-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: ceph-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "ceph" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ceph-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "ceph"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.swift.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: ceph-bin-ks
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "ceph-bin-ks" "serviceName" "ceph" "serviceUser" "swift" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
cinder/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "cinder-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: cinder-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "cinder" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: cinder-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "cinder"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.cinder.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: cinder-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "cinder-bin" "serviceName" "cinder" "serviceUser" "cinder" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
congress/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "congress-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: congress-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: congress-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "congress"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.congress.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: congress-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "congress-bin" "serviceName" "congress" "serviceUser" "congress" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
glance/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "glance-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: glance-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "glance" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: glance-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "glance"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.glance.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: glance-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "glance-bin" "serviceName" "glance" "serviceUser" "glance" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
gnocchi/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "gnocchi-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: gnocchi-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "gnocchi" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: gnocchi-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "gnocchi"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: gnocchi-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "gnocchi-bin" "serviceName" "gnocchi" "serviceUser" "gnocchi" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

84
heat/templates/job-ks-user-domain.yaml Normal file
View File

@ -0,0 +1,84 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user_domain }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "heat-ks-user-domain" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: heat-domain-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: heat-ks-domain-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/ks-domain-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-domain-user.sh
subPath: ks-domain-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: heat-bin
defaultMode: 0555
{{- end }}

22
heat/templates/job-ks-user-trustee.yaml Normal file
View File

@ -0,0 +1,22 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user_trustee }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "heat-bin" "serviceName" "heat" "serviceUser" "heat_trustee" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

111
heat/templates/job-ks-user.yaml
View File

@ -15,113 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "heat-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: heat-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: heat-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.heat.role | quote }}
- name: heat-ks-trustee-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }}
- name: heat-ks-domain-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
command:
- /tmp/ks-domain-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-domain-user.sh
subPath: ks-domain-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "heat"
- name: SERVICE_OS_REGION_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_REGION_NAME
- name: SERVICE_OS_DOMAIN_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_DOMAIN_NAME
- name: SERVICE_OS_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_USERNAME
- name: SERVICE_OS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.identity.heat_stack_user }}
key: OS_PASSWORD
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: heat-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "heat-bin" "serviceName" "heat" "serviceUser" "heat" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

12
heat/values.yaml
View File

@ -284,6 +284,8 @@ dependencies:
trusts:
jobs:
- heat-ks-user
- heat-trustee-ks-user
- heat-domain-ks-user
services:
- service: identity
endpoint: internal
@ -291,6 +293,8 @@ dependencies:
jobs:
- heat-db-sync
- heat-ks-user
- heat-trustee-ks-user
- heat-domain-ks-user
- heat-ks-endpoints
services:
- service: oslo_db
@ -301,6 +305,8 @@ dependencies:
jobs:
- heat-db-sync
- heat-ks-user
- heat-trustee-ks-user
- heat-domain-ks-user
- heat-ks-endpoints
services:
- service: oslo_db
@ -311,6 +317,8 @@ dependencies:
jobs:
- heat-db-sync
- heat-ks-user
- heat-trustee-ks-user
- heat-domain-ks-user
- heat-ks-endpoints
services:
- service: oslo_db
@ -321,6 +329,8 @@ dependencies:
jobs:
- heat-db-sync
- heat-ks-user
- heat-trustee-ks-user
- heat-domain-ks-user
- heat-ks-endpoints
services:
- service: oslo_db
@ -646,6 +656,8 @@ manifests:
job_db_drop: false
job_ks_endpoints: true
job_ks_service: true
job_ks_user_domain: true
job_ks_user_trustee: true
job_ks_user: true
pdb_api: true
pdb_cfn: true

80
helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl Normal file
View File

@ -0,0 +1,80 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
# This function creates a manifest for keystone user management.
# It can be used in charts dict created similar to the following:
# {- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }
# {- $dependencies := .Values.dependencies.ks_user }
# {- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "senlin-bin" "serviceName" "senlin" "serviceUser" "senlin" }
# { $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }
{{- define "helm-toolkit.manifests.job_ks_user" -}}
{{- $envAll := index . "envAll" -}}
{{- $nodeSelector := index . "nodeSelector" -}}
{{- $dependencies := index . "dependencies" -}}
{{- $configMapBin := index . "configMapBin" -}}
{{- $serviceName := index . "serviceName" -}}
{{- $serviceUser := index . "serviceUser" -}}
{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}}
{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ printf "%s-%s" $serviceUserPretty "ks-user" | quote }}
spec:
template:
metadata:
labels:
{{ tuple $envAll $serviceName "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName | quote }}
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ks-user
image: {{ $envAll.Values.images.tags.ks_user | quote }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: {{ $serviceName | quote }}
{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }}
volumes:
- name: ks-user-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
{{- end -}}

52
magnum/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "magnum-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: magnum-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "magnum" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: magnum-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "magnum"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.magnum.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: magnum-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "magnum-bin" "serviceName" "magnum" "serviceUser" "magnum" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
mistral/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "mistral-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: mistral-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "mistral" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: mistral-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "mistral"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.mistral.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: mistral-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "mistral-bin" "serviceName" "mistral" "serviceUser" "mistral" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
neutron/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.server.node_selector_key .Values.labels.server.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "neutron-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: neutron-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "neutron" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: neutron-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "neutron"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.neutron.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: neutron-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "neutron-bin" "serviceName" "neutron" "serviceUser" "neutron" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
nova/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.job.node_selector_key .Values.labels.job.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "nova-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: nova-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "nova" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: nova-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "nova"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.nova.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: nova-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "nova-bin" "serviceName" "nova" "serviceUser" "nova" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}

52
rally/templates/job-ks-user.yaml
View File

@ -14,53 +14,7 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "rally-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: rally-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "rally" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: rally-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "rally"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.rally.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: rally-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "rally-bin" "serviceName" "rally" "serviceUser" "rally" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}

52
senlin/templates/job-ks-user.yaml
View File

@ -15,54 +15,8 @@ limitations under the License.
*/}}
{{- if .Values.manifests.job_ks_user }}
{{- $envAll := . }}
{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }}
{{- $dependencies := .Values.dependencies.ks_user }}
{{- $serviceAccountName := "senlin-ks-user" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: senlin-ks-user
spec:
template:
metadata:
labels:
{{ tuple $envAll "senlin" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: senlin-ks-user
image: {{ .Values.images.tags.ks_user }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
command:
- /tmp/ks-user.sh
volumeMounts:
- name: ks-user-sh
mountPath: /tmp/ks-user.sh
subPath: ks-user.sh
readOnly: true
env:
{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_SERVICE_NAME
value: "senlin"
{{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }}
{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }}
{{- end }}
- name: SERVICE_OS_ROLE
value: {{ .Values.endpoints.identity.auth.senlin.role | quote }}
volumes:
- name: ks-user-sh
configMap:
name: senlin-bin
defaultMode: 0555
{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "senlin-bin" "serviceName" "senlin" "serviceUser" "senlin" }}
{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
{{- end }}