diff --git a/barbican/templates/job-ks-user.yaml b/barbican/templates/job-ks-user.yaml index 3eb55ac94a..9c260d4f3b 100644 --- a/barbican/templates/job-ks-user.yaml +++ b/barbican/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "barbican-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: barbican-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "barbican" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: barbican-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "barbican" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.barbican }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.barbican.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: barbican-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "barbican-bin" "serviceName" "barbican" "serviceUser" "barbican" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/ceilometer/templates/job-ks-user.yaml b/ceilometer/templates/job-ks-user.yaml index 40481fea8d..e3632004a9 100644 --- a/ceilometer/templates/job-ks-user.yaml +++ b/ceilometer/templates/job-ks-user.yaml @@ -15,51 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.job.node_selector_key .Values.labels.job.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "ceilometer-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ceilometer-ks-user -spec: - template: - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ceilometer-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "ceilometer" -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.ceilometer }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.ceilometer.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: ceilometer-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "ceilometer-bin" "serviceName" "ceilometer" "serviceUser" "ceilometer" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/ceph/templates/job-ks-user.yaml b/ceph/templates/job-ks-user.yaml index 0e350c0c26..00e779af8b 100644 --- a/ceph/templates/job-ks-user.yaml +++ b/ceph/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if and .Values.manifests.job_ks_user .Values.deployment.rgw_keystone_user_and_endpoints }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.jobs.node_selector_key .Values.labels.jobs.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "ceph-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: ceph-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "ceph" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ $envAll.Values.labels.jobs.node_selector_key }}: {{ $envAll.Values.labels.jobs.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: ceph-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "ceph" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.swift }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.swift.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: ceph-bin-ks - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "ceph-bin-ks" "serviceName" "ceph" "serviceUser" "swift" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/cinder/templates/job-ks-user.yaml b/cinder/templates/job-ks-user.yaml index fcc8033716..63e03b36ca 100644 --- a/cinder/templates/job-ks-user.yaml +++ b/cinder/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "cinder-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: cinder-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "cinder" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: cinder-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "cinder" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.cinder }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.cinder.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: cinder-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "cinder-bin" "serviceName" "cinder" "serviceUser" "cinder" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/congress/templates/job-ks-user.yaml b/congress/templates/job-ks-user.yaml index efd7a54d3b..b2644a54a2 100644 --- a/congress/templates/job-ks-user.yaml +++ b/congress/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "congress-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: congress-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "congress" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: congress-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "congress" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.congress }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.congress.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: congress-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "congress-bin" "serviceName" "congress" "serviceUser" "congress" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/glance/templates/job-ks-user.yaml b/glance/templates/job-ks-user.yaml index bd26b115c0..a2d665c0dd 100644 --- a/glance/templates/job-ks-user.yaml +++ b/glance/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "glance-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: glance-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "glance" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: glance-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "glance" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.glance }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.glance.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: glance-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "glance-bin" "serviceName" "glance" "serviceUser" "glance" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/gnocchi/templates/job-ks-user.yaml b/gnocchi/templates/job-ks-user.yaml index 59f3c2f186..dd764ea7be 100644 --- a/gnocchi/templates/job-ks-user.yaml +++ b/gnocchi/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "gnocchi-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: gnocchi-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "gnocchi" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: gnocchi-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "gnocchi" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.gnocchi }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.gnocchi.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: gnocchi-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "gnocchi-bin" "serviceName" "gnocchi" "serviceUser" "gnocchi" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/heat/templates/job-ks-user-domain.yaml b/heat/templates/job-ks-user-domain.yaml new file mode 100644 index 0000000000..691b8fc45d --- /dev/null +++ b/heat/templates/job-ks-user-domain.yaml @@ -0,0 +1,84 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user_domain }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.ks_user }} + +{{- $serviceAccountName := "heat-ks-user-domain" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: heat-domain-ks-user +spec: + template: + metadata: + labels: +{{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + restartPolicy: OnFailure + nodeSelector: + {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: heat-ks-domain-user + image: {{ .Values.images.tags.ks_user }} + imagePullPolicy: {{ .Values.images.pull_policy }} + command: + - /tmp/ks-domain-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-domain-user.sh + subPath: ks-domain-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: "heat" + - name: SERVICE_OS_REGION_NAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.identity.heat_stack_user }} + key: OS_REGION_NAME + - name: SERVICE_OS_DOMAIN_NAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.identity.heat_stack_user }} + key: OS_DOMAIN_NAME + - name: SERVICE_OS_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.identity.heat_stack_user }} + key: OS_USERNAME + - name: SERVICE_OS_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.identity.heat_stack_user }} + key: OS_PASSWORD + - name: SERVICE_OS_ROLE + value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }} + volumes: + - name: ks-user-sh + configMap: + name: heat-bin + defaultMode: 0555 +{{- end }} diff --git a/heat/templates/job-ks-user-trustee.yaml b/heat/templates/job-ks-user-trustee.yaml new file mode 100644 index 0000000000..176c6e8a86 --- /dev/null +++ b/heat/templates/job-ks-user-trustee.yaml @@ -0,0 +1,22 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.job_ks_user_trustee }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} +{{- $dependencies := .Values.dependencies.ks_user }} +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "heat-bin" "serviceName" "heat" "serviceUser" "heat_trustee" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} +{{- end }} diff --git a/heat/templates/job-ks-user.yaml b/heat/templates/job-ks-user.yaml index d82f82a6a2..8985a52918 100644 --- a/heat/templates/job-ks-user.yaml +++ b/heat/templates/job-ks-user.yaml @@ -15,113 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "heat-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: heat-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "heat" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: heat-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "heat" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.heat.role | quote }} - - name: heat-ks-trustee-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "heat" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.heat_trustee }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.heat_trustee.role | quote }} - - name: heat-ks-domain-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} - command: - - /tmp/ks-domain-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-domain-user.sh - subPath: ks-domain-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "heat" - - name: SERVICE_OS_REGION_NAME - valueFrom: - secretKeyRef: - name: {{ .Values.secrets.identity.heat_stack_user }} - key: OS_REGION_NAME - - name: SERVICE_OS_DOMAIN_NAME - valueFrom: - secretKeyRef: - name: {{ .Values.secrets.identity.heat_stack_user }} - key: OS_DOMAIN_NAME - - name: SERVICE_OS_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.secrets.identity.heat_stack_user }} - key: OS_USERNAME - - name: SERVICE_OS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.secrets.identity.heat_stack_user }} - key: OS_PASSWORD - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.heat_stack_user.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: heat-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "heat-bin" "serviceName" "heat" "serviceUser" "heat" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/heat/values.yaml b/heat/values.yaml index f27a691f66..c1cb3ee2a7 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -284,6 +284,8 @@ dependencies: trusts: jobs: - heat-ks-user + - heat-trustee-ks-user + - heat-domain-ks-user services: - service: identity endpoint: internal @@ -291,6 +293,8 @@ dependencies: jobs: - heat-db-sync - heat-ks-user + - heat-trustee-ks-user + - heat-domain-ks-user - heat-ks-endpoints services: - service: oslo_db @@ -301,6 +305,8 @@ dependencies: jobs: - heat-db-sync - heat-ks-user + - heat-trustee-ks-user + - heat-domain-ks-user - heat-ks-endpoints services: - service: oslo_db @@ -311,6 +317,8 @@ dependencies: jobs: - heat-db-sync - heat-ks-user + - heat-trustee-ks-user + - heat-domain-ks-user - heat-ks-endpoints services: - service: oslo_db @@ -321,6 +329,8 @@ dependencies: jobs: - heat-db-sync - heat-ks-user + - heat-trustee-ks-user + - heat-domain-ks-user - heat-ks-endpoints services: - service: oslo_db @@ -646,6 +656,8 @@ manifests: job_db_drop: false job_ks_endpoints: true job_ks_service: true + job_ks_user_domain: true + job_ks_user_trustee: true job_ks_user: true pdb_api: true pdb_cfn: true diff --git a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl new file mode 100644 index 0000000000..10cc601e10 --- /dev/null +++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl @@ -0,0 +1,80 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +# This function creates a manifest for keystone user management. +# It can be used in charts dict created similar to the following: +# {- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value } +# {- $dependencies := .Values.dependencies.ks_user } +# {- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "senlin-bin" "serviceName" "senlin" "serviceUser" "senlin" } +# { $ksUserJob | include "helm-toolkit.manifests.job_ks_user" } + +{{- define "helm-toolkit.manifests.job_ks_user" -}} +{{- $envAll := index . "envAll" -}} +{{- $nodeSelector := index . "nodeSelector" -}} +{{- $dependencies := index . "dependencies" -}} +{{- $configMapBin := index . "configMapBin" -}} +{{- $serviceName := index . "serviceName" -}} +{{- $serviceUser := index . "serviceUser" -}} +{{- $serviceUserPretty := $serviceUser | replace "_" "-" -}} + +{{- $serviceAccountName := printf "%s-%s" $serviceUserPretty "ks-user" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ printf "%s-%s" $serviceUserPretty "ks-user" | quote }} +spec: + template: + metadata: + labels: +{{ tuple $envAll $serviceName "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName | quote }} + restartPolicy: OnFailure + nodeSelector: +{{ toYaml $nodeSelector | indent 8 }} + initContainers: +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: ks-user + image: {{ $envAll.Values.images.tags.ks_user | quote }} + imagePullPolicy: {{ $envAll.Values.images.pull_policy | quote }} +{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - /tmp/ks-user.sh + volumeMounts: + - name: ks-user-sh + mountPath: /tmp/ks-user.sh + subPath: ks-user.sh + readOnly: true + env: +{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} +{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_SERVICE_NAME + value: {{ $serviceName | quote }} +{{- with $env := dict "ksUserSecret" (index $envAll.Values.secrets.identity $serviceUser ) }} +{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} +{{- end }} + - name: SERVICE_OS_ROLE + value: {{ index $envAll.Values.endpoints.identity.auth $serviceUser "role" | quote }} + volumes: + - name: ks-user-sh + configMap: + name: {{ $configMapBin | quote }} + defaultMode: 0555 +{{- end -}} diff --git a/magnum/templates/job-ks-user.yaml b/magnum/templates/job-ks-user.yaml index 26793e7bdf..d04fca28ae 100644 --- a/magnum/templates/job-ks-user.yaml +++ b/magnum/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "magnum-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: magnum-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "magnum" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: magnum-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "magnum" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.magnum }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.magnum.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: magnum-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "magnum-bin" "serviceName" "magnum" "serviceUser" "magnum" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/mistral/templates/job-ks-user.yaml b/mistral/templates/job-ks-user.yaml index 694bea27d6..63c1a920a0 100644 --- a/mistral/templates/job-ks-user.yaml +++ b/mistral/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "mistral-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: mistral-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "mistral" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: mistral-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "mistral" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.mistral }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.mistral.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: mistral-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "mistral-bin" "serviceName" "mistral" "serviceUser" "mistral" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/neutron/templates/job-ks-user.yaml b/neutron/templates/job-ks-user.yaml index d19462df05..9f119eb525 100644 --- a/neutron/templates/job-ks-user.yaml +++ b/neutron/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.server.node_selector_key .Values.labels.server.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "neutron-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: neutron-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "neutron" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: neutron-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "neutron" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.neutron }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.neutron.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: neutron-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "neutron-bin" "serviceName" "neutron" "serviceUser" "neutron" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/nova/templates/job-ks-user.yaml b/nova/templates/job-ks-user.yaml index a295774337..a722cf2227 100644 --- a/nova/templates/job-ks-user.yaml +++ b/nova/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.job.node_selector_key .Values.labels.job.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "nova-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: nova-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "nova" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: nova-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_service | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "nova" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.nova }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.nova.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: nova-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "nova-bin" "serviceName" "nova" "serviceUser" "nova" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }} diff --git a/rally/templates/job-ks-user.yaml b/rally/templates/job-ks-user.yaml index 8b6a3651a5..f16eaec433 100644 --- a/rally/templates/job-ks-user.yaml +++ b/rally/templates/job-ks-user.yaml @@ -14,53 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "rally-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: rally-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "rally" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: rally-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "rally" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.rally }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.rally.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: rally-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "rally-bin" "serviceName" "rally" "serviceUser" "rally" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} diff --git a/senlin/templates/job-ks-user.yaml b/senlin/templates/job-ks-user.yaml index 4081302cde..8444bae002 100644 --- a/senlin/templates/job-ks-user.yaml +++ b/senlin/templates/job-ks-user.yaml @@ -15,54 +15,8 @@ limitations under the License. */}} {{- if .Values.manifests.job_ks_user }} -{{- $envAll := . }} +{{- $nodeSelector := dict .Values.labels.node_selector_key .Values.labels.node_selector_value }} {{- $dependencies := .Values.dependencies.ks_user }} - -{{- $serviceAccountName := "senlin-ks-user" }} -{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: senlin-ks-user -spec: - template: - metadata: - labels: -{{ tuple $envAll "senlin" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - spec: - serviceAccountName: {{ $serviceAccountName }} - restartPolicy: OnFailure - nodeSelector: - {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} - initContainers: -{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - containers: - - name: senlin-ks-user - image: {{ .Values.images.tags.ks_user }} - imagePullPolicy: {{ .Values.images.pull_policy }} -{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - /tmp/ks-user.sh - volumeMounts: - - name: ks-user-sh - mountPath: /tmp/ks-user.sh - subPath: ks-user.sh - readOnly: true - env: -{{- with $env := dict "ksUserSecret" $envAll.Values.secrets.identity.admin }} -{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_SERVICE_NAME - value: "senlin" -{{- with $env := dict "ksUserSecret" .Values.secrets.identity.senlin }} -{{- include "helm-toolkit.snippets.keystone_user_create_env_vars" $env | indent 12 }} -{{- end }} - - name: SERVICE_OS_ROLE - value: {{ .Values.endpoints.identity.auth.senlin.role | quote }} - volumes: - - name: ks-user-sh - configMap: - name: senlin-bin - defaultMode: 0555 +{{- $ksUserJob := dict "envAll" . "nodeSelector" $nodeSelector "dependencies" $dependencies "configMapBin" "senlin-bin" "serviceName" "senlin" "serviceUser" "senlin" }} +{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }} {{- end }}