move all containers into their own mount namespace; fix typos in new configmap logic

2017-03-22 12:13:39 -07:00 · 2017-03-22 12:13:39 -07:00 · 4153e6429e
commit 4153e6429e
parent 8c355ac65c
7 changed files with 100 additions and 88 deletions
--- a/helm-toolkit/templates/snippets/_k8s_init_dep_check.tpl
+++ b/helm-toolkit/templates/snippets/_k8s_init_dep_check.tpl
@ -15,6 +15,7 @@
 {{- define "helm-toolkit.kubernetes_entrypoint_init_container" -}}
 {{- $envAll := index . 0 -}}
 {{- $deps := index . 1 -}}
+{{- $mounts := index . 2 -}}
 {
  "name": "init",
  "image": {{ $envAll.Values.images.dep_check | quote }},
@ -48,7 +49,7 @@
    },
    {
      "name": "DEPENDENCY_SERVICE",
-      "value": "{{  include "helm-toolkit.joinListWithComma"  $deps.service }}"
+      "value": "{{  include "helm-toolkit.joinListWithComma" $deps.service }}"
    },
    {
      "name": "DEPENDENCY_JOBS",
@ -66,6 +67,7 @@
      "name": "COMMAND",
      "value": "echo done"
    }
-  ]
+  ],
+"volumeMounts": {{ $mounts | quote | default "[]"}}
 }
 {{- end -}}
--- a/keystone/templates/configmap-etc.yaml
+++ b/keystone/templates/configmap-etc.yaml
@ -48,7 +48,7 @@ data:
 {{ .Values.conf.policy.override }}
 {{- else -}}
 {{ tuple "etc/_policy.json.tpl" . | include "helm-toolkit.template" | indent 4 }}
-{{- end -}}
+{{- end }}
  mpm_event.conf: |+
 {{ tuple "etc/_mpm_event.conf.tpl" . | include "helm-toolkit.template" | indent 4 }}
  wsgi-keystone.conf: |+
--- a/keystone/templates/deployment.yaml
+++ b/keystone/templates/deployment.yaml
@ -11,10 +11,10 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.api }}
-{{- $mounts := .Values.mounts.api }}
+{{- $mounts_keystone_api := .Values.mounts.keystone_api.keystone_api }}
+{{- $mounts_keystone_api_init := .Values.mounts.keystone_api.init_container }}

 apiVersion: extensions/v1beta1
 kind: Deployment
@ -38,7 +38,7 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.hash" }}
        pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_api_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
        ]'
    spec:
      nodeSelector:
@ -75,7 +75,6 @@ spec:
            tcpSocket:
              port: {{ .Values.network.port.api }}
          volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_api.volumeMounts | indent 12 }}
      volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
-
+{{ toYaml $mounts_keystone_api.volumes | indent 8 }}
--- a/keystone/templates/etc/_policy.json.tpl
+++ b/keystone/templates/etc/_policy.json.tpl
@ -195,3 +195,5 @@
    "identity:update_domain_config": "rule:admin_required",
    "identity:delete_domain_config": "rule:admin_required",
    "identity:get_domain_config_default": "rule:admin_required"
+
+}
--- a/keystone/templates/job-db-init.yaml
+++ b/keystone/templates/job-db-init.yaml
@ -14,7 +14,9 @@

 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.init }}
-{{- $mounts := .Values.mounts.job_db_init }}
+{{- $mounts_keystone_db_init := .Values.mounts.keystone_db_init.keystone_db_init }}
+{{- $mounts_keystone_db_init_init := .Values.mounts.keystone_db_init.init_container }}
+
 apiVersion: batch/v1
 kind: Job
 metadata:
@ -24,7 +26,7 @@ spec:
    metadata:
      annotations:
        pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_db_init_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
        ]'
    spec:
      restartPolicy: OnFailure
@ -47,7 +49,7 @@ spec:
            - bash
            - /tmp/init.sh
          volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_db_init.volumeMounts | indent 12 }}
      volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
+{{ toYaml $mounts_keystone_db_init.volumes | indent 8 }}

--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@ -14,7 +14,8 @@

 {{- $envAll := . }}
 {{- $dependencies := .Values.dependencies.db_sync }}
-{{- $mounts := .Values.mounts.job_db_sync }}
+{{- $mounts_keystone_db_sync := .Values.mounts.keystone_db_sync.keystone_db_sync }}
+{{- $mounts_keystone_db_sync_init := .Values.mounts.keystone_db_sync.init_container }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@ -24,7 +25,7 @@ spec:
    metadata:
      annotations:
        pod.beta.kubernetes.io/init-containers: '[
-{{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
+{{ tuple $envAll $dependencies $mounts_keystone_db_sync_init | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }}
        ]'
    spec:
      restartPolicy: OnFailure
@ -47,6 +48,6 @@ spec:
            - bash
            - /tmp/db-sync.sh
          volumeMounts:            
-{{ toYaml $mounts.volumeMounts | indent 12 }}
+{{ toYaml $mounts_keystone_db_sync.volumeMounts | indent 12 }}
      volumes:
-{{ toYaml $mounts.volumes | indent 8 }}
+{{ toYaml $mounts_keystone_db_sync.volumes | indent 8 }}
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -95,77 +95,83 @@ resources:
        cpu: "500m"

 mounts:
-  job_db_init:
-    volumes:
-    - name: keystone-bin
-      configMap:
-        name: keystone-bin      
-    volumeMounts:
-    - name: keystone-bin
-      mountPath: /tmp/init.sh
-      subPath: init.sh
-  job_db_sync:
-    volumes:
-    - name: empty
-      emptyDir: {}
-    - name: keystone-etc
-      configMap:
-        name: keystone-etc
-    - name: keystone-bin
-      configMap:
-        name: keystone-bin      
-    volumeMounts:
-    - name: empty
-      mountPath: /etc/keystone
-    - name: keystone-etc
-      mountPath: /etc/keystone/keystone.conf
-      subPath: keystone.conf
-      readOnly: true
-    - name: keystone-bin
-      mountPath: /tmp/db-sync.sh
-      subPath: db-sync.sh
-      readOnly: true  
-  api:
-    volumes:
-    - name: empty
-      emptyDir: {}
-    - name: keystone-etc
-      configMap:
-        name: keystone-etc
-    - name: keystone-bin
-      configMap:
-        name: keystone-bin     
-    volumeMounts:
-    - name: empty
-      mountPath: /etc/keystone
-    - name: keystone-etc
-      mountPath: /etc/keystone/keystone.conf
-      subPath: keystone.conf
-      readOnly: true
-    - name: keystone-etc
-      mountPath: /etc/keystone/keystone-paste.ini
-      subPath: keystone-paste.ini
-      readOnly: true
-    - name: keystone-etc
-      mountPath: /etc/keystone/policy.json
-      subPath: policy.json
-      readOnly: true
-    - name: keystone-etc
-      mountPath: /etc/keystone/sso_callback_template.html
-      subPath: sso_callback_template.html
-      readOnly: true
-    - name: keystone-etc
-      mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
-      subPath: wsgi-keystone.conf
-      readOnly: true
-    - name: keystone-etc
-      mountPath: /etc/apache2/mods-available/mpm_event.conf
-      subPath: mpm_event.conf
-      readOnly: true
-    - name: keystone-bin
-      mountPath: /tmp/start.sh
-      subPath: start.sh
-      readOnly: true      
+  keystone_db_init:
+    init_container: null
+    keystone_db_init:     
+      volumes:
+      - name: keystone-bin
+        configMap:
+          name: keystone-bin      
+      volumeMounts:
+      - name: keystone-bin
+        mountPath: /tmp/init.sh
+        subPath: init.sh
+  keystone_db_sync:
+    init_container: null
+    keystone_db_sync:
+      volumes:
+      - name: empty
+        emptyDir: {}
+      - name: keystone-etc
+        configMap:
+          name: keystone-etc
+      - name: keystone-bin
+        configMap:
+          name: keystone-bin      
+      volumeMounts:
+      - name: empty
+        mountPath: /etc/keystone
+      - name: keystone-etc
+        mountPath: /etc/keystone/keystone.conf
+        subPath: keystone.conf
+        readOnly: true
+      - name: keystone-bin
+        mountPath: /tmp/db-sync.sh
+        subPath: db-sync.sh
+        readOnly: true  
+  keystone_api:
+    init_container: null
+    keystone_api:
+      volumes:
+      - name: empty
+        emptyDir: {}
+      - name: keystone-etc
+        configMap:
+          name: keystone-etc
+      - name: keystone-bin
+        configMap:
+          name: keystone-bin     
+      volumeMounts:
+      - name: empty
+        mountPath: /etc/keystone
+      - name: keystone-etc
+        mountPath: /etc/keystone/keystone.conf
+        subPath: keystone.conf
+        readOnly: true
+      - name: keystone-etc
+        mountPath: /etc/keystone/keystone-paste.ini
+        subPath: keystone-paste.ini
+        readOnly: true
+      - name: keystone-etc
+        mountPath: /etc/keystone/policy.json
+        subPath: policy.json
+        readOnly: true
+      - name: keystone-etc
+        mountPath: /etc/keystone/sso_callback_template.html
+        subPath: sso_callback_template.html
+        readOnly: true
+      - name: keystone-etc
+        mountPath: /etc/apache2/conf-enabled/wsgi-keystone.conf
+        subPath: wsgi-keystone.conf
+        readOnly: true
+      - name: keystone-etc
+        mountPath: /etc/apache2/mods-available/mpm_event.conf
+        subPath: mpm_event.conf
+        readOnly: true
+      - name: keystone-bin
+        mountPath: /tmp/start.sh
+        subPath: start.sh
+        readOnly: true      

 conf:
  paste: