From d8b1f217c89d19ef6f6fe5c3778d502045d5cc3e Mon Sep 17 00:00:00 2001
From: Thiago Brito <thiago.brito@windriver.com>
Date: Tue, 22 Mar 2022 15:31:20 -0300
Subject: [PATCH] Enable taint toleration for keystone

This changes use the helm-toolkit template for toleration
in openstack services

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Story: 2009276
Task: 43531
Depends-On: I168837f962465d1c89acc511b7bf4064ac4b546c
Change-Id: I30ca8050e02a5deeec52319d45025f4af7139059
---
 keystone/Chart.yaml                                | 2 +-
 keystone/templates/cron-job-credential-rotate.yaml | 3 +++
 keystone/templates/cron-job-fernet-rotate.yaml     | 3 +++
 keystone/templates/deployment-api.yaml             | 3 +++
 keystone/templates/job-bootstrap.yaml              | 3 +++
 keystone/templates/job-credential-cleanup.yaml     | 3 +++
 keystone/templates/job-credential-setup.yaml       | 3 +++
 keystone/templates/job-db-drop.yaml                | 3 +++
 keystone/templates/job-db-init.yaml                | 3 +++
 keystone/templates/job-db-sync.yaml                | 3 +++
 keystone/templates/job-domain-manage.yaml          | 3 +++
 keystone/templates/job-fernet-setup.yaml           | 3 +++
 keystone/templates/job-image-repo-sync.yaml        | 3 +++
 keystone/templates/job-rabbit-init.yaml            | 3 +++
 keystone/values.yaml                               | 7 +++++++
 releasenotes/notes/keystone.yaml                   | 1 +
 16 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/keystone/Chart.yaml b/keystone/Chart.yaml
index e30a9b3a32..6d793a19ab 100644
--- a/keystone/Chart.yaml
+++ b/keystone/Chart.yaml
@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Keystone
 name: keystone
-version: 0.2.19
+version: 0.2.20
 home: https://docs.openstack.org/keystone/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Keystone/OpenStack_Project_Keystone_vertical.png
 sources:
diff --git a/keystone/templates/cron-job-credential-rotate.yaml b/keystone/templates/cron-job-credential-rotate.yaml
index fd26b230c0..8e9f82fc85 100644
--- a/keystone/templates/cron-job-credential-rotate.yaml
+++ b/keystone/templates/cron-job-credential-rotate.yaml
@@ -74,6 +74,9 @@ spec:
           initContainers:
 {{ tuple $envAll "credential_rotate" $mounts_keystone_credential_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
           restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
           nodeSelector:
             {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
           containers:
diff --git a/keystone/templates/cron-job-fernet-rotate.yaml b/keystone/templates/cron-job-fernet-rotate.yaml
index 8f4f4f9a58..96dcc74d01 100644
--- a/keystone/templates/cron-job-fernet-rotate.yaml
+++ b/keystone/templates/cron-job-fernet-rotate.yaml
@@ -76,6 +76,9 @@ spec:
           initContainers:
 {{ tuple $envAll "fernet_rotate" $mounts_keystone_fernet_rotate_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
           restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
+{{ end }}
           nodeSelector:
             {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
           containers:
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index f4154932e2..94e705b817 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -58,6 +58,9 @@ spec:
 {{ tuple $envAll "keystone" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
       nodeSelector:
         {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
       initContainers:
 {{ tuple $envAll "api" $mounts_keystone_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
diff --git a/keystone/templates/job-bootstrap.yaml b/keystone/templates/job-bootstrap.yaml
index e90892749e..048332794f 100644
--- a/keystone/templates/job-bootstrap.yaml
+++ b/keystone/templates/job-bootstrap.yaml
@@ -22,5 +22,8 @@ helm.sh/hook-weight: "5"
 {{- if and .Values.manifests.certificates .Values.secrets.tls.identity.api.internal -}}
 {{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.identity.api.internal -}}
 {{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
 {{- end }}
diff --git a/keystone/templates/job-credential-cleanup.yaml b/keystone/templates/job-credential-cleanup.yaml
index 854c5b67de..fcd7f11f8d 100644
--- a/keystone/templates/job-credential-cleanup.yaml
+++ b/keystone/templates/job-credential-cleanup.yaml
@@ -46,6 +46,9 @@ spec:
     spec:
       serviceAccountName: {{ $serviceName }}
       restartPolicy: Never
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
       nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
       initContainers:
diff --git a/keystone/templates/job-credential-setup.yaml b/keystone/templates/job-credential-setup.yaml
index 1d30eb1432..5e6edc6f53 100644
--- a/keystone/templates/job-credential-setup.yaml
+++ b/keystone/templates/job-credential-setup.yaml
@@ -78,6 +78,9 @@ spec:
       initContainers:
 {{ tuple $envAll "credential_setup" $mounts_keystone_credential_setup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
       nodeSelector:
         {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
       containers:
diff --git a/keystone/templates/job-db-drop.yaml b/keystone/templates/job-db-drop.yaml
index 512b8eb243..df270ff62a 100644
--- a/keystone/templates/job-db-drop.yaml
+++ b/keystone/templates/job-db-drop.yaml
@@ -17,5 +17,8 @@ limitations under the License.
 {{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
 {{- $_ := set $dbDropJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
 {{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
 {{- end }}
diff --git a/keystone/templates/job-db-init.yaml b/keystone/templates/job-db-init.yaml
index 53e9573db1..757b705e9e 100644
--- a/keystone/templates/job-db-init.yaml
+++ b/keystone/templates/job-db-init.yaml
@@ -24,5 +24,8 @@ helm.sh/hook-weight: "-5"
 {{- if and .Values.manifests.certificates .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
 {{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
 {{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
 {{- end }}
diff --git a/keystone/templates/job-db-sync.yaml b/keystone/templates/job-db-sync.yaml
index c3e731570c..a4ff67d80c 100644
--- a/keystone/templates/job-db-sync.yaml
+++ b/keystone/templates/job-db-sync.yaml
@@ -79,5 +79,8 @@ volumes:
 {{- end }}
 {{- $podEnvVars := tuple . | include "keystone.templates._job_db_sync.env_vars" | toString | fromYaml }}
 {{- $dbSyncJob := dict "envAll" . "serviceName" "keystone" "podVolMounts" $local.podVolMounts "podVols" $local.podVols "podEnvVars" $podEnvVars.env "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
 {{- end }}
diff --git a/keystone/templates/job-domain-manage.yaml b/keystone/templates/job-domain-manage.yaml
index 5a1c8e2b92..8acd192e34 100644
--- a/keystone/templates/job-domain-manage.yaml
+++ b/keystone/templates/job-domain-manage.yaml
@@ -44,6 +44,9 @@ spec:
       serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "domain_manage" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
       nodeSelector:
         {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
       initContainers:
diff --git a/keystone/templates/job-fernet-setup.yaml b/keystone/templates/job-fernet-setup.yaml
index 786772d012..1505ffad29 100644
--- a/keystone/templates/job-fernet-setup.yaml
+++ b/keystone/templates/job-fernet-setup.yaml
@@ -78,6 +78,9 @@ spec:
       initContainers:
 {{ tuple $envAll "fernet_setup" $mounts_keystone_fernet_setup_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       restartPolicy: OnFailure
+{{ if $envAll.Values.pod.tolerations.keystone.enabled }}
+{{ tuple $envAll "keystone" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
       nodeSelector:
         {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
       containers:
diff --git a/keystone/templates/job-image-repo-sync.yaml b/keystone/templates/job-image-repo-sync.yaml
index fd301c3525..c8cfc5d0cf 100644
--- a/keystone/templates/job-image-repo-sync.yaml
+++ b/keystone/templates/job-image-repo-sync.yaml
@@ -17,5 +17,8 @@ helm.sh/hook: post-install,post-upgrade
 
 {{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
 {{- $imageRepoSyncJob := dict "envAll" . "serviceName" "keystone" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
 {{- end }}
diff --git a/keystone/templates/job-rabbit-init.yaml b/keystone/templates/job-rabbit-init.yaml
index 2bb258e712..02390adf9d 100644
--- a/keystone/templates/job-rabbit-init.yaml
+++ b/keystone/templates/job-rabbit-init.yaml
@@ -22,5 +22,8 @@ helm.sh/hook-weight: "-4"
 {{- if and .Values.manifests.certificates .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
 {{- $_ := set $rmqUserJob "tlsSecret" .Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal -}}
 {{- end -}}
+{{- if .Values.pod.tolerations.keystone.enabled -}}
+{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
+{{- end -}}
 {{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
 {{- end }}
diff --git a/keystone/values.yaml b/keystone/values.yaml
index 301ff6fa84..d0f66a7bde 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -217,6 +217,13 @@ pod:
         default: kubernetes.io/hostname
       weight:
         default: 10
+  tolerations:
+    keystone:
+      enabled: false
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
   mounts:
     keystone_db_init:
       init_container: null
diff --git a/releasenotes/notes/keystone.yaml b/releasenotes/notes/keystone.yaml
index 9b867186bc..f49ebb62cd 100644
--- a/releasenotes/notes/keystone.yaml
+++ b/releasenotes/notes/keystone.yaml
@@ -35,4 +35,5 @@ keystone:
   - 0.2.17 Update default image references
   - 0.2.18 Remove default policy
   - 0.2.19 Revert Reduce log chattiness
+  - 0.2.20 Enable taint toleration for Openstack services
 ...