# Copyright 2017 The Openstack-Helm Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ks_user }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} {{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user {{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }} {{- $ksStackUserSecret := .Values.keystone_secrets.stack }} apiVersion: batch/v1 kind: Job metadata: name: heat-ks-user spec: template: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependencies | include "helm-toolkit.kubernetes_entrypoint_init_container" | indent 10 }} ]' spec: restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-ks-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} {{- if .Values.resources.enabled }} resources: requests: memory: {{ .Values.resources.heat_ks_user.requests.memory | quote }} cpu: {{ .Values.resources.heat_ks_user.requests.cpu | quote }} limits: memory: {{ .Values.resources.heat_ks_user.limits.memory | quote }} cpu: {{ .Values.resources.heat_ks_user.limits.cpu | quote }} {{- end }} command: - bash - /tmp/ks-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" {{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- include "helm-toolkit.keystone_user_create_env_vars" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/ks-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" {{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} {{- include "helm-toolkit.keystone_user_create_env_vars" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_role | quote }} - name: heat-ks-domain-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/ks-domain-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-domain-user.sh subPath: ks-domain-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "helm-toolkit.keystone_openrc_env_vars" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: name: heat-bin