{{- $envAll := . }} {{- $dependencies := .Values.dependencies.ks_user }} {{- $ksAdminSecret := .Values.keystone_secrets.admin }} {{- $ksUserSecret := .Values.keystone_secrets.user }} # The heat user management job is a bit different from other services as it also needs to create a stack domain and trusts user {{- $ksTrusteeUserSecret := .Values.keystone_secrets.trustee }} {{- $ksStackUserSecret := .Values.keystone_secrets.stack }} apiVersion: batch/v1 kind: Job metadata: name: heat-ks-user spec: template: metadata: annotations: pod.beta.kubernetes.io/init-containers: '[ {{ tuple $envAll $dependencies | include "dep_check_init_cont" | indent 10 }} ]' spec: restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} containers: - name: heat-ks-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} {{- if .Values.resources.enabled }} resources: requests: memory: {{ .Values.resources.heat_ks_user.requests.memory | quote }} cpu: {{ .Values.resources.heat_ks_user.requests.cpu | quote }} limits: memory: {{ .Values.resources.heat_ks_user.limits.memory | quote }} cpu: {{ .Values.resources.heat_ks_user.limits.cpu | quote }} {{- end }} command: - bash - /tmp/ks-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" {{- with $env := dict "ksUserSecret" $ksUserSecret }} {{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_user_role | quote }} - name: heat-ks-trustee-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/ks-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-user.sh subPath: ks-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" {{- with $env := dict "ksUserSecret" $ksTrusteeUserSecret }} {{- include "env_ks_user_create_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_trustee_role | quote }} - name: heat-ks-domain-user image: {{ .Values.images.ks_user }} imagePullPolicy: {{ .Values.images.pull_policy }} command: - bash - /tmp/ks-domain-user.sh volumeMounts: - name: ks-user-sh mountPath: /tmp/ks-domain-user.sh subPath: ks-domain-user.sh readOnly: true env: {{- with $env := dict "ksUserSecret" $ksAdminSecret }} {{- include "env_ks_openrc_tpl" $env | indent 12 }} {{- end }} - name: SERVICE_OS_SERVICE_NAME value: "heat" - name: SERVICE_OS_REGION_NAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_REGION_NAME - name: SERVICE_OS_DOMAIN_NAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_DOMAIN_NAME - name: SERVICE_OS_USERNAME valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_USERNAME - name: SERVICE_OS_PASSWORD valueFrom: secretKeyRef: name: {{ $ksStackUserSecret }} key: OS_PASSWORD - name: SERVICE_OS_ROLE value: {{ .Values.keystone.heat_stack_user_role | quote }} volumes: - name: ks-user-sh configMap: name: heat-bin