openstack-helm/nova/templates/job-bootstrap.yaml
Markin, Sergiy ccd6ab8cce Added backoffLimit control for nova-bootstrap job
This PS adds backoffLimit to nova-bootstrap job in nova chart. By default, this job was created from a template in helm-toolkit.

58291db1a6

In this commit the job was re-designed without controlling of the backoffLimit value.

Change-Id: Icb28363be8063d849fd22e9c2542edf1eb203d60
2022-11-15 17:42:16 -06:00

146 lines
6.1 KiB
YAML

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- $envAll := . }}
{{- if and $envAll.Values.manifests.job_bootstrap $envAll.Values.bootstrap.enabled }}
{{- $serviceName := "nova" -}}
{{- $keystoneUser := $envAll.Values.bootstrap.ks_user -}}
{{- $backoffLimit := index . "backoffLimit" | default "1000" -}}
{{- $configMapBin := printf "%s-%s" $serviceName "bin" -}}
{{- $configMapEtc := printf "%s-%s" $serviceName "etc" -}}
{{- $configFile := printf "/etc/%s/%s.conf" $serviceName $serviceName -}}
{{- $logConfigFile := $envAll.Values.conf.nova.DEFAULT.log_config_append -}}
{{- $nodeSelector := index . "nodeSelector" | default ( dict $envAll.Values.labels.job.node_selector_key $envAll.Values.labels.job.node_selector_value ) -}}
{{- $serviceAccountName := printf "%s-%s" $serviceName "bootstrap" -}}
{{ tuple $envAll "bootstrap" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $serviceAccountName | quote }}
labels:
{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
backoffLimit: {{ $backoffLimit }}
template:
metadata:
labels:
{{ tuple $envAll "nova" "bootstrap" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
{{ dict "envAll" $envAll "application" "bootstrap" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
{{ if $envAll.Values.pod.tolerations.nova.enabled }}
{{ tuple $envAll "nova" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
{{ end }}
initContainers:
{{ tuple $envAll "bootstrap" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{- if $envAll.Values.bootstrap.wait_for_computes.enabled }}
- name: nova-wait-for-computes-init
{{ tuple $envAll "nova_wait_for_computes_init" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "bootstrap" "container" "nova_wait_for_computes_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /bin/bash
- -c
- /tmp/wait-for-computes-init.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/wait-for-computes-init.sh
subPath: wait-for-computes-init.sh
readOnly: true
{{- end }}
containers:
- name: bootstrap
image: {{ $envAll.Values.images.tags.bootstrap }}
imagePullPolicy: {{ $envAll.Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.bootstrap | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "bootstrap" "container" "bootstrap" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
{{- with $env := dict "ksUserSecret" ( index $envAll.Values.secrets.identity $keystoneUser ) "useCA" (or .Values.manifests.certificates .Values.tls.identity) }}
{{- include "helm-toolkit.snippets.keystone_openrc_env_vars" $env | indent 12 }}
{{- end }}
- name: WAIT_PERCENTAGE
value: "{{ .Values.bootstrap.wait_for_computes.wait_percentage }}"
- name: REMAINING_WAIT
value: "{{ .Values.bootstrap.wait_for_computes.remaining_wait }}"
command:
- /bin/bash
- -c
- /tmp/bootstrap.sh
volumeMounts:
- name: pod-tmp
mountPath: /tmp
- name: bootstrap-sh
mountPath: /tmp/bootstrap.sh
subPath: bootstrap.sh
readOnly: true
- name: etc-service
mountPath: {{ dir $configFile | quote }}
- name: bootstrap-conf
mountPath: {{ $configFile | quote }}
subPath: {{ base $configFile | quote }}
readOnly: true
- name: bootstrap-conf
mountPath: {{ $logConfigFile | quote }}
subPath: {{ base $logConfigFile | quote }}
readOnly: true
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
volumes:
- name: pod-tmp
emptyDir: {}
- name: bootstrap-sh
configMap:
name: {{ $configMapBin | quote }}
defaultMode: 0555
- name: etc-service
emptyDir: {}
- name: bootstrap-conf
secret:
secretName: {{ $configMapEtc | quote }}
defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.compute.osapi.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ $serviceAccountName }}
rules:
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $envAll.Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ $serviceAccountName }}
apiGroup: rbac.authorization.k8s.io
{{- end }}