From 9b60647453671cb2b118549ed03899ff54f61abe Mon Sep 17 00:00:00 2001
From: Ruslan Aliev <raliev@mirantis.com>
Date: Sun, 9 Jul 2023 14:09:57 -0500
Subject: [PATCH] Add init container to divingbell-apt daemonset

Enables wait for divingbell-exec prior running.

Change-Id: I597d9805fa4cf0920ae811af8ad8f7e4f1f4feef
Signed-off-by: Ruslan Aliev <raliev@mirantis.com>
---
 divingbell/templates/daemonset-apparmor.yaml |  2 +-
 divingbell/templates/daemonset-apt.yaml      |  9 ++++++++-
 divingbell/templates/daemonset-ethtool.yaml  |  2 +-
 divingbell/templates/daemonset-exec.yaml     |  2 +-
 divingbell/templates/daemonset-limits.yaml   |  2 +-
 divingbell/templates/daemonset-mounts.yaml   |  2 +-
 divingbell/templates/daemonset-perm.yaml     |  2 +-
 divingbell/templates/daemonset-sysctl.yaml   |  2 +-
 divingbell/templates/daemonset-uamlite.yaml  |  2 +-
 divingbell/values.yaml                       | 17 ++++++++++++++++-
 10 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/divingbell/templates/daemonset-apparmor.yaml b/divingbell/templates/daemonset-apparmor.yaml
index 56bd4d0..bd5d55d 100644
--- a/divingbell/templates/daemonset-apparmor.yaml
+++ b/divingbell/templates/daemonset-apparmor.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.apparmor.node_selector_key }}: {{ .Values.labels.apparmor.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.apparmor | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "apparmor" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-apt.yaml b/divingbell/templates/daemonset-apt.yaml
index 682c8dc..02ef2c6 100644
--- a/divingbell/templates/daemonset-apt.yaml
+++ b/divingbell/templates/daemonset-apt.yaml
@@ -52,9 +52,13 @@ spec:
       hostIPC: true
       nodeSelector:
         {{ .Values.labels.apt.node_selector_key }}: {{ .Values.labels.apt.node_selector_value }}
+      serviceAccountName: "divingbell-apt"
+      initContainers:
+{{- tuple $envAll "divingbell-apt" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+{{ dict "envAll" $envAll | include "helm-toolkit.snippets.kubernetes_apparmor_loader_init_container" | indent 8 }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.apt | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "apt" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
@@ -84,6 +88,9 @@ spec:
   {{- end }}
 {{- end }}
 {{- if .Values.manifests.daemonset_apt }}
+{{- $envAll := . }}
+{{- $serviceAccountName := "divingbell-apt" }}
+{{ tuple $envAll "divingbell-apt" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 {{- $daemonset := "apt" }}
 {{- $secretName := "divingbell-apt" }}
 {{- $daemonset_yaml := list $daemonset $secretName . | include "divingbell.daemonset.apt" | toString | fromYaml }}
diff --git a/divingbell/templates/daemonset-ethtool.yaml b/divingbell/templates/daemonset-ethtool.yaml
index 3ff53d1..29d7803 100644
--- a/divingbell/templates/daemonset-ethtool.yaml
+++ b/divingbell/templates/daemonset-ethtool.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.ethtool.node_selector_key }}: {{ .Values.labels.ethtool.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.ethtool | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "ethtool" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-exec.yaml b/divingbell/templates/daemonset-exec.yaml
index db3b6f2..0de8538 100644
--- a/divingbell/templates/daemonset-exec.yaml
+++ b/divingbell/templates/daemonset-exec.yaml
@@ -54,7 +54,7 @@ spec:
         {{ .Values.labels.exec.node_selector_key }}: {{ .Values.labels.exec.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.exec | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "exec" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-limits.yaml b/divingbell/templates/daemonset-limits.yaml
index b695a32..8794ae0 100644
--- a/divingbell/templates/daemonset-limits.yaml
+++ b/divingbell/templates/daemonset-limits.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.limits.node_selector_key }}: {{ .Values.labels.limits.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.limits | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "limits" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-mounts.yaml b/divingbell/templates/daemonset-mounts.yaml
index f6bd82a..4d4ba2c 100644
--- a/divingbell/templates/daemonset-mounts.yaml
+++ b/divingbell/templates/daemonset-mounts.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.mounts.node_selector_key }}: {{ .Values.labels.mounts.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.mounts | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "mounts" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-perm.yaml b/divingbell/templates/daemonset-perm.yaml
index a3e29d2..f0203b9 100644
--- a/divingbell/templates/daemonset-perm.yaml
+++ b/divingbell/templates/daemonset-perm.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.perm.node_selector_key }}: {{ .Values.labels.perm.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.perm | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "perm" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-sysctl.yaml b/divingbell/templates/daemonset-sysctl.yaml
index b3f45ab..5731916 100644
--- a/divingbell/templates/daemonset-sysctl.yaml
+++ b/divingbell/templates/daemonset-sysctl.yaml
@@ -47,7 +47,7 @@ spec:
         {{ .Values.labels.sysctl.node_selector_key }}: {{ .Values.labels.sysctl.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.sysctl | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
 {{ dict "envAll" $envAll "application" "divingbell" "container" "sysctl" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
diff --git a/divingbell/templates/daemonset-uamlite.yaml b/divingbell/templates/daemonset-uamlite.yaml
index 13df7f8..de0ea7d 100644
--- a/divingbell/templates/daemonset-uamlite.yaml
+++ b/divingbell/templates/daemonset-uamlite.yaml
@@ -46,7 +46,7 @@ spec:
         {{ .Values.labels.uamlite.node_selector_key }}: {{ .Values.labels.uamlite.node_selector_value }}
       containers:
       - name: {{ $daemonset }}
-        image: {{ .Values.images.divingbell }}
+        image: {{ .Values.images.tags.divingbell }}
         imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.uamlite | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }}
         command:
diff --git a/divingbell/values.yaml b/divingbell/values.yaml
index cd5c18b..c918a6c 100644
--- a/divingbell/values.yaml
+++ b/divingbell/values.yaml
@@ -18,8 +18,14 @@
 # name: value
 
 images:
-  divingbell: 'ubuntu:18.04'
+  tags:
+    dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+    divingbell: 'ubuntu:18.04'
   pull_policy: IfNotPresent
+  local_registry:
+    active: false
+    exclude:
+      - dep_check
 
 conf:
   chroot_mnt_path: '/mnt'
@@ -278,6 +284,15 @@ pod:
             periodSeconds: 10
             failureThreshold: 1200
 
+dependencies:
+    static:
+       divingbell-apt:
+          pod:
+            - requireSameNode: true
+              labels:
+                application: divingbell
+                component: exec
+
 network_policy:
   divingbell:
     ingress: