diff --git a/charts/promenade/templates/deployment-api.yaml b/charts/promenade/templates/deployment-api.yaml index ed62cb0c..4138a907 100644 --- a/charts/promenade/templates/deployment-api.yaml +++ b/charts/promenade/templates/deployment-api.yaml @@ -16,6 +16,11 @@ limitations under the License. {{- if .Values.manifests.deployment_api }} {{- $envAll := . }} +{{- $dependencies := .Values.dependencies.api }} +{{- $mounts_promenade := .Values.pod.mounts.promenade_api.promenade_api }} +{{- $mounts_promenade_init := .Values.pod.mounts.promenade_api.init_container }} +{{- $serviceAccountName := "promenade-api" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: extensions/v1beta1 kind: Deployment @@ -32,6 +37,7 @@ spec: configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} spec: + serviceAccountName: {{ $serviceAccountName }} affinity: {{ tuple $envAll "promenade" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} nodeSelector: @@ -54,9 +60,11 @@ spec: mountPath: /etc/promenade/api-paste.ini subPath: api-paste.ini readOnly: true +{{ if $mounts_promenade.volumeMounts }}{{ toYaml $mounts_promenade.volumeMounts | indent 12 }}{{ end }} volumes: - name: promenade-etc configMap: name: promenade-etc defaultMode: 0444 +{{ if $mounts_promenade.volumes }}{{ toYaml $mounts_promenade.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/charts/promenade/templates/job-ks-endpoints.yaml b/charts/promenade/templates/job-ks-endpoints.yaml index 182cd52c..5f6279cd 100644 --- a/charts/promenade/templates/job-ks-endpoints.yaml +++ b/charts/promenade/templates/job-ks-endpoints.yaml @@ -16,7 +16,8 @@ {{- if .Values.manifests.job_ks_endpoints }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ks_endpoints }} - +{{- $serviceAccountName := "promenade-ks-endpoints" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -28,11 +29,12 @@ spec: labels: {{ tuple $envAll "promenade" "ks-endpoints" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: {{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }} {{- range $key2, $osServiceEndPoint := tuple "admin" "internal" "public" }} diff --git a/charts/promenade/templates/job-ks-service.yaml b/charts/promenade/templates/job-ks-service.yaml index 3236418d..41e0ec87 100644 --- a/charts/promenade/templates/job-ks-service.yaml +++ b/charts/promenade/templates/job-ks-service.yaml @@ -18,6 +18,8 @@ {{- $envAll := . }} {{- $ksAdminSecret := .Values.secrets.identity.admin }} {{- $dependencies := .Values.dependencies.ks_service }} +{{- $serviceAccountName := "promenade-ks-service" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: batch/v1 kind: Job @@ -29,11 +31,12 @@ spec: labels: {{ tuple $envAll "promenade" "ks-service" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: {{- range $key1, $osServiceType := tuple "kubernetesprovisioner" }} - name: {{ $osServiceType }}-ks-service-registration diff --git a/charts/promenade/templates/job-ks-user.yaml b/charts/promenade/templates/job-ks-user.yaml index d20c6d3e..6d9bb0a2 100644 --- a/charts/promenade/templates/job-ks-user.yaml +++ b/charts/promenade/templates/job-ks-user.yaml @@ -19,6 +19,8 @@ {{- $ksUserSecret := .Values.secrets.identity.user }} {{- $envAll := . }} {{- $dependencies := .Values.dependencies.ks_user }} +{{- $serviceAccountName := "promenade-ks-user" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} apiVersion: batch/v1 kind: Job metadata: @@ -27,13 +29,14 @@ spec: template: metadata: labels: -{{ tuple $envAll "drydock" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "promenade" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: + serviceAccountName: {{ $serviceAccountName }} restartPolicy: OnFailure nodeSelector: {{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }} initContainers: -{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: promenade-ks-user image: {{ .Values.images.tags.ks_user }} diff --git a/charts/promenade/values.yaml b/charts/promenade/values.yaml index 628f433d..6fed3658 100644 --- a/charts/promenade/values.yaml +++ b/charts/promenade/values.yaml @@ -70,6 +70,13 @@ dependencies: services: - service: identity endpoint: internal + api: + jobs: + - promenade-ks-service + - promenade-ks-user + services: + - service: identity + endpoint: internal secrets: identity: @@ -126,6 +133,10 @@ endpoints: default: null pod: + mounts: + promenade_api: + init_container: null + promenade_api: affinity: anti: type: