Factory/metal3-chart/charts/ironic/templates/deployment.yaml

279 lines
8.7 KiB
YAML
Raw Normal View History

2024-10-22 09:51:51 +02:00
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ironic.fullname" . }}
labels:
{{- include "ironic.labels" . | nindent 4 }}
spec:
minReadySeconds: 10
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "ironic.selectorLabels" . | nindent 6 }}
strategy:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ironic.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.podSecurityContext }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.baremetaloperator.ironichostNetwork }}
hostNetwork: {{ .Values.baremetaloperator.ironichostNetwork }}
{{- end }}
containers:
- name: ironic-httpd
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runhttpd
envFrom:
- configMapRef:
name: ironic-bmo
livenessProbe:
exec:
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
2024-10-22 09:51:51 +02:00
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
{{- if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}
- containerPort: {{ .Values.global.vmediaTLSPort }}
name: httpd-tls
protocol: TCP
{{- else }}
- containerPort: 6180
name: httpd
protocol: TCP
{{- end }}
readinessProbe:
exec:
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
2024-10-22 09:51:51 +02:00
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic
mountPath: "/certs/ironic"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia
mountPath: "/certs/vmedia"
readOnly: true
{{- end }}
- mountPath: /shared/html/tstcerts
name: cert-ironic-ca
readOnly: true
{{- end }}
- name: ironic-log-watch
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runlogwatch.sh
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
- name: ironic
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runironic
envFrom:
- configMapRef:
name: ironic-bmo
env:
{{- if .Values.global.enable_basicAuth }}
- name: IRONIC_HTPASSWD
valueFrom:
secretKeyRef:
name: ironic-basic-auth
key: htpasswd
{{- end }}
{{- if .Values.global.enable_mariadb }}
2024-10-22 09:51:51 +02:00
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
{{- end }}
2024-10-22 09:51:51 +02:00
livenessProbe:
exec:
command: ["/bin/ironic-liveness"]
2024-10-22 09:51:51 +02:00
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
2024-10-22 09:51:51 +02:00
ports:
- containerPort: 6385
name: api
protocol: TCP
readinessProbe:
exec:
command: ["/bin/ironic-readiness"]
2024-10-22 09:51:51 +02:00
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
2024-10-22 09:51:51 +02:00
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }}
- mountPath: "/auth/ironic/auth-config"
name: ironic-basic-auth
subPath: auth-config
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic
mountPath: "/certs/ironic"
readOnly: true
- mountPath: /etc/pki/trust/anchors
name: trusted-certs
readOnly: true
lifecycle:
postStart:
exec:
command:
- update-ca-certificates
{{- end }}
{{- if .Values.global.enable_dnsmasq }}
- name: ironic-dnsmasq
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
command:
- /bin/rundnsmasq
envFrom:
- configMapRef:
name: ironic-bmo
livenessProbe:
exec:
command:
- sh
- -c
- ss -lun | grep :67 && ss -lun | grep :69
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 67
name: dhcp
protocol: UDP
- containerPort: 69
name: tftp
protocol: UDP
readinessProbe:
exec:
command:
- sh
- -c
- ss -lun | grep :67 && ss -lun | grep :69
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- end }}
initContainers:
- name: ironic-ipa-downloader
image: {{ .Values.images.ironicIPADownloader.repository }}:{{ .Values.images.ironicIPADownloader.tag }}
imagePullPolicy: {{ .Values.images.ironicIPADownloader.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /usr/local/bin/get-resource.sh
envFrom:
- configMapRef:
name: ironic-ipa-downloader
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_tls }}
- mountPath: /tmp/ironic-certificates
name: trusted-certs
{{- end }}
volumes:
- name: ironic-data-volume
{{- if .Values.persistence.ironic.size }}
2024-10-22 09:51:51 +02:00
persistentVolumeClaim:
claimName: ironic-shared-volume
{{- else }}
emptyDir: {}
{{- end }}
2024-10-22 09:51:51 +02:00
{{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth
secret:
secretName: ironic-basic-auth
{{- if .Values.global.enable_tls }}
- name: trusted-certs
projected:
sources:
- secret:
name: ironic-cacert
{{- if .Values.global.additionalTrustedCAs }}
- secret:
name: tls-ca-additional
{{- end }}
- name: cert-ironic-ca
secret:
secretName: ironic-cacert
- name: cert-ironic
secret:
secretName: ironic-cert
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca
secret:
secretName: ironic-cacert
- name: cert-ironic-vmedia
secret:
secretName: ironic-vmedia-cert
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.dnsPolicy }}
dnsPolicy:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}