diff --git a/manila/.helmignore b/manila/.helmignore
new file mode 100644
index 0000000000..b54c347b85
--- /dev/null
+++ b/manila/.helmignore
@@ -0,0 +1 @@
+values_overrides
diff --git a/manila/Chart.yaml b/manila/Chart.yaml
new file mode 100644
index 0000000000..62d26ee66f
--- /dev/null
+++ b/manila/Chart.yaml
@@ -0,0 +1,24 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: v1.0.0
+description: OpenStack-Helm Manila
+name: manila
+version: 0.1.0
+home: https://docs.openstack.org/manila/latest/
+icon: https://www.openstack.org/themes/openstack/images/project-mascots/Manila/OpenStack_Project_Manila_vertical.png
+sources:
+ - https://opendev.org/openstack/manila
+ - https://opendev.org/openstack/openstack-helm
+maintainers:
+ - name: OpenStack-Helm Authors
diff --git a/manila/requirements.yaml b/manila/requirements.yaml
new file mode 100644
index 0000000000..4124d0145d
--- /dev/null
+++ b/manila/requirements.yaml
@@ -0,0 +1,16 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: helm-toolkit
+ repository: file://../../openstack-helm-infra/helm-toolkit
+ version: ">= 0.1.0"
diff --git a/manila/templates/bin/_bootstrap.sh.tpl b/manila/templates/bin/_bootstrap.sh.tpl
new file mode 100644
index 0000000000..eaa06962a3
--- /dev/null
+++ b/manila/templates/bin/_bootstrap.sh.tpl
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+export HOME=/tmp
+
+cd $HOME
+
+{{ range .Values.bootstrap.structured.images }}
+openstack image show {{ .name | quote }} || \
+ (curl --fail -sSL -O {{ .source_url }}{{ .image_file }}; \
+ openstack image create {{ .name | quote }} \
+ {{ if .id -}} --id {{ .id }} {{ end -}} \
+ --disk-format {{ .image_type }} \
+ --file {{ .image_file }} \
+ {{ if .properties -}} {{ range $key, $value := .properties }}--property {{$key}}={{$value}} {{ end }}{{ end -}} \
+ --container-format {{ .container_format | quote }} \
+ {{ if .private -}}
+ --private
+ {{- else -}}
+ --public
+ {{- end -}};)
+{{ end }}
+
+{{ range .Values.bootstrap.structured.flavors }}
+openstack flavor show {{ .name | quote }} || \
+ openstack flavor create {{ .name | quote }} \
+ {{ if .id -}} --id {{ .id }} {{ end -}} \
+ --ram {{ .ram }} \
+ --vcpus {{ .vcpus }} \
+ --disk {{ .disk }} \
+ --ephemeral {{ .ephemeral }} \
+ {{ if .public -}}
+ --public
+ {{- else -}}
+ --private
+ {{- end -}};
+{{ end }}
+
+openstack share type show default || \
+ openstack share type create default true \
+ --public true --description "default generic share type"
+openstack share group type show default || \
+ openstack share group type create default default --public true
+
+{{ .Values.bootstrap.script | default "echo 'Not Enabled'" }}
diff --git a/manila/templates/bin/_db-sync.sh.tpl b/manila/templates/bin/_db-sync.sh.tpl
new file mode 100644
index 0000000000..58b305e715
--- /dev/null
+++ b/manila/templates/bin/_db-sync.sh.tpl
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+exec manila-manage db sync
diff --git a/manila/templates/bin/_manila-api.sh.tpl b/manila/templates/bin/_manila-api.sh.tpl
new file mode 100644
index 0000000000..3521103a93
--- /dev/null
+++ b/manila/templates/bin/_manila-api.sh.tpl
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+COMMAND="${@:-start}"
+
+function start () {
+ exec manila-api \
+ --config-file /etc/manila/manila.conf
+}
+
+function stop () {
+ kill -TERM 1
+}
+
+$COMMAND
diff --git a/manila/templates/bin/_manila-data.sh.tpl b/manila/templates/bin/_manila-data.sh.tpl
new file mode 100644
index 0000000000..f8a94d1189
--- /dev/null
+++ b/manila/templates/bin/_manila-data.sh.tpl
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+exec manila-data \
+ --config-file /etc/manila/manila.conf
diff --git a/manila/templates/bin/_manila-scheduler.sh.tpl b/manila/templates/bin/_manila-scheduler.sh.tpl
new file mode 100644
index 0000000000..7a6835aeee
--- /dev/null
+++ b/manila/templates/bin/_manila-scheduler.sh.tpl
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+exec manila-scheduler \
+ --config-file /etc/manila/manila.conf
diff --git a/manila/templates/bin/_manila-share.sh.tpl b/manila/templates/bin/_manila-share.sh.tpl
new file mode 100644
index 0000000000..8177983429
--- /dev/null
+++ b/manila/templates/bin/_manila-share.sh.tpl
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+exec manila-share \
+ --config-file /etc/manila/manila.conf
diff --git a/manila/templates/configmap-bin.yaml b/manila/templates/configmap-bin.yaml
new file mode 100644
index 0000000000..5a4222d9cd
--- /dev/null
+++ b/manila/templates/configmap-bin.yaml
@@ -0,0 +1,56 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_bin }}
+{{- $envAll := . }}
+{{- $rallyTests := .Values.conf.rally_tests }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: manila-bin
+data:
+ rally-test.sh: |
+{{ tuple $rallyTests | include "helm-toolkit.scripts.rally_test" | indent 4 }}
+{{- if .Values.images.local_registry.active }}
+ image-repo-sync.sh: |
+{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
+{{- end }}
+{{- if .Values.bootstrap.enabled }}
+ bootstrap.sh: |
+{{ tuple "bin/_bootstrap.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+ db-init.py: |
+{{- include "helm-toolkit.scripts.db_init" . | indent 4 }}
+ db-sync.sh: |
+{{ tuple "bin/_db-sync.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ db-drop.py: |
+{{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
+ ks-service.sh: |
+{{- include "helm-toolkit.scripts.keystone_service" . | indent 4 }}
+ ks-endpoints.sh: |
+{{- include "helm-toolkit.scripts.keystone_endpoints" . | indent 4 }}
+ ks-user.sh: |
+{{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }}
+ rabbit-init.sh: |
+{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
+ manila-api.sh: |
+{{ tuple "bin/_manila-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ manila-data.sh: |
+{{ tuple "bin/_manila-data.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ manila-scheduler.sh: |
+{{ tuple "bin/_manila-scheduler.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ manila-share.sh: |
+{{ tuple "bin/_manila-share.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
diff --git a/manila/templates/configmap-etc.yaml b/manila/templates/configmap-etc.yaml
new file mode 100644
index 0000000000..e230aa4330
--- /dev/null
+++ b/manila/templates/configmap-etc.yaml
@@ -0,0 +1,240 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.configmap_etc }}
+{{- $envAll := . }}
+
+{{- $manila_auth_url := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}
+{{- $manila_region_name := .Values.endpoints.identity.auth.manila.region_name }}
+{{- $manila_project_name := .Values.endpoints.identity.auth.manila.project_name }}
+{{- $manila_project_domain_name := .Values.endpoints.identity.auth.manila.project_domain_name }}
+{{- $manila_user_domain_name := .Values.endpoints.identity.auth.manila.user_domain_name }}
+{{- $manila_username := .Values.endpoints.identity.auth.manila.username }}
+{{- $manila_password := .Values.endpoints.identity.auth.manila.password }}
+{{- $memcached_servers := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
+{{- $memcache_secret_key := default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key }}
+
+{{- if empty .Values.conf.manila.keystone_authtoken.auth_uri -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "auth_uri" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.keystone_authtoken.auth_url -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "auth_url" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.keystone_authtoken.region_name -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "region_name" $manila_region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.project_name -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "project_name" $manila_project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.project_domain_name -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "project_domain_name" $manila_project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.user_domain_name -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "user_domain_name" $manila_user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.username -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "username" $manila_username -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.password -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "password" $manila_password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.keystone_authtoken.memcached_servers -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "memcached_servers" $memcached_servers -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.keystone_authtoken.memcache_secret_key -}}
+{{- $_ := set .Values.conf.manila.keystone_authtoken "memcache_secret_key" $memcache_secret_key -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.database.connection -}}
+{{- $_ := tuple "oslo_db" "internal" "manila" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.manila.database "connection" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.DEFAULT.transport_url -}}
+{{- $_ := tuple "oslo_messaging" "internal" "manila" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.manila.DEFAULT "transport_url" -}}
+{{- end -}}
+
+# neutron
+{{- if empty .Values.conf.manila.neutron.auth_uri -}}
+{{- $_ := set .Values.conf.manila.neutron "auth_uri" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.neutron.auth_url -}}
+{{- $_ := set .Values.conf.manila.neutron "auth_url" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.neutron.region_name -}}
+{{- $_ := set .Values.conf.manila.neutron "region_name" .Values.endpoints.identity.auth.manila.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.project_name -}}
+{{- $_ := set .Values.conf.manila.neutron "project_name" $manila_project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.project_domain_name -}}
+{{- $_ := set .Values.conf.manila.neutron "project_domain_name" $manila_project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.user_domain_name -}}
+{{- $_ := set .Values.conf.manila.neutron "user_domain_name" $manila_user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.username -}}
+{{- $_ := set .Values.conf.manila.neutron "username" $manila_username -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.password -}}
+{{- $_ := set .Values.conf.manila.neutron "password" $manila_password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.neutron.memcached_servers -}}
+{{- $_ := set .Values.conf.manila.neutron "memcached_servers" $memcached_servers -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.neutron.memcache_secret_key -}}
+{{- $_ := set .Values.conf.manila.neutron "memcache_secret_key" $memcache_secret_key -}}
+{{- end -}}
+
+# nova
+{{- if empty .Values.conf.manila.nova.auth_uri -}}
+{{- $_ := set .Values.conf.manila.nova "auth_uri" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.nova.auth_url -}}
+{{- $_ := set .Values.conf.manila.nova "auth_url" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.nova.region_name -}}
+{{- $_ := set .Values.conf.manila.nova "region_name" .Values.endpoints.identity.auth.manila.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.project_name -}}
+{{- $_ := set .Values.conf.manila.nova "project_name" $manila_project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.project_domain_name -}}
+{{- $_ := set .Values.conf.manila.nova "project_domain_name" $manila_project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.user_domain_name -}}
+{{- $_ := set .Values.conf.manila.nova "user_domain_name" $manila_user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.username -}}
+{{- $_ := set .Values.conf.manila.nova "username" $manila_username -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.password -}}
+{{- $_ := set .Values.conf.manila.nova "password" $manila_password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.nova.memcached_servers -}}
+{{- $_ := set .Values.conf.manila.nova "memcached_servers" $memcached_servers -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.nova.memcache_secret_key -}}
+{{- $_ := set .Values.conf.manila.nova "memcache_secret_key" $memcache_secret_key -}}
+{{- end -}}
+
+# cinder
+{{- if empty .Values.conf.manila.cinder.auth_uri -}}
+{{- $_ := set .Values.conf.manila.cinder "auth_uri" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.cinder.auth_url -}}
+{{- $_ := set .Values.conf.manila.cinder "auth_url" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.cinder.region_name -}}
+{{- $_ := set .Values.conf.manila.cinder "region_name" .Values.endpoints.identity.auth.manila.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.project_name -}}
+{{- $_ := set .Values.conf.manila.cinder "project_name" $manila_project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.project_domain_name -}}
+{{- $_ := set .Values.conf.manila.cinder "project_domain_name" $manila_project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.user_domain_name -}}
+{{- $_ := set .Values.conf.manila.cinder "user_domain_name" $manila_user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.username -}}
+{{- $_ := set .Values.conf.manila.cinder "username" $manila_username -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.password -}}
+{{- $_ := set .Values.conf.manila.cinder "password" $manila_password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.cinder.memcached_servers -}}
+{{- $_ := set .Values.conf.manila.cinder "memcached_servers" $memcached_servers -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.cinder.memcache_secret_key -}}
+{{- $_ := set .Values.conf.manila.cinder "memcache_secret_key" $memcache_secret_key -}}
+{{- end -}}
+
+# glance
+{{- if empty .Values.conf.manila.glance.auth_uri -}}
+{{- $_ := set .Values.conf.manila.glance "auth_uri" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.glance.auth_url -}}
+{{- $_ := set .Values.conf.manila.glance "auth_url" $manila_auth_url -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.glance.region_name -}}
+{{- $_ := set .Values.conf.manila.glance "region_name" .Values.endpoints.identity.auth.manila.region_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.project_name -}}
+{{- $_ := set .Values.conf.manila.glance "project_name" $manila_project_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.project_domain_name -}}
+{{- $_ := set .Values.conf.manila.glance "project_domain_name" $manila_project_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.user_domain_name -}}
+{{- $_ := set .Values.conf.manila.glance "user_domain_name" $manila_user_domain_name -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.username -}}
+{{- $_ := set .Values.conf.manila.glance "username" $manila_username -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.password -}}
+{{- $_ := set .Values.conf.manila.glance "password" $manila_password -}}
+{{- end -}}
+
+{{- if empty .Values.conf.manila.glance.memcached_servers -}}
+{{- $_ := set .Values.conf.manila.glance "memcached_servers" $memcached_servers -}}
+{{- end -}}
+{{- if empty .Values.conf.manila.glance.memcache_secret_key -}}
+{{- $_ := set .Values.conf.manila.glance "memcache_secret_key" $memcache_secret_key -}}
+{{- end -}}
+
+{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
+{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
+{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
+{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
+{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
+{{- end -}}
+
+{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}}
+{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
+{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
+{{- end -}}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: manila-etc
+type: Opaque
+data:
+ rally_tests.yaml: {{ toYaml .Values.conf.rally_tests.tests | b64enc }}
+ manila.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.manila | b64enc }}
+{{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+{{- $filePrefix := replace "_" "-" $key }}
+ {{ printf "%s.filters" $filePrefix }}: {{ $value.content | b64enc }}
+{{- end }}
+ logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
+ api-paste.ini: {{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | b64enc }}
+ policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
+ manila_sudoers: {{ $envAll.Values.conf.manila_sudoers | b64enc }}
+ rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
+{{- end }}
diff --git a/manila/templates/deployment-api.yaml b/manila/templates/deployment-api.yaml
new file mode 100644
index 0000000000..0e4505a023
--- /dev/null
+++ b/manila/templates/deployment-api.yaml
@@ -0,0 +1,140 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_api }}
+{{- $envAll := . }}
+
+{{- $mounts_manila_api := .Values.pod.mounts.manila_api.manila_api }}
+{{- $mounts_manila_api_init := .Values.pod.mounts.manila_api.init_container }}
+
+{{- $serviceAccountName := "manila-api" }}
+{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: manila-api
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ replicas: {{ .Values.pod.replicas.api }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "manila-api" "containerNames" (list "init" "manila-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.manila.enabled }}
+{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "api" $mounts_manila_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: manila-api
+{{ tuple $envAll "manila_api" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "manila" "container" "manila_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/manila-api.sh
+ - start
+ env:
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/manila/certs/ca.crt"
+{{- end }}
+ lifecycle:
+ preStop:
+ exec:
+ command:
+ - /tmp/manila-api.sh
+ - stop
+ ports:
+ - name: m-api
+ containerPort: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ readinessProbe:
+ httpGet:
+ scheme: HTTP
+ path: /
+ port: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: state-tmp
+ mountPath: /var/lib/manila
+ - name: etcmanila
+ mountPath: /etc/manila
+ - name: manila-etc
+ mountPath: /etc/manila/manila.conf
+ subPath: manila.conf
+ readOnly: true
+ {{- if .Values.conf.manila.DEFAULT.log_config_append }}
+ - name: manila-etc
+ mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: manila-etc
+ mountPath: /etc/manila/api-paste.ini
+ subPath: api-paste.ini
+ readOnly: true
+ - name: manila-etc
+ mountPath: /etc/manila/policy.yaml
+ subPath: policy.yaml
+ readOnly: true
+ - name: manila-bin
+ mountPath: /tmp/manila-api.sh
+ subPath: manila-api.sh
+ readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+
+{{ if $mounts_manila_api.volumeMounts }}{{ toYaml $mounts_manila_api.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: state-tmp
+ emptyDir: {}
+ - name: etcmanila
+ emptyDir: {}
+ - name: manila-etc
+ secret:
+ secretName: manila-etc
+ defaultMode: 0444
+ - name: manila-bin
+ configMap:
+ name: manila-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+
+{{ if $mounts_manila_api.volumes }}{{ toYaml $mounts_manila_api.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/manila/templates/deployment-data.yaml b/manila/templates/deployment-data.yaml
new file mode 100644
index 0000000000..21db299e31
--- /dev/null
+++ b/manila/templates/deployment-data.yaml
@@ -0,0 +1,121 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_data }}
+{{- $envAll := . }}
+
+{{- $mounts_manila_data := .Values.pod.mounts.manila_data.manila_data }}
+{{- $mounts_manila_data_init := .Values.pod.mounts.manila_data.init_container }}
+
+{{- $serviceAccountName := "manila-data" }}
+{{ tuple $envAll "data" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: manila-data
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ replicas: {{ .Values.pod.replicas.data }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "manila-data" "containerNames" (list "init" "manila-data") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{ tuple $envAll "manila" "data" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.data.node_selector_key }}: {{ .Values.labels.data.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.manila.enabled }}
+{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "data" $mounts_manila_data_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: manila-data
+{{ tuple $envAll "manila_data" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.data | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "manila" "container" "manila_data" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/manila-data.sh
+ env:
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/manila/certs/ca.crt"
+{{- end }}
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: etcmanila
+ mountPath: /etc/manila
+ - name: state-tmp
+ mountPath: /var/lib/manila
+ - name: manila-etc
+ mountPath: /etc/manila/manila.conf
+ subPath: manila.conf
+ readOnly: true
+ {{- if .Values.conf.manila.DEFAULT.log_config_append }}
+ - name: manila-etc
+ mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: manila-etc
+ mountPath: /etc/manila/policy.yaml
+ subPath: policy.yaml
+ readOnly: true
+ - name: manila-bin
+ mountPath: /tmp/manila-data.sh
+ subPath: manila-data.sh
+ readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+
+{{ if $mounts_manila_data.volumeMounts }}{{ toYaml $mounts_manila_data.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: state-tmp
+ emptyDir: {}
+ - name: etcmanila
+ emptyDir: {}
+ - name: manila-etc
+ secret:
+ secretName: manila-etc
+ defaultMode: 0444
+ - name: manila-bin
+ configMap:
+ name: manila-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+
+{{ if $mounts_manila_data.volumes }}{{ toYaml $mounts_manila_data.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/manila/templates/deployment-scheduler.yaml b/manila/templates/deployment-scheduler.yaml
new file mode 100644
index 0000000000..4858dfce54
--- /dev/null
+++ b/manila/templates/deployment-scheduler.yaml
@@ -0,0 +1,121 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_scheduler }}
+{{- $envAll := . }}
+
+{{- $mounts_manila_scheduler := .Values.pod.mounts.manila_scheduler.manila_scheduler }}
+{{- $mounts_manila_scheduler_init := .Values.pod.mounts.manila_scheduler.init_container }}
+
+{{- $serviceAccountName := "manila-scheduler" }}
+{{ tuple $envAll "scheduler" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: manila-scheduler
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ replicas: {{ .Values.pod.replicas.scheduler }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "manila-scheduler" "containerNames" (list "init" "manila-scheduler") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{ tuple $envAll "manila" "scheduler" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.scheduler.node_selector_key }}: {{ .Values.labels.scheduler.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.manila.enabled }}
+{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ initContainers:
+{{ tuple $envAll "scheduler" $mounts_manila_scheduler_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: manila-scheduler
+{{ tuple $envAll "manila_scheduler" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.scheduler | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "manila" "container" "manila_scheduler" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/manila-scheduler.sh
+ env:
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/manila/certs/ca.crt"
+{{- end }}
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: etcmanila
+ mountPath: /etc/manila
+ - name: state-tmp
+ mountPath: /var/lib/manila
+ - name: manila-etc
+ mountPath: /etc/manila/manila.conf
+ subPath: manila.conf
+ readOnly: true
+ {{- if .Values.conf.manila.DEFAULT.log_config_append }}
+ - name: manila-etc
+ mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: manila-etc
+ mountPath: /etc/manila/policy.yaml
+ subPath: policy.yaml
+ readOnly: true
+ - name: manila-bin
+ mountPath: /tmp/manila-scheduler.sh
+ subPath: manila-scheduler.sh
+ readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+
+{{ if $mounts_manila_scheduler.volumeMounts }}{{ toYaml $mounts_manila_scheduler.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: state-tmp
+ emptyDir: {}
+ - name: etcmanila
+ emptyDir: {}
+ - name: manila-etc
+ secret:
+ secretName: manila-etc
+ defaultMode: 0444
+ - name: manila-bin
+ configMap:
+ name: manila-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+
+{{ if $mounts_manila_scheduler.volumes }}{{ toYaml $mounts_manila_scheduler.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/manila/templates/deployment-share.yaml b/manila/templates/deployment-share.yaml
new file mode 100644
index 0000000000..a1c3ac5596
--- /dev/null
+++ b/manila/templates/deployment-share.yaml
@@ -0,0 +1,151 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.deployment_share }}
+{{- $envAll := . }}
+
+{{- $mounts_manila_share := .Values.pod.mounts.manila_share.manila_share }}
+{{- $mounts_manila_share_init := .Values.pod.mounts.manila_share.init_container }}
+
+{{- $serviceAccountName := "manila-share" }}
+{{ tuple $envAll "share" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: manila-share
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ replicas: {{ .Values.pod.replicas.share }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "manila-share" "containerNames" (list "init" "manila-share") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "manila" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+ affinity:
+{{ tuple $envAll "manila" "share" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
+ nodeSelector:
+ {{ .Values.labels.share.node_selector_key }}: {{ .Values.labels.share.node_selector_value }}
+{{ if $envAll.Values.pod.tolerations.manila.enabled }}
+{{ tuple $envAll "manila" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+ initContainers:
+{{ tuple $envAll "share" $mounts_manila_share_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ containers:
+ - name: manila-share
+{{ tuple $envAll "manila_share" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.share | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "manila" "container" "manila_share" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/manila-share.sh
+ env:
+{{- if or .Values.manifests.certificates .Values.tls.identity }}
+ - name: REQUESTS_CA_BUNDLE
+ value: "/etc/manila/certs/ca.crt"
+{{- end }}
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: etcmanila
+ mountPath: /etc/manila
+ - name: state-tmp
+ mountPath: /var/lib/manila
+ - name: manila-etc
+ mountPath: /etc/manila/manila.conf
+ subPath: manila.conf
+ readOnly: true
+ - name: manila-etc
+ mountPath: /etc/manila/rootwrap.conf
+ subPath: rootwrap.conf
+ - name: manila-etc
+ mountPath: /etc/sudoers.d/kolla_manila_sudoers
+ subPath: manila_sudoers
+ readOnly: true
+ - name: manila-etc
+ mountPath: /etc/sudoers.d/kolla_manila_volume_sudoers
+ subPath: manila_sudoers
+ readOnly: true
+ - mountPath: /run/openvswitch
+ name: run-openvswitch
+ readOnly: true
+ {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+ {{- if ( has "share" $value.pods ) }}
+ {{- $filePrefix := replace "_" "-" $key }}
+ {{- $rootwrapFile := printf "/etc/manila/rootwrap.d/%s.filters" $filePrefix }}
+ - name: manila-etc
+ mountPath: {{ $rootwrapFile }}
+ subPath: {{ base $rootwrapFile }}
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ {{- if .Values.conf.manila.DEFAULT.log_config_append }}
+ - name: manila-etc
+ mountPath: {{ .Values.conf.manila.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.manila.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: manila-etc
+ mountPath: /etc/manila/policy.yaml
+ subPath: policy.yaml
+ readOnly: true
+ - name: manila-bin
+ mountPath: /tmp/manila-share.sh
+ subPath: manila-share.sh
+ readOnly: true
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal "path" "/etc/manila/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+
+{{ if $mounts_manila_share.volumeMounts }}{{ toYaml $mounts_manila_share.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: state-tmp
+ emptyDir: {}
+ - name: etcmanila
+ emptyDir: {}
+ - name: run-openvswitch
+ hostPath:
+ path: /run/openvswitch
+ type: Directory
+ - name: manila-etc
+ secret:
+ secretName: manila-etc
+ defaultMode: 0444
+ - name: manila-bin
+ configMap:
+ name: manila-bin
+ defaultMode: 0555
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+
+{{ if $mounts_manila_share.volumes }}{{ toYaml $mounts_manila_share.volumes | indent 8 }}{{ end }}
+{{- end }}
diff --git a/manila/templates/ingress-api.yaml b/manila/templates/ingress-api.yaml
new file mode 100644
index 0000000000..ef9426f844
--- /dev/null
+++ b/manila/templates/ingress-api.yaml
@@ -0,0 +1,18 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.ingress_api .Values.network.api.ingress.public }}
+{{- $ingressOpts := dict "envAll" . "backendServiceType" "share" "backendPort" "m-api" -}}
+{{ $ingressOpts | include "helm-toolkit.manifests.ingress" }}
+{{- end }}
diff --git a/manila/templates/job-bootstrap.yaml b/manila/templates/job-bootstrap.yaml
new file mode 100644
index 0000000000..8589f2ba4b
--- /dev/null
+++ b/manila/templates/job-bootstrap.yaml
@@ -0,0 +1,31 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.bootstrap" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "5"
+{{- end }}
+{{- end }}
+
+{{- if and .Values.manifests.job_bootstrap .Values.bootstrap.enabled }}
+{{- $bootstrapJob := dict "envAll" . "serviceName" "manila" "keystoneUser" .Values.bootstrap.ks_user "logConfigFile" .Values.conf.manila.DEFAULT.log_config_append "jobAnnotations" (include "metadata.annotations.job.bootstrap" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $bootstrapJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
+{{- $_ := set $bootstrapJob "tlsSecret" .Values.secrets.tls.share.api.internal -}}
+{{- end -}}
+{{ $bootstrapJob | include "helm-toolkit.manifests.job_bootstrap" }}
+{{- end }}
diff --git a/manila/templates/job-db-drop.yaml b/manila/templates/job-db-drop.yaml
new file mode 100644
index 0000000000..9d63fa95bd
--- /dev/null
+++ b/manila/templates/job-db-drop.yaml
@@ -0,0 +1,26 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.job_db_drop }}
+{{- $serviceName := "manila" -}}
+{{- $dbToDrop := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "DEFAULT" "configDbKey" "sql_connection" -}}
+{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbToDrop" $dbToDrop -}}
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $dbToDrop "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
+{{- end -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $dbDropJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
+{{- end }}
diff --git a/manila/templates/job-db-init.yaml b/manila/templates/job-db-init.yaml
new file mode 100644
index 0000000000..f2df99fcff
--- /dev/null
+++ b/manila/templates/job-db-init.yaml
@@ -0,0 +1,32 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.db_init" }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-5"
+{{- end }}
+
+{{- if .Values.manifests.job_db_init }}
+{{- $dbInitJob := dict "envAll" . "serviceName" "manila" -}}
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $dbInitJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
+{{- end -}}
+{{- if .Values.helm3_hook }}
+{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
+{{- end }}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $dbInitJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
+{{- end }}
diff --git a/manila/templates/job-db-sync.yaml b/manila/templates/job-db-sync.yaml
new file mode 100644
index 0000000000..014e4cd5a6
--- /dev/null
+++ b/manila/templates/job-db-sync.yaml
@@ -0,0 +1,32 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.db_sync" }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-4"
+{{- end }}
+
+{{- if .Values.manifests.job_db_sync }}
+{{- $dbSyncJob := dict "envAll" . "serviceName" "manila" "podVolMounts" .Values.pod.mounts.manila_db_sync.manila_db_sync.volumeMounts "podVols" .Values.pod.mounts.manila_db_sync.manila_db_sync.volumes -}}
+{{- if .Values.manifests.certificates -}}
+{{- $_ := set $dbSyncJob "dbAdminTlsSecret" .Values.endpoints.oslo_db.auth.admin.secret.tls.internal -}}
+{{- end -}}
+{{- if .Values.helm3_hook }}
+{{- $_ := set $dbSyncJob "jobAnnotations" (include "metadata.annotations.job.db_sync" . | fromYaml) }}
+{{- end }}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $dbSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $dbSyncJob | include "helm-toolkit.manifests.job_db_sync" }}
+{{- end }}
diff --git a/manila/templates/job-image-repo-sync.yaml b/manila/templates/job-image-repo-sync.yaml
new file mode 100644
index 0000000000..d7fc6438f2
--- /dev/null
+++ b/manila/templates/job-image-repo-sync.yaml
@@ -0,0 +1,27 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.repo_sync" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+{{- end }}
+{{- end }}
+
+{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }}
+{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.repo_sync" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $imageRepoSyncJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }}
+{{- end }}
diff --git a/manila/templates/job-ks-endpoints.yaml b/manila/templates/job-ks-endpoints.yaml
new file mode 100644
index 0000000000..56b529ed72
--- /dev/null
+++ b/manila/templates/job-ks-endpoints.yaml
@@ -0,0 +1,31 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.ks_endpoints" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-2"
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.job_ks_endpoints }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "manila" "serviceTypes" ( tuple "share" "sharev2" ) "jobAnnotations" (include "metadata.annotations.job.ks_endpoints" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
+{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.share.api.internal -}}
+{{- end -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_endpoints" }}
+{{- end }}
diff --git a/manila/templates/job-ks-service.yaml b/manila/templates/job-ks-service.yaml
new file mode 100644
index 0000000000..895b31f566
--- /dev/null
+++ b/manila/templates/job-ks-service.yaml
@@ -0,0 +1,31 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.ks_service" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-3"
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.job_ks_service }}
+{{- $ksServiceJob := dict "envAll" . "serviceName" "manila" "serviceTypes" ( tuple "share" "sharev2" ) "jobAnnotations" (include "metadata.annotations.job.ks_service" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $ksServiceJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
+{{- $_ := set $ksServiceJob "tlsSecret" .Values.secrets.tls.share.api.internal -}}
+{{- end -}}
+{{ $ksServiceJob | include "helm-toolkit.manifests.job_ks_service" }}
+{{- end }}
diff --git a/manila/templates/job-ks-user.yaml b/manila/templates/job-ks-user.yaml
new file mode 100644
index 0000000000..b7ef07e989
--- /dev/null
+++ b/manila/templates/job-ks-user.yaml
@@ -0,0 +1,31 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.ks_user" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-1"
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.job_ks_user }}
+{{- $ksUserJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.ks_user" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $ksUserJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{- if or .Values.manifests.certificates .Values.tls.identity -}}
+{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.share.api.internal -}}
+{{- end -}}
+{{ $ksUserJob | include "helm-toolkit.manifests.job_ks_user" }}
+{{- end }}
diff --git a/manila/templates/job-rabbit-init.yaml b/manila/templates/job-rabbit-init.yaml
new file mode 100644
index 0000000000..9b2ab56410
--- /dev/null
+++ b/manila/templates/job-rabbit-init.yaml
@@ -0,0 +1,28 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "metadata.annotations.job.rabbit_init" }}
+{{- if .Values.helm3_hook }}
+helm.sh/hook: post-install,post-upgrade
+helm.sh/hook-weight: "-4"
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.job_rabbit_init }}
+{{- $rmqUserJob := dict "envAll" . "serviceName" "manila" "jobAnnotations" (include "metadata.annotations.job.rabbit_init" . | fromYaml) -}}
+{{- if .Values.pod.tolerations.manila.enabled -}}
+{{- $_ := set $rmqUserJob "tolerationsEnabled" true -}}
+{{- end -}}
+{{ $rmqUserJob | include "helm-toolkit.manifests.job_rabbit_init" }}
+{{- end }}
diff --git a/manila/templates/network_policy.yaml b/manila/templates/network_policy.yaml
new file mode 100644
index 0000000000..b0fd6fd850
--- /dev/null
+++ b/manila/templates/network_policy.yaml
@@ -0,0 +1,16 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.manifests.network_policy -}}
+{{- $netpol_opts := dict "envAll" . "name" "application" "label" "manila" -}}
+{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
+{{- end -}}
diff --git a/manila/templates/pdb-api.yaml b/manila/templates/pdb-api.yaml
new file mode 100644
index 0000000000..b2bf037ff3
--- /dev/null
+++ b/manila/templates/pdb-api.yaml
@@ -0,0 +1,27 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.pdb_api }}
+{{- $envAll := . }}
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: manila-api
+spec:
+ minAvailable: {{ .Values.pod.lifecycle.disruption_budget.api.min_available }}
+ selector:
+ matchLabels:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{- end }}
diff --git a/manila/templates/pod-rally-test.yaml b/manila/templates/pod-rally-test.yaml
new file mode 100644
index 0000000000..928c1831fc
--- /dev/null
+++ b/manila/templates/pod-rally-test.yaml
@@ -0,0 +1,129 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if (.Values.global).subchart_release_name }}
+{{- $_ := set . "deployment_name" .Chart.Name }}
+{{- else }}
+{{- $_ := set . "deployment_name" .Release.Name }}
+{{- end }}
+
+{{- if .Values.manifests.pod_rally_test }}
+{{- $envAll := . }}
+
+{{- $mounts_tests := .Values.pod.mounts.manila_tests.manila_tests }}
+{{- $mounts_tests_init := .Values.pod.mounts.manila_tests.init_container }}
+
+{{- $serviceAccountName := print $envAll.deployment_name "-test" }}
+{{ tuple $envAll "tests" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ print $envAll.deployment_name "-test" }}
+ labels:
+{{ tuple $envAll "manila" "test" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ annotations:
+ "helm.sh/hook": test-success
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+{{ dict "envAll" $envAll "podName" "manila-test" "containerNames" (list "init" "manila-test" "manila-test-ks-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
+spec:
+ restartPolicy: Never
+{{ dict "envAll" $envAll "application" "test" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
+ nodeSelector:
+ {{ .Values.labels.test.node_selector_key }}: {{ .Values.labels.test.node_selector_value }}
+ serviceAccountName: {{ $serviceAccountName }}
+ initContainers:
+{{ tuple $envAll "tests" $mounts_tests_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
+ - name: manila-test-ks-user
+{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.image" | indent 6 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.ks_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "test" "container" "manila_test_ks_user" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
+ command:
+ - /tmp/ks-user.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: manila-bin
+ mountPath: /tmp/ks-user.sh
+ subPath: ks-user.sh
+ readOnly: true
+{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
+{{- end }}
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- end }}
+ - name: SERVICE_OS_SERVICE_NAME
+ value: "test"
+{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- end }}
+ - name: SERVICE_OS_ROLE
+ value: {{ .Values.endpoints.share.auth.test.role | quote }}
+ containers:
+ - name: manila-test
+{{ tuple $envAll "test" | include "helm-toolkit.snippets.image" | indent 6 }}
+{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "test" "container" "manila_test" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6}}
+ env:
+{{- with $env := dict "ksUserSecret" .Values.secrets.share.admin "useCA" (and .Values.manifests.certificates .Values.secrets.tls.share.api.internal) }}
+{{- include "helm-toolkit.snippets.manila_openrc_env_vars" $env | indent 8 }}
+{{- end }}
+{{- with $env := dict "ksUserSecret" .Values.secrets.share.test }}
+{{- include "helm-toolkit.snippets.manila_user_create_env_vars" $env | indent 8 }}
+{{- end }}
+ - name: RALLY_ENV_NAME
+ value: {{.deployment_name}}
+ command:
+ - /tmp/rally-test.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: manila-etc
+ mountPath: /etc/rally/rally_tests.yaml
+ subPath: rally_tests.yaml
+ readOnly: true
+ - name: manila-bin
+ mountPath: /tmp/rally-test.sh
+ subPath: rally-test.sh
+ readOnly: true
+ - name: rally-db
+ mountPath: /var/lib/rally
+ - name: rally-work
+ mountPath: /home/rally/.rally
+{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 8 }}
+{{- end }}
+{{ if $mounts_tests.volumeMounts }}{{ toYaml $mounts_tests.volumeMounts | indent 8 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: manila-etc
+ secret:
+ secretName: manila-etc
+ defaultMode: 0444
+ - name: manila-bin
+ configMap:
+ name: manila-bin
+ defaultMode: 0555
+ - name: rally-db
+ emptyDir: {}
+ - name: rally-work
+ emptyDir: {}
+{{- if and .Values.manifests.certificates .Values.secrets.tls.share.api.internal }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.share.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 4 }}
+{{- end }}
+{{ if $mounts_tests.volumes }}{{ toYaml $mounts_tests.volumes | indent 4 }}{{ end }}
+{{- end }}
diff --git a/manila/templates/secret-db.yaml b/manila/templates/secret-db.yaml
new file mode 100644
index 0000000000..0a9178f2a4
--- /dev/null
+++ b/manila/templates/secret-db.yaml
@@ -0,0 +1,33 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_db }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "manila" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db $userClass }}
+{{- $connection := tuple "oslo_db" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: Opaque
+data:
+{{- if $envAll.Values.manifests.certificates }}
+ DB_CONNECTION: {{ (printf "%s?charset=utf8&ssl_ca=/etc/mysql/certs/ca.crt&ssl_key=/etc/mysql/certs/tls.key&ssl_cert=/etc/mysql/certs/tls.crt&ssl_verify_cert" $connection ) | b64enc -}}
+{{- else }}
+ DB_CONNECTION: {{ $connection | b64enc -}}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/manila/templates/secret-ingress-tls.yaml b/manila/templates/secret-ingress-tls.yaml
new file mode 100644
index 0000000000..9db2b2550a
--- /dev/null
+++ b/manila/templates/secret-ingress-tls.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ingress_tls }}
+{{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "share" ) }}
+{{- end }}
diff --git a/manila/templates/secret-keystone.yaml b/manila/templates/secret-keystone.yaml
new file mode 100644
index 0000000000..173138785b
--- /dev/null
+++ b/manila/templates/secret-keystone.yaml
@@ -0,0 +1,28 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_keystone }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "manila" }}
+{{- $secretName := index $envAll.Values.secrets.identity $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: Opaque
+data:
+{{- tuple $userClass "internal" $envAll | include "helm-toolkit.snippets.keystone_secret_openrc" | indent 2 -}}
+{{- end }}
+{{- end }}
diff --git a/manila/templates/secret-rabbitmq.yaml b/manila/templates/secret-rabbitmq.yaml
new file mode 100644
index 0000000000..048cf8d8b3
--- /dev/null
+++ b/manila/templates/secret-rabbitmq.yaml
@@ -0,0 +1,28 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_rabbitmq }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "manila" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_messaging $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+type: Opaque
+data:
+ RABBITMQ_CONNECTION: {{ tuple "oslo_messaging" "internal" $userClass "http" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc }}
+{{- end }}
+{{- end }}
diff --git a/manila/templates/secret-registry.yaml b/manila/templates/secret-registry.yaml
new file mode 100644
index 0000000000..da979b3223
--- /dev/null
+++ b/manila/templates/secret-registry.yaml
@@ -0,0 +1,17 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
+{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
+{{- end }}
diff --git a/manila/templates/service-api.yaml b/manila/templates/service-api.yaml
new file mode 100644
index 0000000000..f80ef97342
--- /dev/null
+++ b/manila/templates/service-api.yaml
@@ -0,0 +1,37 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.service_api }}
+{{- $envAll := . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ tuple "share" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+spec:
+ ports:
+ - name: b-api
+ port: {{ tuple "share" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ {{ if .Values.network.api.node_port.enabled }}
+ nodePort: {{ .Values.network.api.node_port.port }}
+ {{ end }}
+ selector:
+{{ tuple $envAll "manila" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+ {{ if .Values.network.api.node_port.enabled }}
+ type: NodePort
+ {{ if .Values.network.api.external_policy_local }}
+ externalTrafficPolicy: Local
+ {{ end }}
+ {{ end }}
+{{- end }}
diff --git a/manila/templates/service-ingress-api.yaml b/manila/templates/service-ingress-api.yaml
new file mode 100644
index 0000000000..58492cd482
--- /dev/null
+++ b/manila/templates/service-ingress-api.yaml
@@ -0,0 +1,18 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.service_ingress_api .Values.network.api.ingress.public }}
+{{- $serviceIngressOpts := dict "envAll" . "backendServiceType" "share" -}}
+{{ $serviceIngressOpts | include "helm-toolkit.manifests.service_ingress" }}
+{{- end }}
diff --git a/manila/values.yaml b/manila/values.yaml
new file mode 100644
index 0000000000..c5ade6f956
--- /dev/null
+++ b/manila/values.yaml
@@ -0,0 +1,1092 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for manila.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+---
+labels:
+ api:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ data:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ scheduler:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ share:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ job:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ test:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+
+release_group: null
+
+# NOTE(philsphicas): the pre-install hook breaks upgrade for helm2
+# Set to false to upgrade using helm2
+helm3_hook: true
+
+images:
+ tags:
+ bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ rabbit_init: docker.io/rabbitmq:3.7-management
+ image_repo_sync: docker.io/docker:17.07.0
+ pull_policy: "IfNotPresent"
+ local_registry:
+ active: false
+ exclude:
+ - dep_check
+ - image_repo_sync
+
+pod:
+ security_context:
+ manila:
+ pod:
+ runAsUser: 42424
+ container:
+ manila_api:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ manila_data:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ manila_scheduler:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ manila_share:
+ readOnlyRootFilesystem: true
+ privileged: true
+ test:
+ pod:
+ runAsUser: 42424
+ container:
+ manila_test:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ affinity:
+ anti:
+ type:
+ default: preferredDuringSchedulingIgnoredDuringExecution
+ topologyKey:
+ default: kubernetes.io/hostname
+ weight:
+ default: 10
+ tolerations:
+ manila:
+ enabled: false
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ mounts:
+ manila_api:
+ init_container: null
+ manila_api:
+ volumeMounts:
+ volumes:
+ manila_scheduler:
+ init_container: null
+ manila_scheduler:
+ volumeMounts:
+ volumes:
+ manila_data:
+ init_container: null
+ manila_data:
+ volumeMounts:
+ volumes:
+ manila_share:
+ init_container: null
+ manila_share:
+ volumeMounts:
+ volumes:
+ manila_bootstrap:
+ init_container: null
+ manila_bootstrap:
+ volumeMounts:
+ volumes:
+ manila_tests:
+ init_container: null
+ manila_tests:
+ volumeMounts:
+ volumes:
+ manila_db_sync:
+ manila_db_sync:
+ volumeMounts:
+ volumes:
+ replicas:
+ api: 1
+ data: 1
+ scheduler: 1
+ share: 1
+ lifecycle:
+ upgrades:
+ deployments:
+ revision_history: 3
+ pod_replacement_strategy: RollingUpdate
+ rolling_update:
+ max_unavailable: 1
+ max_surge: 3
+ disruption_budget:
+ api:
+ min_available: 0
+ sheduler:
+ min_available: 0
+ share:
+ min_available: 0
+ resources:
+ enabled: false
+ api:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ data:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ scheduler:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ share:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ jobs:
+ bootstrap:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_sync:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ db_drop:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ rabbit_init:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_endpoints:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_service:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ ks_user:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ tests:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+ image_repo_sync:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
+
+network:
+ api:
+ ingress:
+ public: true
+ classes:
+ namespace: "nginx"
+ cluster: "nginx-cluster"
+ annotations:
+ nginx.ingress.kubernetes.io/rewrite-target: /
+ external_policy_local: false
+ node_port:
+ enabled: false
+ port: 30486
+
+network_policy:
+ manila:
+ ingress:
+ - {}
+ egress:
+ - {}
+
+bootstrap:
+ enabled: true
+ ks_user: admin
+ script: null
+ structured:
+ flavors:
+ manila-service-flavor:
+ id: 100
+ name: "manila-service-flavor"
+ ram: 512
+ vcpus: 1
+ disk: 5
+ ephemeral: 0
+ public: true
+ images:
+ manila-service-image:
+ id: null
+ name: "manila-service-image"
+ source_url: "https://tarballs.opendev.org/openstack/manila-image-elements/images/"
+ image_file: "manila-service-image-master.qcow2"
+ image_type: qcow2
+ container_format: bare
+ private: false
+
+dependencies:
+ dynamic:
+ common:
+ local_image_registry:
+ jobs:
+ - manila-image-repo-sync
+ services:
+ - endpoint: node
+ service: local_image_registry
+ static:
+ api:
+ jobs:
+ - manila-db-sync
+ - manila-ks-user
+ - manila-ks-endpoints
+ - manila-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: oslo_messaging
+ data:
+ jobs:
+ - manila-db-sync
+ - manila-ks-user
+ - manila-ks-endpoints
+ - manila-rabbit-init
+ scheduler:
+ jobs:
+ - manila-db-sync
+ - manila-ks-user
+ - manila-ks-endpoints
+ - manila-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: oslo_messaging
+ share:
+ # pod:
+ # - requireSameNode: true
+ # labels:
+ # application: openvswitch
+ # component: server
+ jobs:
+ - manila-db-sync
+ - manila-ks-user
+ - manila-ks-endpoints
+ - manila-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_db
+ - endpoint: internal
+ service: identity
+ - endpoint: internal
+ service: oslo_messaging
+ db_drop:
+ services:
+ - endpoint: internal
+ service: oslo_db
+ db_init:
+ services:
+ - endpoint: internal
+ service: oslo_db
+ db_sync:
+ jobs:
+ - manila-db-init
+ services:
+ - endpoint: internal
+ service: oslo_db
+ image_repo_sync:
+ services:
+ - endpoint: internal
+ service: local_image_registry
+ ks_endpoints:
+ jobs:
+ - manila-ks-service
+ services:
+ - endpoint: internal
+ service: identity
+ ks_service:
+ services:
+ - endpoint: internal
+ service: identity
+ ks_user:
+ services:
+ - endpoint: internal
+ service: identity
+ rabbit_init:
+ services:
+ - endpoint: internal
+ service: oslo_messaging
+
+conf:
+ paste:
+ composite:osapi_share:
+ use: call:manila.api:root_app_factory
+ /: apiversions
+ /healthcheck: healthcheck
+ /v1: openstack_share_api
+ /v2: openstack_share_api_v2
+ composite:openstack_share_api:
+ use: call:manila.api.middleware.auth:pipeline_factory
+ noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth api
+ keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
+ keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext api
+ composite:openstack_share_api_v2:
+ use: call:manila.api.middleware.auth:pipeline_factory
+ noauth: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauth apiv2
+ noauthv2: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler noauthv2 apiv2
+ keystone: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
+ keystone_nolimit: cors faultwrap http_proxy_to_wsgi sizelimit osprofiler authtoken keystonecontext apiv2
+ filter:faultwrap:
+ paste.filter_factory: manila.api.middleware.fault:FaultWrapper.factory
+ filter:noauth:
+ paste.filter_factory: manila.api.middleware.auth:NoAuthMiddleware.factory
+ filter:noauthv2:
+ paste.filter_factory: manila.api.middleware.auth:NoAuthMiddlewarev2_60.factory
+ filter:sizelimit:
+ paste.filter_factory: oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
+ filter:osprofiler:
+ paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ filter:http_proxy_to_wsgi:
+ paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
+ app:api:
+ paste.app_factory: manila.api.v1.router:APIRouter.factory
+ app:apiv2:
+ paste.app_factory: manila.api.v2.router:APIRouter.factory
+ pipeline:apiversions:
+ pipeline: cors faultwrap http_proxy_to_wsgi osshareversionapp
+ app:osshareversionapp:
+ paste.app_factory: manila.api.versions:VersionsRouter.factory
+ filter:keystonecontext:
+ paste.filter_factory: manila.api.middleware.auth:ManilaKeystoneContext.factory
+ filter:authtoken:
+ paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+ filter:cors:
+ paste.filter_factory: oslo_middleware.cors:filter_factory
+ oslo_config_project: manila
+ app:healthcheck:
+ paste.app_factory: oslo_middleware:Healthcheck.app_factory
+ backends: disable_by_file
+ disable_by_file_path: /etc/manila/healthcheck_disable
+ policy: {}
+ manila_sudoers: |
+ # This sudoers file supports rootwrap for both Kolla and LOCI Images.
+ Defaults !requiretty
+ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin"
+ manila ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/manila-rootwrap /etc/manila/rootwrap.conf *, /var/lib/openstack/bin/manila-rootwrap /etc/manila/rootwrap.conf *
+ rootwrap_filters:
+ share:
+ pods:
+ - share
+ content: |
+ # manila-rootwrap command filters for share nodes
+ # This file should be owned by (and only-writeable by) the root user
+
+ [Filters]
+ # manila/utils.py : 'chown', '%s', '%s'
+ chown: CommandFilter, chown, root
+ # manila/utils.py : 'cat', '%s'
+ cat: CommandFilter, cat, root
+
+ # manila/share/drivers/lvm.py: 'mkfs.ext4', '/dev/mapper/%s'
+ mkfs.ext4: CommandFilter, mkfs.ext4, root
+
+ # manila/share/drivers/lvm.py: 'mkfs.ext3', '/dev/mapper/%s'
+ mkfs.ext3: CommandFilter, mkfs.ext3, root
+
+ # manila/share/drivers/lvm.py: 'smbd', '-s', '%s', '-D'
+ smbd: CommandFilter, smbd, root
+ smb: CommandFilter, smb, root
+
+ # manila/share/drivers/lvm.py: 'rmdir', '%s'
+ rmdir: CommandFilter, rmdir, root
+
+ # manila/share/drivers/lvm.py: 'dd' 'count=0', 'if=%s' % srcstr, 'of=%s'
+ dd: CommandFilter, dd, root
+
+ # manila/share/drivers/lvm.py: 'fsck', '-pf', %s
+ fsck: CommandFilter, fsck, root
+
+ # manila/share/drivers/lvm.py: 'resize2fs', %s
+ resize2fs: CommandFilter, resize2fs, root
+
+ # manila/share/drivers/helpers.py: 'smbcontrol', 'all', 'close-share', '%s'
+ smbcontrol: CommandFilter, smbcontrol, root
+
+ # manila/share/drivers/helpers.py: 'net', 'conf', 'addshare', '%s', '%s', 'writeable=y', 'guest_ok=y
+ # manila/share/drivers/helpers.py: 'net', 'conf', 'delshare', '%s'
+ # manila/share/drivers/helpers.py: 'net', 'conf', 'setparm', '%s', '%s', '%s'
+ # manila/share/drivers/helpers.py: 'net', 'conf', 'getparm', '%s', 'hosts allow'
+ net: CommandFilter, net, root
+
+ # manila/share/drivers/helpers.py: 'cp', '%s', '%s'
+ cp: CommandFilter, cp, root
+
+ # manila/share/drivers/helpers.py: 'service', '%s', '%s'
+ service: CommandFilter, service, root
+
+ # manila/share/drivers/lvm.py: 'lvremove', '-f', "%s/%s
+ lvremove: CommandFilter, lvremove, root
+
+ # manila/share/drivers/lvm.py: 'lvextend', '-L', '%sG''-n', %s
+ lvextend: CommandFilter, lvextend, root
+
+ # manila/share/drivers/lvm.py: 'lvcreate', '-L', %s, '-n', %s
+ lvcreate: CommandFilter, lvcreate, root
+
+ # manila/share/drivers/lvm.py: 'vgs', '--noheadings', '-o', 'name'
+ # manila/share/drivers/lvm.py: 'vgs', %s, '--rows', '--units', 'g'
+ vgs: CommandFilter, vgs, root
+
+ # manila/share/drivers/lvm.py: 'tune2fs', '-U', 'random', '%volume-snapshot%'
+ tune2fs: CommandFilter, tune2fs, root
+
+ # manila/share/drivers/generic.py: 'sed', '-i', '\'/%s/d\'', '%s'
+ sed: CommandFilter, sed, root
+
+ # manila/share/drivers/glusterfs.py: 'mkdir', '%s'
+ # manila/share/drivers/ganesha/manager.py: 'mkdir', '-p', '%s'
+ mkdir: CommandFilter, mkdir, root
+
+ # manila/share/drivers/glusterfs.py: 'rm', '-rf', '%s'
+ rm: CommandFilter, rm, root
+
+ # manila/share/drivers/glusterfs.py: 'mount', '-t', 'glusterfs', '%s', '%s'
+ # manila/share/drivers/glusterfs/glusterfs_native.py: 'mount', '-t', 'glusterfs', '%s', '%s'
+ mount: CommandFilter, mount, root
+
+ # manila/share/drivers/glusterfs.py: 'gluster', '--xml', 'volume', 'info', '%s'
+ # manila/share/drivers/glusterfs.py: 'gluster', 'volume', 'set', '%s', 'nfs.export-dir', '%s'
+ gluster: CommandFilter, gluster, root
+
+ # manila/network/linux/ip_lib.py: 'ip', 'netns', 'exec', '%s', '%s'
+ ip: CommandFilter, ip, root
+
+ # manila/network/linux/interface.py: 'ovs-vsctl', 'add-port', '%s', '%s'
+ ovs-vsctl: CommandFilter, ovs-vsctl, root
+
+ # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '!', '-path', '%s', '!', '-path', '%s', '-delete'
+ # manila/share/drivers/glusterfs/glusterfs_native.py: 'find', '%s', '-mindepth', '1', '-delete'
+ find: CommandFilter, find, root
+
+ # manila/share/drivers/glusterfs/glusterfs_native.py: 'umount', '%s'
+ umount: CommandFilter, umount, root
+
+ # GPFS commands
+ # manila/share/drivers/ibm/gpfs.py: 'mmgetstate', '-Y'
+ mmgetstate: CommandFilter, mmgetstate, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmlsattr', '%s'
+ mmlsattr: CommandFilter, mmlsattr, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmcrfileset', '%s', '%s', '--inode-space', 'new'
+ mmcrfileset: CommandFilter, mmcrfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmlinkfileset', '%s', '%s', '-J', '%s'
+ mmlinkfileset: CommandFilter, mmlinkfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmsetquota', '-j', '%s', '-h', '%s', '%s'
+ mmsetquota: CommandFilter, mmsetquota, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmunlinkfileset', '%s', '%s', '-f'
+ mmunlinkfileset: CommandFilter, mmunlinkfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmdelfileset', '%s', '%s', '-f'
+ mmdelfileset: CommandFilter, mmdelfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmcrsnapshot', '%s', '%s', '-j', '%s'
+ mmcrsnapshot: CommandFilter, mmcrsnapshot, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmdelsnapshot', '%s', '%s', '-j', '%s'
+ mmdelsnapshot: CommandFilter, mmdelsnapshot, root
+ # manila/share/drivers/ibm/gpfs.py: 'rsync', '-rp', '%s', '%s'
+ rsync: CommandFilter, rsync, root
+ # manila/share/drivers/ibm/gpfs.py: 'exportfs'
+ exportfs: CommandFilter, exportfs, root
+ # manila/share/drivers/ibm/gpfs.py: 'stat', '--format=%F', '%s'
+ stat: CommandFilter, stat, root
+ # manila/share/drivers/ibm/gpfs.py: 'df', '-P', '-B', '1', '%s'
+ df: CommandFilter, df, root
+ # manila/share/drivers/ibm/gpfs.py: 'chmod', '777', '%s'
+ chmod: CommandFilter, chmod, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmnfs', 'export', '%s', '%s'
+ mmnfs: CommandFilter, mmnfs, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmlsfileset', '%s', '-J', '%s', '-L'
+ mmlsfileset: CommandFilter, mmlsfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmchfileset', '%s', '-J', '%s', '-j', '%s'
+ mmchfileset: CommandFilter, mmchfileset, root
+ # manila/share/drivers/ibm/gpfs.py: 'mmlsquota', '-j', '-J', '%s', '%s'
+ mmlsquota: CommandFilter, mmlsquota, root
+
+ # manila/share/drivers/ganesha/manager.py: 'mv', '%s', '%s'
+ mv: CommandFilter, mv, root
+
+ # manila/share/drivers/ganesha/manager.py: 'mktemp', '-p', '%s', '-t', '%s'
+ mktemp: CommandFilter, mktemp, root
+
+ # manila/share/drivers/ganesha/manager.py:
+ shcat: RegExpFilter, sh, root, sh, -c, echo '((.|\n)*)' > /.*
+
+ # manila/share/drivers/ganesha/manager.py:
+ dbus-addexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*, .*
+
+ # manila/share/drivers/ganesha/manager.py:
+ dbus-removeexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.(Add|Remove)Export, .*
+
+ # manila/share/drivers/ganesha/manager.py:
+ dbus-updateexport: RegExpFilter, dbus-send, root, dbus-send, --print-reply, --system, --dest=org\.ganesha\.nfsd, /org/ganesha/nfsd/ExportMgr, org\.ganesha\.nfsd\.exportmgr\.UpdateExport, .*, .*
+
+ # manila/share/drivers/ganesha/manager.py:
+ rmconf: RegExpFilter, sh, root, sh, -c, rm -f /.*/\*\.conf$
+
+ # ZFS commands
+ # manila/share/drivers/zfsonlinux/driver.py
+ # manila/share/drivers/zfsonlinux/utils.py
+ zpool: CommandFilter, zpool, root
+
+ # manila/share/drivers/zfsonlinux/driver.py
+ # manila/share/drivers/zfsonlinux/utils.py
+ zfs: CommandFilter, zfs, root
+
+ # manila/share/drivers/zfsonlinux/driver.py
+ kill: CommandFilter, kill, root
+
+ # manila/data/utils.py: 'ls', '-pA1', '--group-directories-first', '%s'
+ ls: CommandFilter, ls, root
+
+ # manila/data/utils.py: 'touch', '--reference=%s', '%s'
+ touch: CommandFilter, touch, root
+
+ # manila/share/drivers/container/container.py: docker <whatever>
+ docker: CommandFilter, docker, root
+
+ # manila/share/drivers/container/container.py: brctl <whatever>
+ brctl: CommandFilter, brctl, root
+
+ # manila/share/drivers/container/storage_helper.py: e2fsck <whatever>
+ # manila/share/drivers/generic.py: e2fsck <whatever>
+ # manila/share/drivers/lvm.py: e2fsck <whatever>
+ e2fsck: CommandFilter, e2fsck, root
+
+ # manila/share/drivers/lvm.py: lvconvert --merge %s
+ lvconvert: CommandFilter, lvconvert, root
+
+ # manila/data/utils.py: 'sha256sum', '%s'
+ sha256sum: CommandFilter, sha256sum, root
+
+ # manila/utils.py: 'tee', '%s'
+ tee: CommandFilter, tee, root
+
+ # manila/share/drivers/container/storage_helper.py: lvs -o lv_size --noheadings --nosuffix --units g <device>
+ lvs: CommandFilter, lvs, root
+
+ # manila/share/drivers/container/storage_helper.py: lvrename --autobackup n <old_name> <new_name>
+ lvrename: CommandFilter, lvrename, root
+ rootwrap: |
+ # Configuration for manila-rootwrap
+ # This file should be owned by (and only-writeable by) the root user
+
+ [DEFAULT]
+ # List of directories to load filter definitions from (separated by ',').
+ # These directories MUST all be only writeable by root !
+ filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap
+
+ # List of directories to search executables in, in case filters do not
+ # explicitly specify a full path (separated by ',')
+ # If not specified, defaults to system PATH environment variable.
+ # These directories MUST all be only writeable by root !
+ exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
+
+ # Enable logging to syslog
+ # Default value is False
+ use_syslog=False
+
+ # Which syslog facility to use.
+ # Valid values include auth, authpriv, syslog, user0, user1...
+ # Default value is 'syslog'
+ syslog_log_facility=syslog
+
+ # Which messages to log.
+ # INFO means log all usage
+ # ERROR means only log unsuccessful attempts
+ syslog_log_level=ERROR
+ manila:
+ DEFAULT:
+ default_share_type: default
+ default_share_group_type: default
+ share_name_template: share-%s
+ rootwrap_config: /etc/manila/rootwrap.conf
+ api_paste_config: /etc/manila/api-paste.ini
+ enabled_share_backends: generic
+ enabled_share_protocols: NFS
+ keystone_authtoken:
+ auth_type: password
+ auth_version: v3
+ memcache_security_strategy: ENCRYPT
+ endpoint_type: internalURL
+ neutron:
+ auth_type: password
+ auth_version: v3
+ memcache_security_strategy: ENCRYPT
+ endpoint_type: internalURL
+ nova:
+ auth_type: password
+ auth_version: v3
+ memcache_security_strategy: ENCRYPT
+ endpoint_type: internalURL
+ cinder:
+ auth_type: password
+ auth_version: v3
+ memcache_security_strategy: ENCRYPT
+ endpoint_type: internalURL
+ glance:
+ auth_type: password
+ auth_version: v3
+ memcache_security_strategy: ENCRYPT
+ endpoint_type: internalURL
+ database:
+ max_retries: -1
+ generic:
+ share_backend_name: GENERIC
+ share_driver: manila.share.drivers.generic.GenericShareDriver
+ driver_handles_share_servers: true
+ # manila-service-flavor
+ service_instance_flavor_id: 100
+ service_image_name: manila-service-image
+ service_instance_user: manila
+ service_instance_password: manila
+ # # Module path to the Virtual Interface (VIF) driver class. This option
+ # # is used only by drivers operating in
+ # # `driver_handles_share_servers=True` mode that provision OpenStack
+ # # compute instances as share servers. This option is only supported
+ # # with Neutron networking. Drivers provided in tree work with Linux
+ # # Bridge (manila.network.linux.interface.BridgeInterfaceDriver) and
+ # # OVS (manila.network.linux.interface.OVSInterfaceDriver). If the
+ # # manila-share service is running on a host that is connected to the
+ # # administrator network, a no-op driver
+ # # (manila.network.linux.interface.NoopInterfaceDriver) may be used.
+ # # (string value)
+ # interface_driver: manila.network.linux.interface.OVSInterfaceDriver
+ oslo_policy:
+ policy_file: /etc/manila/policy.yaml
+ oslo_concurrency:
+ lock_path: /var/lib/manila/tmp
+ oslo_messaging_notifications:
+ driver: messagingv2
+ oslo_middleware:
+ enable_proxy_headers_parsing: true
+ oslo_messaging_rabbit:
+ rabbit_ha_queues: true
+ logging:
+ loggers:
+ keys:
+ - root
+ - manila
+ handlers:
+ keys:
+ - stdout
+ - stderr
+ - "null"
+ formatters:
+ keys:
+ - context
+ - default
+ logger_root:
+ level: WARNING
+ handlers: 'null'
+ logger_manila:
+ level: INFO
+ handlers:
+ - stdout
+ qualname: manila
+ logger_amqp:
+ level: WARNING
+ handlers: stderr
+ qualname: amqp
+ logger_amqplib:
+ level: WARNING
+ handlers: stderr
+ qualname: amqplib
+ logger_eventletwsgi:
+ level: WARNING
+ handlers: stderr
+ qualname: eventlet.wsgi.server
+ logger_sqlalchemy:
+ level: WARNING
+ handlers: stderr
+ qualname: sqlalchemy
+ logger_boto:
+ level: WARNING
+ handlers: stderr
+ qualname: boto
+ handler_null:
+ class: logging.NullHandler
+ formatter: default
+ args: ()
+ handler_stdout:
+ class: StreamHandler
+ args: (sys.stdout,)
+ formatter: context
+ handler_stderr:
+ class: StreamHandler
+ args: (sys.stderr,)
+ formatter: context
+ formatter_context:
+ class: oslo_log.formatters.ContextFormatter
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ formatter_default:
+ format: "%(message)s"
+ datefmt: "%Y-%m-%d %H:%M:%S"
+ rally_tests:
+ tests:
+ ManilaShares.create_and_delete_share:
+ - args:
+ share_proto: "nfs"
+ size: 1
+ share_type: "dhss_false"
+ min_sleep: 1
+ max_sleep: 2
+ context:
+ quotas:
+ manila:
+ shares: 0
+ gigabytes: 0
+ share_networks: 0
+ users:
+ tenants: 2
+ users_per_tenant: 1
+ user_choice_method: "round_robin"
+ manila_share_networks:
+ use_share_networks: true
+ runner:
+ concurrency: 4
+ times: 4
+ type: constant
+ sla:
+ failure_rate:
+ max: 0
+# Names of secrets used by bootstrap and environmental checks
+secrets:
+ identity:
+ admin: manila-keystone-admin
+ manila: manila-keystone-user
+ oslo_db:
+ admin: manila-db-admin
+ manila: manila-db-user
+ oslo_messaging:
+ admin: manila-rabbitmq-admin
+ manila: manila-rabbitmq-user
+ tls:
+ share:
+ api:
+ public: manila-tls-public
+ internal: manila-tls-internal
+ oci_image_registry:
+ manila: manila-oci-image-registry
+
+endpoints:
+ cluster_domain_suffix: cluster.local
+ local_image_registry:
+ name: docker-registry
+ namespace: docker-registry
+ hosts:
+ default: localhost
+ internal: docker-registry
+ node: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ node: 5000
+ oci_image_registry:
+ name: oci-image-registry
+ namespace: oci-image-registry
+ auth:
+ enabled: false
+ manila:
+ username: manila
+ password: password
+ hosts:
+ default: localhost
+ host_fqdn_override:
+ default: null
+ port:
+ registry:
+ default: null
+ identity:
+ name: keystone
+ auth:
+ admin:
+ region_name: RegionOne
+ username: admin
+ password: password
+ project_name: admin
+ user_domain_name: default
+ project_domain_name: default
+ manila:
+ role: admin
+ region_name: RegionOne
+ username: manila
+ password: password
+ project_name: service
+ user_domain_name: service
+ project_domain_name: service
+ hosts:
+ default: keystone
+ internal: keystone-api
+ host_fqdn_override:
+ default: null
+ path:
+ default: /v3
+ scheme:
+ default: http
+ port:
+ api:
+ default: 80
+ internal: 5000
+ share:
+ name: manila
+ hosts:
+ default: manila-api
+ public: manila
+ host_fqdn_override:
+ default: null
+ path:
+ default: '/v1'
+ scheme:
+ default: http
+ service: http
+ port:
+ api:
+ default: 8786
+ public: 80
+ service: 8786
+ sharev2:
+ name: manilav2
+ hosts:
+ default: manila-api
+ public: manila
+ host_fqdn_override:
+ default: null
+ path:
+ default: '/v2'
+ scheme:
+ default: http
+ service: http
+ port:
+ api:
+ default: 8786
+ public: 80
+ service: 8786
+ oslo_db:
+ auth:
+ admin:
+ username: root
+ password: password
+ secret:
+ tls:
+ internal: mariadb-tls-direct
+ manila:
+ username: manila
+ password: password
+ hosts:
+ default: mariadb
+ host_fqdn_override:
+ default: null
+ path: /manila
+ scheme: mysql+pymysql
+ port:
+ mysql:
+ default: 3306
+ oslo_messaging:
+ auth:
+ admin:
+ username: rabbitmq
+ password: password
+ secret:
+ tls:
+ internal: rabbitmq-tls-direct
+ manila:
+ username: manila
+ password: password
+ statefulset:
+ replicas: 2
+ name: rabbitmq-rabbitmq
+ hosts:
+ default: rabbitmq
+ host_fqdn_override:
+ default: null
+ path: /manila
+ scheme: rabbit
+ port:
+ amqp:
+ default: 5672
+ http:
+ default: 15672
+ oslo_cache:
+ auth:
+ # NOTE(portdirect): this is used to define the value for keystone
+ # authtoken cache encryption key, if not set it will be populated
+ # automatically with a random value, but to take advantage of
+ # this feature all services should be set to use the same key,
+ # and memcache service.
+ memcache_secret_key: null
+ hosts:
+ default: memcached
+ host_fqdn_override:
+ default: null
+ port:
+ memcache:
+ default: 11211
+ fluentd:
+ namespace: null
+ name: fluentd
+ hosts:
+ default: fluentd-logging
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme: 'http'
+ port:
+ service:
+ default: 24224
+ metrics:
+ default: 24220
+ # NOTE(tp6510): these endpoints allow for things like DNS lookups and ingress
+ # They are using to enable the Egress K8s network policy.
+ kube_dns:
+ namespace: kube-system
+ name: kubernetes-dns
+ hosts:
+ default: kube-dns
+ host_fqdn_override:
+ default: null
+ path:
+ default: null
+ scheme: http
+ port:
+ dns:
+ default: 53
+ protocol: UDP
+ ingress:
+ namespace: null
+ name: ingress
+ hosts:
+ default: ingress
+ port:
+ ingress:
+ default: 80
+
+tls:
+ identity: false
+ oslo_messaging: false
+ oslo_db: false
+
+manifests:
+ certificates: false
+ configmap_bin: true
+ configmap_etc: true
+ deployment_api: true
+ deployment_scheduler: true
+ deployment_data: true
+ deployment_share: true
+ ingress_api: true
+ job_bootstrap: true
+ job_db_init: true
+ job_db_sync: true
+ job_db_drop: false
+ job_image_repo_sync: true
+ job_rabbit_init: true
+ job_ks_endpoints: true
+ job_ks_service: true
+ job_ks_user: true
+ pdb_api: true
+ pod_test: true
+ secret_db: true
+ network_policy: false
+ secret_ingress_tls: true
+ secret_keystone: true
+ secret_rabbitmq: true
+ secret_registry: true
+ service_ingress_api: true
+ service_api: true
+...
diff --git a/manila/values_overrides/apparmor.yaml b/manila/values_overrides/apparmor.yaml
new file mode 100644
index 0000000000..c8288fe34b
--- /dev/null
+++ b/manila/values_overrides/apparmor.yaml
@@ -0,0 +1,11 @@
+---
+pod:
+ mandatory_access_control:
+ type: apparmor
+ manila-api:
+ manila-api: runtime/default
+ init: runtime/default
+ manila-test:
+ init: runtime/default
+ manila-test: runtime/default
+...
diff --git a/manila/values_overrides/tls-offloading.yaml b/manila/values_overrides/tls-offloading.yaml
new file mode 100644
index 0000000000..8ea0f6a7ce
--- /dev/null
+++ b/manila/values_overrides/tls-offloading.yaml
@@ -0,0 +1,12 @@
+---
+endpoints:
+ identity:
+ auth:
+ admin:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+ manila:
+ cacert: /etc/ssl/certs/openstack-helm.crt
+
+tls:
+ identity: true
+...
diff --git a/manila/values_overrides/tls.yaml b/manila/values_overrides/tls.yaml
new file mode 100644
index 0000000000..99667ca857
--- /dev/null
+++ b/manila/values_overrides/tls.yaml
@@ -0,0 +1,4 @@
+---
+manifests:
+ certificates: true
+...
diff --git a/manila/values_overrides/xena-ubuntu_focal.yaml b/manila/values_overrides/xena-ubuntu_focal.yaml
new file mode 100644
index 0000000000..38c8ff040c
--- /dev/null
+++ b/manila/values_overrides/xena-ubuntu_focal.yaml
@@ -0,0 +1,18 @@
+---
+images:
+ tags:
+ bootstrap: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ db_init: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_db_sync: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ db_drop: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_user: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_service: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ ks_endpoints: docker.io/openstackhelm/heat:xena-ubuntu_focal
+ manila_api: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_data: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_scheduler: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ manila_share: docker.io/openstackhelm/manila:xena-ubuntu_focal
+ rabbit_init: docker.io/rabbitmq:3.7-management
+ image_repo_sync: docker.io/docker:17.07.0
+...
diff --git a/manila/values_overrides/yoga-ubuntu_focal.yaml b/manila/values_overrides/yoga-ubuntu_focal.yaml
new file mode 100644
index 0000000000..a867a10279
--- /dev/null
+++ b/manila/values_overrides/yoga-ubuntu_focal.yaml
@@ -0,0 +1,18 @@
+---
+images:
+ tags:
+ bootstrap: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ db_init: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ manila_db_sync: docker.io/openstackhelm/manila:yoga-ubuntu_focal
+ db_drop: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ ks_user: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ ks_service: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ ks_endpoints: docker.io/openstackhelm/heat:yoga-ubuntu_focal
+ manila_api: docker.io/openstackhelm/manila:yoga-ubuntu_focal
+ manila_data: docker.io/openstackhelm/manila:yoga-ubuntu_focal
+ manila_scheduler: docker.io/openstackhelm/manila:yoga-ubuntu_focal
+ manila_share: docker.io/openstackhelm/manila:yoga-ubuntu_focal
+ rabbit_init: docker.io/rabbitmq:3.7-management
+ image_repo_sync: docker.io/docker:17.07.0
+...
diff --git a/releasenotes/notes/manila.yaml b/releasenotes/notes/manila.yaml
new file mode 100644
index 0000000000..6cbc95e105
--- /dev/null
+++ b/releasenotes/notes/manila.yaml
@@ -0,0 +1,4 @@
+---
+manila:
+ - 0.1.0 Initial Chart
+...
diff --git a/tools/deployment/component/manila/manila.sh b/tools/deployment/component/manila/manila.sh
new file mode 100755
index 0000000000..6ea8b8c967
--- /dev/null
+++ b/tools/deployment/component/manila/manila.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+#NOTE: Get the over-rides to use
+: ${OSH_EXTRA_HELM_ARGS_MANILA:="$(./tools/deployment/common/get-values-overrides.sh manila)"}
+: ${RUN_HELM_TESTS:="no"}
+
+#NOTE: Lint and package chart
+make manila
+
+#NOTE: Deploy command
+helm upgrade --install --debug manila ./manila \
+ --namespace=openstack \
+ ${OSH_EXTRA_HELM_ARGS:=} \
+ ${OSH_EXTRA_HELM_ARGS_MANILA:=}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh openstack 1800