diff --git a/ansible/nautobot-initial-setup.yaml b/ansible/nautobot-post-deploy.yaml similarity index 100% rename from ansible/nautobot-initial-setup.yaml rename to ansible/nautobot-post-deploy.yaml diff --git a/ansible/openstack_network.yaml b/ansible/neutron-post-deploy.yaml similarity index 100% rename from ansible/openstack_network.yaml rename to ansible/neutron-post-deploy.yaml diff --git a/ansible/openstack_nova_bootstrap.yaml b/ansible/nova-post-deploy.yaml similarity index 100% rename from ansible/openstack_nova_bootstrap.yaml rename to ansible/nova-post-deploy.yaml diff --git a/ansible/openstack_octavia.yaml b/ansible/octavia-post-deploy.yaml similarity index 100% rename from ansible/openstack_octavia.yaml rename to ansible/octavia-post-deploy.yaml diff --git a/components/nautobot/job-nautobot-post-deploy.yaml b/components/nautobot/job-nautobot-post-deploy.yaml new file mode 100644 index 000000000..13dcf6a5a --- /dev/null +++ b/components/nautobot/job-nautobot-post-deploy.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nautobot-post-deploy + labels: + app.kubernetes.io/name: nautobot + app.kubernetes.io/component: post-deploy + annotations: + argocd.argoproj.io/hook: PostSync + argocd.argoproj.io/sync-wave: "1" + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation,HookSucceeded +spec: + backoffLimit: 2 + template: + spec: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + fsGroup: 1000 + seccompProfile: + type: RuntimeDefault + containers: + - name: ansible + image: ghcr.io/rackerlabs/understack/ansible:latest + imagePullPolicy: Always + command: ["ansible-runner", "run", "/runner", "--playbook", "nautobot-post-deploy.yaml"] + resources: + requests: + cpu: "1000m" + memory: "512Mi" + limits: + cpu: "1000m" + memory: "512Mi" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + env: + - name: NAUTOBOT_TOKEN + valueFrom: + secretKeyRef: + name: nautobot-superuser + key: apitoken + - name: NAUTOBOT_URL + value: http://nautobot-default.nautobot.svc.cluster.local + volumeMounts: + - name: ansible-inventory + mountPath: /runner/inventory/ + - name: ansible-group-vars + mountPath: /runner/inventory/group_vars/ + - name: device-types + mountPath: /runner/data/device-types/ + volumes: + - name: ansible-inventory + configMap: + name: ansible-inventory + - name: ansible-group-vars + configMap: + name: ansible-group-vars + - name: device-types + configMap: + name: device-types + restartPolicy: OnFailure diff --git a/components/nautobot/kustomization.yaml b/components/nautobot/kustomization.yaml index f67801f60..3ea8939f8 100644 --- a/components/nautobot/kustomization.yaml +++ b/components/nautobot/kustomization.yaml @@ -4,6 +4,7 @@ kind: Kustomization resources: - external-secret-nautobot-sso.yaml + - job-nautobot-post-deploy.yaml configMapGenerator: - name: nautobot-sso diff --git a/components/nautobot/values.yaml b/components/nautobot/values.yaml index fecc4dc96..f5b9ad4c2 100644 --- a/components/nautobot/values.yaml +++ b/components/nautobot/values.yaml @@ -100,74 +100,3 @@ metrics: enabled: true prometheusRule: enabled: true - -extraObjects: - - apiVersion: batch/v1 - kind: Job - metadata: - generateName: sync-nautobot-ansible- - namespace: nautobot - labels: - app.kubernetes.io/name: nautobot - app.kubernetes.io/component: sync-job - app.kubernetes.io/managed-by: Helm - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - spec: - backoffLimit: 1 - template: - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 1000 - seccompProfile: - type: RuntimeDefault - containers: - - name: ansible-runner - image: ghcr.io/rackerlabs/understack/ansible:latest - imagePullPolicy: Always - command: ["ansible-runner", "run", "/runner", "--playbook", "nautobot-initial-setup.yaml"] - resources: - requests: - cpu: "1000m" - memory: "512Mi" - limits: - cpu: "1000m" - memory: "512Mi" - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false - env: - - name: NAUTOBOT_TOKEN - valueFrom: - secretKeyRef: - name: nautobot-superuser - key: apitoken - - name: NAUTOBOT_URL - value: http://nautobot-default.nautobot.svc.cluster.local - volumeMounts: - - name: ansible-inventory - mountPath: /runner/inventory/ - - name: ansible-group-vars - mountPath: /runner/inventory/group_vars/ - - name: device-types - mountPath: /runner/data/device-types/ - restartPolicy: Never - volumes: - - name: runner-data - emptyDir: {} - - name: ansible-inventory - configMap: - name: ansible-inventory - - name: ansible-group-vars - configMap: - name: ansible-group-vars - - name: device-types - configMap: - name: device-types diff --git a/components/neutron/neutron-post-deployment-job.yaml b/components/neutron/job-neutron-post-deploy.yaml similarity index 91% rename from components/neutron/neutron-post-deployment-job.yaml rename to components/neutron/job-neutron-post-deploy.yaml index 64f4c7ca0..208730ddc 100644 --- a/components/neutron/neutron-post-deployment-job.yaml +++ b/components/neutron/job-neutron-post-deploy.yaml @@ -2,7 +2,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: neutron-post-deployment-job + name: neutron-post-deploy + labels: + app.kubernetes.io/name: neutron + app.kubernetes.io/component: post-deploy annotations: argocd.argoproj.io/hook: PostSync argocd.argoproj.io/sync-wave: "1" @@ -21,7 +24,7 @@ spec: - name: ansible image: ghcr.io/rackerlabs/understack/ansible:latest imagePullPolicy: Always - command: ["ansible-runner", "run", "/runner", "--playbook", "openstack_network.yaml"] + command: ["ansible-runner", "run", "/runner", "--playbook", "neutron-post-deploy.yaml"] resources: requests: cpu: "1000m" @@ -47,8 +50,6 @@ spec: mountPath: /etc/openstack readOnly: true volumes: - - name: runner-data - emptyDir: {} - name: ansible-inventory configMap: name: ansible-inventory diff --git a/components/neutron/kustomization.yaml b/components/neutron/kustomization.yaml index 7f5158890..6c245829b 100644 --- a/components/neutron/kustomization.yaml +++ b/components/neutron/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization resources: - neutron-mariadb-db.yaml - neutron-rabbitmq-queue.yaml - - neutron-post-deployment-job.yaml + - job-neutron-post-deploy.yaml # less than ideal addition but necessary so that we can have the neutron.conf.d loading # working due to the way the chart hardcodes the config-file parameter which then # takes precedence over the directory diff --git a/components/nova/nova-post-deployment-job.yaml b/components/nova/job-nova-post-deploy.yaml similarity index 93% rename from components/nova/nova-post-deployment-job.yaml rename to components/nova/job-nova-post-deploy.yaml index 070aa41e7..c122f3d4d 100644 --- a/components/nova/nova-post-deployment-job.yaml +++ b/components/nova/job-nova-post-deploy.yaml @@ -2,7 +2,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: nova-post-deployment-job + name: nova-post-deploy + labels: + app.kubernetes.io/name: nova + app.kubernetes.io/component: post-deploy annotations: argocd.argoproj.io/hook: PostSync argocd.argoproj.io/sync-wave: "1" @@ -21,7 +24,7 @@ spec: - name: ansible image: ghcr.io/rackerlabs/understack/ansible:latest imagePullPolicy: Always - command: ["ansible-runner", "run", "/runner", "--playbook", "openstack_nova_bootstrap.yaml"] + command: ["ansible-runner", "run", "/runner", "--playbook", "nova-post-deploy.yaml"] resources: requests: cpu: "1000m" diff --git a/components/nova/kustomization.yaml b/components/nova/kustomization.yaml index 76a7df4aa..8a9f45dc4 100644 --- a/components/nova/kustomization.yaml +++ b/components/nova/kustomization.yaml @@ -9,4 +9,4 @@ resources: - nova-cell0-mariadb-db.yaml # creates 'nova_cell0' database - secret-nova-argo-token.yaml - roles-nova-argo-token.yaml - - nova-post-deployment-job.yaml + - job-nova-post-deploy.yaml diff --git a/components/octavia/octavia-post-deployment-job.yaml b/components/octavia/job-octavia-post-deploy.yaml similarity index 78% rename from components/octavia/octavia-post-deployment-job.yaml rename to components/octavia/job-octavia-post-deploy.yaml index a414c82b0..114197891 100644 --- a/components/octavia/octavia-post-deployment-job.yaml +++ b/components/octavia/job-octavia-post-deploy.yaml @@ -2,7 +2,10 @@ apiVersion: batch/v1 kind: Job metadata: - name: octavia-post-deployment-job + name: octavia-post-deploy + labels: + app.kubernetes.io/name: octavia + app.kubernetes.io/component: post-deploy annotations: argocd.argoproj.io/hook: PostSync argocd.argoproj.io/sync-wave: "1" @@ -21,7 +24,7 @@ spec: - name: ansible image: ghcr.io/rackerlabs/understack/ansible:latest imagePullPolicy: Always - command: ["ansible-runner", "run", "/runner", "-vvv", "--playbook", "openstack_octavia.yaml"] + command: ["ansible-runner", "run", "/runner", "-vvv", "--playbook", "octavia-post-deploy.yaml"] resources: requests: cpu: "1000m" @@ -40,25 +43,16 @@ spec: value: understack volumeMounts: - name: ansible-inventory - mountPath: /runner/inventory/hosts.yaml - subPath: hosts.yaml - - name: ansible-kubernetes-inventory - mountPath: /runner/inventory/inventory.yaml - subPath: inventory.yaml + mountPath: /runner/inventory/ - name: ansible-group-vars mountPath: /runner/inventory/group_vars/ - name: infrasetup mountPath: /etc/openstack readOnly: true volumes: - - name: runner-data - emptyDir: {} - name: ansible-inventory configMap: name: ansible-inventory - - name: ansible-kubernetes-inventory - configMap: - name: ansible-kubernetes-inventory - name: ansible-group-vars configMap: name: ansible-group-vars diff --git a/components/octavia/kustomization.yaml b/components/octavia/kustomization.yaml index 5ca2f2578..f81d28e97 100644 --- a/components/octavia/kustomization.yaml +++ b/components/octavia/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization resources: - octavia-rabbitmq-queue.yaml - octavia-mariadb-db.yaml - - octavia-post-deployment-job.yaml + - job-octavia-post-deploy.yaml