fix: update post deployment jobs to be standardized and fix up mounts

components/nautobot/job-nautobot-post-deploy.yaml

@@ -0,0 +1,66 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: nautobot-post-deploy
+  labels:
+    app.kubernetes.io/name: nautobot
+    app.kubernetes.io/component: post-deploy
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/sync-wave: "1"
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation,HookSucceeded
+spec:
+  backoffLimit: 2
+  template:
+    spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: ansible
+          image: ghcr.io/rackerlabs/understack/ansible:latest
+          imagePullPolicy: Always
+          command: ["ansible-runner", "run", "/runner", "--playbook", "nautobot-post-deploy.yaml"]
+          resources:
+            requests:
+              cpu: "1000m"
+              memory: "512Mi"
+            limits:
+              cpu: "1000m"
+              memory: "512Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: false
+          env:
+            - name: NAUTOBOT_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: nautobot-superuser
+                  key: apitoken
+            - name: NAUTOBOT_URL
+              value: http://nautobot-default.nautobot.svc.cluster.local
+          volumeMounts:
+            - name: ansible-inventory
+              mountPath: /runner/inventory/
+            - name: ansible-group-vars
+              mountPath: /runner/inventory/group_vars/
+            - name: device-types
+              mountPath: /runner/data/device-types/
+      volumes:
+        - name: ansible-inventory
+          configMap:
+            name: ansible-inventory
+        - name: ansible-group-vars
+          configMap:
+            name: ansible-group-vars
+        - name: device-types
+          configMap:
+            name: device-types
+      restartPolicy: OnFailure

components/nautobot/kustomization.yaml

@@ -4,6 +4,7 @@ kind: Kustomization
 
 resources:
   - external-secret-nautobot-sso.yaml
+  - job-nautobot-post-deploy.yaml
 
 configMapGenerator:
   - name: nautobot-sso

components/nautobot/values.yaml

@@ -100,74 +100,3 @@ metrics:
   enabled: true
   prometheusRule:
     enabled: true
-
-extraObjects:
-  - apiVersion: batch/v1
-    kind: Job
-    metadata:
-      generateName: sync-nautobot-ansible-
-      namespace: nautobot
-      labels:
-        app.kubernetes.io/name: nautobot
-        app.kubernetes.io/component: sync-job
-        app.kubernetes.io/managed-by: Helm
-      annotations:
-        "helm.sh/hook": post-install,post-upgrade
-        "helm.sh/hook-weight": "1"
-        "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-    spec:
-      backoffLimit: 1
-      template:
-        spec:
-          securityContext:
-            runAsNonRoot: true
-            runAsUser: 1000
-            fsGroup: 1000
-            seccompProfile:
-              type: RuntimeDefault
-          containers:
-            - name: ansible-runner
-              image: ghcr.io/rackerlabs/understack/ansible:latest
-              imagePullPolicy: Always
-              command: ["ansible-runner", "run", "/runner", "--playbook", "nautobot-initial-setup.yaml"]
-              resources:
-                requests:
-                  cpu: "1000m"
-                  memory: "512Mi"
-                limits:
-                  cpu: "1000m"
-                  memory: "512Mi"
-              securityContext:
-                allowPrivilegeEscalation: false
-                capabilities:
-                  drop:
-                    - ALL
-                readOnlyRootFilesystem: false
-              env:
-                - name: NAUTOBOT_TOKEN
-                  valueFrom:
-                    secretKeyRef:
-                      name: nautobot-superuser
-                      key: apitoken
-                - name: NAUTOBOT_URL
-                  value: http://nautobot-default.nautobot.svc.cluster.local
-              volumeMounts:
-                - name: ansible-inventory
-                  mountPath: /runner/inventory/
-                - name: ansible-group-vars
-                  mountPath: /runner/inventory/group_vars/
-                - name: device-types
-                  mountPath: /runner/data/device-types/
-          restartPolicy: Never
-          volumes:
-            - name: runner-data
-              emptyDir: {}
-            - name: ansible-inventory
-              configMap:
-                name: ansible-inventory
-            - name: ansible-group-vars
-              configMap:
-                name: ansible-group-vars
-            - name: device-types
-              configMap:
-                name: device-types

components/neutron/neutron-post-deployment-job.yaml → components/neutron/job-neutron-post-deploy.yaml

@@ -2,7 +2,10 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: neutron-post-deployment-job
+  name: neutron-post-deploy
+  labels:
+    app.kubernetes.io/name: neutron
+    app.kubernetes.io/component: post-deploy
   annotations:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/sync-wave: "1"
@@ -21,7 +24,7 @@ spec:
         - name: ansible
           image: ghcr.io/rackerlabs/understack/ansible:latest
           imagePullPolicy: Always
-          command: ["ansible-runner", "run", "/runner", "--playbook", "openstack_network.yaml"]
+          command: ["ansible-runner", "run", "/runner", "--playbook", "neutron-post-deploy.yaml"]
           resources:
             requests:
               cpu: "1000m"
@@ -47,8 +50,6 @@ spec:
               mountPath: /etc/openstack
               readOnly: true
       volumes:
-        - name: runner-data
-          emptyDir: {}
         - name: ansible-inventory
           configMap:
             name: ansible-inventory

components/neutron/kustomization.yaml

@@ -5,7 +5,7 @@ kind: Kustomization
 resources:
   - neutron-mariadb-db.yaml
   - neutron-rabbitmq-queue.yaml
-  - neutron-post-deployment-job.yaml
+  - job-neutron-post-deploy.yaml
   # less than ideal addition but necessary so that we can have the neutron.conf.d loading
   # working due to the way the chart hardcodes the config-file parameter which then
   # takes precedence over the directory

components/nova/nova-post-deployment-job.yaml → components/nova/job-nova-post-deploy.yaml

@@ -2,7 +2,10 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: nova-post-deployment-job
+  name: nova-post-deploy
+  labels:
+    app.kubernetes.io/name: nova
+    app.kubernetes.io/component: post-deploy
   annotations:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/sync-wave: "1"
@@ -21,7 +24,7 @@ spec:
         - name: ansible
           image: ghcr.io/rackerlabs/understack/ansible:latest
           imagePullPolicy: Always
-          command: ["ansible-runner", "run", "/runner", "--playbook", "openstack_nova_bootstrap.yaml"]
+          command: ["ansible-runner", "run", "/runner", "--playbook", "nova-post-deploy.yaml"]
           resources:
             requests:
               cpu: "1000m"

components/nova/kustomization.yaml

@@ -9,4 +9,4 @@ resources:
   - nova-cell0-mariadb-db.yaml  # creates 'nova_cell0' database
   - secret-nova-argo-token.yaml
   - roles-nova-argo-token.yaml
-  - nova-post-deployment-job.yaml
+  - job-nova-post-deploy.yaml

components/octavia/octavia-post-deployment-job.yaml → components/octavia/job-octavia-post-deploy.yaml

@@ -2,7 +2,10 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: octavia-post-deployment-job
+  name: octavia-post-deploy
+  labels:
+    app.kubernetes.io/name: octavia
+    app.kubernetes.io/component: post-deploy
   annotations:
     argocd.argoproj.io/hook: PostSync
     argocd.argoproj.io/sync-wave: "1"
@@ -21,7 +24,7 @@ spec:
         - name: ansible
           image: ghcr.io/rackerlabs/understack/ansible:latest
           imagePullPolicy: Always
-          command: ["ansible-runner", "run", "/runner", "-vvv", "--playbook", "openstack_octavia.yaml"]
+          command: ["ansible-runner", "run", "/runner", "-vvv", "--playbook", "octavia-post-deploy.yaml"]
           resources:
             requests:
               cpu: "1000m"
@@ -40,25 +43,16 @@ spec:
               value: understack
           volumeMounts:
             - name: ansible-inventory
-              mountPath: /runner/inventory/hosts.yaml
-              subPath: hosts.yaml
-            - name: ansible-kubernetes-inventory
-              mountPath: /runner/inventory/inventory.yaml
-              subPath: inventory.yaml
+              mountPath: /runner/inventory/
             - name: ansible-group-vars
               mountPath: /runner/inventory/group_vars/
             - name: infrasetup
               mountPath: /etc/openstack
               readOnly: true
       volumes:
-        - name: runner-data
-          emptyDir: {}
         - name: ansible-inventory
           configMap:
             name: ansible-inventory
-        - name: ansible-kubernetes-inventory
-          configMap:
-            name: ansible-kubernetes-inventory
         - name: ansible-group-vars
           configMap:
             name: ansible-group-vars

components/octavia/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 resources:
   - octavia-rabbitmq-queue.yaml
   - octavia-mariadb-db.yaml
-  - octavia-post-deployment-job.yaml
+  - job-octavia-post-deploy.yaml