#jinja2: trim_blocks: "true", lstrip_blocks: "false" --- apiVersion: v1 kind: Template metadata: name: {{ kaas_project }}-pods annotations: descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} objects: {% for name, pod in kaas_project_pods.iteritems() %} {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} {% set privkey = "kaas_" ~ name ~ "_privkey" %} {% set cakey = "kaas_" ~ name ~ "_ca" %} {% if pod.variant is defined %} {% set pod = pod[pod.variant] %} {% endif %} {% if pod.service is defined %} - apiVersion: v1 kind: Service metadata: name: {{ pod.name | default(name) }} spec: selector: name: {{ pod.name | default(name) }} {% if pod.service.ports is defined %} ports: {% for port in pod.service.ports %} {% set portmap = (port | string).split('/') %} - name: "{{ portmap[0] }}" port: {{ portmap[0] }} targetPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} {% endfor %} {% endif %} {% if (pod.service.ports is defined) and (pod.service.host is defined) %} {% set first_port = (pod.service.ports[0] | string).split('/') %} - apiVersion: v1 kind: Route metadata: name: {{ pod.name | default(name) }} spec: host: {{ pod.service.host }} to: kind: Service name: {{ pod.name | default(name) }} port: targetPort: {{ (first_port[1] is defined) | ternary(first_port[1], first_port[0]) }} {% if (first_port[0] == "80") %} tls: termination: edge insecureEdgeTerminationPolicy: Allow {% if hostvars[inventory_hostname][pubkey] is defined %} certificate: |- {{ hostvars[inventory_hostname][pubkey] | indent(10) }} {% endif %} {% if hostvars[inventory_hostname][privkey] is defined %} key: |- {{ hostvars[inventory_hostname][privkey] | indent(10) }} {% endif %} {% if hostvars[inventory_hostname][cakey] is defined %} caCertificate: |- {{ hostvars[inventory_hostname][cakey] | indent(10) }} {% endif %} {% endif %} {% endif %} {% endif %} - apiVersion: v1 kind: DeploymentConfig metadata: name: {{ pod.name | default(name) }} spec: replicas: {{ ( pod.sched | default({})).replicas | default(1) }} revisionHistoryLimit: 2 strategy: type: {{ (pod.sched | default({})).strategy | default('Rolling') }} triggers: - type: ConfigChange selector: name: {{ pod.name | default(name) }} template: metadata: name: {{ pod.name | default(name) }} labels: name: {{ pod.name | default(name) }} spec: {% if pod.selector is defined %} nodeSelector: {% for skey, sval in pod.selector.iteritems() %} {{ skey }}: "{{ sval }}" {% endfor %} {% endif %} {% set mappings = (pod.images | json_query('[*].mappings') | length) %} {% if mappings > 0 %} volumes: {% for img in pod.images %} {% set imgidx = loop.index %} {% for vol in img.mappings %} {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} - name: vol-{{imgidx}}-{{loop.index}} persistentVolumeClaim: claimName: {{ oc_name }} {% endfor %} {% endfor %} {% endif %} {% if (pod.groups is defined) or (pod.run_as is defined) %} securityContext: {% if (pod.run_as is defined) %} runAsUser: {{ (kaas_project_uids[pod.run_as] is defined) | ternary(kaas_project_uids[pod.run_as].id, pod.run_as) }} {% endif %} {% if (pod.groups is defined) %} {% if (ands_openshift_gid_mode | default('')) == "RunAsAny" %} fsGroup: {{ (kaas_project_gids[pod.groups[0]] is defined) | ternary(kaas_project_gids[pod.groups[0]].id, pod.groups[0]) }} {% endif %} supplementalGroups: {% for group in pod.groups %} - {{ (kaas_project_gids[group] is defined) | ternary(kaas_project_gids[group].id, group) }} {% endfor %} {% endif %} {% endif %} containers: {% for img in pod.images %} {% set imgidx = loop.index %} - name: {{ img.name | default(pod.name) | default(name) }} image: {{ img.image }} imagePullPolicy: Always ports: {% if img.ports is defined %} {% for port in img.ports %} - containerPort: {{ port }} {% endfor %} {% else %} {% for port in pod.service.ports %} {% set portmap = (port | string).split('/') %} - containerPort: {{ (portmap[1] is defined) | ternary(portmap[1], portmap[0]) }} {% endfor %} {% endif %} {% if img.env is defined %} env: {% for env_item in img.env %} {% set env_name = env_item.name %} {% set env_val = env_item.value %} {% set env_parts = (env_val | string).split('@') %} - name: "{{ env_name }}" {% if env_parts[0] == "secret" %} {% set env_sec = (env_parts[1] | string).split('/') %} valueFrom: secretKeyRef: name: {{ env_sec[0] }} key: {{ env_sec[1] }} {% elif env_parts[0] == "cm" %} {% set env_cm = (env_parts[1] | string).split('/') %} valueFrom: configMapKeyRef: name: {{ env_cm[0] }} key: {{ env_cm[1] }} {% else %} value: "{{ env_val }}" {% endif %} {% endfor %} {% endif %} {% if img.mappings is defined %} volumeMounts: {% for vol in img.mappings %} - name: vol-{{imgidx}}-{{loop.index}} subPath: {{ vol.path | default("") }} mountPath: {{ vol.mount }} {% endfor %} {% endif %} {% if img.probes is defined %} {% for probe in img.probes %} {% if (probe.type is undefined) %} {% set seq = ['livenessProbe', 'readinessProbe'] %} {% elif (probe.type == "liveness") %} {% set seq = ['livenessProbe'] %} {% else %} {% set seq = ['readinessProbe'] %} {% endif %} {% for type in seq %} {{ type }}: timeoutSeconds: {{ probe.timeout | default(1) }} initialDelaySeconds: {{ probe.delay | default(10) }} {% if (probe.command is defined) %} exec: command: {{ probe.command | to_json }} {% elif (probe.path is defined) %} httpGet: path: {{ probe.path }} port: {{ probe.port | default(80) }} {% else %} tcpSocket: port: {{ probe.port | default(80) }} {% endif %} {% endfor %} {% endfor %} {% endif %} {% if img.hooks is defined %} lifecycle: {% for hook in img.hooks %} {{ hook.type }}: exec: command: {{ hook.command | to_json }} {% endfor %} {% endif %} {% endfor %} {% endfor %}