diff options
Diffstat (limited to 'kubernetes/common/postgres-init')
-rw-r--r-- | kubernetes/common/postgres-init/.helmignore | 11 | ||||
-rw-r--r-- | kubernetes/common/postgres-init/Chart.yaml | 9 | ||||
-rw-r--r-- | kubernetes/common/postgres-init/templates/job.yaml | 15 | ||||
-rw-r--r-- | kubernetes/common/postgres-init/values.yaml | 10 |
4 files changed, 33 insertions, 12 deletions
diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore index f0c1319444..0bab41b6b1 100644 --- a/kubernetes/common/postgres-init/.helmignore +++ b/kubernetes/common/postgres-init/.helmignore @@ -19,3 +19,14 @@ .project .idea/ *.tmproj +# Project/CI/CD related items +.gitlab +.gitlab-ci.yml +.dockerignore +# Helm build files +.helmignore +.cache/ +.config/ +.local/ +# OOM specific dirs +components/ diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml index 81f566f9e1..4951ed6359 100644 --- a/kubernetes/common/postgres-init/Chart.yaml +++ b/kubernetes/common/postgres-init/Chart.yaml @@ -1,5 +1,6 @@ # Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,19 +17,19 @@ apiVersion: v2 description: Chart for Postgres init job name: postgres-init -version: 13.0.1 +version: 13.0.3 dependencies: - name: common version: ~13.x-0 - repository: 'file://../common' + repository: '@local' - name: repositoryGenerator version: ~13.x-0 - repository: 'file://../repositoryGenerator' + repository: '@local' - name: readinessCheck version: ~13.x-0 repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 6736559b81..a2f7e12274 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -28,11 +28,18 @@ spec: backoffLimit: 20 template: metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - command: @@ -70,15 +77,13 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /config-input/setup.sql name: config subPath: setup.sql - mountPath: /config name: pgconf resources: {{ include "common.resources" . | nindent 10 }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: @@ -90,14 +95,12 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: config configMap: name: {{ include "common.fullname" . }} - name: pgconf emptyDir: + sizeLimit: 64Mi medium: Memory restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index d2eb090142..99be8354be 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -19,6 +19,7 @@ global: postgres: service: name: pgset + name2: tcp-pgset-primary container: name: postgres @@ -96,10 +97,15 @@ serviceAccount: roles: - read +securityContext: + user_id: 26 + group_id: 26 + readinessCheck: wait_for: - - '{{ .Values.global.postgres.container.name }}' + services: + - '{{ .Values.global.postgres.service.name2 }}' wait_for_job_container: containers: - - '{{ include "common.name" . }}-update-config'
\ No newline at end of file + - '{{ include "common.name" . }}-update-config' |