aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/templates/job.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy/templates/job.yaml')
-rwxr-xr-xkubernetes/policy/templates/job.yaml340
1 files changed, 189 insertions, 151 deletions
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 3880d2383c..3886a85d11 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,8 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,7 +17,7 @@
# limitations under the License.
*/}}
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -33,6 +34,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
@@ -40,6 +42,7 @@ spec:
- name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /dbcmd-config/db.sh
name: {{ include "common.fullname" . }}-config
@@ -48,7 +51,7 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db.sh
env:
@@ -61,10 +64,11 @@ spec:
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- "-c"
@@ -77,6 +81,14 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
@@ -90,7 +102,7 @@ spec:
path: db.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
@@ -108,6 +120,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
@@ -115,6 +128,7 @@ spec:
- name: {{ include "common.name" . }}-pg-config
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d/db-pg.sh
name: {{ include "common.fullname" . }}-config
@@ -123,7 +137,7 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/docker-entrypoint-initdb.d/db-pg.sh
env:
@@ -138,8 +152,9 @@ spec:
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
@@ -154,6 +169,14 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
@@ -166,97 +189,104 @@ spec:
- key: db-pg.sh
path: db-pg.sh
{{ end }}
-
---
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-galera-config
+ name: {{ include "common.fullname" . }}-galera-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-galera-config
+ name: {{ include "common.name" . }}-galera-migrator-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-galera-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-galera-db-migrator
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_policy_init.sh
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "sql"
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-galera-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ {{- if include "common.requireSidecarKiller" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if (include "common.requireSidecarKiller" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -265,98 +295,106 @@ spec:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-pg-config
+ name: {{ include "common.fullname" . }}-pg-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-pg-config
+ name: {{ include "common.name" . }}-pg-migrator-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-pg-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-pg-db-migrator
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_pg_policy_init.sh
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_pg_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ .Values.postgres.service.name2 }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "postgres"
- - name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ {{- if include "common.requireSidecarKiller" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if (include "common.requireSidecarKiller" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -364,4 +402,4 @@ spec:
items:
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
-{{ end }}
+{{ end }} \ No newline at end of file