Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / d518f733756ef9d9b1b7015d509906152d6a1288 / . / kubernetes / common / etcd-init / templates / job.yaml
blob: 55526a34a19b56537d1f74568b5a75ed83c95312 [file] [log] [blame]
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]1{{/*
2# Copyright (C) 2021 Wipro Limited.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15*/}}
16apiVersion: batch/v1
17kind: Job
18metadata:
19 name: {{ include "common.fullname" . }}-job
20 namespace: {{ include "common.namespace" . }}
21 labels:
22 app: {{ include "common.name" . }}
23 chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
24 release: {{ include "common.release" . }}
25 heritage: {{ .Release.Service }}
26spec:
27 backoffLimit: {{ .Values.backoffLimit }}
28 template:
29 metadata:
Andreas Geisslerd518f732024-03-25 11:15:11 +0100[diff] [blame^]30 annotations:
31 # Workarround to exclude K8S API from istio communication
32 # as init-container (readinessCheck) does not work with the
33 # Istio CNI plugin, see:
34 # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
35 traffic.sidecar.istio.io/excludeOutboundPorts: "443"
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]36 labels:
37 app: {{ include "common.name" . }}
38 release: {{ include "common.release" . }}
39 name: {{ include "common.name" . }}
40 spec:
41 initContainers:
42 - name: {{ include "common.name" . }}-readiness
43 command:
44 - /app/ready.py
45 args:
Andreas Geisslerd518f732024-03-25 11:15:11 +0100[diff] [blame^]46 - --service-name
47 - {{ .Values.etcd.serviceName }}
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]48 env:
49 - name: NAMESPACE
50 valueFrom:
51 fieldRef:
52 apiVersion: v1
53 fieldPath: metadata.namespace
54 image: {{ include "repositoryGenerator.image.readiness" . }}
55 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]56 resources:
57 limits:
58 cpu: "100m"
Andreas Geissler8cbb3d92024-03-12 16:44:56 +0100[diff] [blame]59 memory: "500Mi"
Andreas Geissler47537432024-02-27 08:55:23 +0100[diff] [blame]60 requests:
61 cpu: "3m"
Andreas Geissler8cbb3d92024-03-12 16:44:56 +0100[diff] [blame]62 memory: "20Mi"
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]63 containers:
64 - name: {{ include "common.name" . }}
65 image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
66 imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
67 command:
68 - /bin/sh
69 - -ec
70 - |
Andreas Geissler02398152022-05-10 10:30:11 +0200[diff] [blame]71 {{- if include "common.onServiceMesh" . }}
72 echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]73 # Create users
74 export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
75 export ETCDCTL_API=3
76 echo "${ROOT_PASSWORD}" | etcdctl user add root --interactive=false
77 echo "${APP_PASSWORD}" | etcdctl user add ${APP_USER} --interactive=false
78
79 # Create roles
80 etcdctl role add ${APP_ROLE}
81 etcdctl role grant-permission ${APP_ROLE} --prefix=true readwrite ${KEY_PREFIX}
82
83 etcdctl user grant-role ${APP_USER} ${APP_ROLE}
84 etcdctl auth enable
85 env:
86 - name: ALLOW_NONE_AUTHENTICATION
87 value: "yes"
88 - name: ETCD_HOST
89 value: "{{ .Values.etcd.serviceName }}.{{ include "common.namespace" . }}"
90 - name: ETCD_PORT
91 value: "{{ .Values.etcd.port }}"
92 - name: ROOT_PASSWORD
93 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" "password" ) | indent 10 }}
94 - name: APP_USER
95 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "login") | indent 10 }}
96 - name: APP_PASSWORD
97 {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-creds" "key" "password") | indent 10 }}
98 - name: APP_ROLE
99 value: "{{ .Values.config.appRole }}"
100 - name: KEY_PREFIX
101 value: "{{ .Values.config.keyPrefix }}"
102 volumeMounts:
103 - mountPath: /etc/localtime
104 name: localtime
105 readOnly: true
miroslavmasaryka7ac7f02023-03-01 14:12:26 +0100[diff] [blame]106 resources: {{ include "common.resources" . | nindent 10 }}
Andreas Geissler02398152022-05-10 10:30:11 +0200[diff] [blame]107 {{ include "common.waitForJobContainer" . | indent 6 | trim }}
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]108 {{- if .Values.nodeSelector }}
109 nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
110 {{- end -}}
111 {{- if .Values.affinity }}
112 affinity: {{ toYaml .Values.affinity | nindent 10 }}
113 {{- end }}
vladimir turokd8044182023-07-27 16:28:36 +0200[diff] [blame]114 serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
krishnaa96544863d2021-05-11 18:29:49 +0530[diff] [blame]115 volumes:
116 - name: localtime
117 hostPath:
118 path: /etc/localtime
119 restartPolicy: Never
120 imagePullSecrets:
121 - name: "{{ include "common.namespace" . }}-docker-registry-key"