airship/deckhand
Code Issues Proposed changes
a886daf2d0
deckhand/charts/deckhand/templates/job-db-init.yaml
Anthony Lin 3bdebba4bb Update Deckhand Chart - Database Configurability 
- Support configured Postgres admin password
- Use secrets for database job environment setup
- Remove superuser rights from deckhand user

Change-Id: I9d8eee1af864b0e99ee7c8a01a6bba84cfcb67f9
2018-01-29 05:20:08 +00:00

114 lines
4.4 KiB
YAML
Raw Blame History

{{/*
Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.job_db_init }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.db_init }}
{{- $mounts_deckhand_db_init := .Values.pod.mounts.deckhand_db_init.deckhand_db_init }}
{{- $mounts_deckhand_db_init_init := .Values.pod.mounts.deckhand_db_init.init_container }}
{{- $serviceAccountName := "deckhand-db-init" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: deckhand-db-init
spec:
template:
metadata:
labels:
{{ tuple $envAll "deckhand" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies $mounts_deckhand_db_init_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: deckhand-db-init
image: {{ .Values.images.tags.db_init | quote }}
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: DECKHAND_DB_URL
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_URI
- name: DB_NAME
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_NAME
- name: DB_SERVICE_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_USERNAME
- name: DB_SERVICE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_PASSWORD
- name: DB_FQDN
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_HOST
- name: DB_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.user }}
key: DATABASE_PORT
- name: DB_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DATABASE_USERNAME
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secrets.postgresql.admin }}
key: DATABASE_PASSWORD
command:
- /tmp/db-init.sh
volumeMounts:
- name: deckhand-bin
mountPath: /tmp/db-init.sh
subPath: db-init.sh
readOnly: true
- name: etc-deckhand
mountPath: /etc/deckhand
- name: deckhand-etc
mountPath: /etc/deckhand/deckhand.conf
subPath: deckhand.conf
readOnly: true
{{ if $mounts_deckhand_db_init.volumeMounts }}{{ toYaml $mounts_deckhand_db_init.volumeMounts | indent 10 }}{{ end }}
volumes:
- name: etc-deckhand
emptyDir: {}
- name: deckhand-etc
configMap:
name: deckhand-etc
defaultMode: 0444
- name: deckhand-bin
configMap:
name: deckhand-bin
defaultMode: 0555
{{ if $mounts_deckhand_db_init.volumes }}{{ toYaml $mounts_deckhand_db_init.volumes | indent 6 }}{{ end }}
{{- end }}
View Git Blame Copy Permalink