[AAI] 14.0.3 Oslo release with Java 11

[oom.git] / kubernetes / policy / templates / job.yaml
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml

index 4bf9def..3886a85 100755 (executable)
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,8 @@
  {{/*
  # Copyright © 2018 Amdocs, Bell Canada
  # Modifications Copyright © 2020 AT&T Intellectual Property
  {{/*
  # Copyright © 2018 Amdocs, Bell Canada
  # Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -16,6 +17,7 @@
  # limitations under the License.
  */}}
  
  # limitations under the License.
  */}}
  
+{{ if .Values.global.mariadbGalera.useInPolicy }}
  apiVersion: batch/v1
  kind: Job
  metadata:
  apiVersion: batch/v1
  kind: Job
  metadata:
@@ -31,29 +33,16 @@ spec:
          app: {{ include "common.name" . }}-galera-init
          release: {{ include "common.release" . }}
        name: {{ include "common.name" . }}-galera-init
          app: {{ include "common.name" . }}-galera-init
          release: {{ include "common.release" . }}
        name: {{ include "common.name" . }}-galera-init
-      annotations:
-        sidecar.istio.io/inject: "false"
      spec:
      spec:
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}
        initContainers:
        initContainers:
-      - name: {{ include "common.name" . }}-mariadb-readiness
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-        - /app/ready.py
-        - --container-name
-        - {{ index .Values "mariadb-galera" "service" "name" }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
        containers:
        - name: {{ include "common.name" . }}-galera-config
          image: {{ include "repositoryGenerator.image.mariadb" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        containers:
        - name: {{ include "common.name" . }}-galera-config
          image: {{ include "repositoryGenerator.image.mariadb" . }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
          volumeMounts:
          - mountPath: /dbcmd-config/db.sh
            name: {{ include "common.fullname" . }}-config
          volumeMounts:
          - mountPath: /dbcmd-config/db.sh
            name: {{ include "common.fullname" . }}-config
@@ -62,6 +51,8 @@ spec:
          - /bin/sh
          - -cx
          - |
          - /bin/sh
          - -cx
          - |
+           {{- if include "common.requireSidecarKiller" . }}
+           echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
             /dbcmd-config/db.sh
          env:
          - name: MYSQL_ROOT_PASSWORD
             /dbcmd-config/db.sh
          env:
          - name: MYSQL_ROOT_PASSWORD
@@ -73,6 +64,32 @@ spec:
          - name: MYSQL_PORT
            value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
          resources: {{ include "common.resources" . | nindent 10 }}
          - name: MYSQL_PORT
            value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
          resources: {{ include "common.resources" . | nindent 10 }}
+      {{- if (include "common.requireSidecarKiller" .) }}
+      - name: policy-service-mesh-wait-for-job-container
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
+        imagePullPolicy: Always
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        command:
+        - /bin/sh
+        - "-c"
+        args:
+        - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+          /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45;
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 500Mi
+          requests:
+            cpu: 10m
+            memory: 10Mi
+      {{- end }}
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
@@ -83,8 +100,9 @@ spec:
              items:
                - key: db.sh
                  path: db.sh
              items:
                - key: db.sh
                  path: db.sh
+{{ end }}
  
  
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
  ---
  apiVersion: batch/v1
  kind: Job
  ---
  apiVersion: batch/v1
  kind: Job
@@ -101,16 +119,16 @@ spec:
          app: {{ include "common.name" . }}-pg-init
          release: {{ include "common.release" . }}
        name: {{ include "common.name" . }}-pg-init
          app: {{ include "common.name" . }}-pg-init
          release: {{ include "common.release" . }}
        name: {{ include "common.name" . }}-pg-init
-      annotations:
-        sidecar.istio.io/inject: "false"
      spec:
      spec:
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}
+      initContainers:
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
        containers:
        - name: {{ include "common.name" . }}-pg-config
          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        containers:
        - name: {{ include "common.name" . }}-pg-config
          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
          volumeMounts:
            - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
              name: {{ include "common.fullname" . }}-config
          volumeMounts:
            - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
              name: {{ include "common.fullname" . }}-config
@@ -119,19 +137,47 @@ spec:
            - /bin/sh
            - -cx
            - |
            - /bin/sh
            - -cx
            - |
+             {{- if include "common.requireSidecarKiller" . }}
+             echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
               /docker-entrypoint-initdb.d/db-pg.sh
          env:
            - name: PG_ADMIN_PASSWORD
               /docker-entrypoint-initdb.d/db-pg.sh
          env:
            - name: PG_ADMIN_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
            - name: PG_HOST
              value: "{{ .Values.postgres.service.name2 }}"
            - name: PG_USER
            - name: PG_HOST
              value: "{{ .Values.postgres.service.name2 }}"
            - name: PG_USER
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
            - name: PG_USER_PASSWORD
            - name: PG_USER_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
            - name: PG_PORT
              value: "{{ .Values.postgres.service.internalPort }}"
          resources: {{ include "common.resources" . | nindent 10 }}
            - name: PG_PORT
              value: "{{ .Values.postgres.service.internalPort }}"
          resources: {{ include "common.resources" . | nindent 10 }}
+      {{- if (include "common.requireSidecarKiller" .) }}
+      - name: policy-service-mesh-wait-for-job-container
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        image: {{ include "repositoryGenerator.image.quitQuit" . }}
+        imagePullPolicy: Always
+        command:
+        - /bin/sh
+        - "-c"
+        args:
+        - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+          /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45;
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        resources:
+          limits:
+            cpu: 100m
+            memory: 500Mi
+          requests:
+            cpu: 10m
+            memory: 10Mi
+      {{- end }}
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
@@ -143,73 +189,104 @@ spec:
                - key: db-pg.sh
                  path: db-pg.sh
  {{ end }}
                - key: db-pg.sh
                  path: db-pg.sh
  {{ end }}
-
  ---
  ---
+{{ if .Values.global.mariadbGalera.useInPolicy }}
  apiVersion: batch/v1
  kind: Job
  metadata:
  apiVersion: batch/v1
  kind: Job
  metadata:
-  name: {{ include "common.fullname" . }}-galera-config
+  name: {{ include "common.fullname" . }}-galera-migrator-config
    namespace: {{ include "common.namespace" . }}
    labels:
    namespace: {{ include "common.namespace" . }}
    labels:
-    app: {{ include "common.name" . }}-galera-config
+    app: {{ include "common.name" . }}-galera-migrator-config
      release: {{ include "common.release" . }}
  spec:
    template:
      metadata:
        labels:
      release: {{ include "common.release" . }}
  spec:
    template:
      metadata:
        labels:
-        app: {{ include "common.name" . }}-galera-config
+        app: {{ include "common.name" . }}-galera-migrator-config
          release: {{ include "common.release" . }}
          release: {{ include "common.release" . }}
-      name: {{ include "common.name" . }}-galera-config
-      annotations:
-        sidecar.istio.io/inject: "false"
+      name: {{ include "common.name" . }}-galera-migrator-config
      spec:
      spec:
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}
        initContainers:
          - name: {{ include "common.name" . }}-init-readiness
        initContainers:
          - name: {{ include "common.name" . }}-init-readiness
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
            image: {{ include "repositoryGenerator.image.readiness" . }}
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
            command:
            image: {{ include "repositoryGenerator.image.readiness" . }}
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
            command:
-          - /app/ready.py
+            - /app/ready.py
            args:
            args:
-          - --job-name
-          - {{ include "common.fullname" . }}-galera-init
+            - --job-name
+            - {{ include "common.fullname" . }}-galera-init
            env:
            env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: "100m"
+              memory: "500Mi"
+            requests:
+              cpu: "3m"
+              memory: "20Mi"
        containers:
        containers:
-      - name: {{ include "common.name" . }}-galera-db-migrator
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-        - mountPath: /dbcmd-config/db_migrator_policy_init.sh
-          name: {{ include "common.fullname" . }}-config
-          subPath: db_migrator_policy_init.sh
-        command:
-        - /bin/sh
-        - -cx
-        - |
-           /dbcmd-config/db_migrator_policy_init.sh
-        env:
-        - name: SQL_HOST
-          value: "{{ index .Values "mariadb-galera" "service" "name" }}"
-        - name: SQL_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
-        - name: SQL_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
-        - name: SQL_DB
-          value: {{ .Values.dbmigrator.schema }}
-        - name: POLICY_HOME
-          value: {{ .Values.dbmigrator.policy_home }}
-        - name: SCRIPT_DIRECTORY
-          value: "sql"
-        resources: {{ include "common.resources" . | nindent 10 }}
+        - name: {{ include "common.name" . }}-galera-db-migrator
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          volumeMounts:
+            - mountPath: /opt/app/policy/etc/db/
+              name: {{ include "common.fullname" . }}-migration-writable
+            - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+              name: {{ include "common.fullname" . }}-config
+              subPath: db_migrator_policy_init.sh
+          command:
+            - /bin/sh
+            - -cx
+            - |
+           {{- if include "common.requireSidecarKiller" . }}
+              echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+              /dbcmd-config/db_migrator_policy_init.sh
+          env:
+          - name: SQL_HOST
+            value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+          - name: SQL_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: SQL_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: SQL_DB
+            value: {{ .Values.dbmigrator.schemas }}
+          - name: POLICY_HOME
+            value: {{ .Values.dbmigrator.policy_home }}
+          - name: SCRIPT_DIRECTORY
+            value: "sql"
+          resources: {{ include "common.resources" . | nindent 12 }}
+      {{- if (include "common.requireSidecarKiller" .) }}
+        - name: policy-service-mesh-wait-for-job-container
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+          image: {{ include "repositoryGenerator.image.quitQuit" . }}
+          imagePullPolicy: Always
+          command:
+            - /bin/sh
+            - "-c"
+          args:
+            - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+              /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+      {{- end }}
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
+        - name: {{ include "common.fullname" . }}-migration-writable
+          emptyDir: {}
          - name: {{ include "common.fullname" . }}-config
            configMap:
              name: {{ include "common.fullname" . }}-db-configmap
          - name: {{ include "common.fullname" . }}-config
            configMap:
              name: {{ include "common.fullname" . }}-db-configmap
@@ -217,76 +294,107 @@ spec:
              items:
                - key: db_migrator_policy_init.sh
                  path: db_migrator_policy_init.sh
              items:
                - key: db_migrator_policy_init.sh
                  path: db_migrator_policy_init.sh
-
-{{ if .Values.global.postgres.localCluster }}
+{{ end }}
+{{ if .Values.global.postgres.useInPolicy }}
  ---
  apiVersion: batch/v1
  kind: Job
  metadata:
  ---
  apiVersion: batch/v1
  kind: Job
  metadata:
-  name: {{ include "common.fullname" . }}-pg-config
+  name: {{ include "common.fullname" . }}-pg-migrator-config
    namespace: {{ include "common.namespace" . }}
    labels:
    namespace: {{ include "common.namespace" . }}
    labels:
-    app: {{ include "common.name" . }}-pg-config
+    app: {{ include "common.name" . }}-pg-migrator-config
      release: {{ include "common.release" . }}
  spec:
    template:
      metadata:
        labels:
      release: {{ include "common.release" . }}
  spec:
    template:
      metadata:
        labels:
-        app: {{ include "common.name" . }}-pg-config
+        app: {{ include "common.name" . }}-pg-migrator-config
          release: {{ include "common.release" . }}
          release: {{ include "common.release" . }}
-      name: {{ include "common.name" . }}-pg-config
-      annotations:
-        sidecar.istio.io/inject: "false"
+      name: {{ include "common.name" . }}-pg-migrator-config
      spec:
      spec:
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
+      {{- include "common.imagePullSecrets" . | nindent 6 }}
        initContainers:
          - name: {{ include "common.name" . }}-init-readiness
            image: {{ include "repositoryGenerator.image.readiness" . }}
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        initContainers:
          - name: {{ include "common.name" . }}-init-readiness
            image: {{ include "repositoryGenerator.image.readiness" . }}
            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
            command:
            command:
-          - /app/ready.py
+            - /app/ready.py
            args:
            args:
-          - --job-name
-          - {{ include "common.fullname" . }}-pg-init
+            - --job-name
+            - {{ include "common.fullname" . }}-pg-init
            env:
            env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: "100m"
+              memory: "500Mi"
+            requests:
+              cpu: "3m"
+              memory: "20Mi"
        containers:
        containers:
-      - name: {{ include "common.name" . }}-pg-db-migrator
-        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
-          - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
-            name: {{ include "common.fullname" . }}-config
-            subPath: db_migrator_pg_policy_init.sh
-        command:
-          - /bin/sh
-          - -cx
-          - |
-             /dbcmd-config/db_migrator_pg_policy_init.sh
-        env:
-        - name: SQL_HOST
-          value: "{{ .Values.postgres.service.name2 }}"
-        - name: SQL_USER
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
-        - name: SQL_PASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
-        - name: SQL_DB
-          value: {{ .Values.dbmigrator.schema }}
-        - name: POLICY_HOME
-          value: {{ .Values.dbmigrator.policy_home }}
-        - name: SCRIPT_DIRECTORY
-          value: "postgres"
-        - name: PGPASSWORD
-          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
-        resources: {{ include "common.resources" . | nindent 10 }}
+        - name: {{ include "common.name" . }}-pg-db-migrator
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+          volumeMounts:
+            - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+              name: {{ include "common.fullname" . }}-config
+              subPath: db_migrator_pg_policy_init.sh
+            - mountPath: /opt/app/policy/etc/db/
+              name: {{ include "common.fullname" . }}-migration-writable
+          command:
+            - /bin/sh
+            - -cx
+            - |
+             {{- if include "common.requireSidecarKiller" . }}
+              echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+              /dbcmd-config/db_migrator_pg_policy_init.sh
+          env:
+          - name: SQL_HOST
+            value: "{{ .Values.postgres.service.name2 }}"
+          - name: SQL_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+          - name: SQL_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          - name: SQL_DB
+            value: {{ .Values.dbmigrator.schemas }}
+          - name: POLICY_HOME
+            value: {{ .Values.dbmigrator.policy_home }}
+          - name: SCRIPT_DIRECTORY
+            value: "postgres"
+          - name: PGPASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+          resources: {{ include "common.resources" . | nindent 12 }}
+      {{- if (include "common.requireSidecarKiller" .) }}
+        - name: policy-service-mesh-wait-for-job-container
+          image: {{ include "repositoryGenerator.image.quitQuit" . }}
+          imagePullPolicy: Always
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+          command:
+            - /bin/sh
+            - "-c"
+          args:
+            - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+              /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+      {{- end }}
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
        restartPolicy: Never
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
        volumes:
+        - name: {{ include "common.fullname" . }}-migration-writable
+          emptyDir: {}
          - name: {{ include "common.fullname" . }}-config
            configMap:
              name: {{ include "common.fullname" . }}-db-configmap
          - name: {{ include "common.fullname" . }}-config
            configMap:
              name: {{ include "common.fullname" . }}-db-configmap
@@ -294,4 +402,4 @@ spec:
              items:
                - key: db_migrator_pg_policy_init.sh
                  path: db_migrator_pg_policy_init.sh
              items:
                - key: db_migrator_pg_policy_init.sh
                  path: db_migrator_pg_policy_init.sh
-{{ end }}
+{{ end }}
+\ No newline at end of file