+{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
+{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
kind: Job
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
+ release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
backoffLimit: 20
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
+ release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - bash
- - /db_init/db_init.sh
+ - /bin/sh
+ - -c
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /db_init/db_init.sh {{ if or .Values.dbScriptConfigMap .Values.dbScript }} &&
+ /db_config/db_cmd.sh{{ end }}
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: {{ include "common.mariadbService" . }}
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: {{ include "common.mariadbPort" . | quote }}
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "mariadbInit.mariadbClusterSecret" . }}
- key: {{ .Values.global.mariadbGalera.userRootSecretKey }}
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ - name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ - name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
-{{ range $db, $_value := .Values.config.mysqlAdditionalDatabases }}
+{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
+ - name: {{ printf "MYSQL_USER_%s" $db | upper }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" $root }}-secret
- key: {{ printf "db-%s-user-password" $db }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: mariadb-conf
+ - name: mariadb-init
mountPath: /db_init/
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
+{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
+ - name: mariadb-conf
+ mountPath: /db_config/
+{{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- name: mariadb-conf
configMap:
+{{- if .Values.dbScriptConfigMap }}
+ name: {{ tpl .Values.dbScriptConfigMap . }}
+{{- else -}}
+ name: {{ include "common.fullname" . }}-dbscript
+{{- end }}
+ defaultMode: 0755
+{{- end }}
+ - name: mariadb-init
+ configMap:
name: {{ include "mariadbInit.configMap" . }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ defaultMode: 0755
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
Code Review / oom.git / blobdiff