X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fpostgres-init%2Ftemplates%2Fjob.yaml;h=cc7d410eb28660b2044f43120d2b442207597105;hb=HEAD;hp=01151bb4a9e5d130afd48d6a709ec3aa74d2bfb1;hpb=31bb6fe2a093273e4a10cd0c46adfae75f736cd6;p=oom.git diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 01151bb4a9..cc7d410eb2 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -28,26 +28,18 @@ spec: backoffLimit: 20 template: metadata: + annotations: + # Workarround to exclude K8S API from istio communication + # as init-container (readinessCheck) does not work with the + # Istio CNI plugin, see: + # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers) + traffic.sidecar.istio.io/excludeOutboundPorts: "443" labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - {{ .Values.global.postgres.container.name }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - command: - sh @@ -59,6 +51,8 @@ spec: } export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql env: @@ -78,26 +72,17 @@ spec: value: "{{ .Values.config.pgDatabase }}" - name: PG_ROOT_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/setup.sql - name: config - subPath: setup.sql - - mountPath: /config - name: pgconf image: {{ include "repositoryGenerator.image.postgres" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - mountPath: /config-input/setup.sql name: config subPath: setup.sql - mountPath: /config name: pgconf - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 10 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -106,10 +91,8 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: localtime - hostPath: - path: /etc/localtime - name: config configMap: name: {{ include "common.fullname" . }} @@ -117,5 +100,4 @@ spec: emptyDir: medium: Memory restartPolicy: Never - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }}