Merge "[CPS] New Delhi release changes"

[oom.git] / kubernetes / common / postgres-init / templates / job.yaml

diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 01151bb..cc7d410 100644 (file)
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,26 +28,18 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - {{ .Values.global.postgres.container.name }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
       - command:
         - sh
@@ -59,6 +51,8 @@ spec:
           }
           export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
           export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+          {{- if include "common.onServiceMesh" . }}
+          echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
           cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
           psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
         env:
@@ -78,26 +72,17 @@ spec:
           value: "{{ .Values.config.pgDatabase }}"
         - name: PG_ROOT_PASSWORD_INPUT
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input/setup.sql
-          name: config
-          subPath: setup.sql
-        - mountPath: /config
-          name: pgconf
         image: {{ include "repositoryGenerator.image.postgres" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
         volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
         - mountPath: /config-input/setup.sql
           name: config
           subPath: setup.sql
         - mountPath: /config
           name: pgconf
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        resources: {{ include "common.resources" . | nindent 10 }}
+      {{ include "common.waitForJobContainer" . | indent 6 | trim }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -106,10 +91,8 @@ spec:
       affinity:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
       - name: config
         configMap:
           name: {{ include "common.fullname" . }}
@@ -117,5 +100,4 @@ spec:
         emptyDir:
           medium: Memory
       restartPolicy: Never
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{- include "common.imagePullSecrets" . | nindent 6 }}