Merge "[CPS] New Delhi release changes"

[oom.git] / kubernetes / common / postgres-init / templates / job.yaml

diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index d9a7386..cc7d410 100644 (file)
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -28,26 +28,18 @@ spec:
   backoffLimit: 20
   template:
     metadata:
+      annotations:
+        # Workarround to exclude K8S API from istio communication
+        # as init-container (readinessCheck) does not work with the
+        # Istio CNI plugin, see:
+        # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+        traffic.sidecar.istio.io/excludeOutboundPorts: "443"
       labels:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
-      - name: {{ include "common.name" . }}-readiness
-        command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - {{ .Values.global.postgres.container.name }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+      initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
       - command:
         - sh
@@ -80,26 +72,16 @@ spec:
           value: "{{ .Values.config.pgDatabase }}"
         - name: PG_ROOT_PASSWORD_INPUT
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
-        volumeMounts:
-        - mountPath: /config-input/setup.sql
-          name: config
-          subPath: setup.sql
-        - mountPath: /config
-          name: pgconf
         image: {{ include "repositoryGenerator.image.postgres" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
         volumeMounts:
-        - mountPath: /etc/localtime
-          name: localtime
-          readOnly: true
         - mountPath: /config-input/setup.sql
           name: config
           subPath: setup.sql
         - mountPath: /config
           name: pgconf
-        resources:
-{{ include "common.resources" . | indent 12 }}
+        resources: {{ include "common.resources" . | nindent 10 }}
       {{ include "common.waitForJobContainer" . | indent 6 | trim }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
@@ -109,10 +91,8 @@ spec:
       affinity:
 {{ toYaml .Values.affinity | indent 10 }}
       {{- end }}
+      serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
-      - name: localtime
-        hostPath:
-          path: /etc/localtime
       - name: config
         configMap:
           name: {{ include "common.fullname" . }}
@@ -120,5 +100,4 @@ spec:
         emptyDir:
           medium: Memory
       restartPolicy: Never
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{- include "common.imagePullSecrets" . | nindent 6 }}