-{{- if (and (.Values.runMigrations) (not (eq .Values.env.database "off"))) }}
+{{- if .Values.deployment.kong.enabled }}
+{{- if (and .Values.migrations.postUpgrade (not (eq .Values.env.database "off"))) }}
# Why is this Job duplicated and not using only helm hooks?
# See: https://github.com/helm/charts/pull/7362
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "kong.fullname" . }}-post-upgrade-migrations
+ namespace: {{ template "kong.namespace" . }}
labels:
- app: {{ template "kong.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- component: post-upgrade-migrations
+ {{- include "kong.metaLabels" . | nindent 4 }}
+ app.kubernetes.io/component: post-upgrade-migrations
annotations:
helm.sh/hook: "post-upgrade"
helm.sh/hook-delete-policy: "before-hook-creation"
+ {{- range $key, $value := .Values.migrations.jobAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
spec:
+ backoffLimit: {{ .Values.migrations.backoffLimit }}
template:
metadata:
name: {{ template "kong.name" . }}-post-upgrade-migrations
labels:
- app: {{ template "kong.name" . }}
- release: "{{ .Release.Name }}"
- component: post-upgrade-migrations
+ {{- include "kong.metaLabels" . | nindent 8 }}
+ app.kubernetes.io/component: post-upgrade-migrations
+ {{- if .Values.migrations.annotations }}
+ annotations:
+ {{- range $key, $value := .Values.migrations.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
+ kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }}
+ {{- end }}
+ {{- end }}
spec:
+ {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
+ serviceAccountName: {{ template "kong.serviceAccountName" . }}
+ {{- end }}
+ {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
+ automountServiceAccountToken: true
+ {{- else }}
+ automountServiceAccountToken: false
+ {{ end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
- {{- if .Values.postgresql.enabled }}
+ {{- if (or (and (.Values.postgresql.enabled) .Values.waitImage.enabled) .Values.deployment.initContainers) }}
initContainers:
- - name: wait-for-postgres
- image: "{{ .Values.waitImage.repository }}:{{ .Values.waitImage.tag }}"
- env:
- - name: KONG_PG_HOST
- value: {{ template "kong.postgresql.fullname" . }}
- - name: KONG_PG_PORT
- value: "{{ .Values.postgresql.service.port }}"
- - name: KONG_PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "kong.postgresql.fullname" . }}
- key: postgresql-password
- command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ {{- if .Values.deployment.initContainers }}
+ {{- toYaml .Values.deployment.initContainers | nindent 6 }}
+ {{- end }}
+ {{- if (and (.Values.postgresql.enabled) .Values.waitImage.enabled) }}
+ {{- include "kong.wait-for-postgres" . | nindent 6 }}
+ {{- end }}
{{- end }}
containers:
+ {{- if .Values.migrations.sidecarContainers }}
+ {{- toYaml .Values.migrations.sidecarContainers | nindent 6 }}
+ {{- end }}
- name: {{ template "kong.name" . }}-post-upgrade-migrations
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ image: {{ include "kong.getRepoTag" .Values.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ {{ toYaml .Values.containerSecurityContext | nindent 10 }}
env:
- - name: KONG_NGINX_DAEMON
- value: "off"
- {{- if .Values.enterprise.enabled }}
- {{- include "kong.license" . | nindent 8 }}
- {{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: KONG_PG_HOST
- value: {{ template "kong.postgresql.fullname" . }}
- - name: KONG_PG_PORT
- value: "{{ .Values.postgresql.service.port }}"
- - name: KONG_PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "kong.postgresql.fullname" . }}
- key: postgresql-password
- {{- end }}
- {{- if .Values.cassandra.enabled }}
- - name: KONG_CASSANDRA_CONTACT_POINTS
- value: {{ template "kong.cassandra.fullname" . }}
- {{- end }}
- {{- include "kong.env" . | indent 8 }}
- command: [ "/bin/sh", "-c", "kong migrations finish" ]
+ {{- include "kong.no_daemon_env" . | nindent 8 }}
+ {{- include "kong.envFrom" .Values.envFrom | nindent 8 }}
+ args: [ "kong", "migrations", "finish" ]
+ volumeMounts:
+ {{- include "kong.volumeMounts" . | nindent 8 }}
+ {{- include "kong.userDefinedVolumeMounts" .Values.deployment | nindent 8 }}
+ resources:
+ {{- toYaml .Values.migrations.resources | nindent 10 }}
+ securityContext:
+ {{- include "kong.podsecuritycontext" . | nindent 8 }}
+ {{- if .Values.affinity }}
+ affinity:
+ {{- toYaml .Values.affinity | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+ {{- toYaml .Values.tolerations | nindent 8 }}
+ {{- end }}
restartPolicy: OnFailure
+ volumes:
+ {{- include "kong.volumes" . | nindent 6 -}}
+ {{- include "kong.userDefinedVolumes" . | nindent 6 -}}
+{{- end }}
{{- end }}
Code Review / ric-plt / ric-dep.git / blobdiff