J release changes

[ric-plt/ric-dep.git] / helm / infrastructure / subcharts / kong / templates / migrations-pre-upgrade.yaml

diff --git a/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml b/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml
index 977ac48..9efb8ba 100644 (file)
--- a/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml
+++ b/helm/infrastructure/subcharts/kong/templates/migrations-pre-upgrade.yaml
@@ -1,63 +1,99 @@
-{{- if (and (.Values.runMigrations) (not (eq .Values.env.database "off"))) }}
+{{- if .Values.deployment.kong.enabled }}
+{{- if (and .Values.migrations.preUpgrade (not (eq .Values.env.database "off"))) }}
 # Why is this Job duplicated and not using only helm hooks?
 # See: https://github.com/helm/charts/pull/7362
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: {{ template "kong.fullname" . }}-pre-upgrade-migrations
+  namespace: {{ template "kong.namespace" . }}
   labels:
     {{- include "kong.metaLabels" . | nindent 4 }}
     app.kubernetes.io/component: pre-upgrade-migrations
   annotations:
     helm.sh/hook: "pre-upgrade"
     helm.sh/hook-delete-policy: "before-hook-creation"
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+  {{- range $key, $value := .Values.migrations.jobAnnotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{- end }}
 spec:
+  backoffLimit: {{ .Values.migrations.backoffLimit }}
   template:
     metadata:
       name: {{ template "kong.name" . }}-pre-upgrade-migrations
       labels:
         {{- include "kong.metaLabels" . | nindent 8 }}
         app.kubernetes.io/component: pre-upgrade-migrations
+      {{- if .Values.migrations.annotations }}
+      annotations:
+      {{- range $key, $value := .Values.migrations.annotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+      {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }}
+        kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }}
+      {{- end }}
+      {{- end }}
     spec:
-      {{- if .Values.podSecurityPolicy.enabled }}
+      {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }}
       serviceAccountName: {{ template "kong.serviceAccountName" . }}
       {{- end }}
+      {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }}
+      automountServiceAccountToken: true
+      {{- else }}
+      automountServiceAccountToken: false
+      {{ end }}
       {{- if .Values.image.pullSecrets }}
       imagePullSecrets:
       {{- range .Values.image.pullSecrets }}
         - name: {{ . }}
       {{- end }}
       {{- end }}
+      {{- if (or (and (.Values.postgresql.enabled) .Values.waitImage.enabled) .Values.deployment.initContainers) }}
       initContainers:
-      {{- if (eq .Values.env.database "postgres") }}
+      {{- if .Values.deployment.initContainers }}
+      {{- toYaml .Values.deployment.initContainers | nindent 6 }}
+      {{- end }}
+      {{- if (and (.Values.postgresql.enabled) .Values.waitImage.enabled) }}
       {{- include "kong.wait-for-postgres" . | nindent 6 }}
       {{- end }}
+      {{- end }}
       containers:
+      {{- if .Values.migrations.sidecarContainers }}
+      {{- toYaml .Values.migrations.sidecarContainers | nindent 6 }}
+      {{- end }}
       - name: {{ template "kong.name" . }}-upgrade-migrations
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ include "kong.getRepoTag" .Values.image }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+        {{ toYaml .Values.containerSecurityContext | nindent 10 }}
         env:
-        {{- include "kong.final_env" . | nindent 8 }}
-        command: [ "/bin/sh", "-c", "kong migrations up" ]
+        {{- include "kong.no_daemon_env" . | nindent 8 }}
+        {{- include "kong.envFrom" .Values.envFrom | nindent 8 }}
+        args: [ "kong", "migrations", "up" ]
         volumeMounts:
         {{- include "kong.volumeMounts" . | nindent 8 }}
+        {{- include "kong.userDefinedVolumeMounts" .Values.deployment | nindent 8 }}
+        resources:
+        {{- toYaml .Values.migrations.resources| nindent 10 }}
       securityContext:
       {{- include "kong.podsecuritycontext" . | nindent 8 }}
+      {{- if .Values.affinity }}
+      affinity:
+      {{- toYaml .Values.affinity | nindent 8 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml .Values.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations:
+      {{- toYaml .Values.tolerations | nindent 8 }}
+      {{- end }}
       restartPolicy: OnFailure
       volumes:
       {{- include "kong.volumes" . | nindent 6 -}}
+      {{- include "kong.userDefinedVolumes" . | nindent 6 -}}
+{{- end }}
 {{- end }}
-
-{{ if or .Values.podSecurityPolicy.enabled (and .Values.ingressController.enabled .Values.ingressController.serviceAccount.create) -}}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "kong.serviceAccountName" . }}
-  namespace: {{ .Release.namespace }}
-  annotations:
-    "helm.sh/hook": pre-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-  labels:
-    {{- include "kong.metaLabels" . | nindent 4 }}
-{{- end -}}