metadata:
name: {{ template "kong.fullname" . }}-pre-upgrade-migrations
labels:
- app: {{ template "kong.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- component: pre-upgrade-migrations
+ {{- include "kong.metaLabels" . | nindent 4 }}
+ app.kubernetes.io/component: pre-upgrade-migrations
annotations:
helm.sh/hook: "pre-upgrade"
helm.sh/hook-delete-policy: "before-hook-creation"
metadata:
name: {{ template "kong.name" . }}-pre-upgrade-migrations
labels:
- app: {{ template "kong.name" . }}
- release: "{{ .Release.Name }}"
- component: pre-upgrade-migrations
+ {{- include "kong.metaLabels" . | nindent 8 }}
+ app.kubernetes.io/component: pre-upgrade-migrations
spec:
+ {{- if .Values.podSecurityPolicy.enabled }}
+ serviceAccountName: {{ template "kong.serviceAccountName" . }}
+ {{- end }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
- {{- if .Values.postgresql.enabled }}
initContainers:
- - name: wait-for-postgres
- image: "{{ .Values.waitImage.repository }}:{{ .Values.waitImage.tag }}"
- env:
- - name: KONG_PG_HOST
- value: {{ template "kong.postgresql.fullname" . }}
- - name: KONG_PG_PORT
- value: "{{ .Values.postgresql.service.port }}"
- - name: KONG_PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "kong.postgresql.fullname" . }}
- key: postgresql-password
- command: [ "/bin/sh", "-c", "until nc -zv $KONG_PG_HOST $KONG_PG_PORT -w1; do echo 'waiting for db'; sleep 1; done" ]
+ {{- if (eq .Values.env.database "postgres") }}
+ {{- include "kong.wait-for-postgres" . | nindent 6 }}
{{- end }}
containers:
- name: {{ template "kong.name" . }}-upgrade-migrations
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- - name: KONG_NGINX_DAEMON
- value: "off"
- {{- if .Values.enterprise.enabled }}
- {{- include "kong.license" . | nindent 8 }}
- {{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: KONG_PG_HOST
- value: {{ template "kong.postgresql.fullname" . }}
- - name: KONG_PG_PORT
- value: "{{ .Values.postgresql.service.port }}"
- - name: KONG_PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "kong.postgresql.fullname" . }}
- key: postgresql-password
- {{- end }}
- {{- if .Values.cassandra.enabled }}
- - name: KONG_CASSANDRA_CONTACT_POINTS
- value: {{ template "kong.cassandra.fullname" . }}
- {{- end }}
- {{- include "kong.env" . | indent 8 }}
+ {{- include "kong.final_env" . | nindent 8 }}
command: [ "/bin/sh", "-c", "kong migrations up" ]
+ volumeMounts:
+ {{- include "kong.volumeMounts" . | nindent 8 }}
+ securityContext:
+ {{- include "kong.podsecuritycontext" . | nindent 8 }}
restartPolicy: OnFailure
+ volumes:
+ {{- include "kong.volumes" . | nindent 6 -}}
{{- end }}
+
+{{ if or .Values.podSecurityPolicy.enabled (and .Values.ingressController.enabled .Values.ingressController.serviceAccount.create) -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "kong.serviceAccountName" . }}
+ namespace: {{ .Release.namespace }}
+ annotations:
+ "helm.sh/hook": pre-upgrade
+ "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+ labels:
+ {{- include "kong.metaLabels" . | nindent 4 }}
+{{- end -}}