github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/deprovision-retrigger-job.yaml (about) 1 apiVersion: batch/v1 2 kind: CronJob 3 metadata: 4 name: deprovision-retrigger-job 5 annotations: 6 argocd.argoproj.io/sync-options: Prune=false 7 spec: 8 jobTemplate: 9 metadata: 10 name: deprovision-retrigger-job 11 spec: 12 template: 13 spec: 14 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 15 shareProcessNamespace: true 16 {{- with .Values.deployment.securityContext }} 17 securityContext: 18 {{ toYaml . | nindent 12 }} 19 {{- end }} 20 restartPolicy: Never 21 containers: 22 - image: "{{ .Values.global.images.container_registry.path }}/{{ .Values.global.images.kyma_environment_deprovision_retrigger_job.dir }}kyma-environment-deprovision-retrigger-job:{{ .Values.global.images.kyma_environment_deprovision_retrigger_job.version }}" 23 name: deprovision-retrigger-job 24 env: 25 {{if eq .Values.global.database.embedded.enabled true}} 26 - name: DATABASE_EMBEDDED 27 value: "true" 28 {{end}} 29 {{if eq .Values.global.database.embedded.enabled false}} 30 - name: DATABASE_EMBEDDED 31 value: "false" 32 {{end}} 33 - name: APP_DRY_RUN 34 value: "{{ .Values.deprovisionRetrigger.dryRun }}" 35 - name: APP_DATABASE_SECRET_KEY 36 valueFrom: 37 secretKeyRef: 38 name: "{{ .Values.global.database.managedGCP.encryptionSecretName }}" 39 key: secretKey 40 optional: true 41 - name: APP_DATABASE_USER 42 valueFrom: 43 secretKeyRef: 44 name: kcp-postgresql 45 key: postgresql-broker-username 46 - name: APP_DATABASE_PASSWORD 47 valueFrom: 48 secretKeyRef: 49 name: kcp-postgresql 50 key: postgresql-broker-password 51 - name: APP_DATABASE_HOST 52 valueFrom: 53 secretKeyRef: 54 name: kcp-postgresql 55 key: postgresql-serviceName 56 - name: APP_DATABASE_PORT 57 valueFrom: 58 secretKeyRef: 59 name: kcp-postgresql 60 key: postgresql-servicePort 61 - name: APP_DATABASE_NAME 62 valueFrom: 63 secretKeyRef: 64 name: kcp-postgresql 65 key: postgresql-broker-db-name 66 - name: APP_DATABASE_SSLMODE 67 valueFrom: 68 secretKeyRef: 69 name: kcp-postgresql 70 key: postgresql-sslMode 71 - name: APP_DATABASE_SSLROOTCERT 72 value: /secrets/cloudsql-sslrootcert/server-ca.pem 73 - name: APP_BROKER_URL 74 value: "http://{{ include "kyma-env-broker.fullname" . }}" 75 command: 76 - "/bin/main" 77 volumeMounts: 78 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 79 - name: cloudsql-sslrootcert 80 mountPath: /secrets/cloudsql-sslrootcert 81 readOnly: true 82 {{- end}} 83 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 84 - name: cloudsql-proxy 85 image: {{ .Values.global.images.cloudsql_proxy_image }} 86 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 87 command: ["/cloud_sql_proxy", 88 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 89 {{- else }} 90 command: ["/cloud_sql_proxy", 91 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 92 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 93 volumeMounts: 94 - name: cloudsql-instance-credentials 95 mountPath: /secrets/cloudsql-instance-credentials 96 readOnly: true 97 {{- end }} 98 {{- with .Values.deployment.securityContext }} 99 securityContext: 100 {{ toYaml . | nindent 16 }} 101 {{- end }} 102 {{- end}} 103 volumes: 104 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 105 - name: cloudsql-instance-credentials 106 secret: 107 secretName: cloudsql-instance-credentials 108 {{- end}} 109 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 110 - name: cloudsql-sslrootcert 111 secret: 112 secretName: kcp-postgresql 113 items: 114 - key: postgresql-sslRootCert 115 path: server-ca.pem 116 optional: true 117 {{- end}} 118 schedule: "{{ .Values.deprovisionRetrigger.schedule }}"