github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/keb-db-job.yaml (about) 1 {{- range $index, $property := .Values.cronJobs }} 2 {{- $job := get $.Values $property }} 3 4 apiVersion: batch/v1 5 kind: CronJob 6 metadata: 7 name: {{ $job.name }} 8 annotations: 9 argocd.argoproj.io/sync-options: Prune=false 10 spec: 11 schedule: {{ $job.schedule }} 12 failedJobsHistoryLimit: 5 13 successfulJobsHistoryLimit: 1 14 concurrencyPolicy: Forbid 15 jobTemplate: 16 metadata: 17 labels: 18 cronjob: {{ $job.cronJobName }} 19 spec: 20 template: 21 metadata: 22 name: {{ $job.imageName }} 23 labels: 24 cronjob: {{ $job.cronJobName }} 25 spec: 26 shareProcessNamespace: true 27 {{- if $job.account }} 28 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 29 {{- end }} 30 {{- with $.Values.deployment.securityContext }} 31 securityContext: 32 {{ toYaml . }} 33 {{- end }} 34 restartPolicy: Never 35 containers: 36 - name: {{ $job.cronJobName }} 37 image: "{{ $.Values.global.images.container_registry.path }}/{{ $job.dir }}{{ $job.imageName }}:{{ $job.version }}" 38 imagePullPolicy: IfNotPresent 39 env: 40 {{- range $key, $val := $job.envs }} 41 - name: {{ $key }} 42 value: {{ $val }} 43 {{- end}} 44 - name: APP_PROVISIONER_URL 45 value: "{{ $.Values.provisioner.URL }}" 46 {{if eq $.Values.global.database.embedded.enabled false}} 47 - name: DATABASE_EMBEDDED 48 value: "false" 49 {{end}} 50 {{if eq $.Values.global.database.embedded.enabled true}} 51 - name: DATABASE_EMBEDDED 52 value: "true" 53 {{end}} 54 - name: APP_DATABASE_SECRET_KEY 55 valueFrom: 56 secretKeyRef: 57 name: "{{ $.Values.global.database.managedGCP.encryptionSecretName }}" 58 key: secretKey 59 optional: true 60 - name: APP_DATABASE_USER 61 valueFrom: 62 secretKeyRef: 63 key: postgresql-broker-username 64 name: kcp-postgresql 65 - name: APP_DATABASE_PASSWORD 66 valueFrom: 67 secretKeyRef: 68 key: postgresql-broker-password 69 name: kcp-postgresql 70 - name: APP_DATABASE_HOST 71 valueFrom: 72 secretKeyRef: 73 key: postgresql-serviceName 74 name: kcp-postgresql 75 - name: APP_DATABASE_PORT 76 valueFrom: 77 secretKeyRef: 78 key: postgresql-servicePort 79 name: kcp-postgresql 80 - name: APP_DATABASE_NAME 81 valueFrom: 82 secretKeyRef: 83 key: postgresql-broker-db-name 84 name: kcp-postgresql 85 - name: APP_DATABASE_SSLMODE 86 valueFrom: 87 secretKeyRef: 88 key: postgresql-sslMode 89 name: kcp-postgresql 90 - name: APP_DATABASE_SSLROOTCERT 91 value: /secrets/cloudsql-sslrootcert/server-ca.pem 92 - name: APP_BROKER_URL 93 value: "http://{{ include "kyma-env-broker.fullname" . }}" 94 - name: APP_BROKER_SCOPE 95 value: {{$.Values.kebClient.scope}} 96 command: 97 - "/bin/main" 98 volumeMounts: 99 {{- range $key, $val := $job.secretVolumes }} 100 - name: {{ $key }} 101 mountPath: {{ $val.path }} 102 readOnly: true 103 {{- end}} 104 {{- if and (eq $.Values.global.database.embedded.enabled false) (eq $.Values.global.database.cloudsqlproxy.enabled false)}} 105 - name: cloudsql-sslrootcert 106 mountPath: /secrets/cloudsql-sslrootcert 107 readOnly: true 108 {{- end}} 109 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 110 - name: cloudsql-proxy 111 image: {{ .Values.global.images.cloudsql_proxy_image }} 112 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 113 command: ["/cloud_sql_proxy", 114 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 115 {{- else }} 116 command: ["/cloud_sql_proxy", 117 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 118 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 119 volumeMounts: 120 - name: cloudsql-instance-credentials 121 mountPath: /secrets/cloudsql-instance-credentials 122 readOnly: true 123 {{- end }} 124 {{- with $.Values.deployment.securityContext }} 125 securityContext: 126 {{ toYaml . }} 127 {{- end }} 128 {{- end}} 129 volumes: 130 {{- if and (eq $.Values.global.database.embedded.enabled false) (eq $.Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 131 - name: cloudsql-instance-credentials 132 secret: 133 secretName: cloudsql-instance-credentials 134 {{- end}} 135 {{- if and (eq $.Values.global.database.embedded.enabled false) (eq $.Values.global.database.cloudsqlproxy.enabled false)}} 136 - name: cloudsql-sslrootcert 137 secret: 138 secretName: kcp-postgresql 139 items: 140 - key: postgresql-sslRootCert 141 path: server-ca.pem 142 optional: true 143 {{- end}} 144 {{- range $key, $val := $job.secretVolumes }} 145 - name: {{ $key }} 146 secret: 147 optional: {{ $val.optional }} 148 secretName: {{ $val.secret }} 149 defaultMode: {{ $val.defaultMode}} 150 {{- end}} 151 {{- end }}