github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/subaccount-cleanup-job.yaml (about) 1 {{ if .Values.subaccountCleanup.enabled }} 2 apiVersion: batch/v1 3 kind: CronJob 4 metadata: 5 name: "kcp-subaccount-cleaner-v1.0" 6 annotations: 7 argocd.argoproj.io/sync-options: Prune=false 8 spec: 9 schedule: "{{ .Values.subaccountCleanup.schedule }}" 10 failedJobsHistoryLimit: 5 11 concurrencyPolicy: Forbid 12 startingDeadlineSeconds: 60 13 jobTemplate: 14 metadata: 15 labels: 16 cronjob: subaccount-cleaner-v1.0 17 spec: 18 template: 19 metadata: 20 labels: 21 cronjob: subaccount-cleaner-v1.0 22 {{- if eq .Values.global.database.embedded.enabled false }} 23 annotations: 24 sidecar.istio.io/inject: "false" 25 {{ end }} 26 spec: 27 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 28 restartPolicy: Never 29 shareProcessNamespace: true 30 {{- with .Values.deployment.securityContext }} 31 securityContext: 32 {{ toYaml . | nindent 12 }} 33 {{- end }} 34 containers: 35 - name: cleaner 36 image: "{{ .Values.global.images.container_registry.path }}/{{ .Values.global.images.kyma_environment_broker.dir }}kyma-environment-subaccount-cleanup-job:{{ .Values.global.images.kyma_environments_subaccount_cleanup_job.version }}" 37 imagePullPolicy: IfNotPresent 38 env: 39 {{if eq .Values.global.database.embedded.enabled true}} 40 - name: DATABASE_EMBEDDED 41 value: "true" 42 {{end}} 43 {{if eq .Values.global.database.embedded.enabled false}} 44 - name: DATABASE_EMBEDDED 45 value: "false" 46 {{end}} 47 - name: APP_CLIENT_VERSION 48 value: "v1.0" 49 - name: APP_CIS_CLIENT_ID 50 valueFrom: 51 secretKeyRef: 52 name: {{ .Values.cis.v1.secretName }} 53 key: id 54 - name: APP_CIS_CLIENT_SECRET 55 valueFrom: 56 secretKeyRef: 57 name: {{ .Values.cis.v1.secretName }} 58 key: secret 59 - name: APP_CIS_AUTH_URL 60 value: {{ .Values.cis.v1.authURL }} 61 - name: APP_CIS_EVENT_SERVICE_URL 62 value: {{ .Values.cis.v1.eventServiceURL }} 63 - name: APP_DATABASE_SECRET_KEY 64 valueFrom: 65 secretKeyRef: 66 name: "{{ .Values.global.database.managedGCP.encryptionSecretName }}" 67 key: secretKey 68 optional: true 69 - name: APP_DATABASE_USER 70 valueFrom: 71 secretKeyRef: 72 name: kcp-postgresql 73 key: postgresql-broker-username 74 - name: APP_DATABASE_PASSWORD 75 valueFrom: 76 secretKeyRef: 77 name: kcp-postgresql 78 key: postgresql-broker-password 79 - name: APP_DATABASE_HOST 80 valueFrom: 81 secretKeyRef: 82 name: kcp-postgresql 83 key: postgresql-serviceName 84 - name: APP_DATABASE_PORT 85 valueFrom: 86 secretKeyRef: 87 name: kcp-postgresql 88 key: postgresql-servicePort 89 - name: APP_DATABASE_NAME 90 valueFrom: 91 secretKeyRef: 92 name: kcp-postgresql 93 key: postgresql-broker-db-name 94 - name: APP_DATABASE_SSLMODE 95 valueFrom: 96 secretKeyRef: 97 name: kcp-postgresql 98 key: postgresql-sslMode 99 - name: APP_DATABASE_SSLROOTCERT 100 value: /secrets/cloudsql-sslrootcert/server-ca.pem 101 - name: APP_BROKER_URL 102 value: "http://{{ include "kyma-env-broker.fullname" . }}" 103 command: 104 - "/bin/main" 105 volumeMounts: 106 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 107 - name: cloudsql-sslrootcert 108 mountPath: /secrets/cloudsql-sslrootcert 109 readOnly: true 110 {{- end}} 111 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 112 - name: cloudsql-proxy 113 image: {{ .Values.global.images.cloudsql_proxy_image }} 114 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 115 command: ["/cloud_sql_proxy", 116 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 117 {{- else }} 118 command: ["/cloud_sql_proxy", 119 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 120 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 121 volumeMounts: 122 - name: cloudsql-instance-credentials 123 mountPath: /secrets/cloudsql-instance-credentials 124 readOnly: true 125 {{- end }} 126 {{- with .Values.deployment.securityContext }} 127 securityContext: 128 {{ toYaml . | nindent 16 }} 129 {{- end }} 130 {{- end}} 131 132 volumes: 133 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 134 - name: cloudsql-instance-credentials 135 secret: 136 secretName: cloudsql-instance-credentials 137 {{- end}} 138 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 139 - name: cloudsql-sslrootcert 140 secret: 141 secretName: kcp-postgresql 142 items: 143 - key: postgresql-sslRootCert 144 path: server-ca.pem 145 optional: true 146 {{- end}} 147 --- 148 apiVersion: batch/v1 149 kind: CronJob 150 metadata: 151 name: "kcp-subaccount-cleaner-v2.0" 152 annotations: 153 argocd.argoproj.io/sync-options: Prune=false 154 spec: 155 schedule: "{{ .Values.subaccountCleanup.schedule }}" 156 failedJobsHistoryLimit: 5 157 concurrencyPolicy: Forbid 158 startingDeadlineSeconds: 60 159 jobTemplate: 160 metadata: 161 labels: 162 cronjob: subaccount-cleaner-v2.0 163 spec: 164 template: 165 metadata: 166 labels: 167 cronjob: subaccount-cleaner-v2.0 168 spec: 169 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 170 restartPolicy: Never 171 shareProcessNamespace: true 172 {{- with .Values.deployment.securityContext }} 173 securityContext: 174 {{ toYaml . | nindent 12 }} 175 {{- end }} 176 containers: 177 - name: cleaner 178 image: "{{ .Values.global.images.container_registry.path }}/{{ .Values.global.images.kyma_environment_broker.dir }}kyma-environment-subaccount-cleanup-job:{{ .Values.global.images.kyma_environments_subaccount_cleanup_job.version }}" 179 imagePullPolicy: IfNotPresent 180 env: 181 {{if eq .Values.global.database.embedded.enabled true}} 182 - name: DATABASE_EMBEDDED 183 value: "true" 184 {{end}} 185 {{if eq .Values.global.database.embedded.enabled false}} 186 - name: DATABASE_EMBEDDED 187 value: "false" 188 {{end}} 189 - name: APP_CLIENT_VERSION 190 value: "v2.0" 191 - name: APP_CIS_CLIENT_ID 192 valueFrom: 193 secretKeyRef: 194 name: {{ .Values.cis.v2.secretName }} 195 key: id 196 - name: APP_CIS_CLIENT_SECRET 197 valueFrom: 198 secretKeyRef: 199 name: {{ .Values.cis.v2.secretName }} 200 key: secret 201 - name: APP_CIS_AUTH_URL 202 value: {{ .Values.cis.v2.authURL }} 203 - name: APP_CIS_EVENT_SERVICE_URL 204 value: {{ .Values.cis.v2.eventServiceURL }} 205 - name: APP_DATABASE_SECRET_KEY 206 valueFrom: 207 secretKeyRef: 208 name: "{{ .Values.global.database.managedGCP.encryptionSecretName }}" 209 key: secretKey 210 optional: true 211 - name: APP_DATABASE_USER 212 valueFrom: 213 secretKeyRef: 214 name: kcp-postgresql 215 key: postgresql-broker-username 216 - name: APP_DATABASE_PASSWORD 217 valueFrom: 218 secretKeyRef: 219 name: kcp-postgresql 220 key: postgresql-broker-password 221 - name: APP_DATABASE_HOST 222 valueFrom: 223 secretKeyRef: 224 name: kcp-postgresql 225 key: postgresql-serviceName 226 - name: APP_DATABASE_PORT 227 valueFrom: 228 secretKeyRef: 229 name: kcp-postgresql 230 key: postgresql-servicePort 231 - name: APP_DATABASE_NAME 232 valueFrom: 233 secretKeyRef: 234 name: kcp-postgresql 235 key: postgresql-broker-db-name 236 - name: APP_DATABASE_SSLMODE 237 valueFrom: 238 secretKeyRef: 239 name: kcp-postgresql 240 key: postgresql-sslMode 241 - name: APP_DATABASE_SSLROOTCERT 242 value: /secrets/cloudsql-sslrootcert/server-ca.pem 243 - name: APP_BROKER_URL 244 value: "http://{{ include "kyma-env-broker.fullname" . }}" 245 command: 246 - "/bin/main" 247 volumeMounts: 248 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 249 - name: cloudsql-sslrootcert 250 mountPath: /secrets/cloudsql-sslrootcert 251 readOnly: true 252 {{- end}} 253 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 254 - name: cloudsql-proxy 255 image: {{ .Values.global.images.cloudsql_proxy_image }} 256 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 257 command: ["/cloud_sql_proxy", 258 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 259 {{- else }} 260 command: ["/cloud_sql_proxy", 261 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 262 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 263 volumeMounts: 264 - name: cloudsql-instance-credentials 265 mountPath: /secrets/cloudsql-instance-credentials 266 readOnly: true 267 {{- end }} 268 {{- with .Values.deployment.securityContext }} 269 securityContext: 270 {{ toYaml . | nindent 16 }} 271 {{- end }} 272 {{- end}} 273 274 volumes: 275 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 276 - name: cloudsql-instance-credentials 277 secret: 278 secretName: cloudsql-instance-credentials 279 {{- end}} 280 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 281 - name: cloudsql-sslrootcert 282 secret: 283 secretName: kcp-postgresql 284 items: 285 - key: postgresql-sslRootCert 286 path: server-ca.pem 287 optional: true 288 {{- end}} 289 {{ end }}