github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/templates/migrator-job.yaml (about) 1 {{- if .Values.migratorJobs.enabled -}} 2 apiVersion: batch/v1 3 kind: Job 4 metadata: 5 name: kcp-migration-broker 6 labels: 7 app: {{ .Chart.Name }} 8 release: {{ .Release.Name }} 9 annotations: 10 "helm.sh/hook": post-install,post-upgrade 11 "helm.sh/hook-weight": "1" 12 "helm.sh/hook-delete-policy": before-hook-creation 13 spec: 14 template: 15 metadata: 16 labels: 17 app: {{ .Chart.Name }} 18 release: {{ .Release.Name }} 19 {{if eq .Values.global.database.embedded.enabled false}} 20 annotations: 21 sidecar.istio.io/inject: "false" 22 {{end}} 23 spec: 24 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 25 restartPolicy: Never 26 shareProcessNamespace: true 27 containers: 28 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 29 - name: cloudsql-proxy 30 image: {{ .Values.global.images.cloudsql_proxy_image }} 31 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 32 command: ["/cloud_sql_proxy", 33 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 34 {{- else }} 35 command: ["/cloud_sql_proxy", 36 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 37 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 38 volumeMounts: 39 - name: cloudsql-instance-credentials 40 mountPath: /secrets/cloudsql-instance-credentials 41 readOnly: true 42 {{- end }} 43 {{- end}} 44 - name: migrator 45 image: {{ .Values.global.images.containerRegistry.path }}/{{ .Values.global.images.schema_migrator.dir }}schema-migrator:{{ .Values.global.images.schema_migrator.version }} 46 imagePullPolicy: IfNotPresent 47 command: 48 - /bin/program 49 env: 50 {{if eq .Values.global.database.embedded.enabled true}} 51 - name: DATABASE_EMBEDDED 52 value: "true" 53 {{end}} 54 {{if eq .Values.global.database.embedded.enabled false}} 55 - name: DATABASE_EMBEDDED 56 value: "false" 57 {{end}} 58 - name: DB_USER 59 valueFrom: 60 secretKeyRef: 61 name: kcp-postgresql 62 key: postgresql-broker-username 63 - name: DB_PASSWORD 64 valueFrom: 65 secretKeyRef: 66 name: kcp-postgresql 67 key: postgresql-broker-password 68 - name: DB_HOST 69 valueFrom: 70 secretKeyRef: 71 name: kcp-postgresql 72 key: postgresql-serviceName 73 - name: DB_PORT 74 valueFrom: 75 secretKeyRef: 76 name: kcp-postgresql 77 key: postgresql-servicePort 78 - name: DB_NAME 79 valueFrom: 80 secretKeyRef: 81 name: kcp-postgresql 82 key: postgresql-broker-db-name 83 - name: DB_SSL 84 valueFrom: 85 secretKeyRef: 86 name: kcp-postgresql 87 key: postgresql-sslMode 88 - name: DB_SSLROOTCERT 89 value: /secrets/cloudsql-sslrootcert/server-ca.pem 90 - name: MIGRATION_PATH 91 value: "kyma-environment-broker" 92 - name: DIRECTION 93 value: "up" 94 volumeMounts: 95 - name: kyma-environment-broker 96 mountPath: /migrate/new-migrations/kyma-environment-broker 97 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 98 - name: cloudsql-sslrootcert 99 mountPath: /secrets/cloudsql-sslrootcert 100 readOnly: true 101 {{- end}} 102 volumes: 103 - name: kyma-environment-broker 104 configMap: 105 name: kyma-environment-broker-migrations 106 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 107 - name: cloudsql-instance-credentials 108 secret: 109 secretName: cloudsql-instance-credentials 110 {{- end}} 111 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 112 - name: cloudsql-sslrootcert 113 secret: 114 secretName: kcp-postgresql 115 items: 116 - key: postgresql-sslRootCert 117 path: server-ca.pem 118 optional: true 119 {{- end}} 120 --- 121 apiVersion: batch/v1 122 kind: Job 123 metadata: 124 name: kcp-migration-provisioner 125 labels: 126 app: {{ .Chart.Name }} 127 release: {{ .Release.Name }} 128 annotations: 129 "helm.sh/hook": post-install,post-upgrade 130 "helm.sh/hook-weight": "2" 131 "helm.sh/hook-delete-policy": before-hook-creation 132 spec: 133 template: 134 metadata: 135 labels: 136 app: {{ .Chart.Name }} 137 release: {{ .Release.Name }} 138 {{if eq .Values.global.database.embedded.enabled false}} 139 annotations: 140 sidecar.istio.io/inject: "false" 141 {{end}} 142 spec: 143 serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }} 144 restartPolicy: Never 145 shareProcessNamespace: true 146 containers: 147 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}} 148 - name: cloudsql-proxy 149 image: {{ .Values.global.images.cloudsql_proxy_image }} 150 {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }} 151 command: ["/cloud_sql_proxy", 152 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"] 153 {{- else }} 154 command: ["/cloud_sql_proxy", 155 "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432", 156 "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"] 157 volumeMounts: 158 - name: cloudsql-instance-credentials 159 mountPath: /secrets/cloudsql-instance-credentials 160 readOnly: true 161 {{- end }} 162 {{- end}} 163 - name: migrator 164 image: {{ .Values.global.images.containerRegistry.path }}/{{ .Values.global.images.schema_migrator.dir }}schema-migrator:{{ .Values.global.images.schema_migrator.version }} 165 imagePullPolicy: IfNotPresent 166 command: 167 - /bin/program 168 env: 169 {{if eq .Values.global.database.embedded.enabled true}} 170 - name: DATABASE_EMBEDDED 171 value: "true" 172 {{end}} 173 {{if eq .Values.global.database.embedded.enabled false}} 174 - name: DATABASE_EMBEDDED 175 value: "false" 176 {{end}} 177 - name: DB_USER 178 valueFrom: 179 secretKeyRef: 180 name: kcp-postgresql 181 key: postgresql-provisioner-username 182 - name: DB_PASSWORD 183 valueFrom: 184 secretKeyRef: 185 name: kcp-postgresql 186 key: postgresql-provisioner-password 187 - name: DB_HOST 188 valueFrom: 189 secretKeyRef: 190 name: kcp-postgresql 191 key: postgresql-serviceName 192 - name: DB_PORT 193 valueFrom: 194 secretKeyRef: 195 name: kcp-postgresql 196 key: postgresql-servicePort 197 - name: DB_NAME 198 valueFrom: 199 secretKeyRef: 200 name: kcp-postgresql 201 key: postgresql-provisioner-db-name 202 - name: DB_SSL 203 valueFrom: 204 secretKeyRef: 205 name: kcp-postgresql 206 key: postgresql-sslMode 207 - name: DB_SSLROOTCERT 208 value: /secrets/cloudsql-sslrootcert/server-ca.pem 209 - name: MIGRATION_PATH 210 value: "provisioner" 211 - name: DIRECTION 212 value: "up" 213 volumeMounts: 214 - name: provisioner 215 mountPath: /migrate/new-migrations/provisioner 216 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 217 - name: cloudsql-sslrootcert 218 mountPath: /secrets/cloudsql-sslrootcert 219 readOnly: true 220 {{- end}} 221 volumes: 222 - name: provisioner 223 configMap: 224 name: provisioner-migrations 225 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}} 226 - name: cloudsql-instance-credentials 227 secret: 228 secretName: cloudsql-instance-credentials 229 {{- end}} 230 {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}} 231 - name: cloudsql-sslrootcert 232 secret: 233 secretName: kcp-postgresql 234 items: 235 - key: postgresql-sslRootCert 236 path: server-ca.pem 237 optional: true 238 {{- end}} 239 {{ end }}