bc20c6c8b6
This adds a cron job to manually verify all snapshot repositories are registered to any active master and data nodes. This is to address scenarios where master and data nodes do not have the desired snapshot repositories registered following node outages or reboots Change-Id: Ie6f42e95c3ca4dc2ec70f2852a2bde11e59ec097 Signed-off-by: Steve Wilkerson <sw5822@att.com>
86 lines
3.6 KiB
YAML
86 lines
3.6 KiB
YAML
{{/*
|
|
Copyright 2019 The Openstack-Helm Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if and (.Values.manifests.cron_verify_repositories) (.Values.conf.elasticsearch.snapshots.enabled) }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $esUserSecret := .Values.secrets.elasticsearch.user }}
|
|
|
|
{{- $serviceAccountName := "verify-repositories" }}
|
|
{{ tuple $envAll "verify_repositories" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: batch/v1beta1
|
|
kind: CronJob
|
|
metadata:
|
|
name: elasticsearch-verify-repositories
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
|
spec:
|
|
schedule: {{ .Values.jobs.verify_repositories.cron | quote }}
|
|
successfulJobsHistoryLimit: {{ .Values.jobs.verify_repositories.history.success }}
|
|
failedJobsHistoryLimit: {{ .Values.jobs.verify_repositories.history.failed }}
|
|
concurrencyPolicy: Forbid
|
|
jobTemplate:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "elasticsearch" "verify-repositories" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "elasticsearch" "verify-repositories" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
|
|
spec:
|
|
nodeSelector:
|
|
{{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value | quote }}
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
restartPolicy: OnFailure
|
|
initContainers:
|
|
{{ tuple $envAll "verify_repositories" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
|
|
containers:
|
|
- name: elasticsearch-verify-repositories
|
|
{{ tuple $envAll "snapshot_repository" | include "helm-toolkit.snippets.image" | indent 14 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.snapshot_repository | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
|
|
command:
|
|
- /tmp/verify-repositories.sh
|
|
env:
|
|
- name: ELASTICSEARCH_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $esUserSecret }}
|
|
key: ELASTICSEARCH_USERNAME
|
|
- name: ELASTICSEARCH_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $esUserSecret }}
|
|
key: ELASTICSEARCH_PASSWORD
|
|
- name: ELASTICSEARCH_HOST
|
|
value: {{ tuple "elasticsearch" "internal" "http" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" }}
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: elasticsearch-bin
|
|
mountPath: /tmp/verify-repositories.sh
|
|
subPath: verify-repositories.sh
|
|
readOnly: true
|
|
volumes:
|
|
- name: pod-tmp
|
|
emptyDir: {}
|
|
- name: elasticsearch-bin
|
|
configMap:
|
|
name: elasticsearch-bin
|
|
defaultMode: 0555
|
|
{{- end }}
|