9133218e83
exporter-jpb-create-user was failing due to the field immutability which was resulting in the manual delete of the job for every helm upgrade to be successful. Reason being job being upgraded before the other manifest that are required been updated. It can be avoided by using helm-hook post-install and post-upgrade which will force the job manifest to be applied only after all other manifest are applied. Hook annotation is provided "5" so that the if other jobs are annotated, exporter job will be last to created. helm3_hook value is used for the condition which will enable the disable of the hook. Change-Id: I2039abb5bad07a19fd09fc5e245485c3c772beca
97 lines
4.4 KiB
YAML
97 lines
4.4 KiB
YAML
{{/*
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/}}
|
|
|
|
{{- if and .Values.manifests.monitoring.prometheus.job_user_create .Values.monitoring.prometheus.enabled }}
|
|
{{- $envAll := . }}
|
|
|
|
{{- $serviceAccountName := "exporter-create-sql-user" }}
|
|
{{ tuple $envAll "prometheus_create_mysql_user" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: exporter-create-sql-user
|
|
{{- if .Values.helm3_hook }}
|
|
annotations:
|
|
"helm.sh/hook": "post-install,post-upgrade"
|
|
"helm.sh/hook-weight": "5"
|
|
"helm.sh/hook-delete-policy": "before-hook-creation"
|
|
{{- end }}
|
|
spec:
|
|
backoffLimit: {{ .Values.jobs.exporter_create_sql_user.backoffLimit }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{ tuple $envAll "prometheus-mysql-exporter" "create-sql-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
|
annotations:
|
|
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
|
|
{{ dict "envAll" $envAll "podName" "create-sql-user" "containerNames" (list "init" "exporter-create-sql-user") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
|
|
spec:
|
|
shareProcessNamespace: true
|
|
serviceAccountName: {{ $serviceAccountName }}
|
|
{{ dict "envAll" $envAll "application" "prometheus_create_mysql_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
|
activeDeadlineSeconds: {{ .Values.jobs.exporter_create_sql_user.activeDeadlineSeconds }}
|
|
restartPolicy: OnFailure
|
|
nodeSelector:
|
|
{{ .Values.labels.prometheus_mysql_exporter.node_selector_key }}: {{ .Values.labels.prometheus_mysql_exporter.node_selector_value }}
|
|
initContainers:
|
|
{{ tuple $envAll "prometheus_create_mysql_user" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
|
containers:
|
|
- name: exporter-create-sql-user
|
|
{{ tuple $envAll "prometheus_create_mysql_user" | include "helm-toolkit.snippets.image" | indent 10 }}
|
|
{{ dict "envAll" $envAll "application" "prometheus_create_mysql_user" "container" "main" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
|
{{ tuple $envAll $envAll.Values.pod.resources.jobs.prometheus_create_mysql_user | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
|
command:
|
|
- /tmp/create-mysql-user.sh
|
|
env:
|
|
- name: EXPORTER_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mysql-exporter-secrets
|
|
key: EXPORTER_USER
|
|
- name: EXPORTER_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: mysql-exporter-secrets
|
|
key: EXPORTER_PASSWORD
|
|
{{- if $envAll.Values.manifests.certificates }}
|
|
- name: MARIADB_X509
|
|
value: "REQUIRE X509"
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: pod-tmp
|
|
mountPath: /tmp
|
|
- name: mysql-exporter-bin
|
|
mountPath: /tmp/create-mysql-user.sh
|
|
subPath: create-mysql-user.sh
|
|
readOnly: true
|
|
- name: mariadb-secrets
|
|
mountPath: /etc/mysql/admin_user.cnf
|
|
subPath: admin_user.cnf
|
|
readOnly: true
|
|
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
|
|
volumes:
|
|
- name: pod-tmp
|
|
emptyDir: {}
|
|
- name: mysql-exporter-bin
|
|
configMap:
|
|
name: mysql-exporter-bin
|
|
defaultMode: 0555
|
|
- name: mariadb-secrets
|
|
secret:
|
|
secretName: mariadb-secrets
|
|
defaultMode: 0444
|
|
{{ dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.secrets.tls.oslo_db.server.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
|
|
{{- end }}
|