{{- include "keto.automigration.typeVerification" . -}}
{{- if and ( .Values.keto.automigration.enabled ) ( eq .Values.keto.automigration.type "job" ) }}
{{- $extraLabels := ternary .Values.deployment.extraLabels .Values.extraLabels (not (empty .Values.deployment.extraLabels )) -}}
{{- $extraVolumeMounts := ternary .Values.deployment.extraVolumeMounts .Values.extraVolumeMounts (not (empty .Values.deployment.extraVolumeMounts )) -}}
{{- $extraVolumes := ternary .Values.deployment.extraVolumes .Values.extraVolumes (not (empty .Values.deployment.extraVolumes )) -}}
{{- $nodeSelector := ternary .Values.job.nodeSelector .Values.deployment.nodeSelector (not (empty .Values.job.nodeSelector )) -}}
{{- $migrationExtraEnv := ternary .Values.job.extraEnv .Values.deployment.extraEnv (not (empty .Values.job.extraEnv )) -}}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "keto.fullname" . }}-automigrate
{{- if .Release.Namespace }}
namespace: {{ .Release.Namespace }}
{{- end }}
labels:
{{- include "keto.labels" . | nindent 4 }}
{{- with $extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
{{- with .Values.job.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
template:
metadata:
annotations:
{{- with .Values.job.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.job.podMetadata.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "keto.fullname" . }}-automigrate
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with $extraLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.job.podMetadata.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "keto.job.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.job.automountServiceAccountToken }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}-automigrate
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.keto.automigration.customCommand }}
command: {{- toYaml .Values.keto.automigration.customCommand | nindent 10 }}
{{- else }}
command: ["keto"]
{{- end }}
{{- if .Values.keto.automigration.customArgs }}
args: {{- toYaml .Values.keto.automigration.customArgs | nindent 10 }}
{{- else }}
args: [ "migrate", "up", "-y", "--config", "/etc/config/keto.yaml" ]
{{- end }}
{{- if .Values.job.lifecycle }}
{{- tpl .Values.job.lifecycle . | nindent 8 }}
{{- end }}
volumeMounts:
- name: {{ include "keto.name" . }}-config-volume
mountPath: /etc/config
readOnly: true
{{- with $extraVolumeMounts }}
{{- toYaml . | nindent 10 }}
{{- end }}
env:
{{- if not (empty ( include "keto.dsn" . )) }}
{{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}
- name: DSN
valueFrom:
secretKeyRef:
name: {{ include "keto.secretname" . }}
key: dsn
{{- end }}
{{- end }}
{{- with $migrationExtraEnv }}
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.job.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.job.extraContainers }}
{{- tpl .Values.job.extraContainers . | nindent 6 }}
{{- end }}
{{- if .Values.job.extraInitContainers }}
initContainers:
{{- tpl .Values.job.extraInitContainers . | nindent 8 }}
{{- end }}
restartPolicy: Never
volumes:
- name: {{ include "keto.name" . }}-config-volume
configMap:
name: {{ include "keto.fullname" . }}-migrate
{{- with $extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.job.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
shareProcessNamespace: {{ .Values.job.shareProcessNamespace }}
backoffLimit: {{ .Values.job.spec.backoffLimit }}
{{- end }}