{{- if .Values.janitor.enabled -}} {{- $janitorExtraEnv := ternary .Values.cronjob.janitor.extraEnv .Values.deployment.extraEnv (not (empty .Values.cronjob.janitor.extraEnv )) -}} --- apiVersion: batch/v1 kind: CronJob metadata: name: {{ include "hydra.fullname" . }}-janitor {{- if .Release.Namespace }} namespace: {{ .Release.Namespace }} {{- end }} labels: {{- include "hydra.janitor.labels" . | nindent 4 }} {{- with .Values.cronjob.janitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} annotations: {{- with .Values.cronjob.janitor.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: concurrencyPolicy: Forbid schedule: {{ .Values.cronjob.janitor.schedule | quote }} jobTemplate: spec: template: metadata: labels: {{- include "hydra.janitor.labels" . | nindent 12 }} {{- with .Values.cronjob.janitor.labels }} {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.cronjob.janitor.podMetadata.labels }} {{- toYaml . | nindent 12 }} {{- end }} annotations: {{- include "hydra.annotations.checksum" . | nindent 12 -}} {{- with .Values.cronjob.janitor.annotations }} {{- toYaml . | nindent 12 }} {{- end }} {{- with $.Values.cronjob.janitor.podMetadata.annotations }} {{- toYaml . | nindent 12 }} {{- end }} spec: restartPolicy: OnFailure {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 12 }} {{- end }} serviceAccountName: {{ include "hydra.cronjob.janitor.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.cronjob.janitor.automountServiceAccountToken }} volumes: - name: {{ include "hydra.name" . }}-config-volume configMap: name: {{ include "hydra.fullname" . }} {{- if .Values.cronjob.janitor.extraVolumes }} {{- toYaml .Values.cronjob.janitor.extraVolumes | nindent 12 }} {{- end }} containers: - name: janitor image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.cronjob.janitor.securityContext }} securityContext: {{- toYaml . | nindent 16 }} {{- end }} {{- if .Values.cronjob.janitor.customCommand }} command: {{- toYaml .Values.cronjob.janitor.customCommand | nindent 14 }} {{- else }} command: ["hydra"] {{- end }} {{- if .Values.cronjob.janitor.customArgs }} args: {{- toYaml .Values.cronjob.janitor.customArgs | nindent 14 }} {{- else }} args: - janitor {{- if .Values.janitor.cleanupGrants }} - --grants {{- end }} {{- if .Values.janitor.cleanupRequests }} - --requests {{- end }} {{- if .Values.janitor.cleanupTokens }} - --tokens {{- end }} - --batch-size - {{ .Values.janitor.batchSize | quote }} - --limit - {{ .Values.janitor.limit | quote }} - --config - /etc/config/hydra.yaml {{- end }} env: {{- if not (empty ( include "hydra.dsn" . )) }} {{- if not (include "ory.extraEnvContainsEnvName" (list $janitorExtraEnv "DSN")) }} - name: DSN valueFrom: secretKeyRef: name: {{ include "hydra.secretname" . }} key: dsn {{- end }} {{- end }} {{- with $janitorExtraEnv }} {{- toYaml . | nindent 16 }} {{- end }} resources: {{- toYaml .Values.cronjob.janitor.resources | nindent 16 }} volumeMounts: - name: {{ include "hydra.name" . }}-config-volume mountPath: /etc/config readOnly: true {{- if .Values.cronjob.janitor.extraVolumeMounts }} {{- toYaml .Values.cronjob.janitor.extraVolumeMounts | nindent 16 }} {{- end }} {{- if .Values.cronjob.janitor.extraContainers }} {{- tpl .Values.cronjob.janitor.extraContainers . | nindent 12 }} {{- end }} {{- if .Values.cronjob.janitor.extraInitContainers }} initContainers: {{- tpl .Values.cronjob.janitor.extraInitContainers . | nindent 10 }} {{- end }} {{- with .Values.cronjob.janitor.nodeSelector }} nodeSelector: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.cronjob.janitor.podSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.cronjob.janitor.tolerations }} tolerations: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.cronjob.janitor.affinity }} affinity: {{- toYaml . | nindent 12 }} {{- end }} {{- end }}