51 lines
1.9 KiB
HCL
51 lines
1.9 KiB
HCL
resource "kubectl_manifest" "post_install_job" {
|
|
force_new = true
|
|
yaml_body = <<-EOF
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-post-config"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.postcfg_all_labels)}
|
|
spec:
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
initContainers:
|
|
- name: wait-for-svc
|
|
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
|
imagePullPolicy: ${var.images.sonar.pull_policy}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
runAsGroup: 0
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
command: ["/bin/bash", "-c"]
|
|
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
|
|
containers:
|
|
- name: post-config
|
|
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
|
|
imagePullPolicy: ${var.images.sonar.pull_policy}
|
|
command: ["/bin/bash", "-c"]
|
|
args:
|
|
- >-
|
|
curl -o /dev/null -s -w "%%{http_code}\n" -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
|
|
envFrom:
|
|
- secretRef:
|
|
name: ${kubectl_manifest.secret.name}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
EOF
|
|
}
|