125 lines
3.8 KiB
HCL
125 lines
3.8 KiB
HCL
resource "kubectl_manifest" "Job_openproject-seeder-20240528164127" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: openproject-seeder-20240528164127
|
|
labels: ${jsonencode(local.common-labels)}
|
|
namespace: ${var.namespace}
|
|
ownerReferences: ${jsonencode(var.install_owner)}
|
|
spec:
|
|
ttlSecondsAfterFinished: 6000
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: openproject
|
|
helm.sh/chart: openproject-5.1.4
|
|
app.kubernetes.io/instance: openproject
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/version: '14'
|
|
openproject/process: seeder
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 1000
|
|
volumes:
|
|
- name: tmp
|
|
ephemeral:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
- name: app-tmp
|
|
ephemeral:
|
|
volumeClaimTemplate:
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 5Gi
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
claimName: openproject
|
|
initContainers:
|
|
- name: check-db-ready
|
|
image: docker.io/postgres:13
|
|
imagePullPolicy: Always
|
|
command:
|
|
- sh
|
|
- -c
|
|
- until pg_isready -h $DATABASE_HOST -p $DATABASE_PORT -U openproject; do echo "waiting for database $DATABASE_HOST:$DATABASE_PORT"; sleep 2; done;
|
|
envFrom:
|
|
- secretRef:
|
|
name: openproject-core
|
|
- secretRef:
|
|
name: openproject-oidc
|
|
- secretRef:
|
|
name: openproject-memcached
|
|
env:
|
|
- name: OPENPROJECT_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: openproject-postgresql
|
|
key: password
|
|
resources:
|
|
limits:
|
|
memory: 200Mi
|
|
requests:
|
|
memory: 200Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
containers:
|
|
- name: seeder
|
|
image: docker.io/openproject/openproject:14-slim
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- bash
|
|
- /app/docker/prod/seeder
|
|
envFrom:
|
|
- secretRef:
|
|
name: openproject-core
|
|
- secretRef:
|
|
name: openproject-oidc
|
|
- secretRef:
|
|
name: openproject-memcached
|
|
env:
|
|
- name: OPENPROJECT_DB_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: openproject-postgresql
|
|
key: password
|
|
volumeMounts:
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
- mountPath: /app/tmp
|
|
name: app-tmp
|
|
- name: data
|
|
mountPath: /var/openproject/assets
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsGroup: 1000
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
restartPolicy: OnFailure
|
|
EOF
|
|
}
|
|
|