resource "kubectl_manifest" "Job_taiga-createinitialtemplates" { force_new = true yaml_body = <<-EOF apiVersion: batch/v1 kind: Job metadata: name: "${var.instance}-${var.component}-post-config" namespace: "${var.namespace}" labels: ${jsonencode(local.postcfg_all_labels)} ownerReferences: ${jsonencode(var.install_owner)} spec: backoffLimit: 4 parallelism: 1 template: spec: restartPolicy: Never initContainers: - name: wait-for-svc image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" imagePullPolicy: ${var.images.back.pull_policy} command: ["/bin/bash", "-c"] args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"] securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault containers: - name: postconfig image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" imagePullPolicy: ${var.images.back.pull_policy} command: ["/scripts/postconfig.sh"] env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ${var.instance}-${var.component}-pg-app key: password envFrom: - secretRef: name: ${kubectl_manifest.secret.name} - configMapRef: name: ${kubectl_manifest.cm_env_back.name} volumeMounts: - name: scripts mountPath: /scripts securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumes: - name: scripts configMap: name: ${kubectl_manifest.cm_scripts.name} defaultMode: 0755 EOF }