resource "kubectl_manifest" "Job_openproject-seeder-20240528164127" {
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
      name: openproject-seeder-20240528164127
      labels: ${jsonencode(local.common-labels)}
      namespace: ${var.namespace}
      ownerReferences: ${jsonencode(var.install_owner)}
    spec:
      ttlSecondsAfterFinished: 6000
      template:
        metadata:
          labels:
            app.kubernetes.io/name: openproject
            helm.sh/chart: openproject-5.1.4
            app.kubernetes.io/instance: openproject
            app.kubernetes.io/managed-by: Helm
            app.kubernetes.io/version: '14'
            openproject/process: seeder
        spec:
          securityContext:
            fsGroup: 1000
          volumes:
          - name: tmp
            ephemeral:
              volumeClaimTemplate:
                spec:
                  accessModes:
                  - ReadWriteOnce
                  resources:
                    requests:
                      storage: 5Gi
          - name: app-tmp
            ephemeral:
              volumeClaimTemplate:
                spec:
                  accessModes:
                  - ReadWriteOnce
                  resources:
                    requests:
                      storage: 5Gi
          - name: data
            persistentVolumeClaim:
              claimName: openproject
          initContainers:
          - name: check-db-ready
            image: docker.io/postgres:13
            imagePullPolicy: Always
            command:
            - sh
            - -c
            - until pg_isready -h $DATABASE_HOST -p $DATABASE_PORT -U openproject; do echo "waiting for database $DATABASE_HOST:$DATABASE_PORT"; sleep 2; done;
            envFrom:
            - secretRef:
                name: openproject-core
            - secretRef:
                name: openproject-oidc
            - secretRef:
                name: openproject-memcached
            env:
            - name: OPENPROJECT_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: openproject-postgresql
                  key: password
            resources:
              limits:
                memory: 200Mi
              requests:
                memory: 200Mi
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - ALL
              readOnlyRootFilesystem: true
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
          containers:
          - name: seeder
            image: docker.io/openproject/openproject:14-slim
            imagePullPolicy: IfNotPresent
            args:
            - bash
            - /app/docker/prod/seeder
            envFrom:
            - secretRef:
                name: openproject-core
            - secretRef:
                name: openproject-oidc
            - secretRef:
                name: openproject-memcached
            env:
            - name: OPENPROJECT_DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: openproject-postgresql
                  key: password
            volumeMounts:
            - mountPath: /tmp
              name: tmp
            - mountPath: /app/tmp
              name: app-tmp
            - name: data
              mountPath: /var/openproject/assets
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
                drop:
                - ALL
              readOnlyRootFilesystem: true
              runAsGroup: 1000
              runAsNonRoot: true
              runAsUser: 1000
              seccompProfile:
                type: RuntimeDefault
          restartPolicy: OnFailure
EOF
}