76 lines
3.1 KiB
YAML
76 lines
3.1 KiB
YAML
|
{{- $serverEnabled := (or (and (ne (.Values.server.enabled | toString) "-") .Values.server.enabled) (and (eq (.Values.server.enabled | toString) "-") .Values.global.enabled)) -}}
|
||
|
|
{{- if (or $serverEnabled .Values.externalServers.enabled) }}
|
||
|
|
{{- if .Values.global.acls.manageSystemACLs }}
|
||
|
|
{{- /* See reason for this in server-acl-init-job.yaml */ -}}
|
||
|
|
{{- if eq (int .Values.server.updatePartition) 0 }}
|
||
|
|
# This job deletes the server-acl-init job once it completes successfully.
|
||
|
|
# It runs as a helm hook because it only needs to run when the server-acl-init
|
||
|
|
# Job gets recreated which only happens during an install or upgrade.
|
||
|
|
# We also utilize the helm hook-delete-policy to delete this job itself.
|
||
|
|
# We want to delete the server-acl-init job because once it runs successfully
|
||
|
|
# it's not needed and also because if it stays around then when users run
|
||
|
|
# helm upgrade with values that change the spec of the job, Kubernetes errors
|
||
|
|
# because the job spec is immutable. If the job is deleted, then a new job
|
||
|
|
# is created and there's no error.
|
||
|
|
apiVersion: batch/v1
|
||
|
|
kind: Job
|
||
|
|
metadata:
|
||
|
|
name: {{ template "consul.fullname" . }}-server-acl-init-cleanup
|
||
|
|
namespace: {{ .Release.Namespace }}
|
||
|
|
labels:
|
||
|
|
app: {{ template "consul.name" . }}
|
||
|
|
chart: {{ template "consul.chart" . }}
|
||
|
|
heritage: {{ .Release.Service }}
|
||
|
|
release: {{ .Release.Name }}
|
||
|
|
component: server-acl-init-cleanup
|
||
|
|
annotations:
|
||
|
|
"helm.sh/hook": post-install,post-upgrade
|
||
|
|
"helm.sh/hook-weight": "0"
|
||
|
|
# If the hook fails then all that happens is we didn't delete the job.
|
||
|
|
# There's no reason for *this* job to stay around in that case so delete
|
||
|
|
# regardless of success.
|
||
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
||
|
|
spec:
|
||
|
|
template:
|
||
|
|
metadata:
|
||
|
|
name: {{ template "consul.fullname" . }}-server-acl-init-cleanup
|
||
|
|
labels:
|
||
|
|
app: {{ template "consul.name" . }}
|
||
|
|
chart: {{ template "consul.chart" . }}
|
||
|
|
release: {{ .Release.Name }}
|
||
|
|
component: server-acl-init-cleanup
|
||
|
|
annotations:
|
||
|
|
"consul.hashicorp.com/connect-inject": "false"
|
||
|
|
spec:
|
||
|
|
restartPolicy: Never
|
||
|
|
serviceAccountName: {{ template "consul.fullname" . }}-server-acl-init-cleanup
|
||
|
|
containers:
|
||
|
|
- name: server-acl-init-cleanup
|
||
|
|
image: {{ .Values.global.imageK8S }}
|
||
|
|
command:
|
||
|
|
- consul-k8s-control-plane
|
||
|
|
args:
|
||
|
|
- delete-completed-job
|
||
|
|
- -log-level={{ .Values.global.logLevel }}
|
||
|
|
- -log-json={{ .Values.global.logJSON }}
|
||
|
|
- -k8s-namespace={{ .Release.Namespace }}
|
||
|
|
- {{ template "consul.fullname" . }}-server-acl-init
|
||
|
|
resources:
|
||
|
|
requests:
|
||
|
|
memory: "50Mi"
|
||
|
|
cpu: "50m"
|
||
|
|
limits:
|
||
|
|
memory: "50Mi"
|
||
|
|
cpu: "50m"
|
||
|
|
{{- if .Values.global.acls.tolerations }}
|
||
|
|
tolerations:
|
||
|
|
{{ tpl .Values.global.acls.tolerations . | indent 8 | trim }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.global.acls.nodeSelector }}
|
||
|
|
nodeSelector:
|
||
|
|
{{ tpl .Values.global.acls.nodeSelector . | indent 8 | trim }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|