charts/heat/templates/cron-job-purge-deleted.yaml

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if .Values.manifests.cron_job_purge_deleted }}
{{- $envAll := . }}

{{- $mounts_heat_purge_deleted := .Values.pod.mounts.heat_purge_deleted.heat_purge_deleted }}
{{- $mounts_heat_purge_deleted_init := .Values.pod.mounts.heat_purge_deleted.init_container }}

{{- $serviceAccountName := "heat-purge-deleted" }}
{{ tuple $envAll "purge_deleted" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: heat-purge-deleted
  annotations:
    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
  schedule: {{ .Values.jobs.purge_deleted.cron | quote }}
  successfulJobsHistoryLimit: {{ .Values.jobs.purge_deleted.history.success }}
  failedJobsHistoryLimit: {{ .Values.jobs.purge_deleted.history.failed }}
  concurrencyPolicy: Forbid
  jobTemplate:
    metadata:
      labels:
{{ tuple $envAll "heat" "purge-deleted" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
      annotations:
{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
    spec:
      template:
        metadata:
          labels:
{{ tuple $envAll "heat" "purge-deleted" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 12 }}
          annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 12 }}
{{ dict "envAll" $envAll "podName" "heat-purge-deleted" "containerNames" (list "init" "heat-purge-deleted" ) | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
        spec:
{{ with .Values.pod.priorityClassName.heat_purge_deleted }}
          priorityClassName: {{ . }}
{{ end }}
{{ with .Values.pod.runtimeClassName.heat_purge_deleted }}
          runtimeClassName: {{ . }}
{{ end }}
          serviceAccountName: {{ $serviceAccountName }}
          restartPolicy: OnFailure
{{ if $envAll.Values.pod.tolerations.heat.enabled }}
{{ tuple $envAll "heat" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 10 }}
{{ end }}
          nodeSelector:
            {{ .Values.labels.job.node_selector_key }}: {{ .Values.labels.job.node_selector_value }}
          initContainers:
{{ tuple $envAll "purge_deleted" $mounts_heat_purge_deleted_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 12 }}
          containers:
            - name: heat-purge-deleted
{{ tuple $envAll "heat_purge_deleted" | include "helm-toolkit.snippets.image" | indent 14 }}
{{ tuple $envAll $envAll.Values.pod.resources.jobs.purge_deleted | include "helm-toolkit.snippets.kubernetes_resources" | indent 14 }}
{{- if or .Values.manifests.certificates .Values.tls.identity }}
              env:
                - name: REQUESTS_CA_BUNDLE
                  value: "/etc/heat/certs/ca.crt"
{{- end }}
              command:
                - /tmp/heat-purge-deleted-active.sh
                - {{ quote .Values.jobs.purge_deleted.purge_age }}
              volumeMounts:
              - name: pod-tmp
                mountPath: /tmp
              - name: heat-bin
                mountPath: /tmp/heat-purge-deleted-active.sh
                subPath: heat-purge-deleted-active.sh
                readOnly: true
              - name: etcheat
                mountPath: /etc/heat
              - name: heat-etc
                mountPath: /etc/heat/heat.conf
                subPath: heat.conf
                readOnly: true
              {{ if .Values.conf.heat.DEFAULT.log_config_append }}
              - name: heat-etc
                mountPath: {{ .Values.conf.heat.DEFAULT.log_config_append }}
                subPath: {{ base .Values.conf.heat.DEFAULT.log_config_append }}
                readOnly: true
              {{ end }}
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal "path" "/etc/heat/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal "path" "/etc/mysql/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 14 }}
{{ if $mounts_heat_purge_deleted.volumeMounts }}{{ toYaml $mounts_heat_purge_deleted.volumeMounts | indent 14 }}{{ end }}
          volumes:
            - name: pod-tmp
              emptyDir: {}
            - name: etcheat
              emptyDir: {}
            - name: heat-etc
              secret:
                secretName: heat-etc
                defaultMode: 0444
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.orchestration.api.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_db.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 12 }}
            - name: heat-bin
              configMap:
                name: heat-bin
                defaultMode: 0555
{{ if $mounts_heat_purge_deleted.volumes }}{{ toYaml $mounts_heat_purge_deleted.volumes | indent 12 }}{{ end }}
{{- end }}