Blame - charts/loki/templates/tokengen/job-tokengen.yaml - atmosphere

blob: f9ae7374c2d17b42ffd273d83ce5a2dd2021ae35 [file] [log] [blame]

Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	1	{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
				2	---
				3	apiVersion: batch/v1
				4	kind: Job
				5	metadata:
				6	name: {{ template "enterprise-logs.tokengenFullname" . }}
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	7	namespace: {{ $.Release.Namespace }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	8	labels:
				9	{{- include "enterprise-logs.tokengenLabels" . \| nindent 4 }}
				10	{{- with .Values.enterprise.tokengen.labels }}
				11	{{- toYaml . \| nindent 4 }}
				12	{{- end }}
				13	annotations:
				14	{{- with .Values.enterprise.tokengen.annotations }}
				15	{{- toYaml . \| nindent 4 }}
				16	{{- end }}
				17	"helm.sh/hook": post-install
				18	"helm.sh/hook-weight": "10"
				19	spec:
				20	backoffLimit: 6
				21	completions: 1
				22	parallelism: 1
				23	template:
				24	metadata:
				25	labels:
				26	{{- include "enterprise-logs.tokengenSelectorLabels" . \| nindent 8 }}
				27	{{- with .Values.enterprise.tokengen.labels }}
				28	{{- toYaml . \| nindent 8 }}
				29	{{- end }}
				30	annotations:
				31	{{- with .Values.enterprise.tokengen.annotations }}
				32	{{- toYaml . \| nindent 8 }}
				33	{{- end }}
				34	spec:
				35	{{- with .Values.enterprise.tokengen.priorityClassName }}
				36	priorityClassName: {{ . }}
				37	{{- end }}
				38	securityContext:
				39	{{- toYaml .Values.enterprise.tokengen.securityContext \| nindent 8 }}
				40	{{- if .Values.imagePullSecrets }}
				41	imagePullSecrets:
				42	{{- toYaml .Values.imagePullSecrets \| nindent 8 }}
				43	{{- end }}
				44	initContainers:
				45	- name: loki
				46	image: {{ template "loki.image" . }}
				47	imagePullPolicy: {{ .Values.loki.image.pullPolicy }}
				48	args:
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	49	# The shared emptyDir exists only while the job is running, and is deleted once the job is completed.
				50	# The tokengen generates a new admin token in case the 'token-file' file doesn't exist.
				51	# As a result, subsequent executions of this tokengen job will generate new admin tokens.
				52	# Note that previously generated tokens remain valid, as these remain present in the object storage.
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	53	- -config.file=/etc/loki/config/config.yaml
				54	- -target={{ .Values.enterprise.tokengen.targetModule }}
				55	- -tokengen.token-file=/shared/admin-token
				56	{{- with .Values.enterprise.tokengen.extraArgs }}
				57	{{- toYaml . \| nindent 12 }}
				58	{{- end }}
				59	volumeMounts:
				60	{{- if .Values.enterprise.tokengen.extraVolumeMounts }}
				61	{{ toYaml .Values.enterprise.tokengen.extraVolumeMounts \| nindent 12 }}
				62	{{- end }}
				63	- name: shared
				64	mountPath: /shared
				65	- name: config
				66	mountPath: /etc/loki/config
				67	- name: runtime-config
				68	mountPath: /etc/loki/runtime-config
				69	- name: license
				70	mountPath: /etc/loki/license
				71	env:
				72	{{- if .Values.enterprise.tokengen.env }}
				73	{{ toYaml .Values.enterprise.tokengen.env \| nindent 12 }}
				74	{{- end }}
				75	{{- with .Values.enterprise.tokengen.extraEnvFrom }}
				76	envFrom:
				77	{{- toYaml . \| nindent 12 }}
				78	{{- end }}
				79	containers:
				80	- name: create-secret
				81	image: {{ include "loki.kubectlImage" . }}
				82	imagePullPolicy: {{ .Values.kubectlImage.pullPolicy }}
				83	command:
				84	- /bin/bash
				85	- -euc
				86	- \|
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	87	# Create or update admin token secrets generated by tokengen job
				88	kubectl create secret generic "{{ include "enterprise-logs.adminTokenSecret" . }}" \
				89	--from-file=token=/shared/admin-token \
				90	--dry-run=client -o yaml \
				91	\| kubectl apply -f -
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	92	{{- with .Values.enterprise.adminToken.additionalNamespaces }}
				93	{{- range . }}
Giovanni Tirloni	59219b6	2024-04-09 14:50:25 -0300	[diff] [blame]	94	kubectl --namespace "{{ . }}" create secret generic "{{ include "enterprise-logs.adminTokenSecret" $ }}" \
				95	--from-file=token=/shared/admin-token \
				96	--dry-run=client -o yaml \
				97	\| kubectl apply -f -
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	98	{{- end }}
				99	{{- end }}
				100	volumeMounts:
				101	{{- if .Values.enterprise.tokengen.extraVolumeMounts }}
				102	{{ toYaml .Values.enterprise.tokengen.extraVolumeMounts \| nindent 12 }}
				103	{{- end }}
				104	- name: shared
				105	mountPath: /shared
				106	- name: config
				107	mountPath: /etc/loki/config
				108	- name: license
				109	mountPath: /etc/loki/license
				110	restartPolicy: OnFailure
				111	serviceAccount: {{ template "enterprise-logs.tokengenFullname" . }}
				112	serviceAccountName: {{ template "enterprise-logs.tokengenFullname" . }}
				113	{{- with .Values.enterprise.tokengen.tolerations }}
				114	tolerations:
				115	{{- toYaml . \| nindent 8 }}
				116	{{- end }}
				117	volumes:
				118	- name: config
Mohammed Naser	65cda13	2024-05-02 14:34:08 -0400	[diff] [blame]	119	{{- include "loki.configVolume" . \| nindent 10 }}
Mohammed Naser	8a2c8fb	2023-02-19 17:23:55 +0000	[diff] [blame]	120	- name: runtime-config
				121	configMap:
				122	name: {{ template "loki.name" . }}-runtime
				123	- name: license
				124	secret:
				125	{{- if .Values.enterprise.useExternalLicense }}
				126	secretName: {{ .Values.enterprise.externalLicenseName }}
				127	{{- else }}
				128	secretName: enterprise-logs-license
				129	{{- end }}
				130	- name: shared
				131	emptyDir: {}
				132	{{- if .Values.enterprise.tokengen.extraVolumes }}
				133	{{ toYaml .Values.enterprise.tokengen.extraVolumes \| nindent 8 }}
				134	{{- end }}
				135	{{- end }}