apiVersion: batch/v1
kind: Job
metadata:
  name: migration
  namespace: $K8S_NAMESPACE
spec:
  ttlSecondsAfterFinished: 100
  backoffLimit: 2
  template:
    metadata:
      labels:
        app: atst
        role: migration
        aadpodidbinding: atat-kv-id-binding
    spec:
      containers:
      - name: migration
        image: $CONTAINER_IMAGE
        command: [
          "/bin/sh", "-c"
        ]
        args:
          - |
              /opt/atat/atst/.venv/bin/python \
              /opt/atat/atst/.venv/bin/alembic \
              upgrade head \
              && \
              /opt/atat/atst/.venv/bin/python \
              /opt/atat/atst/script/seed_roles.py
        envFrom:
        - configMapRef:
            name: atst-envvars
        - configMapRef:
            name: atst-worker-envvars
        volumeMounts:
          - name: pgsslrootcert
            mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt"
            subPath: pgsslrootcert.crt
          - name: flask-secret
            mountPath: "/config"
      volumes:
        - name: pgsslrootcert
          configMap:
            name: pgsslrootcert
            items:
            - key: cert
              path: pgsslrootcert.crt
              mode: 0666
        - name: flask-secret
          flexVolume:
            driver: "azure/kv"
            options:
              usepodidentity: "true"
              keyvaultname: "atat-vault-test"
              keyvaultobjectnames: "master-AZURE-STORAGE-KEY;master-MAIL-PASSWORD;master-PGPASSWORD;master-REDIS-PASSWORD;master-SECRET-KEY"
              keyvaultobjectaliases: "AZURE_STORAGE_KEY;MAIL_PASSWORD;PGPASSWORD;REDIS_PASSWORD;SECRET_KEY"
              keyvaultobjecttypes: "secret;secret;secret;secret;key"
              tenantid: $TENANT_ID
      restartPolicy: Never