972cf14a66
This adds an additional volume mount for Flask application secrets. These will be mounted into the ATST container so that their values can be read in as config.
60 lines
1.8 KiB
YAML
60 lines
1.8 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: migration
|
|
namespace: $K8S_NAMESPACE
|
|
spec:
|
|
ttlSecondsAfterFinished: 100
|
|
backoffLimit: 2
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: atst
|
|
role: migration
|
|
aadpodidbinding: atat-kv-id-binding
|
|
spec:
|
|
containers:
|
|
- name: migration
|
|
image: $CONTAINER_IMAGE
|
|
command: [
|
|
"/bin/sh", "-c"
|
|
]
|
|
args:
|
|
- |
|
|
/opt/atat/atst/.venv/bin/python \
|
|
/opt/atat/atst/.venv/bin/alembic \
|
|
upgrade head \
|
|
&& \
|
|
/opt/atat/atst/.venv/bin/python \
|
|
/opt/atat/atst/script/seed_roles.py
|
|
envFrom:
|
|
- configMapRef:
|
|
name: atst-envvars
|
|
- configMapRef:
|
|
name: atst-worker-envvars
|
|
volumeMounts:
|
|
- name: pgsslrootcert
|
|
mountPath: "/opt/atat/atst/ssl/pgsslrootcert.crt"
|
|
subPath: pgsslrootcert.crt
|
|
- name: flask-secret
|
|
mountPath: "/config"
|
|
volumes:
|
|
- name: pgsslrootcert
|
|
configMap:
|
|
name: pgsslrootcert
|
|
items:
|
|
- key: cert
|
|
path: pgsslrootcert.crt
|
|
mode: 0666
|
|
- name: flask-secret
|
|
flexVolume:
|
|
driver: "azure/kv"
|
|
options:
|
|
usepodidentity: "true"
|
|
keyvaultname: "atat-vault-test"
|
|
keyvaultobjectnames: "master-AZURE-STORAGE-KEY;master-MAIL-PASSWORD;master-PGPASSWORD;master-REDIS-PASSWORD;master-SECRET-KEY"
|
|
keyvaultobjectaliases: "AZURE_STORAGE_KEY;MAIL_PASSWORD;PGPASSWORD;REDIS_PASSWORD;SECRET_KEY"
|
|
keyvaultobjecttypes: "secret;secret;secret;secret;key"
|
|
tenantid: $TENANT_ID
|
|
restartPolicy: Never
|