apiVersion: template.openshift.io/v1 kind: Template metadata: name: image-builder-maintenance annotations: openshift.io/display-name: Image Builder maintenance description: | Cronjob related to maintaining both composer and the workers. tags: golang iconClass: icon-shadowman template.openshift.io/provider-display-name: Red Hat, Inc. labels: template: image-builder-maintenance objects: - apiVersion: batch/v1 kind: CronJob metadata: labels: service: image-builder name: image-builder-maintenance spec: # run maintenance job at midnight schedule: 0 0 * * * concurrencyPolicy: Forbid # don't run if the job doesn't get scheduled within 30 minutes startingDeadlineSeconds: 1800 jobTemplate: spec: template: spec: serviceAccountName: image-builder-maintenance restartPolicy: Never containers: - image: "${IMAGE_NAME}:${IMAGE_TAG}" name: image-builder-maintenance resources: requests: cpu: "${CPU_REQUEST}" memory: "${MEMORY_REQUEST}" limits: cpu: "${CPU_LIMIT}" memory: "${MEMORY_LIMIT}" env: - name: PGHOST valueFrom: secretKeyRef: name: composer-db key: db.host optional: true - name: PGPORT valueFrom: secretKeyRef: name: composer-db key: db.port optional: true - name: PGDATABASE valueFrom: secretKeyRef: name: composer-db key: db.name optional: true - name: PGUSER valueFrom: secretKeyRef: name: composer-db key: db.user optional: true - name: PGPASSWORD valueFrom: secretKeyRef: name: composer-db key: db.password optional: true - name: PGSSLMODE value: "${PGSSLMODE}" - name: GCP_AUTH_PROVIDER_X509_CERT_URL valueFrom: secretKeyRef: name: gcp-service-account key: auth_provider_x509_cert_url optional: true - name: GCP_AUTH_URI valueFrom: secretKeyRef: name: gcp-service-account key: auth_uri optional: true - name: GCP_CLIENT_EMAIL valueFrom: secretKeyRef: name: gcp-service-account key: client_email optional: true - name: GCP_CLIENT_ID valueFrom: secretKeyRef: name: gcp-service-account key: client_id optional: true - name: GCP_CLIENT_X509_CERT_URL valueFrom: secretKeyRef: name: gcp-service-account key: client_x509_cert_url optional: true - name: GCP_PRIVATE_KEY valueFrom: secretKeyRef: name: gcp-service-account key: private_key optional: true - name: GCP_PRIVATE_KEY_ID valueFrom: secretKeyRef: name: gcp-service-account key: private_key_id optional: true - name: GCP_PROJECT_ID valueFrom: secretKeyRef: name: gcp-service-account key: project_id optional: true - name: GCP_TOKEN_URI valueFrom: secretKeyRef: name: gcp-service-account key: token_uri optional: true - name: GCP_TYPE valueFrom: secretKeyRef: name: gcp-service-account key: type optional: true - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: aws-account key: access_key_id optional: true - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: aws-account key: secret_access_key optional: true - name: DRY_RUN value: "${MAINTENANCE_DRY_RUN}" - name: ENABLE_AWS_MAINTENANCE value: "${ENABLE_AWS_MAINTENANCE}" - name: ENABLE_GCP_MAINTENANCE value: "${ENABLE_GCP_MAINTENANCE}" - name: ENABLE_DB_MAINTENANCE value: "${ENABLE_DB_MAINTENANCE}" - name: MAX_CONCURRENT_REQUESTS value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}" - apiVersion: v1 kind: ServiceAccount metadata: name: image-builder-maintenance imagePullSecrets: - name: quay.io parameters: - description: maintenance image name name: IMAGE_NAME value: quay.io/app-sre/composer-maintenance required: true - description: composer image tag name: IMAGE_TAG required: true - name: CPU_REQUEST description: CPU request per container value: "50m" - name: CPU_LIMIT description: CPU limit per container value: "100m" - name: MEMORY_REQUEST description: Memory request per container value: "128Mi" - name: MEMORY_LIMIT description: Memory limit per container value: "512Mi" - description: composer-maintenance dry run name: MAINTENANCE_DRY_RUN # don't change this value, overwrite it in app-interface for a specific namespace value: "true" required: true - description: Enable AWS maintenance name: ENABLE_AWS_MAINTENANCE # don't change this value, overwrite it in app-interface for a specific namespace value: "false" required: true - description: Enable GPC maintenance name: ENABLE_GCP_MAINTENANCE # don't change this value, overwrite it in app-interface for a specific namespace value: "false" required: true - description: Enable DB maintenance name: ENABLE_DB_MAINTENANCE # don't change this value, overwrite it in app-interface for a specific namespace value: "false" required: true - description: postgres sslmode to use when connecting to the db name: PGSSLMODE value: "require" required: true - description: composer-maintenance max concurrent requests name: MAINTENANCE_MAX_CONCURRENT_REQUESTS value: "10" required: true