213 lines
7 KiB
YAML
213 lines
7 KiB
YAML
apiVersion: v1
|
|
kind: Template
|
|
metadata:
|
|
name: image-builder-maintenance
|
|
annotations:
|
|
openshift.io/display-name: Image Builder maintenance
|
|
description: |
|
|
Cronjob related to maintaining both composer and the workers.
|
|
tags: golang
|
|
iconClass: icon-shadowman
|
|
template.openshift.io/provider-display-name: Red Hat, Inc.
|
|
labels:
|
|
template: image-builder-maintenance
|
|
objects:
|
|
- apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
labels:
|
|
service: image-builder
|
|
name: image-builder-maintenance
|
|
spec:
|
|
# run maintenance job at midnight
|
|
schedule: 0 0 * * *
|
|
concurrencyPolicy: Forbid
|
|
# don't run if the job doesn't get scheduled within 30 minutes
|
|
startingDeadlineSeconds: 1800
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: image-builder-maintenance
|
|
restartPolicy: Never
|
|
containers:
|
|
- image: "${IMAGE_NAME}:${IMAGE_TAG}"
|
|
name: image-builder-maintenance
|
|
resources:
|
|
requests:
|
|
cpu: "${CPU_REQUEST}"
|
|
memory: "${MEMORY_REQUEST}"
|
|
limits:
|
|
cpu: "${CPU_LIMIT}"
|
|
memory: "${MEMORY_LIMIT}"
|
|
env:
|
|
- name: PGHOST
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: composer-db
|
|
key: db.host
|
|
optional: true
|
|
- name: PGPORT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: composer-db
|
|
key: db.port
|
|
optional: true
|
|
- name: PGDATABASE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: composer-db
|
|
key: db.name
|
|
optional: true
|
|
- name: PGUSER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: composer-db
|
|
key: db.user
|
|
optional: true
|
|
- name: PGPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: composer-db
|
|
key: db.password
|
|
optional: true
|
|
- name: PGSSLMODE
|
|
value: "${PGSSLMODE}"
|
|
- name: GCP_AUTH_PROVIDER_X509_CERT_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: auth_provider_x509_cert_url
|
|
optional: true
|
|
- name: GCP_AUTH_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: auth_uri
|
|
optional: true
|
|
- name: GCP_CLIENT_EMAIL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: client_email
|
|
optional: true
|
|
- name: GCP_CLIENT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: client_id
|
|
optional: true
|
|
- name: GCP_CLIENT_X509_CERT_URL
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: client_x509_cert_url
|
|
optional: true
|
|
- name: GCP_PRIVATE_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: private_key
|
|
optional: true
|
|
- name: GCP_PRIVATE_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: private_key_id
|
|
optional: true
|
|
- name: GCP_PROJECT_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: project_id
|
|
optional: true
|
|
- name: GCP_TOKEN_URI
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: token_uri
|
|
optional: true
|
|
- name: GCP_TYPE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: gcp-service-account
|
|
key: type
|
|
optional: true
|
|
- name: AWS_ACCESS_KEY_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: aws-account
|
|
key: access_key_id
|
|
optional: true
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: aws-account
|
|
key: secret_access_key
|
|
optional: true
|
|
- name: DRY_RUN
|
|
value: "${MAINTENANCE_DRY_RUN}"
|
|
- name: ENABLE_AWS_MAINTENANCE
|
|
value: "${ENABLE_AWS_MAINTENANCE}"
|
|
- name: ENABLE_GCP_MAINTENANCE
|
|
value: "${ENABLE_GCP_MAINTENANCE}"
|
|
- name: ENABLE_DB_MAINTENANCE
|
|
value: "${ENABLE_DB_MAINTENANCE}"
|
|
- name: MAX_CONCURRENT_REQUESTS
|
|
value: "${MAINTENANCE_MAX_CONCURRENT_REQUESTS}"
|
|
|
|
- apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: image-builder-maintenance
|
|
imagePullSecrets:
|
|
- name: quay.io
|
|
|
|
parameters:
|
|
- description: maintenance image name
|
|
name: IMAGE_NAME
|
|
value: quay.io/app-sre/composer-maintenance
|
|
required: true
|
|
- description: composer image tag
|
|
name: IMAGE_TAG
|
|
required: true
|
|
- name: CPU_REQUEST
|
|
description: CPU request per container
|
|
value: "50m"
|
|
- name: CPU_LIMIT
|
|
description: CPU limit per container
|
|
value: "100m"
|
|
- name: MEMORY_REQUEST
|
|
description: Memory request per container
|
|
value: "128Mi"
|
|
- name: MEMORY_LIMIT
|
|
description: Memory limit per container
|
|
value: "512Mi"
|
|
- description: composer-maintenance dry run
|
|
name: MAINTENANCE_DRY_RUN
|
|
# don't change this value, overwrite it in app-interface for a specific namespace
|
|
value: "true"
|
|
required: true
|
|
- description: Enable AWS maintenance
|
|
name: ENABLE_AWS_MAINTENANCE
|
|
# don't change this value, overwrite it in app-interface for a specific namespace
|
|
value: "false"
|
|
required: true
|
|
- description: Enable GPC maintenance
|
|
name: ENABLE_GCP_MAINTENANCE
|
|
# don't change this value, overwrite it in app-interface for a specific namespace
|
|
value: "false"
|
|
required: true
|
|
- description: Enable DB maintenance
|
|
name: ENABLE_DB_MAINTENANCE
|
|
# don't change this value, overwrite it in app-interface for a specific namespace
|
|
value: "false"
|
|
required: true
|
|
- description: postgres sslmode to use when connecting to the db
|
|
name: PGSSLMODE
|
|
value: "require"
|
|
required: true
|
|
- description: composer-maintenance max concurrent requests
|
|
name: MAINTENANCE_MAX_CONCURRENT_REQUESTS
|
|
value: "10"
|
|
required: true
|