/
job.yaml
59 lines (59 loc) · 1.77 KB
/
job.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "otomi.fullname" . }}
labels: {{- include "otomi.labels" . | nindent 4 }}
spec:
template:
metadata:
{{- with .Values.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
labels: {{- include "otomi.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "otomi.fullname" . }}
securityContext:
runAsUser: 999
runAsGroup: 999
containers:
- name: otomi-install
image: otomi/core:{{ .Values.otomi.version | default .Chart.AppVersion }}
imagePullPolicy: {{ ternary "IfNotPresent" "Always" (regexMatch "^v\\d" .Values.otomi.version) }}
resources:
limits:
memory: 2Gi
cpu: '2'
requests:
memory: 1Gi
cpu: '1'
command: [bash, -c]
args:
- |
binzx/otomi bootstrap
binzx/otomi apply
env:
- name: CI
value: '1'
- name: VERBOSITY
value: '1'
- name: OTOMI_NON_INTERACTIVE
value: 'true'
- name: ENV_DIR
value: /home/app/stack/env
- name: VALUES_INPUT
value: /secret/values.yaml
envFrom:
- secretRef:
name: {{ include "otomi.fullname" . }}-sops-secrets
volumeMounts:
- name: otomi-values
mountPath: /home/app/stack/env
- name: values-secret
mountPath: /secret
volumes:
- name: values-secret
secret:
secretName: '{{ .Release.Name }}-values'
- name: otomi-values
emptyDir: {}
restartPolicy: Never