mirror of
https://git.bsd.gay/fef/nyastodon.git
synced 2025-01-22 01:14:09 +01:00
1165943968
* Mark job pods not to use Istio's envoy sidecar Istio injects sidecars into pods to implement mTLS between pods. Jobs usually don't know about this, so they don't signal the Envoy process to stop when the job finishes. Since at least one process is running in the pod, Kubernetes doesn't consider the job to be completed, so it lingers. By adding the `sidecar.istio.io/inject` annotation set to `"false"`, we let Istio know that it should not inject the sidecar. If Istio is not installed, then this has no impact. * Support arbitrary job annotations in the Helm chart Rather than focus on Istio, this allows arbitrary annotations for job pods. * Add in-line documentation for pod/job annotations
77 lines
3 KiB
YAML
77 lines
3 KiB
YAML
{{ if .Values.mastodon.cron.removeMedia.enabled }}
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: {{ include "mastodon.fullname" . }}-media-remove
|
|
labels:
|
|
{{- include "mastodon.labels" . | nindent 4 }}
|
|
spec:
|
|
schedule: {{ .Values.mastodon.cron.removeMedia.schedule }}
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
metadata:
|
|
name: {{ include "mastodon.fullname" . }}-media-remove
|
|
{{- with .Values.jobAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
|
# ensure we run on the same node as the other rails components; only
|
|
# required when using PVCs that are ReadWriteOnce
|
|
{{- if or (eq "ReadWriteOnce" .Values.mastodon.persistence.assets.accessMode) (eq "ReadWriteOnce" .Values.mastodon.persistence.system.accessMode) }}
|
|
affinity:
|
|
podAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: component
|
|
operator: In
|
|
values:
|
|
- rails
|
|
topologyKey: kubernetes.io/hostname
|
|
{{- end }}
|
|
volumes:
|
|
- name: assets
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" . }}-assets
|
|
- name: system
|
|
persistentVolumeClaim:
|
|
claimName: {{ template "mastodon.fullname" . }}-system
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ include "mastodon.fullname" . }}-media-remove
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
command:
|
|
- bin/tootctl
|
|
- media
|
|
- remove
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "mastodon.fullname" . }}-env
|
|
- secretRef:
|
|
name: {{ template "mastodon.secretName" . }}
|
|
env:
|
|
- name: "DB_PASS"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.postgresql.secretName" . }}
|
|
key: password
|
|
- name: "REDIS_PASSWORD"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ template "mastodon.redis.secretName" . }}
|
|
key: redis-password
|
|
- name: "PORT"
|
|
value: {{ .Values.mastodon.web.port | quote }}
|
|
{{- if (not .Values.mastodon.s3.enabled) }}
|
|
volumeMounts:
|
|
- name: assets
|
|
mountPath: /opt/mastodon/public/assets
|
|
- name: system
|
|
mountPath: /opt/mastodon/public/system
|
|
{{- end }}
|
|
{{- end }}
|