From d88cc2de657ffff4fcc11859df9e096f56121622 Mon Sep 17 00:00:00 2001 From: William Petit Date: Mon, 11 Dec 2023 10:45:22 +0100 Subject: [PATCH] feat(hydra): add janitor cronjob --- .../hydra-cnpg-database/kustomization.yaml | 8 ++++- .../patches/hydra-janitor-cronjob.yaml | 21 ++++++++++++ resources/hydra/kustomization.yaml | 1 + .../resources/hydra-janitor-cronjob.yaml | 34 +++++++++++++++++++ 4 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml create mode 100644 resources/hydra/resources/hydra-janitor-cronjob.yaml diff --git a/components/hydra-cnpg-database/kustomization.yaml b/components/hydra-cnpg-database/kustomization.yaml index 20b7043..4ebccef 100644 --- a/components/hydra-cnpg-database/kustomization.yaml +++ b/components/hydra-cnpg-database/kustomization.yaml @@ -29,7 +29,7 @@ vars: fieldref: fieldpath: metadata.name -patchesJson6902: +patches: - target: group: apps version: v1 @@ -42,3 +42,9 @@ patchesJson6902: kind: Job name: hydra-migrate path: patches/hydra-migrate-job.yaml +- target: + group: batch + version: v1 + kind: CronJob + name: hydra-janitor + path: patches/hydra-janitor-cronjob.yaml diff --git a/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml new file mode 100644 index 0000000..a8f576e --- /dev/null +++ b/components/hydra-cnpg-database/patches/hydra-janitor-cronjob.yaml @@ -0,0 +1,21 @@ +- op: add + path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_USER + valueFrom: + secretKeyRef: + name: hydra-postgres-user + key: username +- op: add + path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" + value: + name: HYDRA_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: hydra-postgres-user + key: password +- op: add + path: "/spec/jobTemplate/spec/template/spec/containers/0/env/-" + value: + name: DSN + value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME)-rw:5432/hydra?sslmode=disable" \ No newline at end of file diff --git a/resources/hydra/kustomization.yaml b/resources/hydra/kustomization.yaml index 779cd22..34b8a16 100644 --- a/resources/hydra/kustomization.yaml +++ b/resources/hydra/kustomization.yaml @@ -9,6 +9,7 @@ resources: - ./resources/hydra-serviceaccount.yaml - ./resources/hydra-migrate-job.yaml - ./resources/hydra-maester + - ./resources/hydra-janitor-cronjob.yaml secretGenerator: - name: hydra-secret diff --git a/resources/hydra/resources/hydra-janitor-cronjob.yaml b/resources/hydra/resources/hydra-janitor-cronjob.yaml new file mode 100644 index 0000000..d66dd85 --- /dev/null +++ b/resources/hydra/resources/hydra-janitor-cronjob.yaml @@ -0,0 +1,34 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: hydra-janitor + labels: + app.kubernetes.io/name: hydra-janitor +spec: + concurrencyPolicy: Forbid + schedule: "0 */1 * * *" + jobTemplate: + spec: + template: + metadata: + labels: + app.kubernetes.io/name: hydra-janitor + spec: + restartPolicy: OnFailure + serviceAccountName: hydra-sa + containers: + - name: janitor + image: reg.cadoles.com/proxy_cache/oryd/hydra:v2.0.3 + envFrom: + - configMapRef: + name: hydra-env + imagePullPolicy: IfNotPresent + command: ["hydra"] + env: [] + args: + - janitor + - --read-from-env + - --grants + - --requests + - --tokens + resources: {} \ No newline at end of file