CoCalc -- job.go

GitHub Repository: gitpod-io/gitpod
Path: blob/main/install/installer/pkg/components/database/init/job.go
²⁵⁰⁴ views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
// This runs the init scripts in a non-inCluster DB instance
6

7
package init
8

9
import (
10
	"fmt"
11

12
	"github.com/gitpod-io/gitpod/installer/pkg/common"
13
	batchv1 "k8s.io/api/batch/v1"
14
	corev1 "k8s.io/api/core/v1"
15
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
16
	"k8s.io/apimachinery/pkg/runtime"
17
	"k8s.io/utils/pointer"
18
)
19

20
func job(ctx *common.RenderContext) ([]runtime.Object, error) {
21
	if disableMigration := common.IsDatabaseMigrationDisabled(ctx); disableMigration {
22
		return nil, nil
23
	}
24

25
	objectMeta := metav1.ObjectMeta{
26
		Name:        fmt.Sprintf("%s-session", Component),
27
		Namespace:   ctx.Namespace,
28
		Labels:      common.CustomizeLabel(ctx, Component, common.TypeMetaBatchJob),
29
		Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaBatchJob),
30
	}
31

32
	volumes := []corev1.Volume{{
33
		Name: sqlInitScripts,
34
		VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{
35
			LocalObjectReference: corev1.LocalObjectReference{Name: sqlInitScripts},
36
		}},
37
	}}
38
	volumeMounts := []corev1.VolumeMount{{
39
		Name:      sqlInitScripts,
40
		MountPath: "/db-init-scripts",
41
		ReadOnly:  true,
42
	}}
43

44
	// We already have CA loaded at common.DBCaCertEnvVarName, but mysql cli needs a file here, so we mount it like as one.
45
	sslOptions := ""
46
	if ctx.Config.Database.SSL != nil && ctx.Config.Database.SSL.CaCert != nil {
47
		volumes = append(volumes, corev1.Volume{
48
			Name: caCertMountName,
49
			VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
50
				SecretName: ctx.Config.Database.SSL.CaCert.Name,
51
			}},
52
		})
53
		volumeMounts = append(volumeMounts, corev1.VolumeMount{
54
			Name:      caCertMountName,
55
			MountPath: common.DBCaBasePath,
56
			ReadOnly:  true,
57
		})
58
		sslOptions = fmt.Sprintf(" --ssl-mode=VERIFY_IDENTITY --ssl-ca=%s ", common.DBCaPath)
59
	}
60

61
	return []runtime.Object{&batchv1.Job{
62
		TypeMeta:   common.TypeMetaBatchJob,
63
		ObjectMeta: objectMeta,
64
		Spec: batchv1.JobSpec{
65
			TTLSecondsAfterFinished: pointer.Int32(60),
66
			Template: corev1.PodTemplateSpec{
67
				ObjectMeta: objectMeta,
68
				Spec: corev1.PodSpec{
69
					RestartPolicy:      corev1.RestartPolicyNever,
70
					ServiceAccountName: Component,
71
					EnableServiceLinks: pointer.Bool(false),
72
					Volumes:            volumes,
73
					// The init container is designed to emulate Helm hooks
74
					InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx)},
75
					Containers: []corev1.Container{{
76
						Name:            fmt.Sprintf("%s-session", Component),
77
						Image:           ctx.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, ""), dbSessionsImage, dbSessionsTag),
78
						ImagePullPolicy: corev1.PullIfNotPresent,
79
						Env: common.MergeEnv(
80
							common.DatabaseEnv(&ctx.Config),
81
						),
82
						SecurityContext: &corev1.SecurityContext{
83
							AllowPrivilegeEscalation: pointer.Bool(false),
84
						},
85
						Command: []string{
86
							"sh",
87
							"-c",
88
							fmt.Sprintf("mysql -h $DB_HOST --port $DB_PORT -u $DB_USERNAME -p$DB_PASSWORD %s< /db-init-scripts/init.sql", sslOptions),
89
						},
90
						VolumeMounts: volumeMounts,
91
					}},
92
				},
93
			},
94
		},
95
	}}, nil
96
}
97

98
Product

Resources

Company
