Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/spicedb/migrations.go
2501 views
1
// Copyright (c) 2023 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package spicedb

6


7
import (

8
	"fmt"

9


10
	"github.com/gitpod-io/gitpod/installer/pkg/common"

11


12
	batchv1 "k8s.io/api/batch/v1"

13
	corev1 "k8s.io/api/core/v1"

14
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

15
	"k8s.io/apimachinery/pkg/runtime"

16
	"k8s.io/utils/pointer"

17
)

18


19
func migrations(ctx *common.RenderContext) ([]runtime.Object, error) {

20


21
	cfg := getExperimentalSpiceDBConfig(ctx)

22
	if cfg == nil {

23
		return nil, nil

24
	}

25


26
	if cfg.DisableMigrations {

27
		return nil, nil

28
	}

29


30
	objectMeta := metav1.ObjectMeta{

31
		Name:      fmt.Sprintf("%s-migrations", Component),

32
		Namespace: ctx.Namespace,

33
		Labels:    common.CustomizeLabel(ctx, Component, common.TypeMetaBatchJob),

34
		Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaBatchJob, func() map[string]string {

35
			// Because we are using ArgoCD to deploy, we need to add these annotations so:

36
			// 1. it knows when to apply it (during the "PreSync" hook, before other manifests are applied)

37
			// 2. that it should remove it once it is done

38
			//   - this is necessary so it does not show up as "ouf of sync" once the "TTLSecondsAfterFinished" option kicks in

39
			//   - if we would not remove the job at all, we would have a name clash an future updates ("field is immutable")

40
			// docs: https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks/#usage

41
			return map[string]string{

42
				"argocd.argoproj.io/hook":               "PreSync",

43
				"argocd.argoproj.io/hook-delete-policy": "HookSucceeded",

44
			}

45
		}),

46
	}

47


48
	return []runtime.Object{

49
		&batchv1.Job{

50
			TypeMeta:   common.TypeMetaBatchJob,

51
			ObjectMeta: objectMeta,

52
			Spec: batchv1.JobSpec{

53
				TTLSecondsAfterFinished: pointer.Int32(60),

54
				Template: corev1.PodTemplateSpec{

55
					ObjectMeta: objectMeta,

56
					Spec: corev1.PodSpec{

57
						RestartPolicy:      corev1.RestartPolicyNever,

58
						ServiceAccountName: Component,

59
						EnableServiceLinks: pointer.Bool(false),

60
						InitContainers: []corev1.Container{

61
							dbWaiter(ctx),

62
						},

63
						Containers: []corev1.Container{{

64
							Name:            fmt.Sprintf("%s-migrations", Component),

65
							Image:           ctx.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, RegistryRepo), RegistryImage, ImageTag),

66
							ImagePullPolicy: corev1.PullIfNotPresent,

67
							Env: common.CustomizeEnvvar(ctx, Component, common.MergeEnv(

68
								common.DefaultEnv(&ctx.Config),

69
								spicedbEnvVars(ctx),

70
							)),

71
							SecurityContext: &corev1.SecurityContext{

72
								AllowPrivilegeEscalation: pointer.Bool(false),

73
							},

74
							Args: []string{

75
								"migrate",

76
								"head",

77
								"--log-format=json",

78
								"--log-level=debug",

79
								"--datastore-engine=mysql",

80
							},

81
						}},

82
					},

83
				},

84
			},

85
		},

86
	}, nil

87
}

88


89