diff --git a/helm/porthole/templates/job-apply-lifecycle.yaml.tpl b/helm/porthole/templates/job-apply-lifecycle.yaml.tpl new file mode 100644 index 0000000..d755b8a --- /dev/null +++ b/helm/porthole/templates/job-apply-lifecycle.yaml.tpl @@ -0,0 +1,65 @@ +{{- if and .Values.jobs.applyLifecycle.enabled .Values.minio.enabled -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "apply-lifecycle") }} + labels: +{{ include "tline.labels" . | indent 4 }} + app.kubernetes.io/component: apply-lifecycle + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-15" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + backoffLimit: 2 + template: + metadata: + labels: +{{ include "tline.selectorLabels" . | indent 8 }} + app.kubernetes.io/component: apply-lifecycle + spec: + restartPolicy: Never +{{ include "tline.imagePullSecrets" . | indent 6 }} +{{- $aff := include "tline.affinity" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }} +{{- if $aff }} + affinity: +{{ $aff | indent 8 }} +{{- end }} +{{- $tols := include "tline.tolerations" (dict "Values" .Values "schedulingClass" .Values.minio.schedulingClass) }} +{{- if $tols }} + tolerations: +{{ $tols | indent 8 }} +{{- end }} + containers: + - name: apply-lifecycle + image: {{ printf "%s:%s" .Values.jobs.applyLifecycle.image.repository .Values.jobs.applyLifecycle.image.tag | quote }} + imagePullPolicy: {{ .Values.jobs.applyLifecycle.image.pullPolicy }} + command: + - sh + - -c + - | + set -eu + echo "Configuring mc alias..." +{{- $minioSvc := include "tline.componentName" (dict "Values" .Values "Chart" .Chart "Release" .Release "component" "minio") -}} +{{- $minioEndpoint := printf "http://%s:%d" $minioSvc (.Values.minio.service.s3Port | int) -}} + mc alias set local {{ $minioEndpoint | quote }} "$MINIO_ACCESS_KEY_ID" "$MINIO_SECRET_ACCESS_KEY" + + echo "Applying lifecycle policy ({{ .Values.jobs.applyLifecycle.expire_days }}d) for derived objects..." + mc ilm add --expire-days {{ .Values.jobs.applyLifecycle.expire_days | int }} --prefix {{ .Values.jobs.applyLifecycle.prefixes.thumbs | quote }} "local/{{ .Values.app.minio.bucket }}" + mc ilm add --expire-days {{ .Values.jobs.applyLifecycle.expire_days | int }} --prefix {{ .Values.jobs.applyLifecycle.prefixes.derived | quote }} "local/{{ .Values.app.minio.bucket }}" + + # Never mutate or delete originals/**. This job applies lifecycle rules only. + env: + - name: MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ include "tline.secretName" . }} + key: MINIO_ACCESS_KEY_ID + - name: MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "tline.secretName" . }} + key: MINIO_SECRET_ACCESS_KEY + resources: +{{ toYaml .Values.jobs.applyLifecycle.resources | indent 12 }} +{{- end }} diff --git a/helm/porthole/values.yaml b/helm/porthole/values.yaml index e9c3d4b..716bf5e 100644 --- a/helm/porthole/values.yaml +++ b/helm/porthole/values.yaml @@ -231,6 +231,24 @@ jobs: cpu: 300m memory: 256Mi + applyLifecycle: + enabled: false + expire_days: 30 + prefixes: + thumbs: thumbs/ + derived: derived/ + image: + repository: minio/mc + tag: RELEASE.2024-01-16T16-07-38Z + pullPolicy: IfNotPresent + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 300m + memory: 256Mi + migrate: enabled: true image: