-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjob.tf
188 lines (165 loc) · 5.12 KB
/
job.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
locals {
job_definition_name = "${local.resource_name}-job-definition"
main_container_name = "main"
command = length(var.command) > 0 ? var.command : null
}
// For GKE Tasks, we are going to create a job definition and emit via outputs
// Users of this app module (e.g. `nullstone exec`) can use this job definition as a template and customize to liking
// For instance, an execution may override CMD or add environment variables.
locals {
pod_volumes = [
for name, v in local.volumes : {
name = name
persistentVolumeClaim = v.persistent_volume_claim
emptyDir = v.empty_dir
hostPath = v.host_path
}
]
pod_volume_mounts = [for name, vm in local.volume_mounts : {
name = name
mountPath = vm.mount_path
subPath = vm.sub_path
mountPropagation = vm.mount_propagation
readOnly = vm.read_only
}]
pod_env_vars = [
for k, v in local.all_env_vars : {
name = k
value = v
}
]
pod_secrets = [
for k in local.secret_keys : {
name = k
valueFrom = {
secretKeyRef = {
name = "${local.resource_name}-gsm-secrets"
key = k
}
}
}
]
job_definition = jsonencode({
metadata = {
namespace = local.kubernetes_namespace
name = "" // a unique name is generated by Nullstone when running the job
labels = local.app_labels
}
spec = {
completions = 1 // we only want to run 1 job
backoffLimit = 0 // do not retry builder jobs
ttlSecondsAfterFinished = 24 * 60 * 60 // retain completed jobs for 1 day
template = {
metadata = {
namespace = local.kubernetes_namespace
labels = local.app_labels
}
spec = {
restartPolicy = "Never"
volumes = local.pod_volumes
containers = [
{
name = local.main_container_name
image = "${local.repository_url}:${local.app_version}"
args = local.command
env = concat(local.pod_env_vars, local.pod_secrets)
volumeMounts = local.pod_volume_mounts
}
]
}
}
}
})
}
resource "kubernetes_config_map_v1" "job_definition" {
metadata {
namespace = local.kubernetes_namespace
name = local.job_definition_name
labels = local.app_labels
}
data = {
template = local.job_definition
}
}
// The following is used as reference to building a Kubernetes Job
// If you're using an IDE with Terraform auto-complete, uncomment to iterate on the contents
// Creating a job here doesn't help because we just want the template
/*
resource "kubernetes_job_v1" "this" {
metadata {
namespace = local.kubernetes_namespace
name = "" // auto-generated by broker before execution
labels = local.app_labels
}
spec {
template {
spec {
restart_policy = "Never"
service_account_name = kubernetes_service_account_v1.app.metadata[0].name
dynamic "volume" {
for_each = local.volumes
content {
name = volume.key
dynamic "empty_dir" {
for_each = volume.value.empty_dir == null ? [] : [1]
content {}
}
dynamic "persistent_volume_claim" {
for_each = volume.value.persistent_volume_claim == null ? [] : [1]
iterator = pvc
content {
claim_name = volume.value.persistent_volume_claim.claim_name
read_only = lookup(volume.value.persistent_volume_claim, "read_only", null)
}
}
}
}
container {
name = local.main_container_name
image = "${local.service_image}:${local.app_version}"
args = local.command
resources {
requests = {
cpu = var.cpu
memory = var.memory
}
limits = {
cpu = var.cpu
memory = var.memory
}
}
dynamic "env" {
for_each = local.all_env_vars
content {
name = env.key
value = env.value
}
}
dynamic "env" {
for_each = local.secret_keys
content {
name = env.value
value_from {
secret_key_ref {
name = "${local.resource_name}-gsm-secrets"
key = env.value
}
}
}
}
dynamic "volume_mount" {
for_each = local.volume_mounts
content {
name = volume_mount.key
mount_path = volume_mount.value.mount_path
sub_path = volume_mount.value.sub_path
mount_propagation = volume_mount.value.mount_propagation
read_only = volume_mount.value.read_only
}
}
}
}
}
}
}
*/