package builder import ( "fmt" zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1" configuration "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/configuration" "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/masterkey" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ) func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName) (*batchv1.Job, error) { backOffLimit := int32(5) activeDeadlineSeconds := int64(300) runAsNonRoot := true enableServiceLinks := false user := int64(1000) initJob := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ Name: key.Name, Namespace: key.Namespace, }, Spec: batchv1.JobSpec{ BackoffLimit: &backOffLimit, ActiveDeadlineSeconds: &activeDeadlineSeconds, Template: corev1.PodTemplateSpec{ Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyOnFailure, SecurityContext: &corev1.PodSecurityContext{ RunAsNonRoot: &runAsNonRoot, RunAsUser: &user, }, EnableServiceLinks: &enableServiceLinks, Volumes: []corev1.Volume{ {Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}}, }, Containers: []corev1.Container{ { Name: "zitadel-init", Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag, Args: []string{ "init", "--config", "/config/zitadel-config-yaml", }, VolumeMounts: []corev1.VolumeMount{ {Name: "zitadel-config-yaml", MountPath: "/config"}, }, }, }, }, }, }, } if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil { return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err) } return initJob, nil } func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName) (*batchv1.Job, error) { backOffLimit := int32(5) activeDeadlineSeconds := int64(300) runAsNonRoot := true enableServiceLinks := false user := int64(1000) setupJob := &batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ Name: key.Name, Namespace: key.Namespace, }, Spec: batchv1.JobSpec{ BackoffLimit: &backOffLimit, ActiveDeadlineSeconds: &activeDeadlineSeconds, Template: corev1.PodTemplateSpec{ Spec: corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyOnFailure, SecurityContext: &corev1.PodSecurityContext{ RunAsNonRoot: &runAsNonRoot, RunAsUser: &user, }, EnableServiceLinks: &enableServiceLinks, Volumes: []corev1.Volume{ {Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}}, }, Containers: []corev1.Container{ { Name: "zitadel-setup", Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag, Args: []string{ "setup", "--config", "/config/zitadel-config-yaml", "--steps", "/config/zitadel-config-yaml", "--masterkeyFromEnv", "--init-projections=true", }, Env: []corev1.EnvVar{ { Name: "ZITADEL_MASTERKEY", ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}}, }, { Name: "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH", Value: "/machinekey/sa.json", }, }, VolumeMounts: []corev1.VolumeMount{ {Name: "zitadel-config-yaml", MountPath: "/config"}, }, }, }, }, }, }, } if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil { return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err) } return setupJob, nil }