88 lines
2.9 KiB
Smarty
88 lines
2.9 KiB
Smarty
{{/*
|
|
This template serves as the blueprint for the mountPermissions job that is run
|
|
before chart installation.
|
|
*/}}
|
|
{{- define "common.class.mountPermissions" -}}
|
|
{{- if .Values.persistence -}}
|
|
{{- $jobName := include "common.names.fullname" . -}}
|
|
{{- $user := 568 -}}
|
|
{{- $group := 568 -}}
|
|
{{- if .Values.env -}}
|
|
{{- $user = dig "PUID" $user .Values.env -}}
|
|
{{- $group = dig "PGID" $group .Values.env -}}
|
|
{{- end -}}
|
|
{{- $user = dig "runAsUser" $user .Values.podSecurityContext -}}
|
|
{{- $group = dig "fsGroup" $group .Values.podSecurityContext -}}
|
|
{{- $hostPathMounts := dict -}}
|
|
{{- range $name, $mount := .Values.persistence -}}
|
|
{{- if and $mount.enabled $mount.setPermissions -}}
|
|
{{- $name = default ( $name| toString ) $mount.name -}}
|
|
{{- $_ := set $hostPathMounts $name $mount -}}
|
|
{{- end -}}
|
|
{{- end }}
|
|
{{- if $hostPathMounts -}}
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: {{ printf "%s-auto-permissions" $jobName }}
|
|
labels:
|
|
{{- include "common.labels" . | nindent 4 }}
|
|
annotations:
|
|
"helm.sh/hook": pre-install,pre-upgrade
|
|
"helm.sh/hook-weight": "-10"
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation
|
|
spec:
|
|
template:
|
|
metadata:
|
|
spec:
|
|
restartPolicy: Never
|
|
containers:
|
|
- name: set-mount-permissions
|
|
image: alpine:3.3
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
{{- range $_, $hpm := $hostPathMounts }}
|
|
chown -R {{ printf "%d:%d %s" (int $user) (int $group) $hpm.mountPath }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
{{- range $name, $hpm := $hostPathMounts }}
|
|
- name: {{ printf "hostpathmounts-%s" $name }}
|
|
mountPath: {{ $hpm.mountPath }}
|
|
{{- if $hpm.subPath }}
|
|
subPath: {{ $hpm.subPath }}
|
|
{{- end }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- range $name, $hpm := $hostPathMounts }}
|
|
- name: {{ printf "hostpathmounts-%s" $name }}
|
|
{{- /* Always prefer an emptyDir next if that is set */}}
|
|
{{- $emptyDir := false -}}
|
|
{{- if $hpm.emptyDir -}}
|
|
{{- if $hpm.emptyDir.enabled -}}
|
|
{{- $emptyDir = true -}}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- if $emptyDir }}
|
|
{{- if or $hpm.emptyDir.medium $hpm.emptyDir.sizeLimit }}
|
|
emptyDir:
|
|
{{- with $hpm.emptyDir.medium }}
|
|
medium: "{{ . }}"
|
|
{{- end }}
|
|
{{- with $hpm.emptyDir.sizeLimit }}
|
|
sizeLimit: "{{ . }}"
|
|
{{- end }}
|
|
{{- else }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- else }}
|
|
hostPath:
|
|
path: {{ required "hostPath not set" $hpm.hostPath }}
|
|
{{ end }}
|
|
{{- end }}
|
|
{{- end -}}
|
|
{{- end -}}
|
|
{{- end -}}
|