feat: add custom migration job for hydra (#732)

Author: adamwalach

helm/charts/hydra/templates/job-migrations-custom.yaml

@@ -0,0 +1,128 @@
+{{- range $jobName, $job := $.Values.hydra.customMigrations.jobs }}
+{{- if $job.enabled -}}
+{{- $nodeSelector := ternary $job.nodeSelector $.Values.job.nodeSelector (not (empty $job.nodeSelector)) -}}
+{{- $migrationExtraEnv := ternary $job.extraEnv $.Values.job.extraEnv (not (empty $job.extraEnv)) -}}
+{{- $resources := ternary $job.resources $.Values.job.resources (not (empty $job.resources)) -}}
+{{- $annotations := merge $.Values.job.annotations (default dict $job.annotations) -}}
+{{- $labels := merge $.Values.job.labels (default dict $job.labels) -}}
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "hydra.fullname" $ }}-{{ $jobName }}
+  {{- if $.Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "hydra.labels" $ | nindent 4 }}
+    {{- with $labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- with $annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  template:
+    metadata:
+      annotations:
+        {{- with $annotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with $.Values.job.podMetadata.annotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        app.kubernetes.io/name: {{ include "hydra.fullname" $ }}-{{ $jobName }}-automigrate
+        app.kubernetes.io/instance: {{ $.Release.Name }}
+        {{- with $labels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with $.Values.job.podMetadata.labels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with $.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "hydra.job.serviceAccountName" $ }}
+      automountServiceAccountToken: {{ $.Values.job.automountServiceAccountToken }}
+      containers:
+        - name: {{ $.Chart.Name }}-{{ $jobName }}
+          image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+          imagePullPolicy: {{ $.Values.image.pullPolicy }}
+        {{- if $job.customCommand }}
+          command: {{- toYaml $job.customCommand | nindent 10 }}
+        {{- else }}
+          command: ["hydra"]
+        {{- end }}
+          args: {{- toYaml $job.customArgs | nindent 10 }}
+          env:
+          {{- if not (empty ( include "hydra.dsn" $ )) }}
+            {{- if not (include "ory.extraEnvContainsEnvName" (list $migrationExtraEnv "DSN")) }}
+            - name: DSN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "hydra.secretname" $ }}
+                  key: dsn
+            {{- end }}
+          {{- end }}
+          {{- with $migrationExtraEnv }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+          lifecycle:
+          {{- if $.Values.job.lifecycle }}
+            {{- tpl $.Values.job.lifecycle $ | nindent 10 }}
+          {{- end }}
+        {{- with $.Values.deployment.securityContext }}
+          securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with $resources }}
+          resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+          volumeMounts:
+            - name: {{ include "hydra.name" $ }}-config-volume
+              mountPath: /etc/config
+              readOnly: true
+            {{- if $job.extraVolumeMounts }}
+              {{- toYaml $job.extraVolumeMounts | nindent 12 }}
+            {{- else if $.Values.deployment.extraVolumeMounts }}
+              {{- toYaml $.Values.deployment.extraVolumeMounts | nindent 12 }}
+            {{- end }}
+      {{- if $.Values.job.extraContainers }}
+        {{- tpl $.Values.job.extraContainers $ | nindent 6 }}
+      {{- end }}
+      {{- if $.Values.job.extraInitContainers }}
+      initContainers:
+        {{- tpl $.Values.job.extraInitContainers $ | nindent 8 }}
+      {{- end }}
+      restartPolicy: Never
+      {{- with $.Values.deployment.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      shareProcessNamespace: {{ $.Values.job.shareProcessNamespace }}
+      volumes:
+        - name: {{ include "hydra.name" $ }}-config-volume
+          configMap:
+            name: {{ include "hydra.fullname" $ }}-migrate
+        {{- if $job.extraVolumes }}
+          {{- toYaml $job.extraVolumes | nindent 8 }}
+        {{- else if $.Values.deployment.extraVolumes }}
+          {{- toYaml $.Values.deployment.extraVolumes | nindent 8 }}
+        {{- end }}
+      {{- with $nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $.Values.job.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+  backoffLimit: {{ $.Values.job.spec.backoffLimit }}
+{{- end }}
+{{- end }}

helm/charts/hydra/values.yaml

@@ -177,6 +177,25 @@ hydra:
     # -- resource requests and limits for the automigration initcontainer
     resources: {}
 
+  customMigrations:
+    jobs:
+      #      -- Example of custom migration job (TTL migrations are available only in Hydra with Enterprise license)
+      oel-postgresql-ttl:
+        enabled: false
+        customArgs:
+          [
+            "migrate",
+            "postgresql-addons",
+            "up",
+            "--hydra-db-name",
+            "ory_hydra",
+            "--pgcron-db-name",
+            "postgres",
+          ]
+        nodeSelector: {}
+        resources: {}
+        extraEnv: []
+
   # -- Enable dev mode, not secure in production environments
   dev: false