diff --git a/clusters/atlas/flux-system/applications/bstein-dev-home-migrations/kustomization.yaml b/clusters/atlas/flux-system/applications/bstein-dev-home-migrations/kustomization.yaml index da61b2d..ff97f73 100644 --- a/clusters/atlas/flux-system/applications/bstein-dev-home-migrations/kustomization.yaml +++ b/clusters/atlas/flux-system/applications/bstein-dev-home-migrations/kustomization.yaml @@ -6,7 +6,7 @@ metadata: namespace: flux-system spec: interval: 10m - path: ./services/bstein-dev-home/migrations + path: ./services/bstein-dev-home/oneoffs/migrations prune: true force: true sourceRef: diff --git a/services/bstein-dev-home/kustomization.yaml b/services/bstein-dev-home/kustomization.yaml index a813241..f62fb17 100644 --- a/services/bstein-dev-home/kustomization.yaml +++ b/services/bstein-dev-home/kustomization.yaml @@ -16,7 +16,7 @@ resources: - backend-deployment.yaml - backend-service.yaml - vaultwarden-cred-sync-cronjob.yaml - - portal-onboarding-e2e-test-job.yaml + - oneoffs/portal-onboarding-e2e-test-job.yaml - ingress.yaml images: - name: registry.bstein.dev/bstein/bstein-dev-home-frontend diff --git a/services/bstein-dev-home/migrations/kustomization.yaml b/services/bstein-dev-home/oneoffs/migrations/kustomization.yaml similarity index 66% rename from services/bstein-dev-home/migrations/kustomization.yaml rename to services/bstein-dev-home/oneoffs/migrations/kustomization.yaml index 067665b..1d1dfc8 100644 --- a/services/bstein-dev-home/migrations/kustomization.yaml +++ b/services/bstein-dev-home/oneoffs/migrations/kustomization.yaml @@ -1,4 +1,4 @@ -# services/bstein-dev-home/migrations/kustomization.yaml +# services/bstein-dev-home/oneoffs/migrations/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: bstein-dev-home diff --git a/services/bstein-dev-home/migrations/portal-migrate-job.yaml b/services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml similarity index 78% rename from services/bstein-dev-home/migrations/portal-migrate-job.yaml rename to services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml index 9d05254..1f7e092 100644 --- a/services/bstein-dev-home/migrations/portal-migrate-job.yaml +++ b/services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml @@ -1,4 +1,8 @@ -# services/bstein-dev-home/migrations/portal-migrate-job.yaml +# services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml +# One-off job for bstein-dev-home/bstein-dev-home-portal-migrate-36. +# Purpose: bstein dev home portal migrate 36 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: @@ -7,6 +11,7 @@ metadata: annotations: kustomize.toolkit.fluxcd.io/force: "true" spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: diff --git a/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml b/services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml similarity index 89% rename from services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml rename to services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml index 681e89d..9923499 100644 --- a/services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml +++ b/services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml @@ -1,10 +1,15 @@ -# services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml +# services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml +# One-off job for bstein-dev-home/portal-onboarding-e2e-test-27. +# Purpose: portal onboarding e2e test 27 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: portal-onboarding-e2e-test-27 namespace: bstein-dev-home spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/comms/kustomization.yaml b/services/comms/kustomization.yaml index 01d7be5..969ca58 100644 --- a/services/comms/kustomization.yaml +++ b/services/comms/kustomization.yaml @@ -22,24 +22,24 @@ resources: - mas-db-ensure-rbac.yaml - synapse-signingkey-ensure-rbac.yaml - vault-sync-deployment.yaml - - mas-admin-client-secret-ensure-job.yaml - - mas-db-ensure-job.yaml - - comms-secrets-ensure-job.yaml - - synapse-admin-ensure-job.yaml - - synapse-signingkey-ensure-job.yaml - - synapse-seeder-admin-ensure-job.yaml - - synapse-user-seed-job.yaml - - mas-local-users-ensure-job.yaml + - oneoffs/mas-admin-client-secret-ensure-job.yaml + - oneoffs/mas-db-ensure-job.yaml + - oneoffs/comms-secrets-ensure-job.yaml + - oneoffs/synapse-admin-ensure-job.yaml + - oneoffs/synapse-signingkey-ensure-job.yaml + - oneoffs/synapse-seeder-admin-ensure-job.yaml + - oneoffs/synapse-user-seed-job.yaml + - oneoffs/mas-local-users-ensure-job.yaml - mas-deployment.yaml - livekit-token-deployment.yaml - livekit.yaml - coturn.yaml - seed-othrys-room.yaml - guest-name-job.yaml - - othrys-kick-numeric-job.yaml + - oneoffs/othrys-kick-numeric-job.yaml - pin-othrys-job.yaml - reset-othrys-room-job.yaml - - bstein-force-leave-job.yaml + - oneoffs/bstein-force-leave-job.yaml - livekit-ingress.yaml - livekit-middlewares.yaml - matrix-ingress.yaml diff --git a/services/comms/bstein-force-leave-job.yaml b/services/comms/oneoffs/bstein-force-leave-job.yaml similarity index 96% rename from services/comms/bstein-force-leave-job.yaml rename to services/comms/oneoffs/bstein-force-leave-job.yaml index 0286f8c..7efe826 100644 --- a/services/comms/bstein-force-leave-job.yaml +++ b/services/comms/oneoffs/bstein-force-leave-job.yaml @@ -1,10 +1,15 @@ -# services/comms/bstein-force-leave-job.yaml +# services/comms/oneoffs/bstein-force-leave-job.yaml +# One-off job for comms/bstein-leave-rooms-12. +# Purpose: bstein leave rooms 12 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: bstein-leave-rooms-12 namespace: comms spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/comms/comms-secrets-ensure-job.yaml b/services/comms/oneoffs/comms-secrets-ensure-job.yaml similarity index 92% rename from services/comms/comms-secrets-ensure-job.yaml rename to services/comms/oneoffs/comms-secrets-ensure-job.yaml index 52904cc..35ca73c 100644 --- a/services/comms/comms-secrets-ensure-job.yaml +++ b/services/comms/oneoffs/comms-secrets-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/comms-secrets-ensure-job.yaml +# services/comms/oneoffs/comms-secrets-ensure-job.yaml +# One-off job for comms/comms-secrets-ensure-7. +# Purpose: comms secrets ensure 7 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: comms-secrets-ensure-7 namespace: comms spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: diff --git a/services/comms/mas-admin-client-secret-ensure-job.yaml b/services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml similarity index 90% rename from services/comms/mas-admin-client-secret-ensure-job.yaml rename to services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml index 7b05cca..e1d5458 100644 --- a/services/comms/mas-admin-client-secret-ensure-job.yaml +++ b/services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml @@ -1,4 +1,8 @@ -# services/comms/mas-admin-client-secret-ensure-job.yaml +# services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml +# One-off job for comms/mas-admin-client-secret-writer. +# Purpose: mas admin client secret writer (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: v1 kind: ServiceAccount metadata: @@ -41,6 +45,7 @@ metadata: name: mas-admin-client-secret-ensure-11 namespace: comms spec: + suspend: true backoffLimit: 2 template: spec: diff --git a/services/comms/mas-db-ensure-job.yaml b/services/comms/oneoffs/mas-db-ensure-job.yaml similarity index 91% rename from services/comms/mas-db-ensure-job.yaml rename to services/comms/oneoffs/mas-db-ensure-job.yaml index 56707a9..44137da 100644 --- a/services/comms/mas-db-ensure-job.yaml +++ b/services/comms/oneoffs/mas-db-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/mas-db-ensure-job.yaml +# services/comms/oneoffs/mas-db-ensure-job.yaml +# One-off job for comms/mas-db-ensure-22. +# Purpose: mas db ensure 22 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: mas-db-ensure-22 namespace: comms spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 600 template: diff --git a/services/comms/mas-local-users-ensure-job.yaml b/services/comms/oneoffs/mas-local-users-ensure-job.yaml similarity index 97% rename from services/comms/mas-local-users-ensure-job.yaml rename to services/comms/oneoffs/mas-local-users-ensure-job.yaml index 636ee5b..7b51072 100644 --- a/services/comms/mas-local-users-ensure-job.yaml +++ b/services/comms/oneoffs/mas-local-users-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/mas-local-users-ensure-job.yaml +# services/comms/oneoffs/mas-local-users-ensure-job.yaml +# One-off job for comms/mas-local-users-ensure-18. +# Purpose: mas local users ensure 18 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: mas-local-users-ensure-18 namespace: comms spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: diff --git a/services/comms/othrys-kick-numeric-job.yaml b/services/comms/oneoffs/othrys-kick-numeric-job.yaml similarity index 96% rename from services/comms/othrys-kick-numeric-job.yaml rename to services/comms/oneoffs/othrys-kick-numeric-job.yaml index 0d3914a..e38a6bb 100644 --- a/services/comms/othrys-kick-numeric-job.yaml +++ b/services/comms/oneoffs/othrys-kick-numeric-job.yaml @@ -1,10 +1,15 @@ -# services/comms/othrys-kick-numeric-job.yaml +# services/comms/oneoffs/othrys-kick-numeric-job.yaml +# One-off job for comms/othrys-kick-numeric-8. +# Purpose: othrys kick numeric 8 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: othrys-kick-numeric-8 namespace: comms spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/comms/synapse-admin-ensure-job.yaml b/services/comms/oneoffs/synapse-admin-ensure-job.yaml similarity index 96% rename from services/comms/synapse-admin-ensure-job.yaml rename to services/comms/oneoffs/synapse-admin-ensure-job.yaml index 5ddf60c..95bc9f2 100644 --- a/services/comms/synapse-admin-ensure-job.yaml +++ b/services/comms/oneoffs/synapse-admin-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/synapse-admin-ensure-job.yaml +# services/comms/oneoffs/synapse-admin-ensure-job.yaml +# One-off job for comms/synapse-admin-ensure-3. +# Purpose: synapse admin ensure 3 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: synapse-admin-ensure-3 namespace: comms spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/comms/synapse-seeder-admin-ensure-job.yaml b/services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml similarity index 93% rename from services/comms/synapse-seeder-admin-ensure-job.yaml rename to services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml index 5d2d422..1d8972e 100644 --- a/services/comms/synapse-seeder-admin-ensure-job.yaml +++ b/services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/synapse-seeder-admin-ensure-job.yaml +# services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml +# One-off job for comms/synapse-seeder-admin-ensure-9. +# Purpose: synapse seeder admin ensure 9 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: synapse-seeder-admin-ensure-9 namespace: comms spec: + suspend: true backoffLimit: 2 template: metadata: diff --git a/services/comms/synapse-signingkey-ensure-job.yaml b/services/comms/oneoffs/synapse-signingkey-ensure-job.yaml similarity index 88% rename from services/comms/synapse-signingkey-ensure-job.yaml rename to services/comms/oneoffs/synapse-signingkey-ensure-job.yaml index 402a820..bbc4595 100644 --- a/services/comms/synapse-signingkey-ensure-job.yaml +++ b/services/comms/oneoffs/synapse-signingkey-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/comms/synapse-signingkey-ensure-job.yaml +# services/comms/oneoffs/synapse-signingkey-ensure-job.yaml +# One-off job for comms/othrys-synapse-signingkey-ensure-7. +# Purpose: othrys synapse signingkey ensure 7 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: othrys-synapse-signingkey-ensure-7 namespace: comms spec: + suspend: true backoffLimit: 2 template: spec: diff --git a/services/comms/synapse-user-seed-job.yaml b/services/comms/oneoffs/synapse-user-seed-job.yaml similarity index 96% rename from services/comms/synapse-user-seed-job.yaml rename to services/comms/oneoffs/synapse-user-seed-job.yaml index aab88c3..a732739 100644 --- a/services/comms/synapse-user-seed-job.yaml +++ b/services/comms/oneoffs/synapse-user-seed-job.yaml @@ -1,10 +1,15 @@ -# services/comms/synapse-user-seed-job.yaml +# services/comms/oneoffs/synapse-user-seed-job.yaml +# One-off job for comms/synapse-user-seed-8. +# Purpose: synapse user seed 8 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: synapse-user-seed-8 namespace: comms spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: diff --git a/services/finance/kustomization.yaml b/services/finance/kustomization.yaml index e4c414f..1559f5c 100644 --- a/services/finance/kustomization.yaml +++ b/services/finance/kustomization.yaml @@ -9,7 +9,7 @@ resources: - finance-secrets-ensure-rbac.yaml - actual-budget-data-pvc.yaml - firefly-storage-pvc.yaml - - finance-secrets-ensure-job.yaml + - oneoffs/finance-secrets-ensure-job.yaml - actual-budget-deployment.yaml - firefly-deployment.yaml - firefly-user-sync-cronjob.yaml diff --git a/services/finance/finance-secrets-ensure-job.yaml b/services/finance/oneoffs/finance-secrets-ensure-job.yaml similarity index 83% rename from services/finance/finance-secrets-ensure-job.yaml rename to services/finance/oneoffs/finance-secrets-ensure-job.yaml index 67f06cb..e8c8f58 100644 --- a/services/finance/finance-secrets-ensure-job.yaml +++ b/services/finance/oneoffs/finance-secrets-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/finance/finance-secrets-ensure-job.yaml +# services/finance/oneoffs/finance-secrets-ensure-job.yaml +# One-off job for finance/finance-secrets-ensure-5. +# Purpose: finance secrets ensure 5 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: finance-secrets-ensure-5 namespace: finance spec: + suspend: true backoffLimit: 1 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/kustomization.yaml b/services/keycloak/kustomization.yaml index 6030a82..6027891 100644 --- a/services/keycloak/kustomization.yaml +++ b/services/keycloak/kustomization.yaml @@ -10,21 +10,21 @@ resources: - secretproviderclass.yaml - vault-sync-deployment.yaml - deployment.yaml - - realm-settings-job.yaml - - portal-admin-client-secret-ensure-job.yaml - - portal-e2e-client-job.yaml - - portal-e2e-target-client-job.yaml - - portal-e2e-token-exchange-permissions-job.yaml - - portal-e2e-token-exchange-test-job.yaml - - portal-e2e-execute-actions-email-test-job.yaml - - ldap-federation-job.yaml - - user-overrides-job.yaml - - mas-secrets-ensure-job.yaml - - synapse-oidc-secret-ensure-job.yaml - - logs-oidc-secret-ensure-job.yaml - - harbor-oidc-secret-ensure-job.yaml - - vault-oidc-secret-ensure-job.yaml - - actual-oidc-secret-ensure-job.yaml + - oneoffs/realm-settings-job.yaml + - oneoffs/portal-admin-client-secret-ensure-job.yaml + - oneoffs/portal-e2e-client-job.yaml + - oneoffs/portal-e2e-target-client-job.yaml + - oneoffs/portal-e2e-token-exchange-permissions-job.yaml + - oneoffs/portal-e2e-token-exchange-test-job.yaml + - oneoffs/portal-e2e-execute-actions-email-test-job.yaml + - oneoffs/ldap-federation-job.yaml + - oneoffs/user-overrides-job.yaml + - oneoffs/mas-secrets-ensure-job.yaml + - oneoffs/synapse-oidc-secret-ensure-job.yaml + - oneoffs/logs-oidc-secret-ensure-job.yaml + - oneoffs/harbor-oidc-secret-ensure-job.yaml + - oneoffs/vault-oidc-secret-ensure-job.yaml + - oneoffs/actual-oidc-secret-ensure-job.yaml - service.yaml - ingress.yaml generatorOptions: diff --git a/services/keycloak/actual-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml similarity index 83% rename from services/keycloak/actual-oidc-secret-ensure-job.yaml rename to services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml index 3dadb52..d4da1f1 100644 --- a/services/keycloak/actual-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/actual-oidc-secret-ensure-job.yaml +# services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml +# One-off job for sso/actual-oidc-secret-ensure-3. +# Purpose: actual oidc secret ensure 3 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: actual-oidc-secret-ensure-3 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/harbor-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml similarity index 83% rename from services/keycloak/harbor-oidc-secret-ensure-job.yaml rename to services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml index 87de463..c368241 100644 --- a/services/keycloak/harbor-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/harbor-oidc-secret-ensure-job.yaml +# services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml +# One-off job for sso/harbor-oidc-secret-ensure-10. +# Purpose: harbor oidc secret ensure 10 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: harbor-oidc-secret-ensure-10 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/ldap-federation-job.yaml b/services/keycloak/oneoffs/ldap-federation-job.yaml similarity index 98% rename from services/keycloak/ldap-federation-job.yaml rename to services/keycloak/oneoffs/ldap-federation-job.yaml index 3c3f1c1..9e9a5f9 100644 --- a/services/keycloak/ldap-federation-job.yaml +++ b/services/keycloak/oneoffs/ldap-federation-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/ldap-federation-job.yaml +# services/keycloak/oneoffs/ldap-federation-job.yaml +# One-off job for sso/keycloak-ldap-federation-12. +# Purpose: keycloak ldap federation 12 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-ldap-federation-12 namespace: sso spec: + suspend: true backoffLimit: 2 template: metadata: diff --git a/services/keycloak/logs-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml similarity index 94% rename from services/keycloak/logs-oidc-secret-ensure-job.yaml rename to services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml index 14e80df..bce9e5b 100644 --- a/services/keycloak/logs-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/logs-oidc-secret-ensure-job.yaml +# services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml +# One-off job for sso/logs-oidc-secret-ensure-10. +# Purpose: logs oidc secret ensure 10 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: logs-oidc-secret-ensure-10 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/mas-secrets-ensure-job.yaml b/services/keycloak/oneoffs/mas-secrets-ensure-job.yaml similarity index 95% rename from services/keycloak/mas-secrets-ensure-job.yaml rename to services/keycloak/oneoffs/mas-secrets-ensure-job.yaml index 24c9e04..c3bd1be 100644 --- a/services/keycloak/mas-secrets-ensure-job.yaml +++ b/services/keycloak/oneoffs/mas-secrets-ensure-job.yaml @@ -1,4 +1,8 @@ -# services/keycloak/mas-secrets-ensure-job.yaml +# services/keycloak/oneoffs/mas-secrets-ensure-job.yaml +# One-off job for sso/mas-secrets-ensure. +# Purpose: mas secrets ensure (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: v1 kind: ServiceAccount metadata: @@ -13,6 +17,7 @@ metadata: name: mas-secrets-ensure-21 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/portal-admin-client-secret-ensure-job.yaml b/services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml similarity index 96% rename from services/keycloak/portal-admin-client-secret-ensure-job.yaml rename to services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml index 90dd4b7..1d3e7f3 100644 --- a/services/keycloak/portal-admin-client-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-admin-client-secret-ensure-job.yaml +# services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml +# One-off job for sso/keycloak-portal-admin-secret-ensure-4. +# Purpose: keycloak portal admin secret ensure 4 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-admin-secret-ensure-4 namespace: sso spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/keycloak/portal-e2e-client-job.yaml b/services/keycloak/oneoffs/portal-e2e-client-job.yaml similarity index 97% rename from services/keycloak/portal-e2e-client-job.yaml rename to services/keycloak/oneoffs/portal-e2e-client-job.yaml index 4e0c006..274dd27 100644 --- a/services/keycloak/portal-e2e-client-job.yaml +++ b/services/keycloak/oneoffs/portal-e2e-client-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-e2e-client-job.yaml +# services/keycloak/oneoffs/portal-e2e-client-job.yaml +# One-off job for sso/keycloak-portal-e2e-client-8. +# Purpose: keycloak portal e2e client 8 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-e2e-client-8 namespace: sso spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml b/services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml similarity index 89% rename from services/keycloak/portal-e2e-execute-actions-email-test-job.yaml rename to services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml index 35f79a6..518d839 100644 --- a/services/keycloak/portal-e2e-execute-actions-email-test-job.yaml +++ b/services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-e2e-execute-actions-email-test-job.yaml +# services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml +# One-off job for sso/keycloak-portal-e2e-execute-actions-email-14. +# Purpose: keycloak portal e2e execute actions email 14 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-e2e-execute-actions-email-14 namespace: sso spec: + suspend: true backoffLimit: 3 template: metadata: diff --git a/services/keycloak/portal-e2e-target-client-job.yaml b/services/keycloak/oneoffs/portal-e2e-target-client-job.yaml similarity index 95% rename from services/keycloak/portal-e2e-target-client-job.yaml rename to services/keycloak/oneoffs/portal-e2e-target-client-job.yaml index 196b48b..900d029 100644 --- a/services/keycloak/portal-e2e-target-client-job.yaml +++ b/services/keycloak/oneoffs/portal-e2e-target-client-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-e2e-target-client-job.yaml +# services/keycloak/oneoffs/portal-e2e-target-client-job.yaml +# One-off job for sso/keycloak-portal-e2e-target-7. +# Purpose: keycloak portal e2e target 7 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-e2e-target-7 namespace: sso spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml b/services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml similarity index 97% rename from services/keycloak/portal-e2e-token-exchange-permissions-job.yaml rename to services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml index 647b8f9..0d41b47 100644 --- a/services/keycloak/portal-e2e-token-exchange-permissions-job.yaml +++ b/services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-e2e-token-exchange-permissions-job.yaml +# services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml +# One-off job for sso/keycloak-portal-e2e-token-exchange-permissions-11. +# Purpose: keycloak portal e2e token exchange permissions 11 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-e2e-token-exchange-permissions-11 namespace: sso spec: + suspend: true backoffLimit: 6 template: metadata: diff --git a/services/keycloak/portal-e2e-token-exchange-test-job.yaml b/services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml similarity index 89% rename from services/keycloak/portal-e2e-token-exchange-test-job.yaml rename to services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml index edd7555..eb05e09 100644 --- a/services/keycloak/portal-e2e-token-exchange-test-job.yaml +++ b/services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/portal-e2e-token-exchange-test-job.yaml +# services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml +# One-off job for sso/keycloak-portal-e2e-token-exchange-test-7. +# Purpose: keycloak portal e2e token exchange test 7 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-portal-e2e-token-exchange-test-7 namespace: sso spec: + suspend: true backoffLimit: 6 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/realm-settings-job.yaml b/services/keycloak/oneoffs/realm-settings-job.yaml similarity index 98% rename from services/keycloak/realm-settings-job.yaml rename to services/keycloak/oneoffs/realm-settings-job.yaml index 9265ca3..ea88d83 100644 --- a/services/keycloak/realm-settings-job.yaml +++ b/services/keycloak/oneoffs/realm-settings-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/realm-settings-job.yaml +# services/keycloak/oneoffs/realm-settings-job.yaml +# One-off job for sso/keycloak-realm-settings-36. +# Purpose: keycloak realm settings 36 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-realm-settings-36 namespace: sso spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/keycloak/synapse-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml similarity index 92% rename from services/keycloak/synapse-oidc-secret-ensure-job.yaml rename to services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml index e808e7e..15b7a31 100644 --- a/services/keycloak/synapse-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/synapse-oidc-secret-ensure-job.yaml +# services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml +# One-off job for sso/synapse-oidc-secret-ensure-10. +# Purpose: synapse oidc secret ensure 10 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: synapse-oidc-secret-ensure-10 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/keycloak/user-overrides-job.yaml b/services/keycloak/oneoffs/user-overrides-job.yaml similarity index 96% rename from services/keycloak/user-overrides-job.yaml rename to services/keycloak/oneoffs/user-overrides-job.yaml index 7623c84..0d52d6d 100644 --- a/services/keycloak/user-overrides-job.yaml +++ b/services/keycloak/oneoffs/user-overrides-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/user-overrides-job.yaml +# services/keycloak/oneoffs/user-overrides-job.yaml +# One-off job for sso/keycloak-user-overrides-9. +# Purpose: keycloak user overrides 9 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: keycloak-user-overrides-9 namespace: sso spec: + suspend: true backoffLimit: 0 template: metadata: diff --git a/services/keycloak/vault-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml similarity index 83% rename from services/keycloak/vault-oidc-secret-ensure-job.yaml rename to services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml index 3aa3ca5..a76c52e 100644 --- a/services/keycloak/vault-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml @@ -1,10 +1,15 @@ -# services/keycloak/vault-oidc-secret-ensure-job.yaml +# services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml +# One-off job for sso/vault-oidc-secret-ensure-8. +# Purpose: vault oidc secret ensure 8 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: vault-oidc-secret-ensure-8 namespace: sso spec: + suspend: true backoffLimit: 0 ttlSecondsAfterFinished: 3600 template: diff --git a/services/logging/kustomization.yaml b/services/logging/kustomization.yaml index 08c73a8..dc48715 100644 --- a/services/logging/kustomization.yaml +++ b/services/logging/kustomization.yaml @@ -15,9 +15,9 @@ resources: - opensearch-dashboards-helmrelease.yaml - data-prepper-helmrelease.yaml - otel-collector-helmrelease.yaml - - opensearch-ism-job.yaml - - opensearch-dashboards-setup-job.yaml - - opensearch-observability-setup-job.yaml + - oneoffs/opensearch-ism-job.yaml + - oneoffs/opensearch-dashboards-setup-job.yaml + - oneoffs/opensearch-observability-setup-job.yaml - opensearch-prune-cronjob.yaml - fluent-bit-helmrelease.yaml - node-log-rotation-daemonset.yaml diff --git a/services/logging/opensearch-dashboards-setup-job.yaml b/services/logging/oneoffs/opensearch-dashboards-setup-job.yaml similarity index 88% rename from services/logging/opensearch-dashboards-setup-job.yaml rename to services/logging/oneoffs/opensearch-dashboards-setup-job.yaml index 06149d7..1d1a9b6 100644 --- a/services/logging/opensearch-dashboards-setup-job.yaml +++ b/services/logging/oneoffs/opensearch-dashboards-setup-job.yaml @@ -1,10 +1,15 @@ -# services/logging/opensearch-dashboards-setup-job.yaml +# services/logging/oneoffs/opensearch-dashboards-setup-job.yaml +# One-off job for logging/opensearch-dashboards-setup-4. +# Purpose: opensearch dashboards setup 4 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: opensearch-dashboards-setup-4 namespace: logging spec: + suspend: true backoffLimit: 3 ttlSecondsAfterFinished: 3600 template: diff --git a/services/logging/opensearch-ism-job.yaml b/services/logging/oneoffs/opensearch-ism-job.yaml similarity index 91% rename from services/logging/opensearch-ism-job.yaml rename to services/logging/oneoffs/opensearch-ism-job.yaml index 3313571..476bca7 100644 --- a/services/logging/opensearch-ism-job.yaml +++ b/services/logging/oneoffs/opensearch-ism-job.yaml @@ -1,10 +1,15 @@ -# services/logging/opensearch-ism-job.yaml +# services/logging/oneoffs/opensearch-ism-job.yaml +# One-off job for logging/opensearch-ism-setup-5. +# Purpose: opensearch ism setup 5 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: opensearch-ism-setup-5 namespace: logging spec: + suspend: true backoffLimit: 3 ttlSecondsAfterFinished: 3600 template: diff --git a/services/logging/opensearch-observability-setup-job.yaml b/services/logging/oneoffs/opensearch-observability-setup-job.yaml similarity index 76% rename from services/logging/opensearch-observability-setup-job.yaml rename to services/logging/oneoffs/opensearch-observability-setup-job.yaml index e4590fb..6caa076 100644 --- a/services/logging/opensearch-observability-setup-job.yaml +++ b/services/logging/oneoffs/opensearch-observability-setup-job.yaml @@ -1,10 +1,15 @@ -# services/logging/opensearch-observability-setup-job.yaml +# services/logging/oneoffs/opensearch-observability-setup-job.yaml +# One-off job for logging/opensearch-observability-setup-2. +# Purpose: opensearch observability setup 2 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: opensearch-observability-setup-2 namespace: logging spec: + suspend: true backoffLimit: 3 ttlSecondsAfterFinished: 3600 template: diff --git a/services/mailu/kustomization.yaml b/services/mailu/kustomization.yaml index 7447f24..3e0494e 100644 --- a/services/mailu/kustomization.yaml +++ b/services/mailu/kustomization.yaml @@ -13,7 +13,7 @@ resources: - unbound-configmap.yaml - serverstransport.yaml - ingressroute.yaml - - mailu-sync-job.yaml + - oneoffs/mailu-sync-job.yaml - mailu-sync-cronjob.yaml - front-lb.yaml diff --git a/services/mailu/mailu-sync-job.yaml b/services/mailu/oneoffs/mailu-sync-job.yaml similarity index 93% rename from services/mailu/mailu-sync-job.yaml rename to services/mailu/oneoffs/mailu-sync-job.yaml index 8589e9e..38648ac 100644 --- a/services/mailu/mailu-sync-job.yaml +++ b/services/mailu/oneoffs/mailu-sync-job.yaml @@ -1,10 +1,15 @@ -# services/mailu/mailu-sync-job.yaml +# services/mailu/oneoffs/mailu-sync-job.yaml +# One-off job for mailu-mailserver/mailu-sync-9. +# Purpose: mailu sync 9 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: mailu-sync-9 namespace: mailu-mailserver spec: + suspend: true template: metadata: annotations: diff --git a/services/maintenance/kustomization.yaml b/services/maintenance/kustomization.yaml index a1ca583..19b2ba9 100644 --- a/services/maintenance/kustomization.yaml +++ b/services/maintenance/kustomization.yaml @@ -14,10 +14,10 @@ resources: - node-nofile-serviceaccount.yaml - pod-cleaner-rbac.yaml - ariadne-deployment.yaml - - ariadne-migrate-job.yaml + - oneoffs/ariadne-migrate-job.yaml - ariadne-service.yaml - disable-k3s-traefik-daemonset.yaml - - k3s-traefik-cleanup-job.yaml + - oneoffs/k3s-traefik-cleanup-job.yaml - node-nofile-daemonset.yaml - k3s-agent-restart-daemonset.yaml - pod-cleaner-cronjob.yaml diff --git a/services/maintenance/ariadne-migrate-job.yaml b/services/maintenance/oneoffs/ariadne-migrate-job.yaml similarity index 82% rename from services/maintenance/ariadne-migrate-job.yaml rename to services/maintenance/oneoffs/ariadne-migrate-job.yaml index 367a1a0..ecac68d 100644 --- a/services/maintenance/ariadne-migrate-job.yaml +++ b/services/maintenance/oneoffs/ariadne-migrate-job.yaml @@ -1,4 +1,8 @@ -# services/maintenance/ariadne-migrate-job.yaml +# services/maintenance/oneoffs/ariadne-migrate-job.yaml +# One-off job for maintenance/ariadne-migrate-2. +# Purpose: ariadne migrate 2 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: diff --git a/services/maintenance/k3s-traefik-cleanup-job.yaml b/services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml similarity index 77% rename from services/maintenance/k3s-traefik-cleanup-job.yaml rename to services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml index d5d12a6..2c365a9 100644 --- a/services/maintenance/k3s-traefik-cleanup-job.yaml +++ b/services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml @@ -1,10 +1,15 @@ -# services/maintenance/k3s-traefik-cleanup-job.yaml +# services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml +# One-off job for maintenance/k3s-traefik-cleanup-2. +# Purpose: k3s traefik cleanup 2 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: k3s-traefik-cleanup-2 namespace: maintenance spec: + suspend: true backoffLimit: 1 template: spec: diff --git a/services/monitoring/kustomization.yaml b/services/monitoring/kustomization.yaml index 5953039..23c1595 100644 --- a/services/monitoring/kustomization.yaml +++ b/services/monitoring/kustomization.yaml @@ -23,8 +23,8 @@ resources: - grafana-alerting-config.yaml - grafana-folders.yaml - helmrelease.yaml - - grafana-org-bootstrap.yaml - - grafana-user-dedupe-job.yaml + - oneoffs/grafana-org-bootstrap.yaml + - oneoffs/grafana-user-dedupe-job.yaml configMapGenerator: - name: postmark-exporter-script diff --git a/services/monitoring/grafana-org-bootstrap.yaml b/services/monitoring/oneoffs/grafana-org-bootstrap.yaml similarity index 93% rename from services/monitoring/grafana-org-bootstrap.yaml rename to services/monitoring/oneoffs/grafana-org-bootstrap.yaml index f1d4075..6f824cc 100644 --- a/services/monitoring/grafana-org-bootstrap.yaml +++ b/services/monitoring/oneoffs/grafana-org-bootstrap.yaml @@ -1,10 +1,15 @@ -# services/monitoring/grafana-org-bootstrap.yaml +# services/monitoring/oneoffs/grafana-org-bootstrap.yaml +# One-off job for monitoring/grafana-org-bootstrap-3. +# Purpose: grafana org bootstrap 3 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: grafana-org-bootstrap-3 namespace: monitoring spec: + suspend: true backoffLimit: 2 template: metadata: diff --git a/services/monitoring/grafana-user-dedupe-job.yaml b/services/monitoring/oneoffs/grafana-user-dedupe-job.yaml similarity index 94% rename from services/monitoring/grafana-user-dedupe-job.yaml rename to services/monitoring/oneoffs/grafana-user-dedupe-job.yaml index 8ab1a66..8194f18 100644 --- a/services/monitoring/grafana-user-dedupe-job.yaml +++ b/services/monitoring/oneoffs/grafana-user-dedupe-job.yaml @@ -1,10 +1,15 @@ -# services/monitoring/grafana-user-dedupe-job.yaml +# services/monitoring/oneoffs/grafana-user-dedupe-job.yaml +# One-off job for monitoring/grafana-user-dedupe-api-v7. +# Purpose: grafana user dedupe api v7 (see container args/env in this file). +# Run by setting spec.suspend to false, reconcile, then set it back to true. +# Safe to delete the finished Job/pod; it should not run continuously. apiVersion: batch/v1 kind: Job metadata: name: grafana-user-dedupe-api-v7 namespace: monitoring spec: + suspend: true backoffLimit: 1 template: metadata: