titan-iac/services/maintenance/oneoffs/ariadne-migrate-job.yaml

# services/maintenance/oneoffs/ariadne-migrate-job.yaml
# One-off job for maintenance/ariadne-migrate-2.
# Purpose: ariadne migrate 2 (see container args/env in this file).
# Run by setting spec.suspend to false, reconcile, then set it back to true.
# Safe to delete the finished Job/pod; it should not run continuously.
apiVersion: batch/v1
kind: Job
metadata:
  name: ariadne-migrate-2
  namespace: maintenance
  annotations:
    kustomize.toolkit.fluxcd.io/force: "true"
spec:
  suspend: true
  backoffLimit: 1
  ttlSecondsAfterFinished: 3600
  template:
    metadata:
      labels:
        app: ariadne-migrate
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/agent-pre-populate-only: "true"
        vault.hashicorp.com/role: "maintenance"
        vault.hashicorp.com/agent-inject-secret-ariadne-env.sh: "kv/data/atlas/maintenance/ariadne-db"
        vault.hashicorp.com/agent-inject-template-ariadne-env.sh: |
          {{ with secret "kv/data/atlas/maintenance/ariadne-db" }}
          export ARIADNE_DATABASE_URL="{{ .Data.data.database_url }}"
          {{ end }}
          {{ with secret "kv/data/atlas/portal/atlas-portal-db" }}
          export PORTAL_DATABASE_URL="{{ .Data.data.PORTAL_DATABASE_URL }}"
          {{ end }}
    spec:
      serviceAccountName: ariadne
      restartPolicy: Never
      nodeSelector:
        kubernetes.io/arch: arm64
        node-role.kubernetes.io/worker: "true"
      containers:
        - name: migrate
          image: registry.bstein.dev/bstein/ariadne:0.1.0-0
          imagePullPolicy: Always
          command: ["/bin/sh", "-c"]
          args:
            - >-
              . /vault/secrets/ariadne-env.sh
              && exec python -m ariadne.migrate
          env:
            - name: ARIADNE_RUN_MIGRATIONS
              value: "true"