---
apiVersion: batch/v1
kind: Job
metadata:
  name: aspects-job
  labels:
    app.kubernetes.io/component: job
spec:
  template:
    spec:
      restartPolicy: Never
      containers:
      - name: aspects
        env:
          - name: VENV_DIR
            value: /opt/venv
          - name: XAPI_SCHEMA
            value: {{ ASPECTS_XAPI_DATABASE }}
          - name: ASPECTS_ENROLLMENT_EVENTS_TABLE
            value: {{ ASPECTS_ENROLLMENT_EVENTS_TABLE }}
        image: {{ DOCKER_IMAGE_ASPECTS }}
        securityContext:
          allowPrivilegeEscalation: false
          runAsUser: 0
        volumeMounts:
          - mountPath: /app
            name: app
          - mountPath: /app/aspects/dbt
            name: dbt
          - mountPath: /app/aspects/scripts
            name: scripts
          - mountPath: /app/aspects/migrations/
            name: migrations
          - mountPath: /app/aspects/migrations/alembic
            name: alembic
          - mountPath: /app/aspects/migrations/alembic/versions
            name: versions
      volumes:
        - name: scripts
          configMap:
            name: aspects-scripts
            defaultMode: 0777
        - name: dbt
          configMap:
            name: aspects-dbt
        - name: app
          persistentVolumeClaim:
            claimName: aspects-app
        - name: migrations
          configMap:
            name: aspects-migrations
        - name: alembic
          configMap:
            name: aspects-migrations-alembic
        - name: versions
          configMap:
            name: aspects-migrations-alembic-versions
---
apiVersion: batch/v1
kind: Job
metadata:
  name: clickhouse-job
  labels:
    app.kubernetes.io/component: job
spec:
  template:
    spec:
      restartPolicy: Never
      containers:
      - name: clickhouse
        image: {{ DOCKER_IMAGE_CLICKHOUSE }}
        env:
          - name: CLICKHOUSE_DB
            value: "{{ ASPECTS_XAPI_DATABASE }}"
          - name: CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT
            value: "1"
          - name: CLICKHOUSE_PASSWORD
            value: "{{ CLICKHOUSE_ADMIN_PASSWORD }}"
          - name: CLICKHOUSE_USER
            value: "{{ CLICKHOUSE_ADMIN_USER }}"

{% if RUN_RALPH %}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: ralph-job
  labels:
    app.kubernetes.io/component: job
spec:
  template:
    spec:
      restartPolicy: Never
      containers:
        - name: ralph
          image: {{DOCKER_IMAGE_RALPH}}
          args:
            - python
            - -m
            - ralph
            - -v
            - DEBUG
            - runserver
            - -b
            - clickhouse
          env:
            - name: RALPH_APP_DIR
              value: "/app/.ralph"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__EVENT_TABLE_NAME
              value: "{{ASPECTS_RAW_XAPI_TABLE}}"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__HOST
              value: "{{CLICKHOUSE_HOST}}"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__PASSWORD
              value: "{{CLICKHOUSE_ADMIN_PASSWORD}}"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__PORT
              value: "{{CLICKHOUSE_INTERNAL_HTTP_PORT}}"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__TEST_HOST
              value: "clickhouse"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__USERNAME
              value: "{{CLICKHOUSE_ADMIN_USER}}"
            - name: RALPH_BACKENDS__DATABASE__CLICKHOUSE__DATABASE
              value: "{{ASPECTS_XAPI_DATABASE}}"
            - name: RALPH_RUNSERVER_BACKEND
              value: "clickhouse"
            - name: RALPH_RUNSERVER_HOST
              value: "0.0.0.0"
            - name: RALPH_RUNSERVER_MAX_SEARCH_HITS_COUNT
              value: "100"
            - name: RALPH_RUNSERVER_POINT_IN_TIME_KEEP_ALIVE
              value: "1m"
            - name: RALPH_RUNSERVER_PORT
              value: "{{RALPH_PORT}}"
            - name: RALPH_SENTRY_DSN
              value: "{{RALPH_SENTRY_DSN}}"
            - name: RALPH_EXECUTION_ENVIRONMENT
              value: "{{RALPH_EXECUTION_ENVIRONMENT}}"
            - name: RALPH_SENTRY_CLI_TRACES_SAMPLE_RATE
              value: "{{RALPH_SENTRY_CLI_TRACES_SAMPLE_RATE}}"
            - name: RALPH_SENTRY_LRS_TRACES_SAMPLE_RATE
              value: "{{RALPH_SENTRY_LRS_TRACES_SAMPLE_RATE}}"
            - name: RALPH_SENTRY_IGNORE_HEALTH_CHECKS
              value: "{{RALPH_SENTRY_IGNORE_HEALTH_CHECKS}}"
            {% if RALPH_EXTRA_SETTINGS %}
            {% for key, value in RALPH_EXTRA_SETTINGS.items() %}
            - name: {{key}}
              value: "{{value}}"
            {% endfor %}
            {% endif %}
{% endif %}

{% if RUN_SUPERSET %}
---
apiVersion: batch/v1
kind: Job
metadata:
  name: superset-job
  labels:
    app.kubernetes.io/component: job
spec:
  template:
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        fsGroupChangePolicy: "OnRootMismatch"
      restartPolicy: Never
      containers:
      - name: superset
        image: {{ DOCKER_IMAGE_SUPERSET }}
        env:
          - name: DATABASE_DIALECT
            value: "{{ SUPERSET_DB_DIALECT }}"
          - name: DATABASE_HOST
            value: "{{ SUPERSET_DB_HOST }}"
          - name: DATABASE_PORT
            value: "{{ SUPERSET_DB_PORT }}"
          - name: DATABASE_DB
            value: "{{ SUPERSET_DB_NAME }}"
          - name: DATABASE_PASSWORD
            value: "{{ SUPERSET_DB_PASSWORD }}"
          - name: DATABASE_USER
            value: "{{ SUPERSET_DB_USERNAME }}"
          - name: OAUTH2_CLIENT_ID
            value: "{{ SUPERSET_OAUTH2_CLIENT_ID }}"
          - name: OAUTH2_CLIENT_SECRET
            value: "{{ SUPERSET_OAUTH2_CLIENT_SECRET }}"
          - name: SECRET_KEY
            value: "{{ SUPERSET_SECRET_KEY }}"
          - name: PYTHONPATH
            value: "/app/pythonpath:/app/docker/pythonpath_dev"
          - name: REDIS_HOST
            value: "{{ REDIS_HOST }}"
          - name: REDIS_PORT
            value: "{{ REDIS_PORT }}"
          - name: REDIS_PASSWORD
            value: "{{ REDIS_PASSWORD }}"
          - name: FLASK_ENV
            value: "production"
          - name: SUPERSET_ENV
            value: "production"
          - name: SUPERSET_HOST
            value: "{{ SUPERSET_HOST }}"
          - name: SUPERSET_PORT
            value: "{{ SUPERSET_PORT }}"
          - name: OAUTH2_ACCESS_TOKEN_PATH
            value: "{{ SUPERSET_OAUTH2_ACCESS_TOKEN_PATH }}"
          - name: OAUTH2_AUTHORIZE_PATH
            value: "{{ SUPERSET_OAUTH2_AUTHORIZE_PATH }}"
          - name: OPENEDX_COURSES_LIST_PATH
            value: "{{ SUPERSET_OPENEDX_COURSES_LIST_PATH }}"
          - name: OPENEDX_LMS_ROOT_URL
            value: "{% if ENABLE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}"
        volumeMounts:
          - mountPath: /app/docker
            name: docker
          - mountPath: /app/pythonpath
            name: pythonpath
          - mountPath: /app/localization
            name: localization
          - mountPath: /app/security
            name: security
          - mountPath: /app/assets
            name: assets
      volumes:
        - name: docker
          configMap:
            name: superset-docker
        - name: pythonpath
          configMap:
            name: superset-pythonpath
        - name: localization
          configMap:
            name: superset-localization
        - name: security
          configMap:
            name: superset-security
        - name: assets
          persistentVolumeClaim:
            claimName: superset-assets

---
apiVersion: batch/v1
kind: Job
metadata:
  name: superset-worker-job
  labels:
    app.kubernetes.io/component: job
spec:
  template:
    spec:
      restartPolicy: Never
      containers:
        - name: superset-worker-job
          image: {{ DOCKER_IMAGE_SUPERSET }}
          env:
            - name: DATABASE_DIALECT
              value: "{{ SUPERSET_DB_DIALECT }}"
            - name: DATABASE_HOST
              value: "{{ SUPERSET_DB_HOST }}"
            - name: DATABASE_PORT
              value: "{{ SUPERSET_DB_PORT }}"
            - name: DATABASE_DB
              value: "{{ SUPERSET_DB_NAME }}"
            - name: DATABASE_PASSWORD
              value: "{{ SUPERSET_DB_PASSWORD }}"
            - name: DATABASE_USER
              value: "{{ SUPERSET_DB_USERNAME }}"
            - name: OAUTH2_CLIENT_ID
              value: "{{ SUPERSET_OAUTH2_CLIENT_ID }}"
            - name: OAUTH2_CLIENT_SECRET
              value: "{{ SUPERSET_OAUTH2_CLIENT_SECRET }}"
            - name: SECRET_KEY
              value: "{{ SUPERSET_SECRET_KEY }}"
            - name: PYTHONPATH
              value: "/app/pythonpath:/app/docker/pythonpath_dev"
            - name: REDIS_HOST
              value: "{{ REDIS_HOST }}"
            - name: REDIS_PORT
              value: "{{ REDIS_PORT }}"
            - name: REDIS_PASSWORD
              value: "{{ REDIS_PASSWORD }}"
            - name: FLASK_ENV
              value: "production"
            - name: SUPERSET_ENV
              value: "production"
            - name: SUPERSET_HOST
              value: "{{ SUPERSET_HOST }}"
            - name: SUPERSET_PORT
              value: "{{ SUPERSET_PORT }}"
            - name: OAUTH2_ACCESS_TOKEN_PATH
              value: "{{ SUPERSET_OAUTH2_ACCESS_TOKEN_PATH }}"
            - name: OAUTH2_AUTHORIZE_PATH
              value: "{{ SUPERSET_OAUTH2_AUTHORIZE_PATH }}"
            - name: OPENEDX_COURSES_LIST_PATH
              value: "{{ SUPERSET_OPENEDX_COURSES_LIST_PATH }}"
            - name: OPENEDX_LMS_ROOT_URL
              value: "{% if ENABLE_HTTPS %}https{% else %}http{% endif %}://{{ LMS_HOST }}"
          volumeMounts:
            - mountPath: /app/docker
              name: docker
            - mountPath: /app/pythonpath
              name: pythonpath
            - mountPath: /app/localization
              name: localization
            - mountPath: /app/security
              name: security
            - mountPath: /app/assets
              name: assets
      volumes:
        - name: docker
          configMap:
            name: superset-docker
        - name: pythonpath
          configMap:
            name: superset-pythonpath
        - name: localization
          configMap:
            name: superset-localization
        - name: security
          configMap:
            name: superset-security
        - name: assets
          persistentVolumeClaim:
            claimName: superset-assets
{% endif %}
