fix: remove shared-config PVC from g10k cronjob, clone r10k config directly (#75)

The RWO puppetserver-shared-config PVC caused multi-attach errors when
the cronjob pod was scheduled on a different node than the previous run,
stalling the init container indefinitely. Since the config only needs to
exist for the duration of the job, remove the init container and PVC
entirely and clone the r10k config directly into /shared within the main
container before running g10k.

Reviewed-on: #75
This commit was merged in pull request #75.
This commit is contained in:
2026-03-24 18:54:58 +11:00
parent 49224d4a1b
commit 1388875685
2 changed files with 9 additions and 59 deletions
+9 -41
View File
@@ -26,38 +26,6 @@ spec:
spec:
hostname: g10k-code
imagePullSecrets: null
initContainers:
- name: fetch-config
image: alpine/git:latest
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /tmp/config
cp /tmp/config/r10k.yaml /shared/r10k.yaml
echo "r10k.yaml fetched successfully"
command:
- /bin/sh
- -c
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
runAsGroup: 999
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /shared
name: shared-config
containers:
- name: g10k-code
image: git.unkin.net/unkin/almalinux9-g10k:20260308
@@ -69,11 +37,16 @@ spec:
limits:
cpu: 200m
memory: 256Mi
args:
- -config
- /shared/r10k.yaml
command:
- /usr/bin/g10k
- /bin/sh
- -c
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /shared
echo "Running g10k..."
/usr/bin/g10k -config /shared/r10k.yaml
envFrom: null
env: []
securityContext:
@@ -87,8 +60,6 @@ spec:
volumeMounts:
- mountPath: /etc/puppetlabs/code/
name: puppet-code-volume
- mountPath: /shared
name: shared-config
restartPolicy: OnFailure
securityContext:
fsGroup: 999
@@ -96,6 +67,3 @@ spec:
- name: puppet-code-volume
persistentVolumeClaim:
claimName: puppetserver-code-shared
- name: shared-config
persistentVolumeClaim:
claimName: puppetserver-shared-config