fix: remove shared-config PVC from g10k cronjob, clone r10k config directly (#75)

The RWO puppetserver-shared-config PVC caused multi-attach errors when
the cronjob pod was scheduled on a different node than the previous run,
stalling the init container indefinitely. Since the config only needs to
exist for the duration of the job, remove the init container and PVC
entirely and clone the r10k config directly into /shared within the main
container before running g10k.

Reviewed-on: #75
This commit was merged in pull request #75.
This commit is contained in:
2026-03-24 18:54:58 +11:00
parent 49224d4a1b
commit 1388875685
2 changed files with 9 additions and 59 deletions
+9 -41
View File
@@ -26,38 +26,6 @@ spec:
spec: spec:
hostname: g10k-code hostname: g10k-code
imagePullSecrets: null imagePullSecrets: null
initContainers:
- name: fetch-config
image: alpine/git:latest
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /tmp/config
cp /tmp/config/r10k.yaml /shared/r10k.yaml
echo "r10k.yaml fetched successfully"
command:
- /bin/sh
- -c
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
runAsGroup: 999
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /shared
name: shared-config
containers: containers:
- name: g10k-code - name: g10k-code
image: git.unkin.net/unkin/almalinux9-g10k:20260308 image: git.unkin.net/unkin/almalinux9-g10k:20260308
@@ -69,11 +37,16 @@ spec:
limits: limits:
cpu: 200m cpu: 200m
memory: 256Mi memory: 256Mi
args:
- -config
- /shared/r10k.yaml
command: command:
- /usr/bin/g10k - /bin/sh
- -c
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /shared
echo "Running g10k..."
/usr/bin/g10k -config /shared/r10k.yaml
envFrom: null envFrom: null
env: [] env: []
securityContext: securityContext:
@@ -87,8 +60,6 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /etc/puppetlabs/code/ - mountPath: /etc/puppetlabs/code/
name: puppet-code-volume name: puppet-code-volume
- mountPath: /shared
name: shared-config
restartPolicy: OnFailure restartPolicy: OnFailure
securityContext: securityContext:
fsGroup: 999 fsGroup: 999
@@ -96,6 +67,3 @@ spec:
- name: puppet-code-volume - name: puppet-code-volume
persistentVolumeClaim: persistentVolumeClaim:
claimName: puppetserver-code-shared claimName: puppetserver-code-shared
- name: shared-config
persistentVolumeClaim:
claimName: puppetserver-shared-config
@@ -73,24 +73,6 @@ spec:
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: r10k-shared-config
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetserver-shared-config
namespace: puppet
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: cephrbd-fast-delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata: metadata:
labels: labels:
app.kubernetes.io/component: puppetboard app.kubernetes.io/component: puppetboard