fix: remove shared-config PVC from g10k cronjob, clone r10k config directly
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/kubeconform Pipeline was successful

The RWO puppetserver-shared-config PVC caused multi-attach errors when
the cronjob pod was scheduled on a different node than the previous run,
stalling the init container indefinitely. Since the config only needs to
exist for the duration of the job, remove the init container and PVC
entirely and clone the r10k config directly into /shared within the main
container before running g10k.
This commit is contained in:
2026-03-24 18:51:21 +11:00
parent 28dc8dc238
commit 2d16c35a3c
2 changed files with 9 additions and 59 deletions
+9 -41
View File
@@ -26,38 +26,6 @@ spec:
spec:
hostname: g10k-code
imagePullSecrets: null
initContainers:
- name: fetch-config
image: alpine/git:latest
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /tmp/config
cp /tmp/config/r10k.yaml /shared/r10k.yaml
echo "r10k.yaml fetched successfully"
command:
- /bin/sh
- -c
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
runAsGroup: 999
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /shared
name: shared-config
containers:
- name: g10k-code
image: git.unkin.net/unkin/almalinux9-g10k:20260308
@@ -69,11 +37,16 @@ spec:
limits:
cpu: 200m
memory: 256Mi
args:
- -config
- /shared/r10k.yaml
command:
- /usr/bin/g10k
- /bin/sh
- -c
args:
- |
set -e
echo "Cloning r10k config repository..."
git clone https://git.unkin.net/unkin/puppet-r10k.git /shared
echo "Running g10k..."
/usr/bin/g10k -config /shared/r10k.yaml
envFrom: null
env: []
securityContext:
@@ -87,8 +60,6 @@ spec:
volumeMounts:
- mountPath: /etc/puppetlabs/code/
name: puppet-code-volume
- mountPath: /shared
name: shared-config
restartPolicy: OnFailure
securityContext:
fsGroup: 999
@@ -96,6 +67,3 @@ spec:
- name: puppet-code-volume
persistentVolumeClaim:
claimName: puppetserver-code-shared
- name: shared-config
persistentVolumeClaim:
claimName: puppetserver-shared-config
@@ -73,24 +73,6 @@ spec:
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: r10k-shared-config
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetserver-shared-config
namespace: puppet
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: cephrbd-fast-delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/component: puppetboard