chore: tidy initContainers (#65)
- make initcontainers easier to read/follow Reviewed-on: #65
This commit was merged in pull request #65.
This commit is contained in:
@@ -84,12 +84,8 @@ spec:
|
|||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
args:
|
||||||
- mkdir -p /opt/puppetlabs/server/data/puppetdb/logs && chown 999:999 /opt/puppetlabs/server/data/puppetdb/logs
|
- mkdir -p /opt/puppetlabs/server/data/puppetdb/logs && chown 999:999 /opt/puppetlabs/server/data/puppetdb/logs
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /opt/puppetlabs/server/data/puppetdb
|
|
||||||
name: puppetdb-storage
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 20m
|
cpu: 20m
|
||||||
@@ -97,18 +93,25 @@ spec:
|
|||||||
requests:
|
requests:
|
||||||
cpu: 20m
|
cpu: 20m
|
||||||
memory: 32Mi
|
memory: 32Mi
|
||||||
- command:
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /opt/puppetlabs/server/data/puppetdb
|
||||||
|
name: puppetdb-storage
|
||||||
|
|
||||||
|
- name: pgchecker
|
||||||
|
image: docker.io/busybox:1.37
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
args:
|
||||||
- |
|
- |
|
||||||
echo 'Waiting for PostgreSQL to become ready...'
|
echo 'Waiting for PostgreSQL to become ready...'
|
||||||
until printf "." && nc -z -w 2 puppet-postgres-pooler 5432; do
|
until printf "." && nc -z -w 2 puppet-postgres-pooler 5432; do
|
||||||
sleep 2;
|
sleep 2;
|
||||||
done;
|
done;
|
||||||
echo 'PostgreSQL OK ✓'
|
echo 'PostgreSQL OK ✓'
|
||||||
image: docker.io/busybox:1.37
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
name: pgchecker
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 20m
|
cpu: 20m
|
||||||
@@ -117,22 +120,24 @@ spec:
|
|||||||
cpu: 20m
|
cpu: 20m
|
||||||
memory: 32Mi
|
memory: 32Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
runAsUser: 1000
|
||||||
runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
runAsUser: 1000
|
allowPrivilegeEscalation: false
|
||||||
- command:
|
|
||||||
|
- name: wait-puppetserver
|
||||||
|
image: curlimages/curl:8.11.1
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
args:
|
||||||
- |
|
- |
|
||||||
echo 'Waiting for puppetserver to become ready...'
|
echo 'Waiting for puppetserver to become ready...'
|
||||||
until printf "." && curl --silent --fail --insecure 'https://puppetca:8140/status/v1/simple' | grep -q '^running$'; do
|
until printf "." && curl --silent --fail --insecure 'https://puppetca:8140/status/v1/simple' | grep -q '^running$'; do
|
||||||
sleep 2;
|
sleep 2;
|
||||||
done;
|
done;
|
||||||
echo 'Puppetserver OK ✓'
|
echo 'Puppetserver OK ✓'
|
||||||
image: curlimages/curl:8.11.1
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
name: wait-puppetserver
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 20m
|
cpu: 20m
|
||||||
@@ -141,10 +146,10 @@ spec:
|
|||||||
cpu: 20m
|
cpu: 20m
|
||||||
memory: 32Mi
|
memory: 32Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
runAsUser: 1000
|
||||||
runAsGroup: 1000
|
runAsGroup: 1000
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
runAsUser: 1000
|
allowPrivilegeEscalation: false
|
||||||
volumes:
|
volumes:
|
||||||
- name: puppetdb-storage
|
- name: puppetdb-storage
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
|
|||||||
@@ -128,25 +128,26 @@ spec:
|
|||||||
- mountPath: /configmaps/autosign.conf
|
- mountPath: /configmaps/autosign.conf
|
||||||
name: compiler-autosign-conf
|
name: compiler-autosign-conf
|
||||||
subPath: autosign.conf
|
subPath: autosign.conf
|
||||||
- args:
|
|
||||||
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
- name: perms-and-dirs
|
||||||
mkdir -p /etc/puppetlabs/code/environments;
|
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
|
||||||
mkdir -p /etc/puppetlabs/puppet/manifests;
|
imagePullPolicy: IfNotPresent
|
||||||
chown -R puppet:puppet /etc/puppetlabs;
|
|
||||||
chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml;
|
|
||||||
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/;
|
|
||||||
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde;
|
|
||||||
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/;
|
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
mkdir -p /etc/puppetlabs/puppet/eyaml/keys
|
||||||
|
mkdir -p /etc/puppetlabs/code/environments
|
||||||
|
mkdir -p /etc/puppetlabs/puppet/manifests
|
||||||
|
chown -R puppet:puppet /etc/puppetlabs
|
||||||
|
chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml
|
||||||
|
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/
|
||||||
|
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde
|
||||||
|
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/
|
||||||
env:
|
env:
|
||||||
- name: PUPPETSERVER_JAVA_ARGS
|
- name: PUPPETSERVER_JAVA_ARGS
|
||||||
value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
|
value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
|
||||||
envFrom: null
|
|
||||||
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
name: perms-and-dirs
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 300m
|
cpu: 300m
|
||||||
@@ -155,6 +156,8 @@ spec:
|
|||||||
cpu: 200m
|
cpu: 200m
|
||||||
memory: 128Mi
|
memory: 128Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsNonRoot: false
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- CAP_CHOWN
|
- CAP_CHOWN
|
||||||
@@ -171,13 +174,12 @@ spec:
|
|||||||
- FOWNER
|
- FOWNER
|
||||||
drop:
|
drop:
|
||||||
- all
|
- all
|
||||||
runAsNonRoot: false
|
|
||||||
runAsUser: 0
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/puppetlabs/code/
|
- mountPath: /etc/puppetlabs/code/
|
||||||
name: puppet-code-volume
|
name: puppet-code-volume
|
||||||
- mountPath: /etc/puppetlabs/puppet/
|
- mountPath: /etc/puppetlabs/puppet/
|
||||||
name: puppet-puppet-volume
|
name: puppet-puppet-volume
|
||||||
|
|
||||||
- name: setup-shared-bins
|
- name: setup-shared-bins
|
||||||
image: git.unkin.net/unkin/almalinux9-base:20260308
|
image: git.unkin.net/unkin/almalinux9-base:20260308
|
||||||
command:
|
command:
|
||||||
|
|||||||
@@ -99,27 +99,28 @@ spec:
|
|||||||
name: vault-ca-cert
|
name: vault-ca-cert
|
||||||
subPath: ca.crt
|
subPath: ca.crt
|
||||||
initContainers:
|
initContainers:
|
||||||
- args:
|
- name: perms-and-dirs
|
||||||
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys;
|
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
|
||||||
cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh;
|
imagePullPolicy: IfNotPresent
|
||||||
chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh;
|
|
||||||
chmod +x /etc/puppetlabs/puppet/check_for_masters.sh;
|
|
||||||
bash /etc/puppetlabs/puppet/check_for_masters.sh;
|
|
||||||
mkdir -p /etc/puppetlabs/code/environments;
|
|
||||||
mkdir -p /etc/puppetlabs/puppet/manifests;
|
|
||||||
chown -R puppet:puppet /etc/puppetlabs;
|
|
||||||
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/;
|
|
||||||
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde;
|
|
||||||
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/;
|
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- -c
|
- -c
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
mkdir -p /etc/puppetlabs/puppet/eyaml/keys
|
||||||
|
cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh
|
||||||
|
chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh
|
||||||
|
chmod +x /etc/puppetlabs/puppet/check_for_masters.sh
|
||||||
|
bash /etc/puppetlabs/puppet/check_for_masters.sh
|
||||||
|
mkdir -p /etc/puppetlabs/code/environments
|
||||||
|
mkdir -p /etc/puppetlabs/puppet/manifests
|
||||||
|
chown -R puppet:puppet /etc/puppetlabs
|
||||||
|
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/
|
||||||
|
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde
|
||||||
|
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: puppetserver-init-config
|
name: puppetserver-init-config
|
||||||
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
|
|
||||||
imagePullPolicy: IfNotPresent
|
|
||||||
name: perms-and-dirs
|
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpu: 300m
|
cpu: 300m
|
||||||
@@ -128,6 +129,8 @@ spec:
|
|||||||
cpu: 200m
|
cpu: 200m
|
||||||
memory: 128Mi
|
memory: 128Mi
|
||||||
securityContext:
|
securityContext:
|
||||||
|
runAsUser: 0
|
||||||
|
runAsNonRoot: false
|
||||||
capabilities:
|
capabilities:
|
||||||
add:
|
add:
|
||||||
- CAP_CHOWN
|
- CAP_CHOWN
|
||||||
@@ -144,8 +147,6 @@ spec:
|
|||||||
- FOWNER
|
- FOWNER
|
||||||
drop:
|
drop:
|
||||||
- all
|
- all
|
||||||
runAsNonRoot: false
|
|
||||||
runAsUser: 0
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/puppetlabs/puppet/
|
- mountPath: /etc/puppetlabs/puppet/
|
||||||
name: puppet-puppet-storage
|
name: puppet-puppet-storage
|
||||||
|
|||||||
Reference in New Issue
Block a user