chore: tidy initContainers (#65)

- make initcontainers easier to read/follow

Reviewed-on: #65
This commit was merged in pull request #65.
This commit is contained in:
2026-03-21 17:16:07 +11:00
parent ee9ec23f6f
commit 47bd341371
3 changed files with 57 additions and 49 deletions
+22 -17
View File
@@ -84,12 +84,8 @@ spec:
command: command:
- sh - sh
- -c - -c
args:
- mkdir -p /opt/puppetlabs/server/data/puppetdb/logs && chown 999:999 /opt/puppetlabs/server/data/puppetdb/logs - mkdir -p /opt/puppetlabs/server/data/puppetdb/logs && chown 999:999 /opt/puppetlabs/server/data/puppetdb/logs
volumeMounts:
- mountPath: /opt/puppetlabs/server/data/puppetdb
name: puppetdb-storage
securityContext:
runAsUser: 0
resources: resources:
limits: limits:
cpu: 20m cpu: 20m
@@ -97,18 +93,25 @@ spec:
requests: requests:
cpu: 20m cpu: 20m
memory: 32Mi memory: 32Mi
- command: securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /opt/puppetlabs/server/data/puppetdb
name: puppetdb-storage
- name: pgchecker
image: docker.io/busybox:1.37
imagePullPolicy: IfNotPresent
command:
- sh - sh
- -c - -c
args:
- | - |
echo 'Waiting for PostgreSQL to become ready...' echo 'Waiting for PostgreSQL to become ready...'
until printf "." && nc -z -w 2 puppet-postgres-pooler 5432; do until printf "." && nc -z -w 2 puppet-postgres-pooler 5432; do
sleep 2; sleep 2;
done; done;
echo 'PostgreSQL OK ✓' echo 'PostgreSQL OK ✓'
image: docker.io/busybox:1.37
imagePullPolicy: IfNotPresent
name: pgchecker
resources: resources:
limits: limits:
cpu: 20m cpu: 20m
@@ -117,22 +120,24 @@ spec:
cpu: 20m cpu: 20m
memory: 32Mi memory: 32Mi
securityContext: securityContext:
allowPrivilegeEscalation: false runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 allowPrivilegeEscalation: false
- command:
- name: wait-puppetserver
image: curlimages/curl:8.11.1
imagePullPolicy: IfNotPresent
command:
- sh - sh
- -c - -c
args:
- | - |
echo 'Waiting for puppetserver to become ready...' echo 'Waiting for puppetserver to become ready...'
until printf "." && curl --silent --fail --insecure 'https://puppetca:8140/status/v1/simple' | grep -q '^running$'; do until printf "." && curl --silent --fail --insecure 'https://puppetca:8140/status/v1/simple' | grep -q '^running$'; do
sleep 2; sleep 2;
done; done;
echo 'Puppetserver OK ✓' echo 'Puppetserver OK ✓'
image: curlimages/curl:8.11.1
imagePullPolicy: IfNotPresent
name: wait-puppetserver
resources: resources:
limits: limits:
cpu: 20m cpu: 20m
@@ -141,10 +146,10 @@ spec:
cpu: 20m cpu: 20m
memory: 32Mi memory: 32Mi
securityContext: securityContext:
allowPrivilegeEscalation: false runAsUser: 1000
runAsGroup: 1000 runAsGroup: 1000
runAsNonRoot: true runAsNonRoot: true
runAsUser: 1000 allowPrivilegeEscalation: false
volumes: volumes:
- name: puppetdb-storage - name: puppetdb-storage
persistentVolumeClaim: persistentVolumeClaim:
@@ -128,25 +128,26 @@ spec:
- mountPath: /configmaps/autosign.conf - mountPath: /configmaps/autosign.conf
name: compiler-autosign-conf name: compiler-autosign-conf
subPath: autosign.conf subPath: autosign.conf
- args:
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys; - name: perms-and-dirs
mkdir -p /etc/puppetlabs/code/environments; image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
mkdir -p /etc/puppetlabs/puppet/manifests; imagePullPolicy: IfNotPresent
chown -R puppet:puppet /etc/puppetlabs;
chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml;
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/;
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde;
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/;
command: command:
- sh - sh
- -c - -c
args:
- |
mkdir -p /etc/puppetlabs/puppet/eyaml/keys
mkdir -p /etc/puppetlabs/code/environments
mkdir -p /etc/puppetlabs/puppet/manifests
chown -R puppet:puppet /etc/puppetlabs
chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/
env: env:
- name: PUPPETSERVER_JAVA_ARGS - name: PUPPETSERVER_JAVA_ARGS
value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
envFrom: null
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
imagePullPolicy: IfNotPresent
name: perms-and-dirs
resources: resources:
limits: limits:
cpu: 300m cpu: 300m
@@ -155,6 +156,8 @@ spec:
cpu: 200m cpu: 200m
memory: 128Mi memory: 128Mi
securityContext: securityContext:
runAsUser: 0
runAsNonRoot: false
capabilities: capabilities:
add: add:
- CAP_CHOWN - CAP_CHOWN
@@ -171,13 +174,12 @@ spec:
- FOWNER - FOWNER
drop: drop:
- all - all
runAsNonRoot: false
runAsUser: 0
volumeMounts: volumeMounts:
- mountPath: /etc/puppetlabs/code/ - mountPath: /etc/puppetlabs/code/
name: puppet-code-volume name: puppet-code-volume
- mountPath: /etc/puppetlabs/puppet/ - mountPath: /etc/puppetlabs/puppet/
name: puppet-puppet-volume name: puppet-puppet-volume
- name: setup-shared-bins - name: setup-shared-bins
image: git.unkin.net/unkin/almalinux9-base:20260308 image: git.unkin.net/unkin/almalinux9-base:20260308
command: command:
@@ -99,27 +99,28 @@ spec:
name: vault-ca-cert name: vault-ca-cert
subPath: ca.crt subPath: ca.crt
initContainers: initContainers:
- args: - name: perms-and-dirs
- mkdir -p /etc/puppetlabs/puppet/eyaml/keys; image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh; imagePullPolicy: IfNotPresent
chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh;
chmod +x /etc/puppetlabs/puppet/check_for_masters.sh;
bash /etc/puppetlabs/puppet/check_for_masters.sh;
mkdir -p /etc/puppetlabs/code/environments;
mkdir -p /etc/puppetlabs/puppet/manifests;
chown -R puppet:puppet /etc/puppetlabs;
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/;
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde;
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/;
command: command:
- sh - sh
- -c - -c
args:
- |
mkdir -p /etc/puppetlabs/puppet/eyaml/keys
cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh
chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh
chmod +x /etc/puppetlabs/puppet/check_for_masters.sh
bash /etc/puppetlabs/puppet/check_for_masters.sh
mkdir -p /etc/puppetlabs/code/environments
mkdir -p /etc/puppetlabs/puppet/manifests
chown -R puppet:puppet /etc/puppetlabs
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/
envFrom: envFrom:
- configMapRef: - configMapRef:
name: puppetserver-init-config name: puppetserver-init-config
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
imagePullPolicy: IfNotPresent
name: perms-and-dirs
resources: resources:
limits: limits:
cpu: 300m cpu: 300m
@@ -128,6 +129,8 @@ spec:
cpu: 200m cpu: 200m
memory: 128Mi memory: 128Mi
securityContext: securityContext:
runAsUser: 0
runAsNonRoot: false
capabilities: capabilities:
add: add:
- CAP_CHOWN - CAP_CHOWN
@@ -144,8 +147,6 @@ spec:
- FOWNER - FOWNER
drop: drop:
- all - all
runAsNonRoot: false
runAsUser: 0
volumeMounts: volumeMounts:
- mountPath: /etc/puppetlabs/puppet/ - mountPath: /etc/puppetlabs/puppet/
name: puppet-puppet-storage name: puppet-puppet-storage