From 2d16c35a3c806bcacef3919aced374704a2ba61c Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Tue, 24 Mar 2026 18:51:21 +1100 Subject: [PATCH] fix: remove shared-config PVC from g10k cronjob, clone r10k config directly The RWO puppetserver-shared-config PVC caused multi-attach errors when the cronjob pod was scheduled on a different node than the previous run, stalling the init container indefinitely. Since the config only needs to exist for the duration of the job, remove the init container and PVC entirely and clone the r10k config directly into /shared within the main container before running g10k. --- apps/base/puppet/cronjob_g10k-code.yaml | 50 ++++---------------- apps/base/puppet/persistentvolumeclaims.yaml | 18 ------- 2 files changed, 9 insertions(+), 59 deletions(-) diff --git a/apps/base/puppet/cronjob_g10k-code.yaml b/apps/base/puppet/cronjob_g10k-code.yaml index 8c02521..c20ce49 100644 --- a/apps/base/puppet/cronjob_g10k-code.yaml +++ b/apps/base/puppet/cronjob_g10k-code.yaml @@ -26,38 +26,6 @@ spec: spec: hostname: g10k-code imagePullSecrets: null - initContainers: - - name: fetch-config - image: alpine/git:latest - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 50m - memory: 64Mi - limits: - cpu: 100m - memory: 128Mi - args: - - | - set -e - echo "Cloning r10k config repository..." - git clone https://git.unkin.net/unkin/puppet-r10k.git /tmp/config - cp /tmp/config/r10k.yaml /shared/r10k.yaml - echo "r10k.yaml fetched successfully" - command: - - /bin/sh - - -c - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - all - runAsGroup: 999 - runAsNonRoot: true - runAsUser: 999 - volumeMounts: - - mountPath: /shared - name: shared-config containers: - name: g10k-code image: git.unkin.net/unkin/almalinux9-g10k:20260308 @@ -69,11 +37,16 @@ spec: limits: cpu: 200m memory: 256Mi - args: - - -config - - /shared/r10k.yaml command: - - /usr/bin/g10k + - /bin/sh + - -c + args: + - | + set -e + echo "Cloning r10k config repository..." + git clone https://git.unkin.net/unkin/puppet-r10k.git /shared + echo "Running g10k..." + /usr/bin/g10k -config /shared/r10k.yaml envFrom: null env: [] securityContext: @@ -87,8 +60,6 @@ spec: volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - - mountPath: /shared - name: shared-config restartPolicy: OnFailure securityContext: fsGroup: 999 @@ -96,6 +67,3 @@ spec: - name: puppet-code-volume persistentVolumeClaim: claimName: puppetserver-code-shared - - name: shared-config - persistentVolumeClaim: - claimName: puppetserver-shared-config diff --git a/apps/base/puppet/persistentvolumeclaims.yaml b/apps/base/puppet/persistentvolumeclaims.yaml index f6bd3c5..0efa284 100644 --- a/apps/base/puppet/persistentvolumeclaims.yaml +++ b/apps/base/puppet/persistentvolumeclaims.yaml @@ -73,24 +73,6 @@ spec: --- apiVersion: v1 kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/component: r10k-shared-config - app.kubernetes.io/instance: puppetserver - app.kubernetes.io/name: puppetserver - app.kubernetes.io/version: 8.8.0 - name: puppetserver-shared-config - namespace: puppet -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: cephrbd-fast-delete ---- -apiVersion: v1 -kind: PersistentVolumeClaim metadata: labels: app.kubernetes.io/component: puppetboard -- 2.47.3