--- apiVersion: batch/v1 kind: CronJob metadata: labels: app.kubernetes.io/component: r10k-code app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: g10k-code namespace: puppet spec: schedule: "*/1 * * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 jobTemplate: spec: template: metadata: labels: app.kubernetes.io/component: g10k-code app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: g10k-code imagePullSecrets: null initContainers: - name: fetch-config image: alpine/git:latest imagePullPolicy: IfNotPresent resources: requests: cpu: 50m memory: 64Mi limits: cpu: 100m memory: 128Mi args: - | set -e echo "Cloning r10k config repository..." git clone https://git.unkin.net/unkin/puppet-r10k.git /tmp/config cp /tmp/config/r10k.yaml /shared/r10k.yaml echo "r10k.yaml fetched successfully" command: - /bin/sh - -c securityContext: allowPrivilegeEscalation: false capabilities: drop: - all runAsGroup: 999 runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /shared name: shared-config containers: - name: g10k-code image: git.unkin.net/unkin/almalinux9-g10k:20260308 imagePullPolicy: IfNotPresent resources: requests: cpu: 100m memory: 128Mi limits: cpu: 200m memory: 256Mi args: - -config - /shared/r10k.yaml command: - /usr/bin/g10k envFrom: null env: [] securityContext: allowPrivilegeEscalation: false capabilities: drop: - all runAsGroup: 999 runAsNonRoot: true runAsUser: 999 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /shared name: shared-config restartPolicy: OnFailure securityContext: fsGroup: 999 volumes: - name: puppet-code-volume persistentVolumeClaim: claimName: puppetserver-code-shared - name: shared-config persistentVolumeClaim: claimName: puppetserver-shared-config