apiVersion: apps/v1 kind: StatefulSet metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: puppetserver-compiler namespace: puppet spec: podManagementPolicy: OrderedReady selector: matchLabels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/name: puppetserver serviceName: puppet-headless template: metadata: labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: puppetserver-compiler imagePullSecrets: null containers: - name: puppetserver image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent resources: limits: cpu: 2 memory: 3072Mi requests: cpu: 500m memory: 1024Mi ports: - containerPort: 8140 envFrom: null env: - name: OPENVOXSERVER_HOSTNAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPENVOXSERVER_PORT value: "8140" - name: DNS_ALT_NAMES value: puppetserver-compiler-0,puppetserver-compiler-1,puppetserver-compiler-2,puppetserver-compiler-3,puppetserver-compiler-4,puppet-headless,puppet,puppet.k8s.syd1.au.unkin.net - name: OPENVOXDB_SERVER_URLS value: https://puppetdb:8081 - name: CA_ENABLED value: "false" - name: CA_HOSTNAME value: puppetca - name: CA_PORT value: "8140" - name: PUPPETSERVER_JAVA_ARGS value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false livenessProbe: failureThreshold: 3 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8140 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /status/v1/simple port: 8140 scheme: HTTPS periodSeconds: 60 successThreshold: 1 timeoutSeconds: 20 securityContext: allowPrivilegeEscalation: false capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all startupProbe: failureThreshold: 30 periodSeconds: 15 tcpSocket: port: 8140 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true initContainers: - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; mkdir -p /etc/puppetlabs/code/environments; mkdir -p /etc/puppetlabs/puppet/manifests; chown -R puppet:puppet /etc/puppetlabs; chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml; mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/; touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde; chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/; command: - sh - -c env: - name: PUPPETSERVER_JAVA_ARGS value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false envFrom: null image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent name: perms-and-dirs resources: limits: cpu: 300m memory: 256Mi requests: cpu: 200m memory: 128Mi securityContext: capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume securityContext: fsGroup: 999 volumes: - name: puppet-code-volume persistentVolumeClaim: claimName: puppetserver-code-shared - name: eyaml-keys secret: secretName: eyaml-keys defaultMode: 0600 updateStrategy: type: RollingUpdate volumeClaimTemplates: - metadata: annotations: null name: puppet-puppet-volume spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: cephrbd-fast-delete