apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/component: puppetdb app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: puppetdb namespace: puppet spec: selector: matchLabels: app.kubernetes.io/component: puppetdb app.kubernetes.io/name: puppetserver strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 template: metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetdb app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: puppetdb imagePullSecrets: null containers: - name: puppetdb image: ghcr.io/openvoxproject/openvoxdb:8.9.0-main imagePullPolicy: IfNotPresent resources: limits: cpu: 1 memory: 1536Mi requests: cpu: 250m memory: 512Mi ports: - containerPort: 8080 name: pdb-http - containerPort: 8081 name: pdb-https envFrom: - configMapRef: name: puppetdb-config env: - name: OPENVOXDB_POSTGRES_PASSWORD valueFrom: secretKeyRef: key: password name: postgres-credentials - name: OPENVOXDB_POSTGRES_USER valueFrom: secretKeyRef: key: username name: postgres-credentials securityContext: allowPrivilegeEscalation: false capabilities: add: - CAP_FOWNER - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE drop: - all volumeMounts: - mountPath: /opt/puppetlabs/server/data/puppetdb name: puppetdb-storage initContainers: - name: create-log-dir image: docker.io/busybox:1.37 command: - sh - -c args: - mkdir -p /opt/puppetlabs/server/data/puppetdb/logs && chown 999:999 /opt/puppetlabs/server/data/puppetdb/logs resources: limits: cpu: 20m memory: 32Mi requests: cpu: 20m memory: 32Mi securityContext: runAsUser: 0 volumeMounts: - mountPath: /opt/puppetlabs/server/data/puppetdb name: puppetdb-storage - name: pgchecker image: docker.io/busybox:1.37 imagePullPolicy: IfNotPresent command: - sh - -c args: - | echo 'Waiting for PostgreSQL to become ready...' until printf "." && nc -z -w 2 puppet-postgres-pooler 5432; do sleep 2; done; echo 'PostgreSQL OK ✓' resources: limits: cpu: 20m memory: 32Mi requests: cpu: 20m memory: 32Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false - name: wait-puppetserver image: curlimages/curl:8.11.1 imagePullPolicy: IfNotPresent command: - sh - -c args: - | echo 'Waiting for puppetserver to become ready...' until printf "." && curl --silent --fail --insecure 'https://puppetca:8140/status/v1/simple' | grep -q '^running$'; do sleep 2; done; echo 'Puppetserver OK ✓' resources: limits: cpu: 20m memory: 32Mi requests: cpu: 20m memory: 32Mi securityContext: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true allowPrivilegeEscalation: false volumes: - name: puppetdb-storage persistentVolumeClaim: claimName: puppetserver-puppetdb-claim