apiVersion: apps/v1 kind: Deployment metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: puppetserver-compiler namespace: puppet spec: selector: matchLabels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/name: puppetserver template: metadata: labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: puppetserver-compiler imagePullSecrets: null containers: - name: puppetserver image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent resources: limits: cpu: 2 memory: 3072Mi requests: cpu: 500m memory: 1024Mi ports: - containerPort: 8140 name: puppetserver envFrom: - configMapRef: name: puppetserver-compiler-config env: - name: OPENVOXSERVER_HOSTNAME valueFrom: fieldRef: fieldPath: metadata.name livenessProbe: failureThreshold: 3 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8140 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /status/v1/simple port: 8140 scheme: HTTPS periodSeconds: 60 successThreshold: 1 timeoutSeconds: 20 securityContext: allowPrivilegeEscalation: false capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all startupProbe: failureThreshold: 30 periodSeconds: 15 tcpSocket: port: 8140 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true - mountPath: /opt/bin/ name: puppet-shared-bins - mountPath: /opt/vault-ca-cert.crt name: vault-ca-cert subPath: ca.crt - mountPath: /docker-custom-entrypoint.d/post-startup/additional-ruby-gems.sh name: additional-ruby-gems subPath: additional-ruby-gems.sh initContainers: - name: copy-configmaps image: busybox:1.35 command: - sh - -c args: - | echo "Copying configmap files to shared volume..." mkdir -p /etc/puppetlabs/puppet cp /configmaps/puppet.conf /etc/puppetlabs/puppet/puppet.conf cp /configmaps/puppetdb.conf /etc/puppetlabs/puppet/puppetdb.conf cp /configmaps/autosign.conf /etc/puppetlabs/puppet/autosign.conf echo "Configmap files copied successfully" volumeMounts: - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - mountPath: /configmaps/puppet.conf name: compiler-puppet-conf subPath: puppet.conf - mountPath: /configmaps/puppetdb.conf name: compiler-puppetdb-conf subPath: puppetdb.conf - mountPath: /configmaps/autosign.conf name: compiler-autosign-conf subPath: autosign.conf - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; mkdir -p /etc/puppetlabs/code/environments; mkdir -p /etc/puppetlabs/puppet/manifests; chown -R puppet:puppet /etc/puppetlabs; chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml; mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/; touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde; chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/; command: - sh - -c env: - name: PUPPETSERVER_JAVA_ARGS value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false envFrom: null image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent name: perms-and-dirs resources: limits: cpu: 300m memory: 256Mi requests: cpu: 200m memory: 128Mi securityContext: capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - name: setup-shared-bins image: git.unkin.net/unkin/almalinux9-base:20260308 command: - sh - -c args: - | echo "Setting up shared binaries..." mkdir -p /opt/bin mkdir -p /opt/bin/.cache/uv # Copy cobbler to shared bin volume cp /configmaps/cobbler-enc /opt/bin/cobbler-enc chmod +x /opt/bin/cobbler-enc # Install uv to shared bin volume cd /tmp wget -O uv-x86_64-unknown-linux-gnu.tar.gz https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github/astral-sh/uv/releases/download/0.9.20/uv-x86_64-unknown-linux-gnu.tar.gz tar xf uv-x86_64-unknown-linux-gnu.tar.gz cp uv-x86_64-unknown-linux-gnu/uv /opt/bin/uv chmod +x /opt/bin/uv echo "Shared binaries setup completed" volumeMounts: - mountPath: /opt/bin/ name: puppet-shared-bins - mountPath: /configmaps/cobbler-enc name: puppet-cobbler-enc subPath: cobbler-enc securityContext: fsGroup: 999 volumes: - name: puppet-code-volume persistentVolumeClaim: claimName: puppetserver-code-shared - name: puppet-puppet-volume persistentVolumeClaim: claimName: puppetserver-compiler-config-shared - name: eyaml-keys secret: secretName: eyaml-keys defaultMode: 0600 - name: compiler-puppet-conf configMap: name: compiler-puppet.conf - name: compiler-puppetdb-conf configMap: name: compiler-puppetdb.conf - name: compiler-autosign-conf configMap: name: compiler-autosign.conf - name: puppet-cobbler-enc configMap: name: puppet-cobbler-enc - name: puppet-shared-bins persistentVolumeClaim: claimName: puppet-shared-bins - name: vault-ca-cert secret: secretName: vault-ca-cert - name: additional-ruby-gems configMap: name: additional-ruby-gems defaultMode: 0755 strategy: type: RollingUpdate