apiVersion: apps/v1 kind: Deployment metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: puppetserver-compiler namespace: puppet spec: selector: matchLabels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/name: puppetserver template: metadata: labels: app.kubernetes.io/component: puppetserver-compilers app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: puppetserver-compiler imagePullSecrets: null containers: - name: puppetserver image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent resources: limits: cpu: 2 memory: 3072Mi requests: cpu: 500m memory: 1024Mi ports: - containerPort: 8140 name: puppetserver envFrom: - configMapRef: name: puppetserver-compiler-config env: - name: OPENVOXSERVER_HOSTNAME valueFrom: fieldRef: fieldPath: metadata.name livenessProbe: failureThreshold: 3 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8140 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /status/v1/simple port: 8140 scheme: HTTPS periodSeconds: 60 successThreshold: 1 timeoutSeconds: 20 securityContext: allowPrivilegeEscalation: false capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all startupProbe: failureThreshold: 30 periodSeconds: 15 tcpSocket: port: 8140 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true initContainers: - name: copy-configmaps image: busybox:1.35 command: - sh - -c args: - | echo "Copying configmap files to shared volume..." mkdir -p /etc/puppetlabs/puppet cp /configmaps/puppet.conf /etc/puppetlabs/puppet/puppet.conf cp /configmaps/puppetdb.conf /etc/puppetlabs/puppet/puppetdb.conf cp /configmaps/autosign.conf /etc/puppetlabs/puppet/autosign.conf cp /configmaps/cobbler-enc /etc/puppetlabs/puppet/cobbler-enc chmod +x /etc/puppetlabs/puppet/cobbler-enc echo "Configmap files copied successfully" volumeMounts: - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume - mountPath: /configmaps/puppet.conf name: compiler-puppet-conf subPath: puppet.conf - mountPath: /configmaps/puppetdb.conf name: compiler-puppetdb-conf subPath: puppetdb.conf - mountPath: /configmaps/autosign.conf name: compiler-autosign-conf subPath: autosign.conf - mountPath: /configmaps/cobbler-enc name: puppet-cobbler-enc subPath: cobbler-enc - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; mkdir -p /etc/puppetlabs/code/environments; mkdir -p /etc/puppetlabs/puppet/manifests; chown -R puppet:puppet /etc/puppetlabs; chown puppet:puppet /etc/puppetlabs/puppet/r10k.yaml; mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/; touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde; chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/; command: - sh - -c env: - name: PUPPETSERVER_JAVA_ARGS value: -Xms1024m -Xmx3072m -Dcom.sun.management.jmxremote.port=31000 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false envFrom: null image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent name: perms-and-dirs resources: limits: cpu: 300m memory: 256Mi requests: cpu: 200m memory: 128Mi securityContext: capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /etc/puppetlabs/code/ name: puppet-code-volume - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-volume securityContext: fsGroup: 999 volumes: - name: puppet-code-volume persistentVolumeClaim: claimName: puppetserver-code-shared - name: puppet-puppet-volume persistentVolumeClaim: claimName: puppetserver-compiler-config-shared - name: eyaml-keys secret: secretName: eyaml-keys defaultMode: 0600 - name: compiler-puppet-conf configMap: name: compiler-puppet.conf - name: compiler-puppetdb-conf configMap: name: compiler-puppetdb.conf - name: compiler-autosign-conf configMap: name: compiler-autosign.conf - name: puppet-cobbler-enc configMap: name: puppet-cobbler-enc strategy: type: RollingUpdate