apiVersion: apps/v1 kind: Deployment metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetserver app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 name: puppetserver-master namespace: puppet spec: selector: matchLabels: app.kubernetes.io/component: puppetserver app.kubernetes.io/name: puppetserver strategy: type: RollingUpdate template: metadata: annotations: reloader.stakater.com/auto: "true" labels: app.kubernetes.io/component: puppetserver app.kubernetes.io/instance: puppetserver app.kubernetes.io/name: puppetserver app.kubernetes.io/version: 8.8.0 spec: hostname: puppet imagePullSecrets: null containers: - name: puppetserver image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent resources: limits: cpu: 2 memory: 3500Mi requests: cpu: 250m memory: 1024Mi ports: - containerPort: 8140 envFrom: - configMapRef: name: puppetserver-master-config livenessProbe: failureThreshold: 3 periodSeconds: 30 successThreshold: 1 tcpSocket: port: 8140 timeoutSeconds: 10 readinessProbe: failureThreshold: 3 httpGet: path: /status/v1/simple port: 8140 scheme: HTTPS periodSeconds: 60 successThreshold: 1 timeoutSeconds: 20 securityContext: allowPrivilegeEscalation: false capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all startupProbe: failureThreshold: 30 periodSeconds: 60 tcpSocket: port: 8140 volumeMounts: - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-storage - mountPath: /etc/puppetlabs/puppetserver/ca/ name: puppet-ca-storage - mountPath: /var/lib/puppet/keys/ name: eyaml-keys readOnly: true initContainers: - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh; chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh; chmod +x /etc/puppetlabs/puppet/check_for_masters.sh; bash /etc/puppetlabs/puppet/check_for_masters.sh; mkdir -p /etc/puppetlabs/code/environments; mkdir -p /etc/puppetlabs/puppet/manifests; chown -R puppet:puppet /etc/puppetlabs; mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/; touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde; chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/; command: - sh - -c envFrom: - configMapRef: name: puppetserver-init-config image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main imagePullPolicy: IfNotPresent name: perms-and-dirs resources: limits: cpu: 300m memory: 256Mi requests: cpu: 200m memory: 128Mi securityContext: capabilities: add: - CAP_CHOWN - CAP_SETUID - CAP_SETGID - CAP_DAC_OVERRIDE - CAP_AUDIT_WRITE - CAP_FOWNER - CHOWN - SETUID - SETGID - DAC_OVERRIDE - AUDIT_WRITE - FOWNER drop: - all runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /etc/puppetlabs/puppet/ name: puppet-puppet-storage - mountPath: /tmp/puppet/configmap/check_for_masters.sh name: init-masters-volume subPath: check_for_masters.sh securityContext: fsGroup: 999 volumes: - name: puppet-ca-storage persistentVolumeClaim: claimName: puppetserver-ca-claim - name: puppet-puppet-storage persistentVolumeClaim: claimName: puppetserver-puppet-claim - configMap: name: puppetserver-init-masters-config name: init-masters-volume - name: eyaml-keys secret: secretName: eyaml-keys defaultMode: 0600