Files
argocd-apps/apps/base/puppet/deployment_puppetserver-master.yaml
unkinben 47bd341371 chore: tidy initContainers (#65)
- make initcontainers easier to read/follow

Reviewed-on: #65
2026-03-21 17:16:07 +11:00

178 lines
5.6 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
reloader.stakater.com/auto: "true"
labels:
app.kubernetes.io/component: puppetserver
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
name: puppetserver-master
namespace: puppet
spec:
selector:
matchLabels:
app.kubernetes.io/component: puppetserver
app.kubernetes.io/name: puppetserver
strategy:
type: RollingUpdate
template:
metadata:
annotations:
reloader.stakater.com/auto: "true"
labels:
app.kubernetes.io/component: puppetserver
app.kubernetes.io/instance: puppetserver
app.kubernetes.io/name: puppetserver
app.kubernetes.io/version: 8.8.0
spec:
hostname: puppet
imagePullSecrets: null
containers:
- name: puppetserver
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 2
memory: 3500Mi
requests:
cpu: 250m
memory: 1024Mi
ports:
- containerPort: 8140
name: puppetserver
envFrom:
- configMapRef:
name: puppetserver-master-config
livenessProbe:
failureThreshold: 3
periodSeconds: 30
successThreshold: 1
tcpSocket:
port: 8140
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /status/v1/simple
port: 8140
scheme: HTTPS
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 20
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- CAP_CHOWN
- CAP_SETUID
- CAP_SETGID
- CAP_DAC_OVERRIDE
- CAP_AUDIT_WRITE
- CAP_FOWNER
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
- AUDIT_WRITE
- FOWNER
drop:
- all
startupProbe:
failureThreshold: 30
periodSeconds: 60
tcpSocket:
port: 8140
volumeMounts:
- mountPath: /etc/puppetlabs/puppet/
name: puppet-puppet-storage
- mountPath: /etc/puppetlabs/puppetserver/ca/
name: puppet-ca-storage
- mountPath: /var/lib/puppet/keys/
name: eyaml-keys
readOnly: true
- mountPath: /opt/bin/
name: puppet-shared-bins
- mountPath: /opt/vault-ca-cert.crt
name: vault-ca-cert
subPath: ca.crt
initContainers:
- name: perms-and-dirs
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-main
imagePullPolicy: IfNotPresent
command:
- sh
- -c
args:
- |
mkdir -p /etc/puppetlabs/puppet/eyaml/keys
cp /tmp/puppet/configmap/check_for_masters.sh /etc/puppetlabs/puppet/check_for_masters.sh
chown puppet:puppet /etc/puppetlabs/puppet/check_for_masters.sh
chmod +x /etc/puppetlabs/puppet/check_for_masters.sh
bash /etc/puppetlabs/puppet/check_for_masters.sh
mkdir -p /etc/puppetlabs/code/environments
mkdir -p /etc/puppetlabs/puppet/manifests
chown -R puppet:puppet /etc/puppetlabs
mkdir -p /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/
touch /opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde
chown puppet:puppet -R /opt/puppetlabs/server/data/puppetserver/
envFrom:
- configMapRef:
name: puppetserver-init-config
resources:
limits:
cpu: 300m
memory: 256Mi
requests:
cpu: 200m
memory: 128Mi
securityContext:
runAsUser: 0
runAsNonRoot: false
capabilities:
add:
- CAP_CHOWN
- CAP_SETUID
- CAP_SETGID
- CAP_DAC_OVERRIDE
- CAP_AUDIT_WRITE
- CAP_FOWNER
- CHOWN
- SETUID
- SETGID
- DAC_OVERRIDE
- AUDIT_WRITE
- FOWNER
drop:
- all
volumeMounts:
- mountPath: /etc/puppetlabs/puppet/
name: puppet-puppet-storage
- mountPath: /tmp/puppet/configmap/check_for_masters.sh
name: init-masters-volume
subPath: check_for_masters.sh
securityContext:
fsGroup: 999
volumes:
- name: puppet-ca-storage
persistentVolumeClaim:
claimName: puppetserver-ca-claim
- name: puppet-puppet-storage
persistentVolumeClaim:
claimName: puppetserver-puppet-claim
- configMap:
name: puppetserver-init-masters-config
name: init-masters-volume
- name: eyaml-keys
secret:
secretName: eyaml-keys
defaultMode: 0600
- name: puppet-shared-bins
persistentVolumeClaim:
claimName: puppet-shared-bins
- name: vault-ca-cert
secret:
secretName: vault-ca-cert