jobs: drop apk installs and prefer arm64
This commit is contained in:
parent
f4c6827c8c
commit
a9351bc737
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: longhorn-settings-ensure-3
|
||||
name: longhorn-settings-ensure-4
|
||||
namespace: longhorn-system
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -28,7 +28,7 @@ spec:
|
||||
operator: Exists
|
||||
containers:
|
||||
- name: apply
|
||||
image: docker.io/alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/scripts/longhorn_settings_ensure.sh"]
|
||||
volumeMounts:
|
||||
- name: longhorn-settings-ensure-script
|
||||
|
||||
@ -2,7 +2,6 @@
|
||||
set -eu
|
||||
|
||||
# Longhorn blocks direct CR patches for some settings; use the internal API instead.
|
||||
apk add --no-cache curl >/dev/null
|
||||
|
||||
api_base="http://longhorn-backend.longhorn-system.svc:9500/v1/settings"
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: actual-oidc-secret-ensure-1
|
||||
name: actual-oidc-secret-ensure-2
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -40,7 +40,7 @@ spec:
|
||||
operator: Exists
|
||||
containers:
|
||||
- name: apply
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/scripts/actual_oidc_secret_ensure.sh"]
|
||||
volumeMounts:
|
||||
- name: actual-oidc-secret-ensure-script
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: harbor-oidc-secret-ensure-8
|
||||
name: harbor-oidc-secret-ensure-9
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -40,9 +40,9 @@ spec:
|
||||
operator: Exists
|
||||
containers:
|
||||
- name: apply
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/scripts/harbor_oidc_secret_ensure.sh"]
|
||||
volumeMounts:
|
||||
- name: harbor-oidc-secret-ensure-script
|
||||
mountPath: /scripts
|
||||
readOnly: true
|
||||
readOnly: true
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: logs-oidc-secret-ensure-8
|
||||
name: logs-oidc-secret-ensure-9
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -25,14 +25,12 @@ spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: apply
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
apk add --no-cache curl jq openssl >/dev/null
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
ACCESS_TOKEN=""
|
||||
for attempt in 1 2 3 4 5; do
|
||||
|
||||
@ -10,7 +10,7 @@ imagePullSecrets:
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: mas-secrets-ensure-18
|
||||
name: mas-secrets-ensure-19
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -32,19 +32,21 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: mas-secrets-ensure
|
||||
restartPolicy: Never
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: arm64
|
||||
node-role.kubernetes.io/worker: "true"
|
||||
volumes:
|
||||
- name: work
|
||||
emptyDir: {}
|
||||
initContainers:
|
||||
- name: generate
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
umask 077
|
||||
apk add --no-cache curl openssl jq >/dev/null
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
ACCESS_TOKEN=""
|
||||
@ -124,4 +126,4 @@ spec:
|
||||
-d "${payload}" "${vault_addr}/v1/kv/data/atlas/comms/mas-secrets-runtime" >/dev/null
|
||||
volumeMounts:
|
||||
- name: work
|
||||
mountPath: /work
|
||||
mountPath: /work
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
|
||||
apk add --no-cache curl jq >/dev/null
|
||||
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
|
||||
apk add --no-cache curl jq kubectl >/dev/null
|
||||
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
|
||||
@ -1,8 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
set -euo pipefail
|
||||
|
||||
apk add --no-cache curl jq kubectl >/dev/null
|
||||
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: synapse-oidc-secret-ensure-8
|
||||
name: synapse-oidc-secret-ensure-9
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -25,14 +25,12 @@ spec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
- name: apply
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
. /vault/secrets/keycloak-admin-env.sh
|
||||
apk add --no-cache curl jq >/dev/null
|
||||
|
||||
KC_URL="http://keycloak.sso.svc.cluster.local"
|
||||
ACCESS_TOKEN=""
|
||||
for attempt in 1 2 3 4 5; do
|
||||
@ -82,4 +80,4 @@ spec:
|
||||
curl -sS -X POST -H "X-Vault-Token: ${vault_token}" \
|
||||
-d "${payload}" "${vault_addr}/v1/kv/data/atlas/comms/synapse-oidc" >/dev/null
|
||||
volumeMounts:
|
||||
volumes:
|
||||
volumes:
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: vault-oidc-secret-ensure-5
|
||||
name: vault-oidc-secret-ensure-6
|
||||
namespace: sso
|
||||
spec:
|
||||
backoffLimit: 0
|
||||
@ -40,9 +40,9 @@ spec:
|
||||
operator: Exists
|
||||
containers:
|
||||
- name: apply
|
||||
image: alpine:3.20
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
command: ["/scripts/vault_oidc_secret_ensure.sh"]
|
||||
volumeMounts:
|
||||
- name: vault-oidc-secret-ensure-script
|
||||
mountPath: /scripts
|
||||
readOnly: true
|
||||
readOnly: true
|
||||
|
||||
@ -17,6 +17,8 @@ spec:
|
||||
restartPolicy: OnFailure
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
kubernetes.io/arch: arm64
|
||||
node-role.kubernetes.io/worker: "true"
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: Exists
|
||||
|
||||
@ -16,6 +16,9 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: pod-cleaner
|
||||
restartPolicy: Never
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: arm64
|
||||
node-role.kubernetes.io/worker: "true"
|
||||
containers:
|
||||
- name: cleaner
|
||||
image: bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user