-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: Add fsGroupChangePolicy to cron jobs (#348)
Deployments already include the fsGroupChangePolicy OnRootMismatch when enabled. Cron jobs that use the same volumes also need this policy set to speed up pod startup. This is especially helpful when a volume contains a large amount of files.
- Loading branch information
1 parent
367f68d
commit 8c4437d
Showing
3 changed files
with
358 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
282 changes: 282 additions & 0 deletions
282
internal/templating/services/test-resources/cronjob/result-cli-2.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,282 @@ | ||
--- | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice | ||
lagoon.sh/service-type: cli | ||
lagoon.sh/template: cli-0.1.0 | ||
name: cronjob-myservice-my-cronjobbb | ||
spec: | ||
concurrencyPolicy: Forbid | ||
failedJobsHistoryLimit: 1 | ||
jobTemplate: | ||
metadata: | ||
creationTimestamp: null | ||
spec: | ||
template: | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/configMapSha: 32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273 | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice | ||
lagoon.sh/service-type: cli | ||
lagoon.sh/template: cli-0.1.0 | ||
spec: | ||
containers: | ||
- command: | ||
- /lagoon/cronjob.sh | ||
- sleep 300 | ||
env: | ||
- name: LAGOON_GIT_SHA | ||
value: "0" | ||
- name: SERVICE_NAME | ||
value: myservice | ||
envFrom: | ||
- configMapRef: | ||
name: lagoon-env | ||
image: harbor.example.com/example-project/environment-name/myservice@latest | ||
imagePullPolicy: Always | ||
name: cronjob-myservice-my-cronjobbb | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 10Mi | ||
securityContext: {} | ||
volumeMounts: | ||
- mountPath: /var/run/secrets/lagoon/sshkey/ | ||
name: lagoon-sshkey | ||
readOnly: true | ||
dnsConfig: | ||
options: | ||
- name: timeout | ||
value: "60" | ||
- name: attempts | ||
value: "10" | ||
enableServiceLinks: false | ||
imagePullSecrets: | ||
- name: lagoon-internal-registry-secret | ||
priorityClassName: lagoon-priority-production | ||
restartPolicy: Never | ||
securityContext: | ||
fsGroup: 10001 | ||
fsGroupChangePolicy: OnRootMismatch | ||
runAsGroup: 0 | ||
runAsUser: 10000 | ||
volumes: | ||
- name: lagoon-sshkey | ||
secret: | ||
defaultMode: 420 | ||
secretName: lagoon-sshkey | ||
schedule: 5 2 * * * | ||
startingDeadlineSeconds: 240 | ||
successfulJobsHistoryLimit: 0 | ||
status: {} | ||
--- | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice | ||
lagoon.sh/service-type: cli | ||
lagoon.sh/template: cli-0.1.0 | ||
name: cronjob-myservice-my-other-cronjobbb | ||
spec: | ||
concurrencyPolicy: Forbid | ||
failedJobsHistoryLimit: 1 | ||
jobTemplate: | ||
metadata: | ||
creationTimestamp: null | ||
spec: | ||
template: | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/configMapSha: 32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273 | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice | ||
lagoon.sh/service-type: cli | ||
lagoon.sh/template: cli-0.1.0 | ||
spec: | ||
containers: | ||
- command: | ||
- /lagoon/cronjob.sh | ||
- env | ||
env: | ||
- name: LAGOON_GIT_SHA | ||
value: "0" | ||
- name: SERVICE_NAME | ||
value: myservice | ||
envFrom: | ||
- configMapRef: | ||
name: lagoon-env | ||
image: harbor.example.com/example-project/environment-name/myservice@latest | ||
imagePullPolicy: Always | ||
name: cronjob-myservice-my-other-cronjobbb | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 10Mi | ||
securityContext: {} | ||
volumeMounts: | ||
- mountPath: /var/run/secrets/lagoon/sshkey/ | ||
name: lagoon-sshkey | ||
readOnly: true | ||
dnsConfig: | ||
options: | ||
- name: timeout | ||
value: "60" | ||
- name: attempts | ||
value: "10" | ||
enableServiceLinks: false | ||
imagePullSecrets: | ||
- name: lagoon-internal-registry-secret | ||
priorityClassName: lagoon-priority-production | ||
restartPolicy: Never | ||
securityContext: | ||
fsGroup: 10001 | ||
fsGroupChangePolicy: OnRootMismatch | ||
runAsGroup: 0 | ||
runAsUser: 10000 | ||
volumes: | ||
- name: lagoon-sshkey | ||
secret: | ||
defaultMode: 420 | ||
secretName: lagoon-sshkey | ||
schedule: 25 6 * * * | ||
startingDeadlineSeconds: 240 | ||
successfulJobsHistoryLimit: 0 | ||
status: {} | ||
--- | ||
apiVersion: batch/v1 | ||
kind: CronJob | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice-persist | ||
lagoon.sh/service-type: cli-persistent | ||
lagoon.sh/template: cli-persistent-0.1.0 | ||
name: cronjob-myservice-my-cronjobbb | ||
spec: | ||
concurrencyPolicy: Forbid | ||
failedJobsHistoryLimit: 1 | ||
jobTemplate: | ||
metadata: | ||
creationTimestamp: null | ||
spec: | ||
template: | ||
metadata: | ||
annotations: | ||
lagoon.sh/branch: environment-name | ||
lagoon.sh/configMapSha: 32bf1359ac92178c8909f0ef938257b477708aa0d78a5a15ad7c2d7919adf273 | ||
lagoon.sh/version: v2.x.x | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/managed-by: build-deploy-tool | ||
lagoon.sh/buildType: branch | ||
lagoon.sh/environment: environment-name | ||
lagoon.sh/environmentType: production | ||
lagoon.sh/project: example-project | ||
lagoon.sh/service: myservice-persist | ||
lagoon.sh/service-type: cli-persistent | ||
lagoon.sh/template: cli-persistent-0.1.0 | ||
spec: | ||
containers: | ||
- command: | ||
- /lagoon/cronjob.sh | ||
- sleep 300 | ||
env: | ||
- name: LAGOON_GIT_SHA | ||
value: "0" | ||
- name: SERVICE_NAME | ||
value: myservice-persist | ||
envFrom: | ||
- configMapRef: | ||
name: lagoon-env | ||
image: harbor.example.com/example-project/environment-name/myservice-persistent@latest | ||
imagePullPolicy: Always | ||
name: cronjob-myservice-my-cronjobbb | ||
resources: | ||
requests: | ||
cpu: 10m | ||
memory: 10Mi | ||
securityContext: {} | ||
volumeMounts: | ||
- mountPath: /var/run/secrets/lagoon/sshkey/ | ||
name: lagoon-sshkey | ||
readOnly: true | ||
- mountPath: /storage/data/php | ||
name: nginx-php-twig | ||
- mountPath: /storage/data | ||
name: nginx-php | ||
dnsConfig: | ||
options: | ||
- name: timeout | ||
value: "60" | ||
- name: attempts | ||
value: "10" | ||
enableServiceLinks: false | ||
imagePullSecrets: | ||
- name: lagoon-internal-registry-secret | ||
priorityClassName: lagoon-priority-production | ||
restartPolicy: Never | ||
securityContext: | ||
fsGroup: 10001 | ||
fsGroupChangePolicy: OnRootMismatch | ||
runAsGroup: 0 | ||
runAsUser: 10000 | ||
volumes: | ||
- name: lagoon-sshkey | ||
secret: | ||
defaultMode: 420 | ||
secretName: lagoon-sshkey | ||
- emptyDir: {} | ||
name: nginx-php-twig | ||
- name: nginx-php | ||
persistentVolumeClaim: | ||
claimName: nginx-php | ||
schedule: 5 2 * * * | ||
startingDeadlineSeconds: 240 | ||
successfulJobsHistoryLimit: 0 | ||
status: {} |