Fix tiller kubernetes client caching
The cache dir could no longer be written to when readOnlyRootFilesystem went into effect [0]. This adds a configurable volume/mount for the cache dir. [0]: https://review.opendev.org/#/c/703881/ Change-Id: I63a7c8575041aa3c6fd523213f8dffb0542fb0e5
This commit is contained in:
parent
1d9d645a5e
commit
f688313341
@ -31,6 +31,8 @@ httpGet:
|
|||||||
{{- if .Values.manifests.deployment_tiller }}
|
{{- if .Values.manifests.deployment_tiller }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
{{- $serviceAccountName := "tiller-deploy" }}
|
{{- $serviceAccountName := "tiller-deploy" }}
|
||||||
|
{{- $mounts_tiller := .Values.pod.mounts.tiller.tiller }}
|
||||||
|
|
||||||
{{ tuple $envAll "tiller_deploy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
{{ tuple $envAll "tiller_deploy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
@ -89,6 +91,8 @@ spec:
|
|||||||
value: {{ .Values.Name }}
|
value: {{ .Values.Name }}
|
||||||
- name: TILLER_HISTORY_MAX
|
- name: TILLER_HISTORY_MAX
|
||||||
value: {{ .Values.deployment.tiller_history | quote }}
|
value: {{ .Values.deployment.tiller_history | quote }}
|
||||||
|
volumeMounts:
|
||||||
|
{{ toYaml $mounts_tiller.volumeMounts | indent 12 }}
|
||||||
command:
|
command:
|
||||||
- /tiller
|
- /tiller
|
||||||
{{- if .Values.conf.tiller.storage }}
|
{{- if .Values.conf.tiller.storage }}
|
||||||
@ -120,5 +124,7 @@ spec:
|
|||||||
protocol: TCP
|
protocol: TCP
|
||||||
{{ dict "envAll" $envAll "component" "tiller" "container" "tiller" "type" "readiness" "probeTemplate" (include "tillerReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
{{ dict "envAll" $envAll "component" "tiller" "container" "tiller" "type" "readiness" "probeTemplate" (include "tillerReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
||||||
{{ dict "envAll" $envAll "component" "tiller" "container" "tiller" "type" "liveness" "probeTemplate" (include "tillerLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
{{ dict "envAll" $envAll "component" "tiller" "container" "tiller" "type" "liveness" "probeTemplate" (include "tillerLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | trim | indent 10 }}
|
||||||
|
volumes:
|
||||||
|
{{ toYaml $mounts_tiller.volumes | indent 8 }}
|
||||||
status: {}
|
status: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -89,7 +89,17 @@ pod:
|
|||||||
requests:
|
requests:
|
||||||
memory: "128Mi"
|
memory: "128Mi"
|
||||||
cpu: "100m"
|
cpu: "100m"
|
||||||
|
mounts:
|
||||||
|
tiller:
|
||||||
|
tiller:
|
||||||
|
volumes:
|
||||||
|
- name: kubernetes-client-cache
|
||||||
|
emptyDir: {}
|
||||||
|
volumeMounts:
|
||||||
|
- name: kubernetes-client-cache
|
||||||
|
# Should be the `$HOME/.kube` of the `runAsUser` above
|
||||||
|
# as this is where tiller's kubernetes client roots its cache dir.
|
||||||
|
mountPath: /tmp/.kube
|
||||||
network_policy:
|
network_policy:
|
||||||
tiller:
|
tiller:
|
||||||
ingress:
|
ingress:
|
||||||
|
Loading…
Reference in New Issue
Block a user