feat(common): block host docker-compose and create hostpatch initcontainer (#1961)

* feat(common): block host docker-compose and create hostpatch initcontainer

* dont fail deployment in failure, only spawn error

* rename file

* technically this is a feature
This commit is contained in:
Kjeld Schouten-Lebbing 2022-02-24 23:39:23 +01:00 committed by GitHub
parent d8efe941d4
commit 7d9c554d8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 17 deletions

View File

@ -15,4 +15,4 @@ maintainers:
name: common
sources: null
type: library
version: 8.16.1
version: 8.17.0

View File

@ -0,0 +1,15 @@
{{/*
This template serves as the blueprint for the mountPermissions job that is run
before chart installation.
*/}}
{{- define "common.controller.hostpatch" -}}
- name: hostpatch
image: {{ .Values.alpineImage.repository }}:{{ .Values.alpineImage.tag }}
securityContext:
runAsUser: 0
privileged: true
command:
- "/bin/sh"
- "-c"
- ( sysctl -w fs.inotify.max_user_watches=524288 || echo "error setting inotify") && ( sysctl -w fs.inotify.max_user_instances=512 || echo "error setting inotify")&& ( chmod -x /usr/bin/docker-compose || echo "error locking docker-compose") && ( chmod -x /bin/docker-compose || echo "error locking docker-compose" )
{{- end -}}

View File

@ -1,15 +0,0 @@
{{/*
This template serves as the blueprint for the mountPermissions job that is run
before chart installation.
*/}}
{{- define "common.controller.inotify" -}}
- name: inotify
image: {{ .Values.alpineImage.repository }}:{{ .Values.alpineImage.tag }}
securityContext:
runAsUser: 0
privileged: true
command:
- "/bin/sh"
- "-c"
- "sysctl -w fs.inotify.max_user_watches=524288 && sysctl -w fs.inotify.max_user_instances=512 "
{{- end -}}

View File

@ -51,7 +51,7 @@ terminationGracePeriodSeconds: {{ . }}
{{- end }}
initContainers:
{{- include "common.controller.autopermissions" . | nindent 2 }}
{{- include "common.controller.inotify" . | nindent 2 }}
{{- include "common.controller.hostpatch" . | nindent 2 }}
{{- include "common.dependencies.postgresql.init" . | nindent 2 }}
{{- if .Release.IsInstall }}
{{- if .Values.installContainers }}