k8s-bootstrap.yaml
2.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
---
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-bootstrap-config
namespace: kube-system
data:
HOME: /tmp/cluster-home
SSH_CONFIG: |
StrictHostKeyChecking no
LogLevel VERBOSE
#-i /tmp/cluster-ssh/ssh-private-key
---
apiVersion: v1
kind: ConfigMap
metadata:
name: k8s-bootstrap-scripts
namespace: kube-system
data:
clone-start-of-day: |
#!/bin/sh
set -ex
# FIXME: don't hard-code this.
ls -alR $HOME
ssh -v git@gitlab.brainfood.com exit || true
git clone git@gitlab.brainfood.com:brainfood/k8s-start-of-day.git /tmp/git-storage/k8s-start-of-day
---
apiVersion: batch/v1
kind: Job
metadata:
name: k8s-bootstrap
namespace: kube-system
spec:
template:
spec:
restartPolicy: OnFailure
securityContext:
runAsUser: 1234
runAsGroup: 1234
fsGroup: 1234
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
volumes:
- name: k8s-bootstrap-ssh-config
configMap:
name: k8s-bootstrap-config
defaultMode: 0600
items:
- key: SSH_CONFIG
path: config
- name: k8s-bootstrap-ssh-auth
secret:
secretName: cluster-ssh
defaultMode: 0600
items:
- key: ssh-private-key
path: id_rsa
- name: k8s-bootstrap-scripts
configMap:
name: k8s-bootstrap-scripts
defaultMode: 0755
- name: cluster-home
emptyDir: {}
- name: cluster-ssh
emptyDir: {}
- name: git-storage
emptyDir: {}
initContainers:
- name: clone-k8s-start-of-day
image: bitnami/git
envFrom:
- configMapRef:
name: k8s-bootstrap-config
volumeMounts:
- name: k8s-bootstrap-scripts
mountPath: /tmp/k8s-bootstrap-scripts
- name: cluster-home
mountPath: /tmp/cluster-home
- name: cluster-ssh
mountPath: /tmp/cluster-home/.ssh
- name: k8s-bootstrap-ssh-auth
mountPath: /tmp/cluster-home/.ssh/id_rsa
subPath: id_rsa
- name: k8s-bootstrap-ssh-config
mountPath: /tmp/cluster-home/.ssh/config
subPath: config
- name: git-storage
mountPath: /tmp/git-storage
command: ["/tmp/k8s-bootstrap-scripts/clone-start-of-day"]
containers:
- name: show-status
image: bash
command: ["bash", "-ex", "ls -al /tmp"]
volumeMounts:
- name: git-storage
mountPath: /tmp/git-storage
---