| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 |
- apiVersion: batch/v1
- kind: Job
- metadata:
- name: kaniko
- annotations:
- # Setting spec.force to true will make Flux recreate the Job when any
- # immutable field is changed, forcing the Job to run.
- kustomize.toolkit.fluxcd.io/force: enabled
- spec:
- template:
- spec:
- initContainers:
- - name: copy-workspace
- image: busybox
- command: ["/bin/cp"]
- args:
- - "-r" # Recurse
- - "-L" # Follow all symlinks
- - "/mnt/workspace"
- - "/"
- volumeMounts:
- - name: dockerfile-storage
- mountPath: /mnt/workspace/build.sh
- subPath: build.sh
- - name: dockerfile-storage
- mountPath: /mnt/workspace/Dockerfile
- subPath: Dockerfile
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/bin/entrypoint
- subPath: entrypoint
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/systemd/user/foot.service
- subPath: foot.service
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/systemd/user/idea.service
- subPath: idea.service
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/systemd/user/pycharm.service
- subPath: pycharm.service
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/systemd/user/vscode.service
- subPath: vscode.service
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/systemd/user/firefox.service
- subPath: firefox.service
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/home/oleg/.config/aichat/config.yaml
- subPath: aichat.yaml
- - name: dockerfile-storage
- mountPath: /mnt/workspace/rootfs/etc/systemd/system/getty@tty10.service.d/autologin.conf
- subPath: autologin.conf
- - name: workspace
- mountPath: /workspace
- resources:
- limits:
- cpu: 10m
- memory: 10Mi
- requests:
- cpu: 10m
- memory: 10Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 1000
- runAsGroup: 998
- - name: chmod-hooks
- image: busybox
- command: ["/bin/sh"]
- args:
- - "-xc"
- - |
- chmod +x /workspace/build.sh /workspace/rootfs/bin/entrypoint
- volumeMounts:
- - name: workspace
- mountPath: /workspace
- resources:
- limits:
- cpu: 10m
- memory: 10Mi
- requests:
- cpu: 10m
- memory: 10Mi
- securityContext:
- capabilities:
- drop:
- - ALL
- readOnlyRootFilesystem: true
- runAsNonRoot: true
- runAsUser: 1000
- runAsGroup: 998
- containers:
- - name: kaniko
- image: gcr.io/kaniko-project/executor:v1.23.2
- args:
- - "--push-retry=10"
- - "--destination=harbor.home.wugi.info/library/archlinux-systemd:316b4536" # git rev-parse HEAD | cut -c -8
- volumeMounts:
- - name: kaniko-secret
- mountPath: /kaniko/.docker
- - name: workspace
- mountPath: /workspace
- restartPolicy: Never
- volumes:
- - name: kaniko-secret
- secret:
- secretName: regcred
- items:
- - key: .dockerconfigjson
- path: config.json
- - name: dockerfile-storage
- configMap:
- name: data
- - name: workspace
- emptyDir:
- sizeLimit: 300M
- backoffLimit: 0
|
