| 1234567891011121314151617181920212223242526272829303132333435363738394041 |
- apiVersion: batch/v1
- kind: Job
- metadata:
- name: nix-container-systemd
- annotations:
- # Setting spec.force to true will make Flux recreate the Job when any
- # immutable field is changed, forcing the Job to run every time the
- # container image tag changes.
- kustomize.toolkit.fluxcd.io/force: enabled
- spec:
- backoffLimit: 0
- template:
- spec:
- hostNetwork: true
- hostPID: true
- restartPolicy: Never
- containers:
- - command:
- - /bin/sh
- - -c
- - |
- nsenter --target "1" --mount --uts --ipc --net --pid --no-fork \
- /run/setuid-programs/sudo --user oleg --login bash <<'EOF'
- set -o nounset -o errexit -o pipefail -o xtrace
- kubectl --namespace=nix exec --stdin=true pod/runc-kube1-nix-builder -- runc exec -e TERM=screen-256color -e USER=oleg -u 1000:998 --additional-gids 131 nix-builder /usr/bin/env bash -l <<'EOL'
- cd "${HOME}/.local/share/chezmoi" || exit 1
- nix-shell -p skopeo --command 'make container-systemd-taskexecutor'
- EOL
- EOF
- image: docker-registry.wugi.info/library/util-linux-with-udev
- name: refresh
- resources:
- limits:
- cpu: 14000m
- memory: 4096Mi
- requests:
- cpu: 50m
- memory: 512Mi
- securityContext:
- privileged: true
|
