Initialisation depot

arti-api/auth-service/pipeline/buildah-chart-override.yaml

@@ -0,0 +1,69 @@
+# buildah-chart-override.yaml
+# Override values for Drone chart to include signal-aware Buildah deployment
+
+# If using Helm charts, these values override the default deployment
+buildah-external:
+  enabled: true
+  replicaCount: 0  # Start with 0 replicas
+  
+  image:
+    repository: quay.io/buildah/stable
+    tag: latest
+    pullPolicy: IfNotPresent
+  
+  # Signal-aware command override
+  command: ["/bin/bash"]
+  args: ["-c", "trap 'echo Received SIGTERM, shutting down gracefully; exit 0' TERM; while true; do sleep 5 & wait $!; done"]
+  
+  # Security context
+  securityContext:
+    privileged: true
+    runAsUser: 0
+    capabilities:
+      add:
+      - SYS_ADMIN
+      - MKNOD
+      - SYS_CHROOT
+  
+  # Resource limits
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "100m"
+    limits:
+      memory: "2Gi"
+      cpu: "1000m"
+  
+  # Pod security and termination
+  podSecurityContext:
+    runAsUser: 0
+    fsGroup: 0
+  
+  # Graceful termination period
+  terminationGracePeriodSeconds: 10  # Reduced from default 30s
+  
+  # Service account
+  serviceAccount:
+    name: "drone-buildah-sa"
+  
+  # Environment variables
+  env:
+    - name: STORAGE_DRIVER
+      value: "vfs"
+    - name: BUILDAH_ISOLATION
+      value: "chroot"
+  
+  # Volumes
+  volumes:
+    - name: workspace
+      emptyDir:
+        sizeLimit: 2Gi
+    - name: buildah-storage
+      emptyDir:
+        sizeLimit: 2Gi
+  
+  volumeMounts:
+    - name: workspace
+      mountPath: /workspace
+    - name: buildah-storage
+      mountPath: /var/lib/containers