# buildah-chart-override.yaml
# Override values for Drone chart to include signal-aware Buildah deployment

# If using Helm charts, these values override the default deployment
buildah-external:
  enabled: true
  replicaCount: 0  # Start with 0 replicas
  
  image:
    repository: quay.io/buildah/stable
    tag: latest
    pullPolicy: IfNotPresent
  
  # Signal-aware command override
  command: ["/bin/bash"]
  args: ["-c", "trap 'echo Received SIGTERM, shutting down gracefully; exit 0' TERM; while true; do sleep 5 & wait $!; done"]
  
  # Security context
  securityContext:
    privileged: true
    runAsUser: 0
    capabilities:
      add:
      - SYS_ADMIN
      - MKNOD
      - SYS_CHROOT
  
  # Resource limits
  resources:
    requests:
      memory: "256Mi"
      cpu: "100m"
    limits:
      memory: "2Gi"
      cpu: "1000m"
  
  # Pod security and termination
  podSecurityContext:
    runAsUser: 0
    fsGroup: 0
  
  # Graceful termination period
  terminationGracePeriodSeconds: 10  # Reduced from default 30s
  
  # Service account
  serviceAccount:
    name: "drone-buildah-sa"
  
  # Environment variables
  env:
    - name: STORAGE_DRIVER
      value: "vfs"
    - name: BUILDAH_ISOLATION
      value: "chroot"
  
  # Volumes
  volumes:
    - name: workspace
      emptyDir:
        sizeLimit: 2Gi
    - name: buildah-storage
      emptyDir:
        sizeLimit: 2Gi
  
  volumeMounts:
    - name: workspace
      mountPath: /workspace
    - name: buildah-storage
      mountPath: /var/lib/containers