69 lines
1.5 KiB
YAML
69 lines
1.5 KiB
YAML
# buildah-chart-override.yaml
|
|
# Override values for Drone chart to include signal-aware Buildah deployment
|
|
|
|
# If using Helm charts, these values override the default deployment
|
|
buildah-external:
|
|
enabled: true
|
|
replicaCount: 0 # Start with 0 replicas
|
|
|
|
image:
|
|
repository: quay.io/buildah/stable
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
|
|
# Signal-aware command override
|
|
command: ["/bin/bash"]
|
|
args: ["-c", "trap 'echo Received SIGTERM, shutting down gracefully; exit 0' TERM; while true; do sleep 5 & wait $!; done"]
|
|
|
|
# Security context
|
|
securityContext:
|
|
privileged: true
|
|
runAsUser: 0
|
|
capabilities:
|
|
add:
|
|
- SYS_ADMIN
|
|
- MKNOD
|
|
- SYS_CHROOT
|
|
|
|
# Resource limits
|
|
resources:
|
|
requests:
|
|
memory: "256Mi"
|
|
cpu: "100m"
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
|
|
# Pod security and termination
|
|
podSecurityContext:
|
|
runAsUser: 0
|
|
fsGroup: 0
|
|
|
|
# Graceful termination period
|
|
terminationGracePeriodSeconds: 10 # Reduced from default 30s
|
|
|
|
# Service account
|
|
serviceAccount:
|
|
name: "drone-buildah-sa"
|
|
|
|
# Environment variables
|
|
env:
|
|
- name: STORAGE_DRIVER
|
|
value: "vfs"
|
|
- name: BUILDAH_ISOLATION
|
|
value: "chroot"
|
|
|
|
# Volumes
|
|
volumes:
|
|
- name: workspace
|
|
emptyDir:
|
|
sizeLimit: 2Gi
|
|
- name: buildah-storage
|
|
emptyDir:
|
|
sizeLimit: 2Gi
|
|
|
|
volumeMounts:
|
|
- name: workspace
|
|
mountPath: /workspace
|
|
- name: buildah-storage
|
|
mountPath: /var/lib/containers |