forked from hswaw/hscloud
add grace period for client pod, rename volume mounts
This commit is contained in:
parent
5dfd4cc799
commit
fae3a9d514
1 changed files with 18 additions and 17 deletions
|
@ -240,17 +240,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
mountPath: "/cockroach/cockroach-data",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-node-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/node.crt",
|
||||
subPath: "tls.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-node-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/node.key",
|
||||
subPath: "tls.key",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-node-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/ca.crt",
|
||||
subPath: "ca.crt",
|
||||
},
|
||||
|
@ -272,11 +272,11 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
emptyDir: {},
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-node-cert",
|
||||
name: "certs",
|
||||
secret: {
|
||||
secretName: crdb.pki.nodeCertificate.spec.secretName,
|
||||
defaultMode: kube.parseOctal("400")
|
||||
}
|
||||
defaultMode: kube.parseOctal("400"),
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
|
@ -309,17 +309,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
],
|
||||
volumeMounts: [
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/ca.crt",
|
||||
subPath: "ca.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.crt",
|
||||
subPath: "tls.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.key",
|
||||
subPath: "tls.key",
|
||||
},
|
||||
|
@ -343,17 +343,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
],
|
||||
volumeMounts: [
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/ca.crt",
|
||||
subPath: "ca.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.crt",
|
||||
subPath: "tls.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.key",
|
||||
subPath: "tls.key",
|
||||
},
|
||||
|
@ -363,7 +363,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
restartPolicy: "OnFailure",
|
||||
volumes: [
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
secret: {
|
||||
secretName: crdb.pki.clientCertificate.spec.secretName,
|
||||
defaultMode: kube.parseOctal("400")
|
||||
|
@ -378,6 +378,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
clientPod: kube.Pod(crdb.makeName("cockroachdb-client")) {
|
||||
metadata+: crdb.metadata,
|
||||
spec: {
|
||||
terminationGracePeriodSeconds: 5,
|
||||
containers: [
|
||||
kube.Container("cockroachdb-client") {
|
||||
image: cfg.image,
|
||||
|
@ -387,17 +388,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
command: ["sleep", "2147483648"], //(FIXME) keep the client pod running indefinitely
|
||||
volumeMounts: [
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/ca.crt",
|
||||
subPath: "ca.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.crt",
|
||||
subPath: "tls.crt",
|
||||
},
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
mountPath: "/cockroach/cockroach-certs/client.root.key",
|
||||
subPath: "tls.key",
|
||||
},
|
||||
|
@ -406,7 +407,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet";
|
|||
],
|
||||
volumes: [
|
||||
{
|
||||
name: "cockroachdb-client-cert",
|
||||
name: "certs",
|
||||
secret: {
|
||||
secretName: crdb.pki.clientCertificate.spec.secretName,
|
||||
defaultMode: kube.parseOctal("400")
|
||||
|
|
Loading…
Reference in a new issue