diff --git a/kube/cockroachdb.libsonnet b/kube/cockroachdb.libsonnet index c5d2e351..a62e79c3 100644 --- a/kube/cockroachdb.libsonnet +++ b/kube/cockroachdb.libsonnet @@ -240,17 +240,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; mountPath: "/cockroach/cockroach-data", }, { - name: "cockroachdb-node-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/node.crt", subPath: "tls.crt", }, { - name: "cockroachdb-node-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/node.key", subPath: "tls.key", }, { - name: "cockroachdb-node-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/ca.crt", subPath: "ca.crt", }, @@ -272,11 +272,11 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; emptyDir: {}, }, { - name: "cockroachdb-node-cert", + name: "certs", secret: { secretName: crdb.pki.nodeCertificate.spec.secretName, - defaultMode: kube.parseOctal("400") - } + defaultMode: kube.parseOctal("400"), + }, }, ], }, @@ -309,17 +309,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; ], volumeMounts: [ { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/ca.crt", subPath: "ca.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.crt", subPath: "tls.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.key", subPath: "tls.key", }, @@ -343,17 +343,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; ], volumeMounts: [ { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/ca.crt", subPath: "ca.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.crt", subPath: "tls.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.key", subPath: "tls.key", }, @@ -363,7 +363,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; restartPolicy: "OnFailure", volumes: [ { - name: "cockroachdb-client-cert", + name: "certs", secret: { secretName: crdb.pki.clientCertificate.spec.secretName, defaultMode: kube.parseOctal("400") @@ -378,6 +378,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; clientPod: kube.Pod(crdb.makeName("cockroachdb-client")) { metadata+: crdb.metadata, spec: { + terminationGracePeriodSeconds: 5, containers: [ kube.Container("cockroachdb-client") { image: cfg.image, @@ -387,17 +388,17 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; command: ["sleep", "2147483648"], //(FIXME) keep the client pod running indefinitely volumeMounts: [ { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/ca.crt", subPath: "ca.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.crt", subPath: "tls.crt", }, { - name: "cockroachdb-client-cert", + name: "certs", mountPath: "/cockroach/cockroach-certs/client.root.key", subPath: "tls.key", }, @@ -406,7 +407,7 @@ local cm = import "../cluster/kube/lib/cert-manager.libsonnet"; ], volumes: [ { - name: "cockroachdb-client-cert", + name: "certs", secret: { secretName: crdb.pki.clientCertificate.spec.secretName, defaultMode: kube.parseOctal("400")