update

Author: Marcel Zapf

chart/templates/pvc.yaml

@@ -1,14 +1,15 @@
+---
 apiVersion: apps/v1
-kind: Deployment
+kind: StatefulSet
 metadata:
-  name: {{ .Release.Name }}-deployment
+  name: {{ .Release.Name }}
 spec:
+  serviceName: {{ .Release.Name }}-headless
   replicas: {{ .Values.replicaCount }}
-  strategy:
+  updateStrategy:
     type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 1
-      maxSurge: 0
   selector:
     matchLabels:
       app: {{ .Release.Name }}
@@ -29,10 +30,8 @@ spec:
         securityContext:
           runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
           runAsUser: {{ .Values.securityContext.runAsUser }}
+          runAsGroup: {{ .Values.securityContext.runAsGroup }}
           allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
-          capabilities:
-            drop:
-              {{- toYaml .Values.securityContext.capabilities.drop | nindent 14 }}
           seccompProfile:
             type: {{ .Values.securityContext.seccompProfile.type }}
         volumeMounts:
@@ -50,21 +49,28 @@ spec:
           mountPath: /etc/ssh/sshd_config
           subPath: sshd_config
           readOnly: true
-        resources:
-{{ toYaml .Values.resources | indent 10 }}
+        resources: {{ toYaml .Values.resources | indent 10 }}
       volumes:
       - name: entrypoint-script
         configMap:
           name: {{ .Release.Name }}-entrypoint
           defaultMode: 0755
-      - name: home-volume
-        persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-pvc
       - name: ssh-keys
         configMap:
           name: {{ .Release.Name }}-ssh-keys
           defaultMode: 0755
       - name: sshd-config-volume
         configMap:
           name: {{ .Release.Name }}-sshd-config
-          defaultMode: 0755
+          defaultMode: 0755
+  volumeClaimTemplates:
+  - metadata:
+      name: home-volume
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      {{- if .Values.persistence.storageClass }}
+      storageClassName: {{ .Values.persistence.storageClass }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.persistence.size }}

chart/templates/deployment.yaml chart/templates/statefulset.yamlchart/templates/deployment.yaml renamed to chart/templates/statefulset.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: v1
 kind: Service
 metadata:
@@ -7,5 +8,20 @@ spec:
   ports:
   - port: {{ .Values.service.port }}
     targetPort: {{ .Values.service.targetPort }}
+    name: ssh
   selector:
     app: {{ .Release.Name }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-headless
+spec:
+  clusterIP: None
+  selector:
+    app: {{ .Release.Name }}
+  ports:
+  - port: {{ .Values.service.port }}
+    targetPort: {{ .Values.service.targetPort }}
+    protocol: TCP
+    name: ssh

chart/templates/svc.yaml

@@ -1,7 +1,7 @@
 replicaCount: 1
 
 image:
-  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:889fff24b0a503ae0ea37a82029cbc4abdee160cf332e2182598024652411f90
+  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:11aa5c10407d658c55c001ddde9b5f6c778f97c6e86b0f2d2b6a48971cf72cf5
   pullPolicy: IfNotPresent
 
 service:
@@ -20,8 +20,6 @@ ssh:
   authorizedKeys: |
     # Place auth keys here ...
     # ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu...
-    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBMGGOs2OYGxj74/TS3AXmbGNoVLQ07gCG5LXamlrd6HoZLPRkqwy2X1YS+9mWvINwH7FzvPnzd+5P5fxeLiYiwTIEXamlqQ53rnTvvgtS9Wl7fI/4MdlI2pNsAS3jm1KOzn/w5ABTkvGUo9QtzgR2659ykpo/LicsShEqVKh0ItOv+D298JsD5Ykj9Y3S5GE4D84DGisBpvBxdkMWm3ZD4SYML4b/P2ihFL3IEdmPfewS7O37bpAe4TuhjltOmTBjy4QaQgQacMDXkz5WCrCYh3N2/2gmsPLR5lirH9YJLzyGR08uhsyFMe79Rxl+Fs+9UDvx5hcVjXMUOnO34G3fTu54OTcekN+h7l+6rLWuSuiRH0O+RIV3PvlT+ibOiRPwfWSWDQtMTTynRrYMKEtnFr/Eg0EtdQRzFhrwxwX9+zaAgAcmL/3qIDSzEwOWm6pVH1RNKjC9K8pDu9mKmD6zKFfkqsMh9aV6N+mSTcDnLfMRD9xYWSbJnH2Xj3c3uskJ2XsGDdHoxIQvx2KfStaGshN83mzbvn9Qx3SwdI2X/lpABIrrSg97kNKWPywB8s5J3a86Y+Knvd8fSz3lM/2Yk1lZ9oYN68wD0mqNmPbxIMQVaKh1pd4xTucVM+1E+IEKFk8Un6xNRk0luYanbGjvYpN5gxnEfq4NT1+VhKrcHw== 
-
 securityContext:
   runAsNonRoot: true
   runAsUser: 1001