From 825e1c17b1c07bc47a7b8aff8357f351c93ddbf1 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Fri, 20 Dec 2024 18:07:43 -0600 Subject: [PATCH] ci: Mount ephemeral volume for container storage Without a specific volume mount, the Buildah working container will be stored in the Jenkins pod container filesystem. This not only affects performance, but limits the size of the working container filesystem and the final image, as the worker nodes do not have very much space for container filesystems. Thus, we need to mount an ephemeral Longhorn volume in the job pod to provide more space to Buildah. Using a read-only root filesystem helps ensure that no temporary data get written to container storage. This of course breaks the work-around we had in place for overriding the broken default `storage.conf` in the _buildah_ image, so we mount a _tmpfs_ filesystem at `/home/build` as a different work-around. --- ci/podTemplate.yaml | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml index ad7a4c7..4533567 100644 --- a/ci/podTemplate.yaml +++ b/ci/podTemplate.yaml @@ -7,12 +7,12 @@ spec: - -c - | trap 'kill $!; exit' TERM - rm -f ~/.config/containers/storage.conf sleep infinity & wait securityContext: runAsUser: 1000 runAsGroup: 1000 + readOnlyRootFilesystem: true resources: limits: github.com/fuse: 1 @@ -21,5 +21,31 @@ spec: requests: cpu: 6 memory: 8G + volumeMounts: + - mountPath: /home/build + name: tmp + subPath: home + - mountPath: /home/build/.local/share/containers + name: data + subPath: containers + - mountPath: /tmp + name: tmp + subPath: tmp + - mountPath: /var/tmp + name: data + subPath: tmp tolerations: - key: du5t1n.me/jenkins + volumes: + - name: data + ephemeral: + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + - name: tmp + emptyDir: + medium: Memory