From 4f8e8dabc907f1c9013511cab1d7b07f380864f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=B3=80=EC=A0=95=ED=9B=88?= Date: Tue, 7 Mar 2023 06:08:13 +0000 Subject: [PATCH] =?UTF-8?q?podman=20conf=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- template/template.yml | 207 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 207 insertions(+) diff --git a/template/template.yml b/template/template.yml index 86dfdef..f3e6aa0 100644 --- a/template/template.yml +++ b/template/template.yml @@ -49,6 +49,207 @@ objects: requests: storage: 1Gi storageClassName: '${STORAGE_CLASS}' + - apiVersion: v1 + kind: ConfigMap + metadata: + name: podmanconf + data: + storage.conf: | + # This file is is the configuration file for all tools + # that use the containers/storage library. + # See man 5 containers-storage.conf for more information + # The "container storage" table contains all of the server options. + [storage] + + # Default Storage Driver, Must be set for proper operation. + driver = "overlay" + + # Temporary storage location + runroot = "/run/containers/storage" + + # Primary Read/Write location of container storage + graphroot = "/root/containers" + + # Storage path for rootless users + # + # rootless_storage_path = "$HOME/.local/share/containers/storage" + + [storage.options] + # Storage options to be passed to underlying storage drivers + + # AdditionalImageStores is used to pass paths to additional Read/Only image stores + # Must be comma separated list. + additionalimagestores = [ + ] + + # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of + # a container, to the UIDs/GIDs as they should appear outside of the container, + # and the length of the range of UIDs/GIDs. Additional mapped sets can be + # listed and will be heeded by libraries, but there are limits to the number of + # mappings which the kernel will allow when you later attempt to run a + # container. + # + # remap-uids = 0:1668442479:65536 + # remap-gids = 0:1668442479:65536 + + # Remap-User/Group is a user name which can be used to look up one or more UID/GID + # ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting + # with an in-container ID of 0 and then a host-level ID taken from the lowest + # range that matches the specified name, and using the length of that range. + # Additional ranges are then assigned, using the ranges which specify the + # lowest host-level IDs first, to the lowest not-yet-mapped in-container ID, + # until all of the entries have been used for maps. + # + # remap-user = "containers" + # remap-group = "containers" + + # Root-auto-userns-user is a user name which can be used to look up one or more UID/GID + # ranges in the /etc/subuid and /etc/subgid file. These ranges will be partitioned + # to containers configured to create automatically a user namespace. Containers + # configured to automatically create a user namespace can still overlap with containers + # having an explicit mapping set. + # This setting is ignored when running as rootless. + # root-auto-userns-user = "storage" + # + # Auto-userns-min-size is the minimum size for a user namespace created automatically. + # auto-userns-min-size=1024 + # + # Auto-userns-max-size is the minimum size for a user namespace created automatically. + # auto-userns-max-size=65536 + + [storage.options.overlay] + # ignore_chown_errors can be set to allow a non privileged user running with + # a single UID within a user namespace to run containers. The user can pull + # and use any image even those with multiple uids. Note multiple UIDs will be + # squashed down to the default uid in the container. These images will have no + # separation between the users in the container. Only supported for the overlay + # and vfs drivers. + #ignore_chown_errors = "false" + + # Inodes is used to set a maximum inodes of the container image. + # inodes = "" + + # Path to an helper program to use for mounting the file system instead of mounting it + # directly. + #mount_program = "/usr/bin/fuse-overlayfs" + + # mountopt specifies comma separated list of extra mount options + mountopt = "nodev,metacopy=on" + + # Set to skip a PRIVATE bind mount on the storage home directory. + # skip_mount_home = "false" + + # Size is used to set a maximum size of the container image. + # size = "" + + # ForceMask specifies the permissions mask that is used for new files and + # directories. + # + # The values "shared" and "private" are accepted. + # Octal permission masks are also accepted. + # + # "": No value specified. + # All files/directories, get set with the permissions identified within the + # image. + # "private": it is equivalent to 0700. + # All files/directories get set with 0700 permissions. The owner has rwx + # access to the files. No other users on the system can access the files. + # This setting could be used with networked based homedirs. + # "shared": it is equivalent to 0755. + # The owner has rwx access to the files and everyone else can read, access + # and execute them. This setting is useful for sharing containers storage + # with other users. For instance have a storage owned by root but shared + # to rootless users as an additional store. + # NOTE: All files within the image are made readable and executable by any + # user on the system. Even /etc/shadow within your image is now readable by + # any user. + # + # OCTAL: Users can experiment with other OCTAL Permissions. + # + # Note: The force_mask Flag is an experimental feature, it could change in the + # future. When "force_mask" is set the original permission mask is stored in + # the "user.containers.override_stat" xattr and the "mount_program" option must + # be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the + # extended attribute permissions to processes within containers rather then the + # "force_mask" permissions. + # + # force_mask = "" + + [storage.options.thinpool] + # Storage Options for thinpool + + # autoextend_percent determines the amount by which pool needs to be + # grown. This is specified in terms of % of pool size. So a value of 20 means + # that when threshold is hit, pool will be grown by 20% of existing + # pool size. + # autoextend_percent = "20" + + # autoextend_threshold determines the pool extension threshold in terms + # of percentage of pool size. For example, if threshold is 60, that means when + # pool is 60% full, threshold has been hit. + # autoextend_threshold = "80" + + # basesize specifies the size to use when creating the base device, which + # limits the size of images and containers. + # basesize = "10G" + + # blocksize specifies a custom blocksize to use for the thin pool. + # blocksize="64k" + + # directlvm_device specifies a custom block storage device to use for the + # thin pool. Required if you setup devicemapper. + # directlvm_device = "" + + # directlvm_device_force wipes device even if device already has a filesystem. + # directlvm_device_force = "True" + + # fs specifies the filesystem type to use for the base device. + # fs="xfs" + + # log_level sets the log level of devicemapper. + # 0: LogLevelSuppress 0 (Default) + # 2: LogLevelFatal + # 3: LogLevelErr + # 4: LogLevelWarn + # 5: LogLevelNotice + # 6: LogLevelInfo + # 7: LogLevelDebug + # log_level = "7" + + # min_free_space specifies the min free space percent in a thin pool require for + # new device creation to succeed. Valid values are from 0% - 99%. + # Value 0% disables + # min_free_space = "10%" + + # mkfsarg specifies extra mkfs arguments to be used when creating the base + # device. + # mkfsarg = "" + + # metadata_size is used to set the `pvcreate --metadatasize` options when + # creating thin devices. Default is 128k + # metadata_size = "" + + # Size is used to set a maximum size of the container image. + # size = "" + + # use_deferred_removal marks devicemapper block device for deferred removal. + # If the thinpool is in use when the driver attempts to remove it, the driver + # tells the kernel to remove it as soon as possible. Note this does not free + # up the disk space, use deferred deletion to fully remove the thinpool. + # use_deferred_removal = "True" + + # use_deferred_deletion marks thinpool device for deferred deletion. + # If the device is busy when the driver attempts to delete it, the driver + # will attempt to delete device every 30 seconds until successful. + # If the program using the driver exits, the driver will continue attempting + # to cleanup the next time the driver is used. Deferred deletion permanently + # deletes the device and all data stored in device will be lost. + # use_deferred_deletion = "True" + + # xfs_nospace_max_retries specifies the maximum number of retries XFS should + # attempt to complete IO when ENOSPC (no space) error is returned by + # underlying storage device. + # xfs_nospace_max_retries = "0" - apiVersion: v1 kind: ConfigMap metadata: @@ -182,6 +383,8 @@ objects: workspace: build-pvc - name: image-pvc workspace: image-pvc + - name: podmanconf + workspace: podmanconf notification: onSuccess: slack: @@ -338,6 +541,10 @@ objects: - name: image-pvc persistentVolumeClaim: claimName: 'image-pvc-${APP_NAME}' + - name: podmanconf + configmap: + name: 'podmanconf' + subpath: storage.conf parameters: - description: Application name displayName: AppName