Merge pull request #1338 from rackerlabs/update-nautobot-job

haseebsyed12 · web-flow · commit 898059741eea · 2025-10-16T14:42:12.000Z
fix(nautobot): multiple corrections to nautobot sync job
diff --git a/components/nautobot/values.yaml b/components/nautobot/values.yaml
@@ -107,16 +107,45 @@ extraObjects:
     metadata:
       generateName: sync-nautobot-ansible-
       namespace: nautobot
+      labels:
+        app.kubernetes.io/name: nautobot
+        app.kubernetes.io/component: sync-job
+        app.kubernetes.io/managed-by: Helm
       annotations:
         "helm.sh/hook": post-install,post-upgrade
+        "helm.sh/hook-weight": "1"
+        "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     spec:
+      ttlSecondsAfterFinished: 300
+      # allow the ansible container to run for 20 minutes
+      activeDeadlineSeconds: 1200
+      backoffLimit: 1
       template:
         spec:
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
+            fsGroup: 1000
+            seccompProfile:
+              type: RuntimeDefault
           containers:
             - name: ansible-runner
               image: ghcr.io/rackerlabs/understack/ansible:latest
               imagePullPolicy: Always
               command: ["ansible-runner", "run", "/runner", "--playbook", "nautobot-initial-setup.yaml"]
+              resources:
+                requests:
+                  cpu: "100m"
+                  memory: "512Mi"
+                limits:
+                  cpu: "500m"
+                  memory: "512Mi"
+              securityContext:
+                allowPrivilegeEscalation: false
+                capabilities:
+                  drop:
+                    - ALL
+                readOnlyRootFilesystem: false
               env:
                 - name: NAUTOBOT_TOKEN
                   valueFrom:
@@ -130,6 +159,8 @@ extraObjects:
                   mountPath: /runner/inventory/
                 - name: ansible-group-vars
                   mountPath: /runner/inventory/group_vars/
+                - name: device-types
+                  mountPath: /runner/data/device-types/
           restartPolicy: Never
           volumes:
             - name: runner-data
@@ -140,4 +171,6 @@ extraObjects:
             - name: ansible-group-vars
               configMap:
                 name: ansible-group-vars
-      backoffLimit: 1
+            - name: device-types
+              configMap:
+                name: device-types
