nonroot!
This commit is contained in:
parent
3cfe1b6b51
commit
2ca0b5805f
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
1 changed files with 28 additions and 22 deletions
|
|
@ -3,53 +3,55 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: &app it-tools
|
name: it-tools
|
||||||
spec:
|
spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 3.5.1
|
version: 3.5.1
|
||||||
|
interval: 30m
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjw-s
|
name: bjw-s
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
strategy: rollback
|
|
||||||
values:
|
values:
|
||||||
controllers:
|
controllers:
|
||||||
it-tools:
|
it-tools:
|
||||||
|
replicas: 1
|
||||||
|
strategy: RollingUpdate
|
||||||
annotations:
|
annotations:
|
||||||
reloader.stakater.com/auto: "true"
|
reloader.stakater.com/auto: "true"
|
||||||
|
pod:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 101
|
||||||
|
runAsGroup: 101
|
||||||
|
fsGroup: 101
|
||||||
|
fsGroupChangePolicy: "OnRootMismatch"
|
||||||
containers:
|
containers:
|
||||||
app:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/corentinth/it-tools
|
repository: ghcr.io/bjw-s-labs/it-tools
|
||||||
tag: 2024.5.13-a0bc346
|
tag: 2024.5.13
|
||||||
env:
|
|
||||||
TZ: America/Chicago
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 5m
|
||||||
|
memory: 32Mi
|
||||||
limits:
|
limits:
|
||||||
memory: 500Mi
|
memory: 256Mi
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
controller: *app
|
controller: it-tools
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 80
|
port: 8080
|
||||||
ingress:
|
ingress:
|
||||||
app:
|
app:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
@ -68,3 +70,7 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- *host
|
- *host
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
tmp:
|
||||||
|
type: emptyDir
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue