jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity Actions

nonroot!

Browse source
This commit is contained in:
Joseph Hanson 2024-10-11 05:43:06 -05:00
parent 3cfe1b6b51
commit 2ca0b5805f
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
1 changed files with 28 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
kubernetes/apps/default/it-tools/app/helmrelease.yaml
View file

@ -3,53 +3,55 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app it-tools
name: it-tools
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.5.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
cleanupOnFail: true
remediation:
retries: 3
strategy: rollback
values:
controllers:
it-tools:
replicas: 1
strategy: RollingUpdate
annotations:
reloader.stakater.com/auto: "true"
pod:
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/corentinth/it-tools
tag: 2024.5.13-a0bc346
env:
TZ: America/Chicago
probes:
liveness:
enabled: true
readiness:
enabled: true
repository: ghcr.io/bjw-s-labs/it-tools
tag: 2024.5.13
resources:
requests:
cpu: 100m
cpu: 5m
memory: 32Mi
limits:
memory: 500Mi
memory: 256Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
service:
app:
controller: *app
controller: it-tools
ports:
http:
port: 80
port: 8080
ingress:
app:
enabled: true
@ -68,3 +70,7 @@ spec:
tls:
- hosts:
- *host
persistence:
tmp:
type: emptyDir