more user/group changes
This commit is contained in:
parent
e0419c0152
commit
328d424d4e
SSH key fingerprint:
SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
2 changed files with 17 additions and 6 deletions
|
|
@ -29,10 +29,12 @@ spec:
|
||||||
values:
|
values:
|
||||||
defaultPodOptions:
|
defaultPodOptions:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 1000
|
fsGroup: 568
|
||||||
runAsGroup: 1001 # group 1001 is required for the flood container to run without errors.
|
runAsGroup: 568
|
||||||
fsGroup: 1001
|
runAsNonRoot: true
|
||||||
fsGroupChangePolicy: OnRootMismatch
|
runAsUser: 568
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
controllers:
|
controllers:
|
||||||
flood:
|
flood:
|
||||||
annotations:
|
annotations:
|
||||||
|
|
@ -52,6 +54,17 @@ spec:
|
||||||
cpu: 15m
|
cpu: 15m
|
||||||
limits:
|
limits:
|
||||||
memory: 512Mi
|
memory: 512Mi
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
readiness:
|
||||||
|
enabled: true
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
controller: *app
|
controller: *app
|
||||||
|
|
|
||||||
|
|
@ -27,5 +27,3 @@ spec:
|
||||||
substitute:
|
substitute:
|
||||||
APP: *app
|
APP: *app
|
||||||
VOLSYNC_CAPACITY: 2Gi
|
VOLSYNC_CAPACITY: 2Gi
|
||||||
APP_UID: "1000"
|
|
||||||
APP_GID: "1001"
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue