more user/group changes

2024-08-21 00:40:26 -05:00 · 2024-08-21 00:40:26 -05:00 · 328d424d4e
commit 328d424d4e
parent e0419c0152
2 changed files with 17 additions and 6 deletions
--- a/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
+++ b/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
@ -29,10 +29,12 @@ spec:
  values:
    defaultPodOptions:
      securityContext:
-        runAsUser: 1000
-        runAsGroup: 1001 # group 1001 is required for the flood container to run without errors.
-        fsGroup: 1001
-        fsGroupChangePolicy: OnRootMismatch
+        fsGroup: 568
+        runAsGroup: 568
+        runAsNonRoot: true
+        runAsUser: 568
+        seccompProfile:
+          type: RuntimeDefault
    controllers:
      flood:
        annotations:
@ -52,6 +54,17 @@ spec:
                cpu: 15m
              limits:
                memory: 512Mi
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              readOnlyRootFilesystem: true
    service:
      app:
        controller: *app
--- a/kubernetes/apps/qbittorrent/flood/ks.yaml
+++ b/kubernetes/apps/qbittorrent/flood/ks.yaml
@ -27,5 +27,3 @@ spec:
    substitute:
      APP: *app
      VOLSYNC_CAPACITY: 2Gi
-      APP_UID: "1000"
-      APP_GID: "1001"