chore: add missing readOnlyRootFilesystem config
This commit is contained in:
Rob Watson
parent
f0803654c1
commit
8a699c8039
|
|
@ -57,3 +57,5 @@ spec:
|
|||
limits:
|
||||
memory: 1024Mi
|
||||
cpu: 1500m
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
|
|
|||
|
|
@ -83,6 +83,8 @@ spec:
|
|||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "250m"
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
livenessProbe:
|
||||
failureThreshold: 10
|
||||
httpGet:
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ metadata:
|
|||
component: web
|
||||
app.kubernetes.io/name: element
|
||||
app.kubernetes.io/instance: element
|
||||
annotations:
|
||||
ignore-check.kube-linter.io/no-read-only-root-fs: "Element image requires write access for Nginx configuration"
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
|
@ -21,30 +23,30 @@ spec:
|
|||
app.kubernetes.io/instance: element
|
||||
spec:
|
||||
containers:
|
||||
- name: element
|
||||
image: vectorim/element-web:v1.11.40
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/config.json
|
||||
subPath: config.json
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
memory: "32Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "64Mi"
|
||||
cpu: "250m"
|
||||
- name: element
|
||||
image: vectorim/element-web:v1.11.40
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /app/config.json
|
||||
subPath: config.json
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
memory: "32Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "64Mi"
|
||||
cpu: "250m"
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: element-config
|
||||
- name: config
|
||||
configMap:
|
||||
name: element-config
|
||||
|
|
|
|||
|
|
@ -37,6 +37,8 @@ spec:
|
|||
limits:
|
||||
memory: 128Mi
|
||||
cpu: 500m
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
- image: jbergknoff/postgresql-client@sha256:45e175ebb700cfd46e23a610477c3576550055ef40c394e663623946a5eced39
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: init-invidious-db
|
||||
|
|
@ -83,6 +85,8 @@ spec:
|
|||
limits:
|
||||
memory: 256Mi
|
||||
cpu: 1000m
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
workingDir: /data/repo
|
||||
command: ["sh", "docker/init-invidious-db.sh"]
|
||||
containers:
|
||||
|
|
@ -133,6 +137,8 @@ spec:
|
|||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
volumes:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
|
|
|
|||
|
|
@ -50,3 +50,5 @@ spec:
|
|||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
|
|
|||
|
|
@ -51,3 +51,5 @@ spec:
|
|||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 3
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
|
|
|
|||
|
|
@ -59,6 +59,8 @@ spec:
|
|||
- mountPath: /usr/sbin/init-directory-structure.sh
|
||||
subPath: init-directory-structure.sh
|
||||
name: scripts
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
- name: setup-gitea
|
||||
image: gitea/gitea:1.20.4-rootless
|
||||
imagePullPolicy: IfNotPresent
|
||||
|
|
|
|||
|
|
@ -61,6 +61,8 @@ spec:
|
|||
limits:
|
||||
memory: 512Mi
|
||||
cpu: 2000m
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
|
|
|
|||
Loading…
Reference in New Issue