SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

add security contexts to download ns

This commit is contained in:
SeanOMik 2023-06-01 23:21:04 -04:00
parent 5e75c92d26
commit 7955255e9b
8 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cluster/apps/download/bazarr/helm-release.yaml
View File

@ -18,16 +18,20 @@ spec:
image:
repository: lscr.io/linuxserver/bazarr
tag: latest
env:
TZ: America/New_York
service:
main:
ports:
http:
port: 6767
probes:
liveness:
enabled: false
ingress:
main:
enabled: true
@ -44,6 +48,7 @@ spec:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:
enabled: true
@ -51,6 +56,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/bazarr
mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 5m

12
cluster/apps/download/mylar3/helm-release.yaml
View File

@ -18,20 +18,24 @@ spec:
image:
repository: lscr.io/linuxserver/mylar3
tag: latest
env:
TZ: America/New_York
PGID: "1000"
PUID: "1000"
service:
main:
ports:
http:
port: 8090
probes:
liveness:
enabled: false
startup:
enabled: false
ingress:
main:
enabled: true
@ -48,6 +52,7 @@ spec:
- hosts:
- *host
secretName: wildcard-main-tls
persistence:
config:
enabled: true
@ -60,6 +65,13 @@ spec:
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m

7
cluster/apps/download/prowlarr/helm-release.yaml
View File

@ -100,6 +100,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/prowlarr
mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m

13
cluster/apps/download/qbittorrent/helm-release.yaml
View File

@ -36,6 +36,12 @@ spec:
add:
- NET_ADMIN
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
metrics:
image: caseyscarborough/qbittorrent-exporter:latest
env:
@ -94,6 +100,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/qbittorrent
mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
# resources:
# requests:
# cpu: 2m

7
cluster/apps/download/radarr/helm-release.yaml
View File

@ -107,6 +107,13 @@ spec:
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m

7
cluster/apps/download/readarr/audiobook-helm.yaml
View File

@ -105,6 +105,13 @@ spec:
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 1m

7
cluster/apps/download/sonarr/helm-release.yaml
View File

@ -107,6 +107,13 @@ spec:
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m

7
cluster/apps/download/unpackerr/helm-release.yaml
View File

@ -48,6 +48,13 @@ spec:
hostPath: /mnt/MainPool/Media
mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources:
requests:
cpu: 2m