SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

add security contexts to download ns

This commit is contained in:
SeanOMik 2023-06-01 23:21:04 -04:00
parent 5e75c92d26
commit 7955255e9b
8 changed files with 72 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cluster/apps/download/bazarr/helm-release.yaml
View File

@ -18,16 +18,20 @@ spec:
image: image:
repository: lscr.io/linuxserver/bazarr repository: lscr.io/linuxserver/bazarr
tag: latest tag: latest
env: env:
TZ: America/New_York TZ: America/New_York
service: service:
main: main:
ports: ports:
http: http:
port: 6767 port: 6767
probes: probes:
liveness: liveness:
enabled: false enabled: false
ingress: ingress:
main: main:
enabled: true enabled: true
@ -44,6 +48,7 @@ spec:
- hosts: - hosts:
- *host - *host
secretName: wildcard-main-tls secretName: wildcard-main-tls
persistence: persistence:
config: config:
enabled: true enabled: true
@ -51,6 +56,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/bazarr hostPath: /mnt/MainPool/Kubernetes/bazarr
mountPath: /config mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 5m cpu: 5m

12
cluster/apps/download/mylar3/helm-release.yaml
View File

@ -18,20 +18,24 @@ spec:
image: image:
repository: lscr.io/linuxserver/mylar3 repository: lscr.io/linuxserver/mylar3
tag: latest tag: latest
env: env:
TZ: America/New_York TZ: America/New_York
PGID: "1000" PGID: "1000"
PUID: "1000" PUID: "1000"
service: service:
main: main:
ports: ports:
http: http:
port: 8090 port: 8090
probes: probes:
liveness: liveness:
enabled: false enabled: false
startup: startup:
enabled: false enabled: false
ingress: ingress:
main: main:
enabled: true enabled: true
@ -48,6 +52,7 @@ spec:
- hosts: - hosts:
- *host - *host
secretName: wildcard-main-tls secretName: wildcard-main-tls
persistence: persistence:
config: config:
enabled: true enabled: true
@ -60,6 +65,13 @@ spec:
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

7
cluster/apps/download/prowlarr/helm-release.yaml
View File

@ -100,6 +100,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/prowlarr hostPath: /mnt/MainPool/Kubernetes/prowlarr
mountPath: /config mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 2m cpu: 2m

13
cluster/apps/download/qbittorrent/helm-release.yaml
View File

@ -36,6 +36,12 @@ spec:
add: add:
- NET_ADMIN - NET_ADMIN
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
metrics: metrics:
image: caseyscarborough/qbittorrent-exporter:latest image: caseyscarborough/qbittorrent-exporter:latest
env: env:
@ -94,6 +100,13 @@ spec:
hostPath: /mnt/MainPool/Kubernetes/qbittorrent hostPath: /mnt/MainPool/Kubernetes/qbittorrent
mountPath: /config mountPath: /config
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
# resources: # resources:
# requests: # requests:
# cpu: 2m # cpu: 2m

7
cluster/apps/download/radarr/helm-release.yaml
View File

@ -107,6 +107,13 @@ spec:
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

7
cluster/apps/download/readarr/audiobook-helm.yaml
View File

@ -105,6 +105,13 @@ spec:
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

7
cluster/apps/download/sonarr/helm-release.yaml
View File

@ -107,6 +107,13 @@ spec:
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 2m cpu: 2m

7
cluster/apps/download/unpackerr/helm-release.yaml
View File

@ -48,6 +48,13 @@ spec:
hostPath: /mnt/MainPool/Media hostPath: /mnt/MainPool/Media
mountPath: /storage mountPath: /storage
podSecurityContext:
runAsNonRoot: true
runAsUser: 10000
runAsGroup: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
resources: resources:
requests: requests:
cpu: 2m cpu: 2m