use gitea nightly rootless image

2023-06-03 13:53:29 -04:00 · 2023-06-03 13:53:29 -04:00 · a3ff591851
parent a28587dfbc
commit a3ff591851
1 changed files with 18 additions and 4 deletions
--- a/cluster/apps/default/gitea/helm-release.yaml
+++ b/cluster/apps/default/gitea/helm-release.yaml
@ -17,15 +17,15 @@ spec:
  values:
    image:
      repository: gitea/gitea
-      tag: 1.19.0
+      tag: latest-rootless

    podLabels:
      needsDatabase: "yes"
      needsAuthentik: "yes"

    env:
-      USER_UID: 1000
-      USER_GID: 1000
+      USER_UID: 10000
+      USER_GID: 10000

    envFrom:
      - secretRef:
@ -81,4 +81,18 @@ spec:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/gitea
-        mountPath: /data
+        mountPath: /data
+
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 10000
+      runAsGroup: 10000
+      fsGroup: 10000
+      fsGroupChangePolicy: OnRootMismatch
+
+    resources:
+      requests:
+        cpu: 1m
+        memory: 340Mi
+      limits:
+        memory: 1Gi