fix(cdn): use custom nonroot nginx container with fancy index
This commit is contained in:
parent
f98c57befd
commit
d4e5a254a7
GPG Key ID:
FEC9E2FC15235964
|
|
@ -1,3 +1,4 @@
|
||||||
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
|
@ -8,58 +9,68 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 1.3.x
|
version: 3.4.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjws-charts
|
name: bjws-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
|
||||||
values:
|
values:
|
||||||
image:
|
controllers:
|
||||||
repository: oci.seedno.de/seednode/nginx
|
main:
|
||||||
tag: latest
|
pod:
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 65534
|
||||||
|
runAsGroup: 65533
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
args:
|
containers:
|
||||||
- -c
|
main:
|
||||||
- /config/nginx.conf
|
image:
|
||||||
|
repository: git.seanomik.net/seanomik/nginx
|
||||||
|
tag: 1.27.1
|
||||||
|
pullPolicy: Always
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: 500Mi
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities: { drop: ["ALL"] }
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
app:
|
||||||
|
controller: main
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 6544
|
port: 6544
|
||||||
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
main:
|
||||||
enabled: true
|
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
hosts:
|
hosts:
|
||||||
- host: &host "cdn.${SECRET_NEW_DOMAIN}"
|
- host: "cdn.seanomik.net"
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
service:
|
||||||
tls:
|
identifier: app
|
||||||
- hosts:
|
port: http
|
||||||
- *host
|
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
data:
|
|
||||||
enabled: true
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /mnt/MainPool/Kubernetes/cdn/data
|
|
||||||
readOnly: true
|
|
||||||
mountPath: /data
|
|
||||||
config:
|
config:
|
||||||
enabled: true
|
|
||||||
type: configMap
|
type: configMap
|
||||||
name: nginx-cdn-configmap
|
name: nginx-cdn-configmap
|
||||||
|
globalMounts:
|
||||||
|
- path: /etc/nginx/nginx.conf
|
||||||
|
subPath: nginx.conf
|
||||||
|
|
||||||
resources:
|
storage:
|
||||||
requests:
|
type: hostPath
|
||||||
cpu: 1m
|
hostPath: /mnt/MainPool/Kubernetes/cdn/data
|
||||||
|
globalMounts:
|
||||||
|
- path: /data
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue