Skip to content
Snippets Groups Projects
Verified Commit 14861122 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

fix(hedgedoc): Futureproof helm chart 

This patch adds the unreleased healthcheck path as well as setting
hedgedoc up for PSS of restricted.
parent 309ea066
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
charts/hedgedoc/Chart.yaml
+ 1
1
View file @ 14861122
...@@ -14,7 +14,7 @@ keywords: ...@@ -14,7 +14,7 @@ keywords:
sources: sources:
- https://github.com/hedgedoc/hedgedoc/tree/master - https://github.com/hedgedoc/hedgedoc/tree/master
- https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
version: 0.2.3 version: 0.3.0
# renovate: image=quay.io/hedgedoc/hedgedoc # renovate: image=quay.io/hedgedoc/hedgedoc
appVersion: 1.9.7 appVersion: 1.9.7
maintainers: maintainers:
......
charts/hedgedoc/README.md
+ 8
3
View file @ 14861122
# hedgedoc # hedgedoc
![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.7](https://img.shields.io/badge/AppVersion-1.9.7-informational?style=flat-square) ![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.7](https://img.shields.io/badge/AppVersion-1.9.7-informational?style=flat-square)
A platform to write and share markdown. A platform to write and share markdown.
...@@ -72,7 +72,10 @@ A platform to write and share markdown. ...@@ -72,7 +72,10 @@ A platform to write and share markdown.
| nameOverride | string | `""` | | | nameOverride | string | `""` | |
| nodeSelector | object | `{}` | | | nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | | | podAnnotations | object | `{}` | |
| podSecurityContext | object | `{}` | | | podSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| podSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| podSecurityContext.fsGroup | int | `10000` | |
| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| postgresql.auth.database | string | `"hedgedoc"` | | | postgresql.auth.database | string | `"hedgedoc"` | |
| postgresql.auth.existingSecret | string | `""` | | | postgresql.auth.existingSecret | string | `""` | |
| postgresql.auth.password | string | `""` | | | postgresql.auth.password | string | `""` | |
...@@ -80,7 +83,9 @@ A platform to write and share markdown. ...@@ -80,7 +83,9 @@ A platform to write and share markdown.
| postgresql.enabled | bool | `true` | | | postgresql.enabled | bool | `true` | |
| postgresql.tls.enabled | bool | `false` | | | postgresql.tls.enabled | bool | `false` | |
| resources | object | `{}` | | | resources | object | `{}` | |
| securityContext | object | `{}` | | | securityContext.readOnlyRootFilesystem | bool | `true` | |
| securityContext.runAsNonRoot | bool | `true` | |
| securityContext.runAsUser | int | `10000` | |
| service.port | int | `80` | | | service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | | | service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
......
charts/hedgedoc/templates/deployment.yaml
+ 8
0
View file @ 14861122
...@@ -52,11 +52,19 @@ spec: ...@@ -52,11 +52,19 @@ spec:
protocol: TCP protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
{{- if (semverCompare ">1.9.7" .Chart.AppVersion)}}
path: /_health
{{- else }}
path: /status path: /status
{{- end }}
port: http port: http
readinessProbe: readinessProbe:
httpGet: httpGet:
{{- if (semverCompare ">1.9.7" .Chart.AppVersion)}}
path: /_health
{{- else }}
path: /status path: /status
{{- end }}
port: http port: http
{{- if .Values.postgresql.tls.enabled }} {{- if .Values.postgresql.tls.enabled }}
volumeMounts: volumeMounts:
......
charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
+ 14
4
View file @ 14861122
...@@ -73,7 +73,7 @@ should match basic snapshot: ...@@ -73,7 +73,7 @@ should match basic snapshot:
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /status path: /_health
port: http port: http
name: hedgedoc name: hedgedoc
ports: ports:
...@@ -82,11 +82,21 @@ should match basic snapshot: ...@@ -82,11 +82,21 @@ should match basic snapshot:
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /status path: /_health
port: http port: http
resources: {} resources: {}
securityContext: {} securityContext:
securityContext: {} readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 10000
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
fsGroup: 10000
seccompProfile:
type: RuntimeDefault
serviceAccountName: RELEASE-NAME-hedgedoc serviceAccountName: RELEASE-NAME-hedgedoc
3: | 3: |
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
......
charts/hedgedoc/values.yaml
+ 12
9
View file @ 14861122
...@@ -66,16 +66,19 @@ postgresql: ...@@ -66,16 +66,19 @@ postgresql:
podAnnotations: {} podAnnotations: {}
podSecurityContext: {} podSecurityContext:
# fsGroup: 2000 allowPrivilegeEscalation: false
fsGroup: 10000
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
securityContext: {} securityContext:
# capabilities: readOnlyRootFilesystem: true
# drop: runAsNonRoot: true
# - ALL runAsUser: 10000
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service: service:
type: ClusterIP type: ClusterIP
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment