From 837a89dbd5c1ee797866398ef4e2d77dc6b59048 Mon Sep 17 00:00:00 2001 From: Roberto Santalla Date: Thu, 30 Dec 2021 22:27:35 +0100 Subject: [PATCH] [cryptpad] add default podSecurityContext (#1340) * cryptpad: add default podSecurityContext As per https://github.com/xwiki-labs/cryptpad-docker/blob/72dd7030c1dc1c70b5ff3f53b8451f5af19a2927/Dockerfile-nginx#L25, the docker image for Cryptpad will spawn the cryptpad process with a non-root user: https://github.com/xwiki-labs/cryptpad-docker/blob/72dd7030c1dc1c70b5ff3f53b8451f5af19a2927/supervisord.conf#L26 Such unprivileged user will not be able to write in persistence volumes, which are mounted as root. To work around this, we set the fsGroup in accordance with what supervisord already does inside the image. * cryptpad: bump chart version --- charts/incubator/cryptpad/Chart.yaml | 2 +- charts/incubator/cryptpad/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/incubator/cryptpad/Chart.yaml b/charts/incubator/cryptpad/Chart.yaml index 1ccf8b3d..f34127f7 100644 --- a/charts/incubator/cryptpad/Chart.yaml +++ b/charts/incubator/cryptpad/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: v4.12.0-nginx description: cryptpad helm package name: cryptpad -version: 0.1.0 +version: 0.1.1 kubeVersion: ">=1.16.0-0" keywords: - cryptpad diff --git a/charts/incubator/cryptpad/values.yaml b/charts/incubator/cryptpad/values.yaml index 69a4f437..ed0ec729 100644 --- a/charts/incubator/cryptpad/values.yaml +++ b/charts/incubator/cryptpad/values.yaml @@ -76,3 +76,6 @@ persistence: mountPath: /cryptpad/data - path: datastore mountPath: /cryptpad/datastore + +podSecurityContext: + fsGroup: 4001 # https://github.com/xwiki-labs/cryptpad-docker/blob/72dd7030c1dc1c70b5ff3f53b8451f5af19a2927/Dockerfile-nginx#L25