From feabc1f16ffd641764aa219282ed9f6f6434565b Mon Sep 17 00:00:00 2001
From: prettysunflower <me@prettysunflower.moe>
Date: Mon, 30 Jun 2025 09:15:07 -0400
Subject: [PATCH] apps(teable): Running as non-root, and moved storage to
 seaweedfs-storage

---
 apps/teable/deployment.yaml | 20 ++++++++++++++++++++
 apps/teable/pvc.yaml        |  4 ++--
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/apps/teable/deployment.yaml b/apps/teable/deployment.yaml
index 4f20383..48a1784 100644
--- a/apps/teable/deployment.yaml
+++ b/apps/teable/deployment.yaml
@@ -51,6 +51,16 @@ spec:
             limits:
               cpu: 1000m
               memory: 1024Mi
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
       containers:
         - name: teable
           image: ghcr.io/teableio/teable:sha-257d098af67e9260b6abb09da0e08eafef34ae08
@@ -110,3 +120,13 @@ spec:
           volumeMounts:
           - name: valkey-data
             mountPath: "/data"
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
diff --git a/apps/teable/pvc.yaml b/apps/teable/pvc.yaml
index d479558..cf03a05 100644
--- a/apps/teable/pvc.yaml
+++ b/apps/teable/pvc.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteOnce
-  storageClassName: s3yuyuko
   resources:
     requests:
-      storage: 2Gi
\ No newline at end of file
+      storage: 5Gi
+  storageClassName: seaweedfs-storage
\ No newline at end of file