apps(teable): Running as non-root, and moved storage to seaweedfs-storage
This commit is contained in:
@@ -51,6 +51,16 @@ spec:
|
|||||||
limits:
|
limits:
|
||||||
cpu: 1000m
|
cpu: 1000m
|
||||||
memory: 1024Mi
|
memory: 1024Mi
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- name: teable
|
- name: teable
|
||||||
image: ghcr.io/teableio/teable:sha-257d098af67e9260b6abb09da0e08eafef34ae08
|
image: ghcr.io/teableio/teable:sha-257d098af67e9260b6abb09da0e08eafef34ae08
|
||||||
@@ -110,3 +120,13 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: valkey-data
|
- name: valkey-data
|
||||||
mountPath: "/data"
|
mountPath: "/data"
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
storageClassName: s3yuyuko
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 2Gi
|
storage: 5Gi
|
||||||
|
storageClassName: seaweedfs-storage
|
||||||
Reference in New Issue
Block a user