From 0872385a7b97b01783cefaf4072928136313f4dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=CE=A3rebe=20-=20Romain=20GERARD?= Date: Wed, 5 Jun 2024 21:28:45 +0200 Subject: [PATCH] bump --- services/email/deployment.yml | 26 +++++++++++++-------- services/pihole/pihole.yml | 34 +++++++++++++++++++--------- services/vaultwarden/vaultwarden.yml | 21 +++++++++++++---- 3 files changed, 56 insertions(+), 25 deletions(-) diff --git a/services/email/deployment.yml b/services/email/deployment.yml index f0423d7ee..eb79a465d 100644 --- a/services/email/deployment.yml +++ b/services/email/deployment.yml @@ -22,6 +22,8 @@ spec: - key: "kubernetes.io/hostname" operator: "Equal" value: "mail" + securityContext: + fsGroup: 65534 containers: - name: mail image: ghcr.io/erebe/email:latest @@ -40,12 +42,6 @@ spec: secretKeyRef: name: dovecot-users-password key: GANDI_RELAI_URL -# livenessProbe: -# tcpSocket: -# port: 25 -# initialDelaySeconds: 10 -# failureThreshold: 3 -# periodSeconds: 30 volumeMounts: - name: email-tls mountPath: /etc/dovecot/private/ @@ -71,10 +67,20 @@ spec: - key: fetchmailrc path: fetchmailrc - name: mail-data - hostPath: - path: /opt/mail/data - type: Directory - + persistentVolumeClaim: + claimName: mail-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mail-pv-claim +spec: + storageClassName: nfs-nvme + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi --- apiVersion: cert-manager.io/v1 kind: Certificate diff --git a/services/pihole/pihole.yml b/services/pihole/pihole.yml index b9950d708..ffecfdc78 100644 --- a/services/pihole/pihole.yml +++ b/services/pihole/pihole.yml @@ -26,6 +26,9 @@ spec: nameservers: - 127.0.0.1 - 1.1.1.1 + securityContext: + fsGroup: 65534 + fsGroupChangePolicy: "OnRootMismatch" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -59,9 +62,11 @@ spec: securityContext: privileged: true volumeMounts: - - name: pihole-etc-volume - mountPath: "/etc/pihole" - - name: pihole-dnsmasq-volume + - name: pihole-data + subPath: etc + mountPath: /etc/pihole + - name: pihole-data + subPath: dnsmasq mountPath: "/etc/dnsmasq.d" tolerations: - key: "kubernetes.io/hostname" @@ -74,14 +79,21 @@ spec: - key: "node.cilium.io/agent-not-ready" operator: "Exists" volumes: - - name: pihole-etc-volume - hostPath: - path: /opt/pihole/etc - type: Directory - - name: pihole-dnsmasq-volume - hostPath: - path: /opt/pihole/dnsmasq - type: Directory + - name: pihole-data + persistentVolumeClaim: + claimName: pihole-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pihole-pv-claim +spec: + storageClassName: nfs-nvme + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Mi --- apiVersion: v1 kind: Service diff --git a/services/vaultwarden/vaultwarden.yml b/services/vaultwarden/vaultwarden.yml index b22f45771..9e059f1ad 100644 --- a/services/vaultwarden/vaultwarden.yml +++ b/services/vaultwarden/vaultwarden.yml @@ -22,6 +22,9 @@ spec: - key: "kubernetes.io/hostname" operator: "Equal" value: "minio" + securityContext: + fsGroup: 65534 + fsGroupChangePolicy: "OnRootMismatch" containers: - name: vaultwarden image: docker.io/vaultwarden/server:1.27.0 @@ -54,10 +57,20 @@ spec: mountPath: /data volumes: - name: data - hostPath: - path: /opt/vaultwarden/ - type: Directory - + persistentVolumeClaim: + claimName: vaultwarden-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-pv-claim +spec: + storageClassName: nfs-nvme + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi --- apiVersion: v1 kind: Service