From 9fcc5f9c68d93842d0876dc9aae9dbc9d90f8a4a Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Fri, 13 Dec 2024 12:23:18 -0500 Subject: [PATCH] fix: change user/group from 65534 to 1000 (#8476) Signed-off-by: Devin Buhl --- kubernetes/main/apps/default/atuin/app/helmrelease.yaml | 4 ++-- kubernetes/main/apps/default/autobrr/app/helmrelease.yaml | 4 ++-- kubernetes/main/apps/default/go2rtc/app/helmrelease.yaml | 4 ++-- kubernetes/main/apps/default/miniflux/app/helmrelease.yaml | 4 ++-- kubernetes/main/apps/default/omegabrr/app/helmrelease.yaml | 4 ++-- .../main/apps/default/smtp-relay/app/helmrelease.yaml | 4 ++-- .../main/apps/network/cloudflare-ddns/app/helmrelease.yaml | 4 ++-- .../main/apps/network/cloudflared/app/helmrelease.yaml | 4 ++-- .../main/apps/network/echo-server/app/helmrelease.yaml | 4 ++-- .../main/apps/observability/gatus/app/helmrelease.yaml | 6 ++---- .../main/apps/observability/kromgo/app/helmrelease.yaml | 4 ++-- .../main/apps/observability/unpoller/app/helmrelease.yaml | 4 ++-- .../main/apps/volsync-system/volsync/app/helmrelease.yaml | 4 ++-- 13 files changed, 26 insertions(+), 28 deletions(-) diff --git a/kubernetes/main/apps/default/atuin/app/helmrelease.yaml b/kubernetes/main/apps/default/atuin/app/helmrelease.yaml index 2d3f5d6a8c248..d9d8a9b9e04a3 100644 --- a/kubernetes/main/apps/default/atuin/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/atuin/app/helmrelease.yaml @@ -77,8 +77,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/default/autobrr/app/helmrelease.yaml b/kubernetes/main/apps/default/autobrr/app/helmrelease.yaml index cf34af9314e99..2b54d633fad7a 100644 --- a/kubernetes/main/apps/default/autobrr/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/autobrr/app/helmrelease.yaml @@ -71,8 +71,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/default/go2rtc/app/helmrelease.yaml b/kubernetes/main/apps/default/go2rtc/app/helmrelease.yaml index 974c936477604..95b4becc1cc93 100644 --- a/kubernetes/main/apps/default/go2rtc/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/go2rtc/app/helmrelease.yaml @@ -59,8 +59,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/default/miniflux/app/helmrelease.yaml b/kubernetes/main/apps/default/miniflux/app/helmrelease.yaml index 2f51a7851519b..098823616b406 100644 --- a/kubernetes/main/apps/default/miniflux/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/miniflux/app/helmrelease.yaml @@ -79,8 +79,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/default/omegabrr/app/helmrelease.yaml b/kubernetes/main/apps/default/omegabrr/app/helmrelease.yaml index 528df7311e590..31d745a4e9b2f 100644 --- a/kubernetes/main/apps/default/omegabrr/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/omegabrr/app/helmrelease.yaml @@ -50,8 +50,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/default/smtp-relay/app/helmrelease.yaml b/kubernetes/main/apps/default/smtp-relay/app/helmrelease.yaml index 9ea37295c7e11..fa152f7a71569 100644 --- a/kubernetes/main/apps/default/smtp-relay/app/helmrelease.yaml +++ b/kubernetes/main/apps/default/smtp-relay/app/helmrelease.yaml @@ -58,8 +58,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/network/cloudflare-ddns/app/helmrelease.yaml b/kubernetes/main/apps/network/cloudflare-ddns/app/helmrelease.yaml index 0bad7db894630..c18e4222640de 100644 --- a/kubernetes/main/apps/network/cloudflare-ddns/app/helmrelease.yaml +++ b/kubernetes/main/apps/network/cloudflare-ddns/app/helmrelease.yaml @@ -67,8 +67,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/network/cloudflared/app/helmrelease.yaml b/kubernetes/main/apps/network/cloudflared/app/helmrelease.yaml index eca6b3b54ccd2..d9f9af5c8546a 100644 --- a/kubernetes/main/apps/network/cloudflared/app/helmrelease.yaml +++ b/kubernetes/main/apps/network/cloudflared/app/helmrelease.yaml @@ -75,8 +75,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/network/echo-server/app/helmrelease.yaml b/kubernetes/main/apps/network/echo-server/app/helmrelease.yaml index 14c08476d1753..733d0cae7130f 100644 --- a/kubernetes/main/apps/network/echo-server/app/helmrelease.yaml +++ b/kubernetes/main/apps/network/echo-server/app/helmrelease.yaml @@ -64,8 +64,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/observability/gatus/app/helmrelease.yaml b/kubernetes/main/apps/observability/gatus/app/helmrelease.yaml index d0455662f609e..cbd52544db0aa 100644 --- a/kubernetes/main/apps/observability/gatus/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/gatus/app/helmrelease.yaml @@ -88,10 +88,8 @@ spec: - { name: ndots, value: "1" } securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - fsGroup: 65534 - fsGroupChangePolicy: OnRootMismatch + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/observability/kromgo/app/helmrelease.yaml b/kubernetes/main/apps/observability/kromgo/app/helmrelease.yaml index b03e222157e16..e85e69ef0455a 100644 --- a/kubernetes/main/apps/observability/kromgo/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/kromgo/app/helmrelease.yaml @@ -63,8 +63,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml b/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml index 6106b2a98433d..eabca5d42b163 100644 --- a/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/unpoller/app/helmrelease.yaml @@ -59,8 +59,8 @@ spec: defaultPodOptions: securityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault } service: app: diff --git a/kubernetes/main/apps/volsync-system/volsync/app/helmrelease.yaml b/kubernetes/main/apps/volsync-system/volsync/app/helmrelease.yaml index 02fcc5c1abcd4..ed804daf4d78a 100644 --- a/kubernetes/main/apps/volsync-system/volsync/app/helmrelease.yaml +++ b/kubernetes/main/apps/volsync-system/volsync/app/helmrelease.yaml @@ -34,6 +34,6 @@ spec: disableAuth: true podSecurityContext: runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 + runAsUser: 1000 + runAsGroup: 1000 seccompProfile: { type: RuntimeDefault }