diff --git a/charts/weblate/Chart.yaml b/charts/weblate/Chart.yaml index 5deae27..61c1c26 100644 --- a/charts/weblate/Chart.yaml +++ b/charts/weblate/Chart.yaml @@ -3,7 +3,7 @@ name: weblate description: |- Helm chart to deploy [weblate](https://hub.docker.com/r/weblate/weblate/). type: application -version: 0.0.1 +version: 0.0.2 appVersion: "3.11.3-1" home: https://github.com/slamdev/helm-charts/tree/master/charts/weblate icon: https://weblate.org/static/weblate-180.png diff --git a/charts/weblate/README.md b/charts/weblate/README.md index d579fb2..e1157bc 100644 --- a/charts/weblate/README.md +++ b/charts/weblate/README.md @@ -2,7 +2,7 @@ weblate ======= Helm chart to deploy [weblate](https://hub.docker.com/r/weblate/weblate/). -Current chart version is `0.0.1` +Current chart version is `0.0.2` Source code can be found [here](https://github.com/slamdev/helm-charts/tree/master/charts/weblate) @@ -13,6 +13,7 @@ Source code can be found [here](https://github.com/slamdev/helm-charts/tree/mast | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | affinity for scheduler pod assignment | +| chownDataVolumeAs | string | `"1000:1000"` | specifies an owner of data volume | | env | list | `[]` | environment variables for the container | | envFrom | list | `[]` | environment variable sources for the container | | fullnameOverride | string | `""` | full name of the chart. | @@ -28,7 +29,7 @@ Source code can be found [here](https://github.com/slamdev/helm-charts/tree/mast | livenessProbe.httpGet.port | string | `"http"` | port for liveness probe | | nameOverride | string | `""` | override name of the chart | | nodeSelector | object | `{}` | node for scheduler pod assignment | -| podSecurityContext | object | `{}` | specifies security settings for a pod | +| podSecurityContext | object | `{"fsGroup":1000,"runAsUser":1000}` | specifies security settings for a pod | | readinessProbe.httpGet.path | string | `"/healthz/"` | path for readiness probe | | readinessProbe.httpGet.port | string | `"http"` | port for readiness probe | | resources | object | `{}` | custom resource configuration | diff --git a/charts/weblate/templates/statefulset.yaml b/charts/weblate/templates/statefulset.yaml index dbd9b81..e87970c 100644 --- a/charts/weblate/templates/statefulset.yaml +++ b/charts/weblate/templates/statefulset.yaml @@ -23,6 +23,17 @@ spec: serviceAccountName: {{ include "weblate.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: init + image: busybox + command: + - sh + - -c + args: + - chown -R {{ .Values.chownDataVolumeAs }} /app/data; + volumeMounts: + - mountPath: "/app/data" + name: data containers: - name: {{ .Chart.Name }} securityContext: diff --git a/charts/weblate/values.yaml b/charts/weblate/values.yaml index 069a064..91e9c45 100644 --- a/charts/weblate/values.yaml +++ b/charts/weblate/values.yaml @@ -22,8 +22,12 @@ serviceAccount: name: # podSecurityContext -- specifies security settings for a pod -podSecurityContext: {} -# fsGroup: 2000 +podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 + +# chownDataVolumeAs -- specifies an owner of data volume +chownDataVolumeAs: "1000:1000" # securityContext -- specifies security settings for a container securityContext: {}