fix(nix-kubernetes): chown manually and remove fsGroup

2025-12-12 02:00:11 +01:00 · 2024-05-07 20:18:50 +02:00 · 2024-05-07 20:18:50 +02:00 · 77fda07aa6
commit 77fda07aa6
parent be75e2cc00
1 changed files with 23 additions and 1 deletions
--- a/nix-kubernetes/kubernetes.nix
+++ b/nix-kubernetes/kubernetes.nix
@ -30,6 +30,29 @@
          };
        };
        init_container = [
+          {
+            name = "chown";
+            image = "alpine:3";
+            command = ["chown" "1000:1000" "/mnt/nix" "/mnt/tmp" "/mnt/home"];
+            security_context.run_as_user = "0";
+            volume_mount = [
+              {
+                mount_path = "/mnt/home";
+                name = "home";
+                read_only = false;
+              }
+              {
+                mount_path = "/mnt/nix";
+                name = "nix-store";
+                read_only = false;
+              }
+              {
+                mount_path = "/mnt/tmp";
+                name = "tmp";
+                read_only = false;
+              }
+            ];
+          }
          {
            name = "copy-nix-store";
            image = "registry.gitlab.com/technofab/coder-templates/nix-coder-image:\${data.coder_parameter.image_tag.value}";
@ -94,7 +117,6 @@
          }
        ];
        security_context = {
-          fs_group = 1000;
          run_as_user = 1000;
          run_as_group = 1000;
        };