technofab/nixlets
1
0
Fork 0
mirror of https://gitlab.com/TECHNOFAB/nixlets.git synced 2025-12-12 01:50:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(attic): securityContext improvements and conditionally switch to StatefulSet

Browse source
This commit is contained in:
technofab 2024-03-10 14:53:01 +01:00
parent 7d0c2c6d11
commit ff98c7e3b5
1 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
nixlets/attic/deployment.nix
View file

@ -3,15 +3,26 @@
lib, lib,
... ...
}: { }: {
kubernetes.resources = { kubernetes.resources = let
deployments."${values.uniqueName}" = { # switch to a StatefulSet if we don't use an external storage configuration
type =
if values.externalStorage
then "deployments"
else "statefulSets";
in {
${type}."${values.uniqueName}" = {
spec = { spec = {
replicas = values.replicaCount; replicas = values.replicaCount;
selector.matchLabels.app = "${values.uniqueName}"; selector.matchLabels.app = "${values.uniqueName}";
serviceName = "attic";
template = { template = {
metadata.labels.app = "${values.uniqueName}"; metadata.labels.app = "${values.uniqueName}";
spec = { spec = {
securityContext.fsGroup = 1000; securityContext = {
fsGroup = 1000;
runAsUser = 1000;
runAsGroup = 1000;
};
containers."api-server" = { containers."api-server" = {
image = "${values.image.repository}:${values.image.tag}"; image = "${values.image.repository}:${values.image.tag}";
imagePullPolicy = values.image.pullPolicy; imagePullPolicy = values.image.pullPolicy;