diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml index 3507aa0..e34e878 100644 --- a/charts/owncloud/templates/deployment.yaml +++ b/charts/owncloud/templates/deployment.yaml @@ -7,6 +7,7 @@ metadata: {{- include "owncloud.labels" . | nindent 4 }} annotations: ignore-check.kube-linter.io/run-as-non-root : "ownCloud does not support non-root containers" + ignore-check.kube-linter.io/no-read-only-root-fs : "ownCloud need to write /etc/environment on startup" spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} diff --git a/charts/owncloud/templates/pvc.yaml b/charts/owncloud/templates/pvc.yaml index c0d4ac8..d19e777 100644 --- a/charts/owncloud/templates/pvc.yaml +++ b/charts/owncloud/templates/pvc.yaml @@ -6,9 +6,9 @@ metadata: name: {{ include "owncloud.fullname" . }} spec: accessModes: - - ReadWriteOnce + {{- toYaml .Values.persistence.owncloud.accessMode | nindent 4 }} capacity: - storage: 100Gi + storage: {{ .Values.persistence.owncloud.size }} nfs: server: {{ .Values.persistence.owncloud.nfs.server }} path: {{ .Values.persistence.owncloud.nfs.path }} @@ -21,9 +21,9 @@ metadata: name: {{ include "owncloud.fullname" . }} spec: accessModes: - - ReadWriteOnce + {{- toYaml .Values.persistence.owncloud.accessMode | nindent 4 }} resources: requests: - storage: 100Gi + storage: {{ .Values.persistence.owncloud.size }} storageClassName: standard {{- end -}} diff --git a/charts/owncloud/values-ci-testing.yaml b/charts/owncloud/values-ci-testing.yaml index e9226e0..f531c3d 100644 --- a/charts/owncloud/values-ci-testing.yaml +++ b/charts/owncloud/values-ci-testing.yaml @@ -20,8 +20,9 @@ externalDatabase: persistence: enabled: true owncloud: - accessMode: ReadWriteOnce - size: 8Gi + accessMode: + - ReadWriteOnce + size: 20Gi nfs: {} redis: @@ -29,8 +30,8 @@ redis: image: repository: docker.io/owncloud/server - pullPolicy: IfNotPresent - tag: 10.10 + pullPolicy: Always + tag: 10.11 imagePullSecrets: [] nameOverride: "" @@ -46,7 +47,7 @@ podAnnotations: {} podSecurityContext: {} securityContext: - readOnlyRootFilesystem: true + readOnlyRootFilesystem: false service: type: LoadBalancer @@ -54,6 +55,7 @@ service: ingress: enabled: true + annotations: {} hosts: - host: "owncloud.chart.example" paths: ["/*"] @@ -66,10 +68,10 @@ ingress: resources: limits: cpu: 100m - memory: 128Mi + memory: 512Mi requests: cpu: 100m - memory: 128Mi + memory: 512Mi autoscaling: enabled: false diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml index fcaad3a..c14607c 100644 --- a/charts/owncloud/values.yaml +++ b/charts/owncloud/values.yaml @@ -20,8 +20,9 @@ externalDatabase: persistence: enabled: true owncloud: - accessMode: ReadWriteOnce - size: 8Gi + accessMode: + - ReadWriteOnce + size: 20Gi nfs: {} redis: @@ -29,9 +30,9 @@ redis: image: repository: docker.io/owncloud/server - pullPolicy: IfNotPresent + pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: 10.10 + tag: 10.11 imagePullSecrets: [] nameOverride: "" @@ -49,15 +50,9 @@ serviceAccount: podAnnotations: {} podSecurityContext: {} -# fsGroup: 2000 -securityContext: {} -# capabilities: -# drop: -# - ALL -# readOnlyRootFilesystem: true -# runAsNonRoot: true -# runAsUser: 1000 +securityContext: + readOnlyRootFilesystem: false service: type: LoadBalancer @@ -65,9 +60,7 @@ service: ingress: enabled: true - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" + annotations: {} hosts: - host: "owncloud.chart.example" paths: ["/*"] @@ -77,24 +70,19 @@ ingress: - "owncloud.chart.example" secretName: owncloud -resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi +resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 512Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: 100 targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 nodeSelector: {}