vikunja
/
helm-chart
2
2
Fork 5
Code Issues 6 Pull Requests Packages Projects Releases 1 Wiki Activity

Update security context to allow frontend pod to start #6

Merged
konrad merged 2 commits from r1cebank/helm-chart:main into main 2023-05-04 21:39:43 +00:00
Conversation 5 Commits 2 Files Changed 3 +7 -5
r1cebank commented 2023-04-30 17:15:36 +00:00
Contributor
Copy Link

Changes:

  • Updated the pod security context for frontend to run as nginx user
  • Updated documentation with correct database type for postgresql
Changes: * Updated the pod security context for frontend to run as nginx user * Updated documentation with correct database type for postgresql
r1cebank added 1 commit 2023-04-30 17:15:36 +00:00
continuous-integration/drone/pr Build is passing Details
29190213e5
update security context to allow frontend pod to start
konrad commented 2023-05-02 08:46:36 +00:00
Owner
Copy Link

@vlasov-y can you take a look?

@vlasov-y can you take a look?
konrad commented 2023-05-02 08:47:22 +00:00
Owner
Copy Link

Relevant forum discussion: https://community.vikunja.io/t/helm-chart-frontend-pod-does-not-start-because-of-permission-issues-in-raspberry-pie-4-k3s/1286/15

Relevant forum discussion: https://community.vikunja.io/t/helm-chart-frontend-pod-does-not-start-because-of-permission-issues-in-raspberry-pie-4-k3s/1286/15
vlasov-y commented 2023-05-02 08:59:22 +00:00
Member
Copy Link

@vlasov-y can you take a look?

will review, sure.

> @vlasov-y can you take a look? will review, sure.
👍 1
vlasov-y requested review from vlasov-y 2023-05-02 09:36:39 +00:00
vlasov-y requested changes 2023-05-02 09:38:49 +00:00
README.md
@ -62,3 +62,3 @@
database:
# Use PostgreSQL database anyway
type: postgresql
type: postgres
vlasov-y commented 2023-05-02 09:38:33 +00:00
Member
Copy Link

According to this documentation paragraph , it has to be postgres, not postgresql. @konrad which value is corrent one?

According to [this](https://vikunja.io/docs/config-options/#type) documentation paragraph , it has to be `postgres`, not `postgresql`. @konrad which value is corrent one?
konrad commented 2023-05-02 09:56:39 +00:00
Owner
Copy Link

postgres is correct.

`postgres` is correct.
vlasov-y commented 2023-05-02 11:23:35 +00:00
Member
Copy Link

Okay, then this line is to be reverted @r1cebank

Okay, then this line is to be reverted @r1cebank
r1cebank commented 2023-05-02 16:00:56 +00:00
Author
Contributor
Copy Link

postgres is the correct value, if i use postgresql the api will fail to start saying unknown database type. why it needs to be reverted?

the current documentation is using 'postgresql' which is incorrect, thats why I made the update to correct it

postgres is the correct value, if i use postgresql the api will fail to start saying unknown database type. why it needs to be reverted? the current documentation is using 'postgresql' which is incorrect, thats why I made the update to correct it
vlasov-y commented 2023-05-03 07:31:23 +00:00
Member
Copy Link

Aaa, you are right :) I somewhy misunderstood the diff and thought that you change postgres to postgresql XD Sorry

Aaa, you are right :) I somewhy misunderstood the diff and thought that you change `postgres` to `postgresql` XD Sorry
r1cebank commented 2023-05-03 20:55:24 +00:00
Author
Contributor
Copy Link

Haha no worries, I was a bit confused thought I missed something 🤣

Haha no worries, I was a bit confused thought I missed something 🤣
vlasov-y marked this conversation as resolved
values.yaml Outdated
@ -40,2 +40,4 @@
securityContext:
allowPrivilegeEscalation: true
runAsUser: 101 #nginx
vlasov-y commented 2023-05-02 09:38:38 +00:00
Member
Copy Link

Change #nginx to # nginx please

Change `#nginx` to `# nginx` please
r1cebank marked this conversation as resolved
vlasov-y commented 2023-05-02 09:49:34 +00:00
Member
Copy Link

@r1cebank I have tried deploy frontend with values below and it works nice. I do not see a reason to set allowPrivilegeEscalation=true

  securityContext:
    allowPrivilegeEscalation: false
    runAsUser: 101
    capabilities:
      drop:
      - ALL
      add:
      - NET_BIND_SERVICE
@r1cebank I have tried deploy frontend with values below and it works nice. I do not see a reason to set allowPrivilegeEscalation=true ```yaml securityContext: allowPrivilegeEscalation: false runAsUser: 101 capabilities: drop: - ALL add: - NET_BIND_SERVICE ```
r1cebank requested review from vlasov-y 2023-05-02 16:12:50 +00:00
r1cebank added 1 commit 2023-05-02 16:14:11 +00:00
continuous-integration/drone/pr Build is passing Details
a74e546e5d Address comments
vlasov-y commented 2023-05-03 07:32:36 +00:00
Member
Copy Link

Now it looks good to me @r1cebank 😃
Approving

FYI @konrad

Now it looks good to me @r1cebank 😃 Approving FYI @konrad
vlasov-y approved these changes 2023-05-03 07:32:43 +00:00
konrad merged commit f9b22567c9 into main 2023-05-04 21:39:43 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
vlasov-y
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/helm-chart#6
No description provided.
Delete Branch "r1cebank/helm-chart:main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?