diff options
| author | Paul Buetow <paul@buetow.org> | 2025-08-08 21:37:31 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2025-08-08 21:37:31 +0300 |
| commit | 302a2caa47e3fae1b99063e9d8ac851a6f9067b4 (patch) | |
| tree | 64bf7086263263dab6c84d7ce1238d5a1859277c | |
| parent | 0373a22bf963f58bfbdc4538219d191cdc7c81c7 (diff) | |
fix miniflux
| -rw-r--r-- | f3s/freshrss/README.md | 4 | ||||
| -rw-r--r-- | f3s/freshrss/helm-chart/templates/deployment.yaml | 12 | ||||
| -rw-r--r-- | f3s/miniflux/helm-chart/templates/deployment.yaml | 2 |
3 files changed, 11 insertions, 7 deletions
diff --git a/f3s/freshrss/README.md b/f3s/freshrss/README.md index a0295b2..1a88372 100644 --- a/f3s/freshrss/README.md +++ b/f3s/freshrss/README.md @@ -12,8 +12,8 @@ Example commands: ```bash sudo mkdir -p /data/nfs/k3svolumes/freshrss/data -# Optional: ensure write permissions for the container user (often UID/GID 33) -sudo chown -R 33:33 /data/nfs/k3svolumes/freshrss/data +# Ensure write permissions for the runtime user/group (nobody:nogroup = 65534:65534) +sudo chown -R 65534:65534 /data/nfs/k3svolumes/freshrss/data ``` ## Installing the Chart diff --git a/f3s/freshrss/helm-chart/templates/deployment.yaml b/f3s/freshrss/helm-chart/templates/deployment.yaml index 1277c62..99f114c 100644 --- a/f3s/freshrss/helm-chart/templates/deployment.yaml +++ b/f3s/freshrss/helm-chart/templates/deployment.yaml @@ -13,14 +13,19 @@ spec: labels: app: freshrss spec: + securityContext: + runAsUser: 65534 # nobody + runAsGroup: 65534 # nobody / nogroup + fsGroup: 65534 # ensure mounted volumes are group-writable + runAsNonRoot: true containers: - name: freshrss image: freshrss/freshrss:latest ports: - - containerPort: 80 + - containerPort: 80 volumeMounts: - - name: freshrss-data - mountPath: /var/www/FreshRSS/data + - name: freshrss-data + mountPath: /var/www/FreshRSS/data volumes: - name: freshrss-data persistentVolumeClaim: @@ -41,4 +46,3 @@ spec: targetPort: 80 selector: app: freshrss - diff --git a/f3s/miniflux/helm-chart/templates/deployment.yaml b/f3s/miniflux/helm-chart/templates/deployment.yaml index 533aa6c..124e33b 100644 --- a/f3s/miniflux/helm-chart/templates/deployment.yaml +++ b/f3s/miniflux/helm-chart/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: spec: containers: - name: miniflux-postgres - image: registry.lan.buetow.org:30001/postgres:17f + image: postgres:17 ports: - containerPort: 5432 env: |