farhoodliquor/irc
Archived
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-05-26. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
87c03682c4e25c6be3a8412e7d9bcfb4e2c366bd
irc/thelounge/statefulset.yaml
T
Chris Farhood 927bd66811 fix(irc): add init container to fix thelounge volume permissions 
Fresh PVC needs ownership set to uid 1000 before thelounge can start.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 22:48:53 -05:00

99 lines
2.6 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: thelounge
labels:
app.kubernetes.io/name: thelounge
app.kubernetes.io/instance: thelounge
annotations:
polaris.fairwinds.com/tagNotSpecified-exempt: "true"
polaris.fairwinds.com/topologySpreadConstraint-exempt: "true"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: thelounge
app.kubernetes.io/instance: thelounge
template:
metadata:
labels:
app.kubernetes.io/name: thelounge
app.kubernetes.io/instance: thelounge
spec:
priorityClassName: low-priority
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
initContainers:
- name: fix-permissions
image: busybox:1.37
command: ["sh", "-c", "chown -R 1000:1000 /var/opt/thelounge"]
volumeMounts:
- name: config
mountPath: /var/opt/thelounge
securityContext:
runAsNonRoot: false
runAsUser: 0
resources:
limits:
cpu: 100m
memory: 64Mi
containers:
- name: thelounge
image: ghcr.io/thelounge/thelounge:latest
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
ports:
- containerPort: 9000
name: http-9000
volumeMounts:
- name: config
mountPath: /var/opt/thelounge
resources:
requests:
cpu: "100m"
memory: "256Mi"
ephemeral-storage: "1Gi"
limits:
cpu: "500m"
memory: "512Mi"
ephemeral-storage: "2Gi"
livenessProbe:
httpGet:
path: /
port: 9000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 9000
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
failureThreshold: 3
volumeClaimTemplates:
- metadata:
name: config
spec:
storageClassName: ceph-block
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
Reference in New Issue View Git Blame Copy Permalink