Add Volume Mount Permissions Fix (#134)

- Adds a pre-install job to fix folder permissions
This commit is contained in:
Kjeld Schouten-Lebbing
2021-02-19 22:29:02 +01:00
committed by kjeld Schouten-Lebbing
parent 5b6f5e2b41
commit a1cbab4e07
9 changed files with 105 additions and 14 deletions

View File

@@ -1,7 +1,7 @@
apiVersion: v2
name: common-test
description: Helper chart to test different use cases of the common library
version: 1.2.1
version: 1.3.0
kubeVersion: ">=1.16.0-0"
keywords:
- truecharts

View File

@@ -18,7 +18,7 @@ probes:
startup:
enabled: true
fixMountPermissions: false
appVolumeMounts:
data:
enabled: true
@@ -34,7 +34,7 @@ appVolumeMounts:
mountPath: "/test"
hostPathEnabled: true
hostPath: "/tmp"
appAdditionalServicesEnabled: true
appAdditionalServices:
extra-tcp:
@@ -52,4 +52,4 @@ appAdditionalServices:
port: 51414
name: udp-test
protocol: UDP
targetPort: 51414
targetPort: 51414

View File

@@ -26,7 +26,7 @@ addons:
- name: config
mountPath: /www/assets
fixMountPermissions: false
appVolumeMounts:
data:
enabled: true

View File

@@ -10,6 +10,7 @@ service:
ingress:
enabled: true
fixMountPermissions: false
appVolumeMounts:
data:
enabled: true
@@ -25,7 +26,7 @@ appVolumeMounts:
mountPath: "/test"
hostPathEnabled: false
hostPath: ""
appAdditionalServicesEnabled: true
appAdditionalServices:
extra-tcp:
@@ -43,4 +44,4 @@ appAdditionalServices:
port: 51414
name: udp-test
protocol: UDP
targetPort: 51414
targetPort: 51414

View File

@@ -2,7 +2,8 @@ apiVersion: v2
name: common
description: Function library for TrueCharts
type: library
version: 1.1.1
version: 1.2.0
kubeVersion: ">=1.16.0-0"
# upstream_version: 3.0.1
keywords:

View File

@@ -36,4 +36,5 @@ Main entrypoint for the common library chart. It will render all underlying temp
{{ include "common.ingress" . | nindent 0 }}
{{- print "---" | nindent 0 -}}
{{ include "common.custom.appIngress" . | nindent 0 }}
{{ include "common.custom.mountpermissions" . | nindent 0 }}
{{- end -}}

View File

@@ -0,0 +1,21 @@
{{/*
This template serves as the blueprint for the mountPermissions job that is run
before chart installation.
*/}}
{{- define "common.custom.mountpermissions" -}}
{{- if and .Values.appVolumeMounts .Values.fixMountPermissions }}
{{- range $name, $avm := .Values.appVolumeMounts -}}
{{- if and $avm.enabled $avm.setPermissions}}
{{- print "---" | nindent 0 -}}
{{- $VMValues := $avm -}}
{{- if not $VMValues.nameSuffix -}}
{{- $_ := set $VMValues "nameSuffix" $name -}}
{{ end -}}
{{- $_ := set $ "ObjectValues" (dict "appVolumeMounts" $VMValues) -}}
{{ include "common.custom.mountpermissions.job" $ | nindent 0 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View File

@@ -0,0 +1,63 @@
{{/*
This template serves as the blueprint for the mountPermissions job that is run
before chart installation.
*/}}
{{- define "common.custom.mountpermissions.job" -}}
{{- $values := .Values.appVolumeMounts -}}
{{- if hasKey . "ObjectValues" -}}
{{- with .ObjectValues.appVolumeMounts -}}
{{- $values = . -}}
{{- end -}}
{{ end -}}
{{- $JobName := include "common.names.fullname" . -}}
{{- if hasKey $values "nameSuffix" -}}
{{- $JobName = printf "%v-%v" $JobName $values.nameSuffix -}}
{{ end -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $JobName }}
labels:
{{- include "common.labels" . | nindent 4 }}
{{- with .Values.controllerLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-10"
"helm.sh/hook-delete-policy": hook-succeeded
{{- with .Values.controllerAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
spec:
restartPolicy: Never
containers:
- name: set-mount-permissions
image: "alpine:3.3"
command:
- /bin/sh
- -c
- |
chown -R {{ print .Values.PUID }}:{{ print .Values.PGID }} {{ print $values.mountPath }}
#args:
#
#securityContext:
#
volumeMounts:
{{- include "common.custom.configuredAppVolumeMounts" . | indent 12 }}
{{- with (include "common.controller.volumes" . | trim) }}
volumes:
{{- . | nindent 8 }}
{{- end }}
{{- end }}

View File

@@ -99,7 +99,7 @@ probes:
## The spec field contains the values for the default livenessProbe.
## If you selected custom: true, this field holds the definition of the livenessProbe.
spec:
initialDelaySeconds: 0
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
@@ -111,7 +111,7 @@ probes:
## The spec field contains the values for the default readinessProbe.
## If you selected custom: true, this field holds the definition of the readinessProbe.
spec:
initialDelaySeconds: 0
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 10
failureThreshold: 5
@@ -123,11 +123,11 @@ probes:
## The spec field contains the values for the default startupProbe.
## If you selected custom: true, this field holds the definition of the startupProbe.
spec:
initialDelaySeconds: 0
initialDelaySeconds: 5
timeoutSeconds: 10
## This means it has a maximum of 5*30=150 seconds to start up before it fails
periodSeconds: 5
failureThreshold: 120
periodSeconds: 10
failureThreshold: 30
service:
enabled: true
@@ -454,7 +454,8 @@ addons:
PUID: 568
PGID: 568
appAdditionalServicesEnabled: false
fixMountPermissions: true
# appAdditionalServicesEnabled: false
# appAdditionalServices:
# api:
# enabled: false
@@ -490,6 +491,9 @@ appAdditionalServicesEnabled: false
# subPath: some-subpath
# hostPathEnabled: false
# hostPath: ""
# setPermissions: true
#
# data:
# enabled: false
# emptyDir: false