diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 7e46c0e8..c81593e1 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -15,4 +15,4 @@ maintainers: name: common sources: null type: library -version: 11.1.0 +version: 11.1.1 diff --git a/charts/common/templates/lib/controller/_prepare.tpl b/charts/common/templates/lib/controller/_prepare.tpl index cbe18d6e..c78b0744 100644 --- a/charts/common/templates/lib/controller/_prepare.tpl +++ b/charts/common/templates/lib/controller/_prepare.tpl @@ -14,10 +14,11 @@ before chart installation. {{- end -}} {{- end }} {{- if or $autoperms ( and ( .Values.addons.vpn.configFile.enabled ) ( ne .Values.addons.vpn.type "disabled" ) ( ne .Values.addons.vpn.type "tailscale" ) ) }} -- name: db-wait +- name: auto-permissions image: {{ .Values.alpineImage.repository }}:{{ .Values.alpineImage.tag }} securityContext: runAsUser: 0 + runAsNonRoot: false resources: {{- with .Values.resources }} {{- tpl ( toYaml . ) $ | nindent 4 }} @@ -37,7 +38,6 @@ before chart installation. /usr/bin/nfs4xdr_winacl -a chown -G {{ $group }} -r -c {{ tpl $hpm.mountPath $ | squote }} -p {{ tpl $hpm.mountPath $ | squote }} || echo "Failed setting permissions..." {{- end }} EOF - volumeMounts: {{- range $name, $hpm := $hostPathMounts }} - name: {{ $name }} @@ -208,7 +208,6 @@ before chart installation. done fi; {{- end }} - EOF {{- end }} {{- end -}} diff --git a/charts/common/templates/lib/util/_manifest-updater.tpl b/charts/common/templates/lib/util/_manifest-updater.tpl index d1b2d943..d5fc9d70 100644 --- a/charts/common/templates/lib/util/_manifest-updater.tpl +++ b/charts/common/templates/lib/util/_manifest-updater.tpl @@ -1,6 +1,6 @@ {{- define "tc.common.lib.util.manifest.update" -}} {{- if .Values.manifests.enabled }} -{{- $fullName := include "tc.common.names.fullname" . -}} +{{- $fullName := include "tc.common.names.fullname" . }} --- apiVersion: batch/v1 kind: Job @@ -29,16 +29,15 @@ spec: - | /bin/sh <<'EOF' echo "installing manifests..." - kubectl apply --server-side --force-conflicts -k https://github.com/truecharts/manifests/{{ if .Values.manifests.staging }}staging{{ else }}manifests{{ end }} {{ if .Values.manifests.nonBlocking }} || echo "Manifest application failed..."{{ end }} + kubectl apply --server-side --force-conflicts -k https://github.com/truecharts/manifests/{{ if .Values.manifests.staging }}staging{{ else }}manifests{{ end }} {{ if .Values.manifests.nonBlocking }} || echo "Manifest application failed..."{{ end }} EOF volumeMounts: - - name: temp + - name: {{ $fullName }}-manifests-temp mountPath: /tmp restartPolicy: Never - {{- with (include "tc.common.controller.volumes" . | trim) }} volumes: - {{- nindent 8 . }} - {{- end }} + - name: {{ $fullName }}-manifests-temp + emptyDir: {} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole