diff --git a/apps/code-server/deploy.tf b/apps/code-server/deploy.tf index 9608a37..453c7b6 100644 --- a/apps/code-server/deploy.tf +++ b/apps/code-server/deploy.tf @@ -15,6 +15,9 @@ resource "kubectl_manifest" "deploy" { template: metadata: labels: ${jsonencode(local.common-labels)} + annotations: + container.apparmor.security.beta.kubernetes.io/img: unconfined + container.seccomp.security.alpha.kubernetes.io/img: unconfined spec: securityContext: fsGroup: 1000 @@ -33,7 +36,10 @@ resource "kubectl_manifest" "deploy" { runAsNonRoot: true runAsUser: 1000 privileged: true + procMount: unmasked env: + - name: USER + value: coder - name: TZ value: "${var.timezone}" - name: ENTRYPOINTD @@ -75,6 +81,8 @@ resource "kubectl_manifest" "deploy" { subPath: autostart.sh - name: home mountPath: /home/coder + - name: podman-overlay + mountPath: /home/coder/.local/share/containers/storage/overlay/ - name: run mountPath: /run restartPolicy: Always @@ -105,5 +113,7 @@ resource "kubectl_manifest" "deploy" { claimName: "${var.component}-${var.instance}" - name: run emptyDir: {} + - name: podman-overlay + emptyDir: {} EOF } diff --git a/apps/code-server/index.yaml b/apps/code-server/index.yaml index 4fa6c69..648fee0 100644 --- a/apps/code-server/index.yaml +++ b/apps/code-server/index.yaml @@ -6,16 +6,6 @@ metadata: name: code-server description: null options: - sub-domain: - default: code - examples: - - code - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string admin: default: cluster: false @@ -31,59 +21,10 @@ options: default: false type: boolean type: object - ingress-class: - default: traefik + domain-name: + default: your_company.com examples: - - traefik - type: string - images: - default: - codeserver: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.13 - examples: - - codeserver: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.13 - properties: - codeserver: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.13 - properties: - pullPolicy: - default: IfNotPresent - enum: - - Always - - Never - - IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: sebt3/code-server - type: string - tag: - default: 4.13 - type: number - type: object - type: object - domain: - default: your-company - examples: - - your-company - type: string - timezone: - default: Europe/Paris - examples: - - Europe/Paris + - your_company.com type: string storage: default: @@ -112,10 +53,69 @@ options: - block type: string type: object - domain-name: - default: your_company.com + images: + default: + codeserver: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.14 examples: - - your_company.com + - codeserver: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.14 + properties: + codeserver: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.14 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: sebt3/code-server + type: string + tag: + default: 4.14 + type: number + type: object + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + sub-domain: + default: code + examples: + - code + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + domain: + default: your-company + examples: + - your-company + type: string + timezone: + default: Europe/Paris + examples: + - Europe/Paris type: string dependencies: - dist: null @@ -128,3 +128,4 @@ providers: postgresql: null restapi: true http: true +tfaddtype: null