fix

2023-07-25 12:05:40 +02:00
parent f5dc11b2d5
commit b5cc5d05ab
2 changed files with 76 additions and 65 deletions
--- a/apps/code-server/deploy.tf
+++ b/apps/code-server/deploy.tf
@@ -15,6 +15,9 @@ resource "kubectl_manifest" "deploy" {
      template:
        metadata:
          labels: ${jsonencode(local.common-labels)}
+          annotations:
+            container.apparmor.security.beta.kubernetes.io/img: unconfined
+            container.seccomp.security.alpha.kubernetes.io/img: unconfined
        spec:
          securityContext:
            fsGroup: 1000
@@ -33,7 +36,10 @@ resource "kubectl_manifest" "deploy" {
              runAsNonRoot: true
              runAsUser: 1000
              privileged: true
+              procMount: unmasked
            env:
+            - name: USER
+              value: coder
            - name: TZ
              value: "${var.timezone}"
            - name: ENTRYPOINTD
@@ -75,6 +81,8 @@ resource "kubectl_manifest" "deploy" {
              subPath: autostart.sh
            - name: home
              mountPath: /home/coder
+            - name: podman-overlay
+              mountPath: /home/coder/.local/share/containers/storage/overlay/
            - name: run
              mountPath: /run
          restartPolicy: Always
@@ -105,5 +113,7 @@ resource "kubectl_manifest" "deploy" {
              claimName: "${var.component}-${var.instance}"
          - name: run
            emptyDir: {}
+          - name: podman-overlay
+            emptyDir: {}
  EOF
 }