39 lines
1.4 KiB
YAML
39 lines
1.4 KiB
YAML
volumeProvisioner:
|
|
env:
|
|
IS_ROOTLESS: true
|
|
# -- Only if local volumes are used as backend storage (ignored for ebs/ebs-csi disks)
|
|
dind-lv-monitor:
|
|
image:
|
|
tag: 1.30.0-rootless
|
|
digest: sha256:712e549e6e843b04684647f17e0973f8047e0d60e6e8b38a693ea64dc75b0479
|
|
containerSecurityContext:
|
|
runAsUser: 1000
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
# -- Enable initContainer to run chmod for /var/lib/codefresh/dind-volumes on host nodes
|
|
volumePermissions:
|
|
enabled: false
|
|
|
|
runtime:
|
|
dind:
|
|
image:
|
|
tag: 26.1.4-1.28.10-rootless
|
|
digest: sha256:59dfc004eb22a8f09c8a3d585271a055af9df4591ab815bca418c24a2077f5c8
|
|
userVolumeMounts:
|
|
dind:
|
|
name: dind
|
|
mountPath: /home/rootless/.local/share/docker
|
|
containerSecurityContext:
|
|
privileged: true
|
|
runAsUser: 1000
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
|
|
fsGroupChangePolicy: "OnRootMismatch"
|
|
# -- Enable initContainer to run chmod for /home/rootless in DinD pod
|
|
# !!! Will slow down dind pod startup
|
|
volumePermissions:
|
|
enabled: true
|