forked from extern/trmm-awesome
Switch to non-root containers
This commit is contained in:
Joel DeTeves
parent
0756fd3494
commit
03e07f3bef
@ -21,9 +21,12 @@ spec:
|
|||||||
network/proxy: "true"
|
network/proxy: "true"
|
||||||
service: tactical-backend
|
service: tactical-backend
|
||||||
spec:
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-backend
|
- name: trmm-backend
|
||||||
image: tacticalrmm/tactical:0.10.5-dev
|
image: tacticalrmm/tactical:0.11.4-dev
|
||||||
args:
|
args:
|
||||||
- tactical-backend
|
- tactical-backend
|
||||||
resources: {}
|
resources: {}
|
||||||
@ -57,10 +60,10 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: "http"
|
- name: "http"
|
||||||
port: 80
|
port: 8080
|
||||||
targetPort: 80
|
targetPort: 8080
|
||||||
- name: "https"
|
- name: "https"
|
||||||
port: 443
|
port: 4443
|
||||||
targetPort: 443
|
targetPort: 4443
|
||||||
selector:
|
selector:
|
||||||
service: tactical-backend
|
service: tactical-backend
|
||||||
|
|||||||
@ -25,7 +25,7 @@ spec:
|
|||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-celery
|
- name: trmm-celery
|
||||||
image: tacticalrmm/tactical:0.10.5-dev
|
image: tacticalrmm/tactical:0.11.4-dev
|
||||||
args:
|
args:
|
||||||
- tactical-celery
|
- tactical-celery
|
||||||
resources: {}
|
resources: {}
|
||||||
@ -67,7 +67,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-celerybeat
|
- name: trmm-celerybeat
|
||||||
image: tacticalrmm/tactical:latest
|
image: tacticalrmm/tactical:0.11.4-dev
|
||||||
args:
|
args:
|
||||||
- tactical-celerybeat
|
- tactical-celerybeat
|
||||||
resources: {}
|
resources: {}
|
||||||
|
|||||||
@ -17,9 +17,12 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
service: tactical-frontend
|
service: tactical-frontend
|
||||||
spec:
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-frontend
|
- name: trmm-frontend
|
||||||
image: tacticalrmm/tactical-frontend:latest
|
image: tacticalrmm/tactical-frontend:0.11.4-dev
|
||||||
resources: {}
|
resources: {}
|
||||||
env:
|
env:
|
||||||
- name: API_HOST
|
- name: API_HOST
|
||||||
@ -37,10 +40,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: "http"
|
- name: "http"
|
||||||
port: 80
|
port: 8080
|
||||||
targetPort: 80
|
targetPort: 8080
|
||||||
- name: "https"
|
|
||||||
port: 443
|
|
||||||
targetPort: 443
|
|
||||||
selector:
|
selector:
|
||||||
service: tactical-frontend
|
service: tactical-frontend
|
||||||
|
|||||||
@ -12,7 +12,7 @@ spec:
|
|||||||
containers:
|
containers:
|
||||||
- args:
|
- args:
|
||||||
- tactical-init
|
- tactical-init
|
||||||
image: tacticalrmm/tactical:0.10.5-dev
|
image: tacticalrmm/tactical:0.11.4-dev
|
||||||
name: trmm-init
|
name: trmm-init
|
||||||
env:
|
env:
|
||||||
- name: API_HOST
|
- name: API_HOST
|
||||||
@ -22,7 +22,7 @@ spec:
|
|||||||
- name: MESH_HOST
|
- name: MESH_HOST
|
||||||
value: mesh.rmm.mydomain.com
|
value: mesh.rmm.mydomain.com
|
||||||
- name: MESH_WS_URL
|
- name: MESH_WS_URL
|
||||||
value: ws://tactical-meshcentral:443
|
value: ws://tactical-meshcentral:4443
|
||||||
- name: MESH_USER
|
- name: MESH_USER
|
||||||
value: meshuser
|
value: meshuser
|
||||||
- name: POSTGRES_HOST
|
- name: POSTGRES_HOST
|
||||||
|
|||||||
@ -20,9 +20,12 @@ spec:
|
|||||||
network/proxy: "true"
|
network/proxy: "true"
|
||||||
service: tactical-meshcentral
|
service: tactical-meshcentral
|
||||||
spec:
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-meshcentral
|
- name: trmm-meshcentral
|
||||||
image: tacticalrmm/tactical-meshcentral:0.10.5-dev
|
image: tacticalrmm/tactical-meshcentral:0.11.4-dev
|
||||||
resources: {}
|
resources: {}
|
||||||
env:
|
env:
|
||||||
- name: MESH_HOST
|
- name: MESH_HOST
|
||||||
@ -45,6 +48,8 @@ spec:
|
|||||||
key: mongodb-password
|
key: mongodb-password
|
||||||
- name: NGINX_HOST_IP # Point to NGINX service
|
- name: NGINX_HOST_IP # Point to NGINX service
|
||||||
value: tactical-nlb
|
value: tactical-nlb
|
||||||
|
- name: NGINX_HOST_PORT # Should match the EXTERNAL port of the NGINX service
|
||||||
|
value: "443"
|
||||||
- name: WS_MASK_OVERRIDE # Enable for Traefik compatibility
|
- name: WS_MASK_OVERRIDE # Enable for Traefik compatibility
|
||||||
value: "0"
|
value: "0"
|
||||||
- name: SMTP_HOST
|
- name: SMTP_HOST
|
||||||
@ -87,10 +92,10 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: "http"
|
- name: "http"
|
||||||
port: 80
|
port: 8080
|
||||||
targetPort: 80
|
targetPort: 8080
|
||||||
- name: "https"
|
- name: "https"
|
||||||
port: 443
|
port: 4443
|
||||||
targetPort: 443
|
targetPort: 4443
|
||||||
selector:
|
selector:
|
||||||
service: tactical-meshcentral
|
service: tactical-meshcentral
|
||||||
|
|||||||
@ -20,8 +20,8 @@ spec:
|
|||||||
service: tactical-mongodb
|
service: tactical-mongodb
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 2000
|
runAsUser: 1000
|
||||||
fsGroup: 2000
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-mongodb
|
- name: trmm-mongodb
|
||||||
image: mongo:4.4
|
image: mongo:4.4
|
||||||
|
|||||||
@ -19,9 +19,12 @@ spec:
|
|||||||
network/proxy: "true"
|
network/proxy: "true"
|
||||||
service: tactical-nlb
|
service: tactical-nlb
|
||||||
spec:
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: nginx
|
- name: nginx
|
||||||
image: tacticalrmm/tactical-nginx:0.10.5-dev
|
image: tacticalrmm/tactical-nginx:0.11.4-dev
|
||||||
resources: {}
|
resources: {}
|
||||||
env:
|
env:
|
||||||
- name: API_HOST
|
- name: API_HOST
|
||||||
@ -45,19 +48,21 @@ spec:
|
|||||||
- name: CERT_PRIV_PATH
|
- name: CERT_PRIV_PATH
|
||||||
value: /etc/ssl/certs/custom/tls.key
|
value: /etc/ssl/certs/custom/tls.key
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 8080
|
||||||
- containerPort: 443
|
- containerPort: 4443
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /opt/tactical
|
- mountPath: /opt/tactical
|
||||||
name: tactical-data
|
name: tactical-data
|
||||||
- mountPath: /etc/ssl/certs/custom
|
- mountPath: /etc/ssl/certs/custom
|
||||||
name: tactical-certs
|
name: tactical-certs
|
||||||
- name: trmm-nats
|
- name: trmm-nats
|
||||||
image: tacticalrmm/tactical-nats:latest
|
image: tacticalrmm/tactical-nats:0.11.4-dev
|
||||||
resources: {}
|
resources: {}
|
||||||
env:
|
env:
|
||||||
- name: API_HOST
|
- name: API_HOST
|
||||||
value: api.rmm.mydomain.com
|
value: api.rmm.mydomain.com
|
||||||
|
- name: NATS_CONFIG_CHECK_INTERVAL
|
||||||
|
value: "10"
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 4222
|
- containerPort: 4222
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -26,7 +26,7 @@ spec:
|
|||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
containers:
|
containers:
|
||||||
- name: trmm-websockets
|
- name: trmm-websockets
|
||||||
image: tacticalrmm/tactical:latest
|
image: tacticalrmm/tactical:0.11.4-dev
|
||||||
args:
|
args:
|
||||||
- tactical-websockets
|
- tactical-websockets
|
||||||
resources: {}
|
resources: {}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user