diff --git a/charts/penpot/README.md b/charts/penpot/README.md index f3e4414..528d1f7 100644 --- a/charts/penpot/README.md +++ b/charts/penpot/README.md @@ -175,11 +175,11 @@ helm install my-release -f values.yaml penpot/penpot | Key | Type | Default | Description | |-----|------|---------|-------------| | frontend.affinity | object | `{}` | Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) | -| frontend.containerSecurityContext | object | `{}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| frontend.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":false,"runAsNonRoot":true,"runAsUser":1001}` | Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | frontend.deploymentAnnotations | object | `{}` | An optional map of annotations to be applied to the controller Deployment | | frontend.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy to use. | -| frontend.image.repository | string | `"penpotapp/frontend"` | The Docker repository to pull the image from. | -| frontend.image.tag | string | `"2.1.4"` | The image tag to use. | +| frontend.image.repository | string | `"bameda00/test-p"` | The Docker repository to pull the image from. | +| frontend.image.tag | string | `"latest"` | The image tag to use. | | frontend.nodeSelector | object | `{}` | Node labels for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/user-guide/node-selection/) | | frontend.pdb | object | `{"enabled":false,"maxUnavailable":null,"minAvailable":null}` | Configure Pod Disruption Budget for the frontend pods. Check [the official doc](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) | | frontend.pdb.enabled | bool | `false` | Enable Pod Disruption Budget for the frontend pods. | @@ -187,12 +187,12 @@ helm install my-release -f values.yaml penpot/penpot | frontend.pdb.minAvailable | int,string | `nil` | The number or percentage of pods from that set that must still be available after the eviction (e.g.: 3, "10%"). | | frontend.podAnnotations | object | `{}` | An optional map of annotations to be applied to the controller Pods | | frontend.podLabels | object | `{}` | An optional map of labels to be applied to the controller Pods | -| frontend.podSecurityContext | object | `{}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | +| frontend.podSecurityContext | object | `{"fsGroup":1001}` | Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | | frontend.replicaCount | int | `1` | The number of replicas to deploy. | | frontend.resources | object | `{"limits":{},"requests":{}}` | Penpot frontend resource requests and limits. Check [the official doc](https://kubernetes.io/docs/user-guide/compute-resources/) | | frontend.resources.limits | object | `{}` | The resources limits for the Penpot frontend containers | | frontend.resources.requests | object | `{}` | The requested resources for the Penpot frontend containers | -| frontend.service.port | int | `80` | The service port to use. | +| frontend.service.port | int | `8080` | The service port to use. | | frontend.service.type | string | `"ClusterIP"` | The service type to create. | | frontend.tolerations | list | `[]` | Tolerations for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | diff --git a/charts/penpot/templates/backend-service.yml b/charts/penpot/templates/backend-service.yml index 28951e1..7155877 100644 --- a/charts/penpot/templates/backend-service.yml +++ b/charts/penpot/templates/backend-service.yml @@ -6,11 +6,11 @@ metadata: labels: {{- include "penpot.labels" . | nindent 4 }} spec: - selector: - {{- include "penpot.backendSelectorLabels" . | nindent 4 }} type: {{ .Values.backend.service.type }} ports: - port: {{ .Values.backend.service.port }} targetPort: {{ .Values.backend.service.port }} protocol: TCP name: http + selector: + {{- include "penpot.backendSelectorLabels" . | nindent 4 }} diff --git a/charts/penpot/templates/frontend-service.yml b/charts/penpot/templates/frontend-service.yml index 2ceb04f..1af21fa 100644 --- a/charts/penpot/templates/frontend-service.yml +++ b/charts/penpot/templates/frontend-service.yml @@ -9,7 +9,7 @@ spec: type: {{ .Values.frontend.service.type }} ports: - port: {{ .Values.frontend.service.port }} - targetPort: http + targetPort: {{ .Values.frontend.service.port }} protocol: TCP name: http selector: diff --git a/charts/penpot/values.yaml b/charts/penpot/values.yaml index fe15494..441b23b 100644 --- a/charts/penpot/values.yaml +++ b/charts/penpot/values.yaml @@ -384,10 +384,10 @@ frontend: image: # -- The Docker repository to pull the image from. # @section -- Frontend parameters - repository: penpotapp/frontend + repository: bameda00/test-p # -- The image tag to use. # @section -- Frontend parameters - tag: 2.1.4 + tag: latest # -- The image pull policy to use. # @section -- Frontend parameters pullPolicy: IfNotPresent @@ -400,7 +400,7 @@ frontend: type: ClusterIP # -- The service port to use. # @section -- Frontend parameters - port: 80 + port: 8080 # -- An optional map of annotations to be applied to the controller Deployment # @section -- Frontend parameters deploymentAnnotations: {} @@ -412,10 +412,18 @@ frontend: podAnnotations: {} # -- Configure Pods Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Frontend parameters - podSecurityContext: {} + podSecurityContext: + fsGroup: 1001 # -- Configure Container Security Context. Check [the official doc](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) # @section -- Frontend parameters - containerSecurityContext: {} + containerSecurityContext: + runAsUser: 1001 + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: false + runAsNonRoot: true # -- Affinity for Penpot pods assignment. Check [the official doc](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity) # @section -- Frontend parameters affinity: {} diff --git a/devel/README.md b/devel/README.md index 2743427..757e991 100644 --- a/devel/README.md +++ b/devel/README.md @@ -41,5 +41,5 @@ pre-commit install --install-hooks -f > [!TIP] > if you disable ingress, you can exposing the app in the port 8888 with: > ```shell -> kubectl port-forward service/penpot 8888:80 +> kubectl port-forward service/penpot 8888:8080 > ``` diff --git a/devel/kind.config.yml b/devel/kind.config.yml index 54d1d07..a9ae659 100644 --- a/devel/kind.config.yml +++ b/devel/kind.config.yml @@ -10,6 +10,9 @@ nodes: kubeletExtraArgs: node-labels: "ingress-ready=true" extraPortMappings: + - containerPort: 8080 + hostPort: 8080 + protocol: TCP - containerPort: 80 hostPort: 80 protocol: TCP diff --git a/devel/penpot.values.yaml b/devel/penpot.values.yaml index 31253a6..52c3d92 100644 --- a/devel/penpot.values.yaml +++ b/devel/penpot.values.yaml @@ -1,3 +1,4 @@ +--- ## Default values for Penpot (local setup for development purpose) global: postgresqlEnabled: true