From c6be79ed50b6a414ce5c6e861533e939c22230a5 Mon Sep 17 00:00:00 2001
From: Jory Irving <jory@jory.dev>
Date: Thu, 29 Feb 2024 14:18:04 -0700
Subject: [PATCH] chore: fix plex

---
 kubernetes/teyvat/apps/media/plex/app/helmrelease.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kubernetes/teyvat/apps/media/plex/app/helmrelease.yaml b/kubernetes/teyvat/apps/media/plex/app/helmrelease.yaml
index ffd140b642..259d517792 100644
--- a/kubernetes/teyvat/apps/media/plex/app/helmrelease.yaml
+++ b/kubernetes/teyvat/apps/media/plex/app/helmrelease.yaml
@@ -60,6 +60,12 @@ spec:
                   timeoutSeconds: 1
                   failureThreshold: 3
               readiness: *probes
+              startup:
+                enabled: false
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
             resources:
               requests:
                 cpu: 100m
@@ -72,9 +78,10 @@ spec:
           securityContext:
             runAsUser: 568
             runAsGroup: 568
+            runAsNonRoot: true
             fsGroup: 568
             fsGroupChangePolicy: OnRootMismatch
-            supplementalGroups: [105]
+            supplementalGroups: [44, 10000, 109]
     service:
       main:
         type: LoadBalancer