Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow orbital to be deployed with readonly filesystem #1

Open
andrewgkew opened this issue Feb 5, 2024 · 0 comments
Open

Allow orbital to be deployed with readonly filesystem #1

andrewgkew opened this issue Feb 5, 2024 · 0 comments
Assignees
@andrewgkew

Comments

@andrewgkew
Copy link
Collaborator

Its best practise to deploy pods with readonly filesystem using the following security context

securityContext:
    capabilities:
      drop:
        - all
    readOnlyRootFilesystem: true
    runAsNonRoot: true
    runAsUser: 1000
    runAsGroup: 1000

Currently Orbital clones taxi projects in its workspace to .orbital/gitProjects which wont work with readonly filesystem

This helm chart is mounting a /tmp volume to allow for data that is not part of the readonly filesystem, once orbtial allows for configuring the location of these repos, the chart should set the above readonly context by default and configure the location to /tmp
@andrewgkew andrewgkew self-assigned this Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewgkew andrewgkew

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewgkew