| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- {{- define "syncthing.workload" -}}
- workload:
- syncthing:
- enabled: true
- primary: true
- type: Deployment
- podSpec:
- hostNetwork: {{ .Values.syncthingNetwork.hostNetwork }}
- securityContext:
- fsGroup: {{ .Values.syncthingID.group }}
- containers:
- syncthing:
- enabled: true
- primary: true
- imageSelector: image
- securityContext:
- runAsUser: 0
- runAsGroup: 0
- runAsNonRoot: false
- readOnlyRootFilesystem: false
- # This is needed to allow syncthing assign
- # PCAPs to its child processes
- allowPrivilegeEscalation: true
- capabilities:
- add:
- - FOWNER
- - DAC_OVERRIDE
- - CHOWN
- - SETUID
- - SETGID
- - SETFCAP
- - SETPCAP
- - SYS_ADMIN
- env:
- PCAP: cap_sys_admin,cap_chown,cap_dac_override,cap_fowner+ep
- STGUIADDRESS: "0.0.0.0:{{ .Values.syncthingNetwork.webPort }}"
- # Set a custom override for the GUI assets
- STGUIASSETS: /var/truenas/assets/gui
- # Disable automatic upgrades
- STNOUPGRADE: "true"
- fixedEnv:
- PUID: {{ .Values.syncthingID.user }}
- probes:
- liveness:
- enabled: true
- type: http
- path: /rest/noauth/health
- port: "{{ .Values.syncthingNetwork.webPort }}"
- readiness:
- enabled: true
- type: http
- path: /rest/noauth/health
- port: "{{ .Values.syncthingNetwork.webPort }}"
- startup:
- enabled: true
- type: http
- path: /rest/noauth/health
- port: "{{ .Values.syncthingNetwork.webPort }}"
- # We use this hook as we need the API
- # to be running when we run the configure script
- lifecycle:
- postStart:
- type: exec
- command:
- - su-exec
- - "{{ .Values.syncthingID.user }}:{{ .Values.syncthingID.group }}"
- - /configure.sh
- {{- if .Values.syncthingNetwork.certificateID }}
- initContainers:
- {{- include "syncthing.certContainer" $ | nindent 8 -}}
- {{- end }}
- {{- end -}}
|
