K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX(crafty): fix permissions and add backend HTTPS

Browse Source 
- Add initContainer to set proper file permissions (chown 1000:0)
- Add fsGroup: 0 for root group permissions
- Add ServersTransport for Traefik backend HTTPS with insecureSkipVerify
- Add traefik.ingress.kubernetes.io/service.serversscheme annotation
This commit is contained in:
Mayne0213
2026-01-01 09:04:17 +09:00
parent ee1f8e3d81
commit 2eede3a3d7
4 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crafty/deployment.yaml
View File

@@ -17,6 +17,25 @@ spec:
labels:
app: crafty
spec:
securityContext:
fsGroup: 0
initContainers:
- name: init-permissions
image: busybox:latest
command: ['sh', '-c', 'chown -R 1000:0 /crafty && chmod -R g+rwX /crafty']
volumeMounts:
- name: backups
mountPath: /crafty/backups
- name: logs
mountPath: /crafty/logs
- name: servers
mountPath: /crafty/servers
- name: config
mountPath: /crafty/app/config
- name: import
mountPath: /crafty/import
securityContext:
runAsUser: 0
containers:
- name: crafty
image: registry.gitlab.com/crafty-controller/crafty-4:latest

2
crafty/ingress.yaml
View File

@@ -6,6 +6,8 @@ metadata:
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/service.serversscheme: "https"
traefik.ingress.kubernetes.io/service.serverstransport: "crafty-insecure@kubernetescrd"
spec:
ingressClassName: traefik
tls:

1
crafty/kustomization.yaml
View File

@@ -5,4 +5,5 @@ resources:
- pvc.yaml
- deployment.yaml
- service.yaml
- serverstransport.yaml
- ingress.yaml

7
crafty/serverstransport.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: crafty-insecure
namespace: crafty
spec:
insecureSkipVerify: true