K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT(code-server): grant permissions

Browse Source
This commit is contained in:
Mayne0213
2025-12-25 01:11:16 +09:00
parent 424d3656ce
commit e9072e573c
3 changed files with 46 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
code-server/deployment-patch.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: code-server
spec:
template:
spec:
securityContext:
fsGroup: 0
runAsUser: 0
containers:
- name: code-server
securityContext:
privileged: true
runAsUser: 0
env:
- name: KUBECONFIG
value: "/etc/rancher/k3s/k3s.yaml"
- name: PATH
value: "/usr/local/bin:/usr/bin:/bin:/sbin"
volumeMounts:
- name: host-k3s-config
mountPath: /etc/rancher/k3s
readOnly: true
- name: host-usr-local-bin
mountPath: /usr/local/bin
readOnly: true
volumes:
- name: host-k3s-config
hostPath:
path: /etc/rancher/k3s
type: Directory
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
type: Directory

30
code-server/helm-values/code-server.yaml
View File

@@ -31,12 +31,11 @@ resources:
cpu: 300m # Reduced to 30% of original (1000m -> 300m) cpu: 300m # Reduced to 30% of original (1000m -> 300m)
memory: 4Gi # 4GB (within available ~15GB) memory: 4Gi # 4GB (within available ~15GB)
# Security context - privileged to access host resources # Security context
securityContext: securityContext:
enabled: true enabled: true
fsGroup: 0 fsGroup: 1000
runAsUser: 0 runAsUser: 1000
privileged: true
# Volume permissions # Volume permissions
volumePermissions: volumePermissions:
@@ -51,29 +50,6 @@ extraArgs:
extraVars: extraVars:
- name: TZ - name: TZ
value: "Asia/Seoul" value: "Asia/Seoul"
- name: KUBECONFIG
value: "/etc/rancher/k3s/k3s.yaml"
- name: PATH
value: "/usr/local/bin:/usr/bin:/bin:/sbin"
# Mount host paths for k3s config and binaries access
extraVolumes:
- name: host-k3s-config
hostPath:
path: /etc/rancher/k3s
type: Directory
- name: host-usr-local-bin
hostPath:
path: /usr/local/bin
type: Directory
extraVolumeMounts:
- name: host-k3s-config
mountPath: /etc/rancher/k3s
readOnly: true
- name: host-usr-local-bin
mountPath: /usr/local/bin
readOnly: true
# Health checks # Health checks
livenessProbe: livenessProbe:

6
code-server/kustomization.yaml
View File

@@ -5,3 +5,9 @@ resources:
# ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리 # ArgoCD Application 리소스는 infrastructure/kustomization.yaml에서 관리
# - argocd/code-server.yaml # - argocd/code-server.yaml
- vault/code-server-password.yaml - vault/code-server-password.yaml
patches:
- path: deployment-patch.yaml
target:
kind: Deployment
name: code-server