arnault/Talks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a5cbb950b61ee9f0f43b2a3fe96117100c42626
Talks/talks-slides-dist/values.yaml
Le Prévost-Corvellec Arnault 9a4942daad
All checks were successful
Talks slides — image & chart / vars (push) Successful in 1s
Details
Talks slides — image & chart / Helm chart (push) Successful in 11s
Details
Talks slides — image & chart / Build container image (push) Successful in 33s
Details
Refactor Dockerfile and Helm chart to enhance security and user permissions 
- Updated Dockerfile to run as non-root user 'nginx' and adjusted Nginx configuration for improved security.
- Added pod security context in values.yaml to align with the non-root user setup.
- Refined deployment.yaml to utilize the new pod security context for better compliance with Kubernetes security standards.
2026-04-08 21:36:09 +02:00

68 lines
1.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Image : git.specificat.io/specificat.io/talks-slides
# Avec release "talks-slides" et nameOverride "talks-slides", le fullname reste cohérent.
nameOverride: "talks-slides"
fullnameOverride: ""
slides:
image:
repository: git.specificat.io/specificat.io/talks-slides
tag: "latest"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: prd-gitea-registry-secret
replicaCount: 1
# Port découte dans le conteneur (doit correspondre à server/nginx/default.conf, ex. 8080).
containerPort: 8080
# Aligné sur lutilisateur nginx de limage (UID/GID 101). Limage utilise USER nginx.
podSecurityContext:
runAsUser: 101
runAsGroup: 101
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
service:
type: ClusterIP
# Port du Service (Ingress pointe ici) ; le trafic est envoyé vers containerPort sur les pods.
port: 80
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 32Mi
autoscaling:
enabled: false
nodeSelector: {}
affinity: {}
tolerations: []
podLabels: {}
ingress:
enabled: true
className: ""
annotations: {}
hosts:
- host: slides.specificat.io
paths:
- path: /
pathType: Prefix
# TLS : soit manuel (tls.enabled + secretName), soit via cert-manager (certManager.enabled).
# Le nom dhôte vient de hosts[].host (réutilisé pour le bloc tls.hosts).
certManager:
enabled: false
# Ex. letsencrypt-prod — requis si certManager.enabled est true
clusterIssuer: ""
tls:
enabled: false
# Secret TLS dans le namespace (créé par cert-manager ou importé à la main).
# Vide : suffixe -tls sur le nom complet de la release (ex. talks-slides-tls).
secretName: ""
Reference in New Issue View Git Blame Copy Permalink