1berry/spegel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disable data dir when running Spegel in Kubernetes

Browse Source 
Signed-off-by: Philip Laine <philip.laine@gmail.com>
This commit is contained in:
Philip Laine 2025-06-05 08:57:45 +02:00
parent 27bdaa648d
commit 2b6491d040
No known key found for this signature in database
GPG Key ID: F6D0B743CA3EFF33
4 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -38,6 +38,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- [#872](https://github.com/spegel-org/spegel/pull/872) Allow returning libp2p crypto priv key in linter. - [#872](https://github.com/spegel-org/spegel/pull/872) Allow returning libp2p crypto priv key in linter.
- [#894](https://github.com/spegel-org/spegel/pull/894) Update Kind to v0.29.0 and Fix Containerd v2 support. - [#894](https://github.com/spegel-org/spegel/pull/894) Update Kind to v0.29.0 and Fix Containerd v2 support.
- [#899](https://github.com/spegel-org/spegel/pull/899) Handle situation where digest is missing in reigstry response header. - [#899](https://github.com/spegel-org/spegel/pull/899) Handle situation where digest is missing in reigstry response header.
- [#902](https://github.com/spegel-org/spegel/pull/902) Disable data dir when running Spegel in Kubernetes.
### Security ### Security

2
charts/spegel/README.md
View File

@ -30,7 +30,7 @@ Read the [getting started](https://spegel.dev/docs/getting-started/) guide to de
| priorityClassName | string | `"system-node-critical"` | Priority class name to use for the pod. | | priorityClassName | string | `"system-node-critical"` | Priority class name to use for the pod. |
| resources | object | `{"limits":{"memory":"128Mi"},"requests":{"memory":"128Mi"}}` | Resource requests and limits for the Spegel container. | | resources | object | `{"limits":{"memory":"128Mi"},"requests":{"memory":"128Mi"}}` | Resource requests and limits for the Spegel container. |
| revisionHistoryLimit | int | `10` | The number of old history to retain to allow rollback. | | revisionHistoryLimit | int | `10` | The number of old history to retain to allow rollback. |
| securityContext | object | `{}` | Security context for the Spegel container. | | securityContext | object | `{"readOnlyRootFilesystem":true}` | Security context for the Spegel container. |
| service.cleanup.port | int | `8080` | Port to expose cleanup probe on. | | service.cleanup.port | int | `8080` | Port to expose cleanup probe on. |
| service.metrics.port | int | `9090` | Port to expose the metrics via the service. | | service.metrics.port | int | `9090` | Port to expose the metrics via the service. |
| service.registry.hostPort | int | `30020` | Local host port to expose the registry. | | service.registry.hostPort | int | `30020` | Local host port to expose the registry. |

2
charts/spegel/templates/daemonset.yaml
View File

@ -104,6 +104,8 @@ spec:
{{- end }} {{- end }}
- --debug-web-enabled={{ .Values.spegel.debugWebEnabled }} - --debug-web-enabled={{ .Values.spegel.debugWebEnabled }}
env: env:
- name: DATA_DIR
value: ""
{{- if ((.Values.resources).limits).cpu }} {{- if ((.Values.resources).limits).cpu }}
- name: GOMAXPROCS - name: GOMAXPROCS
valueFrom: valueFrom:

9
charts/spegel/values.yaml
View File

@ -35,13 +35,8 @@ podSecurityContext: {}
revisionHistoryLimit: 10 revisionHistoryLimit: 10
# -- Security context for the Spegel container. # -- Security context for the Spegel container.
securityContext: {} securityContext:
# capabilities: readOnlyRootFilesystem: true
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service: service:
registry: registry: